[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.
French reporters at Black Hat crossed the line when they sniffed fellow reporters’ login info on the designated “safe” wired network. Proud of their handiwork, they were nabbed when they tried to get their spoils posted on the wall of sheep, which is used to publicly post attendees credintials. It turns out that monitoring communications without informing one of the parties involved is a felony, so although it is legal to sniff convention goers’ login info with their knowledge, hacking reporters covering the event is a no-no. An FBI agent we ran into commented that in his experience, they’d probably just turn it over to the local US attorney’s office to see if they wanted to proceed with an investigation.
We’re in the Defcon press room today and there’s still a buzz about these “sleazy” French reporters. We’re tunneling through our cell connection like any sane person at a security conference.
Defcon will once again be one-upping the sophistication of the conference attendee badges. Wired has just published a preview of this year’s badge. The core is a Freescale Flexis MC9S08JM60 processor. The badge has an IR transmitter and receiver on the front plus eight status LEDs. On the back (pictured below), there is a mode select button, CR123A battery, Data Matrix barcode, and an SD card slot. You can add a USB port to the badge and upload code to it using the built in USB bootloader. All the dev tools needed will be included on the conference CD or you can download the IDE in advance. The low barrier to entry should lead to some interesting hacks. In previous years, you needed a special dongle to program the hardware. There is no indication as to what the badge does out of the box. Releasing the badge early is a first for Defcon and the one pictured isn’t the attendee color, but we’re sure someone will still come up with a clone.
Now comes the fun part: What do you think the best use of this badge will be? Would Defcon be so cavalier as to equip everyone in the conference with a TV-B-Gone? I think our favorite possibility is if someone finds a security hole and manages to write an IR based worm to take over all the badges.
Defcon 14 introduced the first electronic badge which blinked in different patterns. Defcon 15 had a 95 LED scrolling marquee. [Joe Grand] will be posting more specific Defcon 16 badge details to his site after the opening ceremony. Check out more high resolution photos on Wired.
If you were waiting to finalize you travel plans, now’s the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There’s quite a few talks we’re looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.
[Joe Grand] is designing the Defcon badges for the third year in a row. Just like the previous years, they’ll be hosting a badge hacking contest. This time around though, they’re going to start leaking clues in advance. Earlier contests were often frustrating because of the specialized equipment needed to talk to the microcontroller. Hopefully this year it will be a lot more accesible. The specs for the badge have not been released yet, but after last year’s 95 LED scrolling marque, we can’t wait to see what this year will bring. [Joe] has posted info on the previous two badge designs and resulting contests.
DefconBots is returning again this year with their shooting gallery robot competition for Defcon 16. They’ve decided to leave the rules unchanged from last year. It’s a head to head competition between fully autonomous guns. The first gun to shoot all the targets on their side of the board wins. The rules aren’t very strict on design; as long as you use nonlethal nonmessy amunition and include a safety switch you’re pretty much good to go. The DefconBots site has a reference design to put you on the fast track to competing. Defcon 16 is August 8-10, 2008 in Las Vegas.
Related: [Aaron Rasmussen]’s sentry gun we covered back in 2005
[photo: Bre Pettis]
Kenshoto held qualifiers for the DefCon‘s Capture the Flag competition last weekend. The top seven finishers: Routards, Pandas with Gambas, Guard@MyLan0, Shellphish, Taekwon-V, WOWHACKER, PLUS, and last year’s winners, 1@stPlace, will be invited to participate in the final this August in Las Vegas.
The qualification started Friday night at 10PM EDT with an email (Subject: M0rt4g3 y0ur /14gr4 up 2 3 1nch3$) being sent to all 451 registered teams. Connecting to the game server displayed a Jeopardy style score board. The five available categories were Binary Leetness, Forensics, Real World, Potent Pwnables, and Trivia, with point values from 100 to 500. Only one question was opened to start. The first team to answer that was allowed to select the next question to open and then any team could try to answer it. Participants were warned about the difficulty of the 500 level questions and the entire Real World category. At the end of everything, four questions still remained locked at the end.