Well, we’ve come to the end of my Shmoocon 2006 coverage. The conference wasn’t all presentations though, there were a lot of other fun activities:

The Hacker Arcade featured arcade games that had been modified to generate USB tokens that you could later redeem for prizes. The folks at 757.org modified a skill crane so that it could be controlled from the web. Of course, toys like this at a hacker convention spawned some creative solutions. David Rhodes scripted the skill crane’s web interface so that it would try every possible coordinate pair and ended up with an armful of prizes. Another attendee discovered that the USB tokens weren’t case sensitive and generated a couple hundred thousand prize tokens.

Hack or Halo was different from your standard tournament. You could take the other team on in either Halo 2 or drag race hacking. From what I heard it’s pretty easy to get up to speed and be competitive, just know your way around a sniffer, Metasploit, and an energy sword and you’ll be good to go.

Grey Frequency managed to find all twenty different conference badge outlines needed to make a fully interlocking set. Shmooballs were handed out to attendees so that they could physically manifest their disagreement with the speaker; speakers were given paddles. During the closing ceremony a t-shirt cannon was brought out to help distribute swag.

I’d like to thank The Shmoo Group for putting together an excellent conference, the boys from Midnight Research Labs for keeping things interesting when I wasn’t in talks, and atlas, RenderMan, Jason Scott, Abend and all the other speakers who have stopped by to leave comments on Hack-A-Day.

Continue reading “Shmoocon 2006: Wrap-up” →

David Hulton (h1kari) talked about the implications of cardbus bus-mastering. It goes pretty much hand-in-hand with David Maynor’s USB direct memory access work. The idea is using bus-mastering to take over other PCI devices, download passwords and keys from memory, unlock screensavers, and plant memory-based or firmware-based trojans. So, what kind of device could do all this? David works for Pico Computing which is developing cardbus based FPGAs. They’re pretty cool little devices and for dedicated tasks like brute force cracking they’re really efficient. Check out OpenCiphers for details on using FPGAs with modern cryptography. Unfortunately h1kari didn’t have a demo, but David Maynor was there to talk about his USB stuff. An interesting tidbit was what USB device he used for his exploration: a Motorola MPx200. It was released before the USB 2.0 spec was finalized so the phone was designed to have its USB firmware upgraded, handy for hacking.

Continue reading “Shmoocon 2006: Cardbus Bus-Mastering: 0wning The Laptop” →

Shawn Merdinger gave a presentation on his personal research project covering the security of VoIP WiFi phones. For his initial investigation he is employing a “level one” methodology. These would be attacks from a low to medium skilled hacker, a hacker’s “first look” at the device: looking for open ports, finding developer left-overs, and misusing features. One thing that was common across all phones is how easily they succumb to DOS attacks. He talked about the issues with several specific phones. Many left open port 17185, which is the VxWorks database debug port. The favorite was the Clipcomm CPW-100E which provides unauthenticated access to debugging accounts letting you read call logs and even place calls, turning it into a remote listening device. You can hear Shawn talk about his project on Blue Box Podcast #13. Blue Box also has a copy of Shawn’s detailed slides. Here’s a list of the new phone security threats released a Shmoocon.

Continue reading “Shmoocon 2006: VoIP WiFi Phone Security Analysis” →

kaos.theory’s Anonym.OS was probably the most widely covered project to come out of this year’s Shmoocon. This was spurred by Wired’s article which was picked up by Slashdot, Ars, and others. Anonym.OS is a live CD based on OpenBSD 3.8 that provides anonymous internet access and aims to be usable by anyone. On the network it appears as a Windows machine to hide among the majority of internet users. The CD does several things to protect the user, starting with secure operating system. The main component is Tor, which we’ve covered before, All traffic is sent through Tor and since the disk uses local DNS look-up you don’t have to worry about DNS requests leaking. I really like this project because kaos.theory has done all of the dirty work like setting up really strict packet filter rules and forcing everything through Tor. Of course, I would have liked it even if it was just an OpenBSD live CD that used Fluxbox. The only two apps it has now are Firefox and GAIM. They are taking suggestions for what to add in the future and will probably be adding cryptographic filesystem support so that users can save safely. If they added Gimp and a hard drive install script I would be using this at every con I attended.

Continue reading “Shmoocon 2006: Anonym.OS: Security And Privacy, Everywhere You Go” →