The second ToorCon Seattle got off to a quick start last Friday with a round of Lightning Talks at the Public Nerd Area. Each talk was limited to 5 minutes and covered a broad range of topics. Some talks were just supplying a chunk of information while others were a call to action for personal projects. Here are a few of the talks that we found interesting.
[I)ruid] opened with an explanation of his handle, since he catches a lot of flak for it being l33tsp34k (that’s supposed to be a capital ‘I’). The name has actually proven to be quite fun since it has broken a few systems that aren’t sanitizing input properly. Registering at Black Hat 2006 caused a database error. At the ShmooCon hacker arcade, he entered his player name and was dropped directly to a root shell. It’s also rather hellish on many webapps. His point was: why not choose a l33t name and have the fun of fuzzing all the time and breaking stuff even when you aren’t trying?
[nous] gave a quick plug for Ninja Network’s phreaking contest. Last year at Defcon was the first event they held. The first task was to use a butt set on a 25 pair block to find usable line. Once the random line was found they were dropped into a voice mail system to explore. The backend for the contest is Asterisk plus some custom Perl scripts. You can catch a preview version of this contest next month at LayerOne.
[jrandom] talked about how scratch-off cards can be gamed. Using a bright light or a resurfacing pen can help you with games that require a certain scratch order. Other cards can be identified by telltale signs they pick up during their production. Winners and losers are usually produced in two separate batches. Cards from each group will have the same cut quality, alignment flaws, printing color, and even the font could change. Sometimes the cards even have coding on them to indicate the winners (could be a simple as a W and L). All this is great, but the manufacturer might be doing this intentionally just to get attention.
[Travis Goodspeed] gave a brief introduction to reversing the Econolite ASC/3 traffic light controller for compatibility. It’s a PowerPC box running VxWorks 5.x and has snmp and FTP support. The FTP provides simple anonymous access. All of the control values are stored in the ASC3.DB binary file that’s checksummed. [Travis] built a way to describe a binary file structure as XML and generate libraries for reading the binaries natively in multiple languages.
We also thought [Dean Pierce]’s network pentesting visualization framework was interesting. [Joel Voss] was attempting to write a softphone for the IAX2 protocol and ended up DOSing Asterisk. 30kB from the attacker could cause a massive amount of packets from Asterisk. He now has a framework for testing all aspects of the protocol.
Hey guys, i was wondering if you could tell me how to find these cons in my area… how do you find out about them? do they cost money?
Awesome. I just wish it wasn’t the invitation only one. Every con that’s in the northwest seems to be invitation only these days. That is, the few we have…
Is that Elliot in the reflection of that monitor?
I think that was my arcade machine that I)ruid hacked. He left a text file in /root asking me to find him and contact him. I started to yell “Druid!” but people just thought I was nuts.
Well, if you are looking for cons, theres a couple of places to check out. Get the ical feed for Computer Security and Hacker Conferences. Its run by a nice guy down in Brazil and covers everything out there, and I do mean everything.
The Defcon calendar at http://www.defcon.org is usually kept up to date as well.