The Shmoo group (Beetle pictured, blurry in real life) presented phishing using rogue access points. The demo showed a rogue access point serving pages and gathering usernames and passwords as they came in. This could become a real problem in areas where there is heavy demand for wireless access like airports. With an EVDO card you could be the only AP in the area. They are developing user tools to watch the the local wireless infrastructure and warn you when things are going pear shaped and it is really unsafe to connect in that area.
Continue reading “TC7 day 1 – 802.11 Bait: Badass tackle for wireless phishing”
Roger Dingledine gave a presentation on Tor, which we’ve covered before. It was really interesting and covered common misconceptions. People often talk about Tor being abused, but the fact is true criminals have far better botnets that they can use for their work instead of Tor. Something that I hadn’t realized before is that if you have a Tor exit node on the same IP address as your web server all of the Tor users will get the benefit of a fully encrypted link to your website instead of the usual plain text final hop. The EFF is currently running a GUI competition. Somebody needs to build a Sneakers style Google map of hops. Any takers?
Continue reading “TC7 day 1 – Anon. communication for the U.S.DoD… and you”
The slides from the conference presentations haven’t been posted on the Toorcon site yet, but I’ll be linking as soon as they come in.
Continue reading “TC7 day 1 – Status update”