Long before we started reporting on [Dan Kaminsky]’s DNS chicanery, he contributed a guest post about one of our favorite sources of new technology: SIGGRAPH. The stars have aligned again and we’re happy to bring you his analysis of this year’s convention. [photo: Phong Nguyen]
So, last week, I had the pleasure of being stabbed, scanned, physically simulated, and synthetically defocused. Clearly, I must have been at SIGGRAPH 2008, the world’s biggest computer graphics conference. While it usually conflicts with Black Hat, this year I actually got to stop by, though a bit of a cold kept me from enjoying as much of it as I’d have liked. Still, I did get to walk the exhibition floor, and the papers (and videos) are all online, so I do get to write this (blissfully DNS and security unrelated) report.
Continue reading “SIGGRAPH 2008: The quest for more pixels”
[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.
French reporters at Black Hat crossed the line when they sniffed fellow reporters’ login info on the designated “safe” wired network. Proud of their handiwork, they were nabbed when they tried to get their spoils posted on the wall of sheep, which is used to publicly post attendees credintials. It turns out that monitoring communications without informing one of the parties involved is a felony, so although it is legal to sniff convention goers’ login info with their knowledge, hacking reporters covering the event is a no-no. An FBI agent we ran into commented that in his experience, they’d probably just turn it over to the local US attorney’s office to see if they wanted to proceed with an investigation.
We’re in the Defcon press room today and there’s still a buzz about these “sleazy” French reporters. We’re tunneling through our cell connection like any sane person at a security conference.
If you were waiting to finalize you travel plans, now’s the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There’s quite a few talks we’re looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.
Almost every security conference we’ve attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you’re bound to find an interesting talk.
- Defcon 15, Las Vegas, NV
- ToorCon 9, San Diego, CA
- 24C3, Berlin, Germany
- ShmooCon 2008, Washington D.C.
- Notacon 5, Cleveland, OH
- LayerOne 2008, Pasadena, CA
Lots of con news is coming in these days so lets do a quick roundup of upcoming events:
June 13-15, 2008
REcon has started posting information about their training sessions such as the Advanced Reverse Engineering session with Nicolas Brulez.
The Last HOPE
July 18-20, 2008
New York City
The Last HOPE just announced its speaker list. It includes the infamous Kevin Mitnick, Mythbusters co-host Adam Savage, and author Steven Levy to name a few.
August 8-10, 2008
The DEFCON team also released the first batch of speakers for this year’s convention. Qualification starts tonight at 10PM EST for the capture the flag (CTF) contest so be sure to get registered. Check the txt for more information. We recently talked about the beverage cooling contraption contest, but you can find many other contests on the forums.
The second ToorCon Seattle got off to a quick start last Friday with a round of Lightning Talks at the Public Nerd Area. Each talk was limited to 5 minutes and covered a broad range of topics. Some talks were just supplying a chunk of information while others were a call to action for personal projects. Here are a few of the talks that we found interesting.
Continue reading “ToorCon Seattle 2008: Lightning talks”