Our friend [Alex] was a little late getting to our t-shirt free-for-all today, but I just found out why: He was writing a great wrap-up of the many Defcon talks he attended. It’s well worth your time and will give you an idea of the broad slice of info that’s covered at the convention. That picture is him repruhzenting for Hack-A-Day in Fast Company magazine.
Update: I’m finally getting caught up on my RSS feeds; check out Richard Bejtlich’s equally good summary of Black Hat: part 1 and part 2.
I’m pretty happy with our skybox event. [Eliot] and I’ve both got a good pile of stickers to give away, so ask us if you want ’em. It was great turn out for all the shirts we gave out. Thanks to [Eliot]s g-string water bottle, we raised $263 for the EFF. [Eliot]’s heading to CCC later, so hit him up for stickers while he’s across the pond.
[Zac Franken] gave a good talk on authentication systems. (Card readers, biometric systems, etc). After a good introduction to various access control systems, he demoed an excellent exploit tool. Rather than focus on the access mechanism, he exploited the lack of reader installation security. Most card readers are secured by a plastic cover and a pair of screws. Inside, the reader wires are vulnerable. [Zac] put together the equivalent of a keyboard sniffer for the reader wiring. With this little device in place, he was able to collect access codes and use them to exploit the reader authentication system.
The operation goes like this: Install the sniffer. Let it collect some codes. On return, [Zac] is able to use his own card to become a pseudo authenticated card owner, restrict and allow access to other cards. That’s it. No sneaking up behind people to read their cards, just a few minutes with a screwdriver.
He’s not releasing the design, simply because measures to prevent this type of intercept/control mechanism would be extremely costly.
[King Tuna]’s Hacking EVDO was a popular talk. Things are really just starting on this front. Now that some of the newer cards have unlocked firmware (probably thanks to the need for sofware update EVDO revisions), It’s now possible to edit the firmware. With the door open, people can start mucking around with ESN’s and we’ll probably see some ESN duplication exploits soon.
[Aaron] gave the latest on WiCrawl. The focus has been on the UI and usefulness for penetration testing. It’s got support for [David]s coWPAtty FPGA WPA cracking accelerator and some UI improvements. Even better, you can grab the WiCrawl module to put on a BackTrack Slax livecd from the project page. [Aaron] passed out some CD’s at the talk – I’ll update if the ISO gets posted.
And yes, I think I finally recovered from playing Hacker Jeopardy on team MRL. We held our own, but lost on the (LAME) final jeopardy question.
I’m guessing this was pretty widely reported, but an NBC undercover reporter fled after being outed in the opening session. NBC Dateline associate producer Michelle Madigan refused press credentials on four separate occasions, choosing instead to pose as a normal attendee in order to covertly film other attendees. Defcon has a long running tradition of playing”spot the fed”, where attendees out people they think are federal agents. The feds play along and it’s all good fun. This was entirely different though: the game “spot the undercover reporter” was announced and she fled immediately, only to be filmed “To catch a predator” style.
I may just be a blogger, but I’m wearing my press pass proudly.
Hack-A-Day reader [Colin] brought this machine to the robot challenge. He’s by himself, but managed to get this thing through airport security and it fit inside a single suitcase. He used a serial controlled eight channel servo controller, a usb-serial adapter and a hub to bring the wires together. Power is supplied by a pc supply and the system controlled by his laptop. The challenge was pretty popular and the teams were busy, so I’m light on the details. The gun just behind was servo operated, and performed pretty well in the tests I saw.
