I’m pretty happy with our skybox event. [Eliot] and I’ve both got a good pile of stickers to give away, so ask us if you want ’em. It was great turn out for all the shirts we gave out. Thanks to [Eliot]s g-string water bottle, we raised $263 for the EFF. [Eliot]’s heading to CCC later, so hit him up for stickers while he’s across the pond.
Author: Will O'Brien805 Articles
Defcon 15: Exploiting Authentication Systems
[Zac Franken] gave a good talk on authentication systems. (Card readers, biometric systems, etc). After a good introduction to various access control systems, he demoed an excellent exploit tool. Rather than focus on the access mechanism, he exploited the lack of reader installation security. Most card readers are secured by a plastic cover and a pair of screws. Inside, the reader wires are vulnerable. [Zac] put together the equivalent of a keyboard sniffer for the reader wiring. With this little device in place, he was able to collect access codes and use them to exploit the reader authentication system.
The operation goes like this: Install the sniffer. Let it collect some codes. On return, [Zac] is able to use his own card to become a pseudo authenticated card owner, restrict and allow access to other cards. That’s it. No sneaking up behind people to read their cards, just a few minutes with a screwdriver.
He’s not releasing the design, simply because measures to prevent this type of intercept/control mechanism would be extremely costly.
Defcon 15: Hacking EVDO
[King Tuna]’s Hacking EVDO was a popular talk. Things are really just starting on this front. Now that some of the newer cards have unlocked firmware (probably thanks to the need for sofware update EVDO revisions), It’s now possible to edit the firmware. With the door open, people can start mucking around with ESN’s and we’ll probably see some ESN duplication exploits soon.
Defcon 15: WiCrawl From Midnight Research Labs
[Aaron] gave the latest on WiCrawl. The focus has been on the UI and usefulness for penetration testing. It’s got support for [David]s coWPAtty FPGA WPA cracking accelerator and some UI improvements. Even better, you can grab the WiCrawl module to put on a BackTrack Slax livecd from the project page. [Aaron] passed out some CD’s at the talk – I’ll update if the ISO gets posted.
And yes, I think I finally recovered from playing Hacker Jeopardy on team MRL. We held our own, but lost on the (LAME) final jeopardy question.
Defcon 15: Robot Challenge
Hack-A-Day reader [Colin] brought this machine to the robot challenge. He’s by himself, but managed to get this thing through airport security and it fit inside a single suitcase. He used a serial controlled eight channel servo controller, a usb-serial adapter and a hub to bring the wires together. Power is supplied by a pc supply and the system controlled by his laptop. The challenge was pretty popular and the teams were busy, so I’m light on the details. The gun just behind was servo operated, and performed pretty well in the tests I saw.
Defcon 15: Beer Cooling
When I checked it out, only two teams had appeared for the cooling contest. The method of choice? Rubbing alcohol and dry ice. The dry ice cools the alcohol, but doesn’t freeze it. [Team Hebrew] was my favorite – they used a vinyl hose to carry the beer into the cooling liquid. They managed a 45 second run at one point, and used a simple electric blower to evacuate the beer from the cooling line. They found that it was a bit easier to just blow it out the old fashioned way.
Hack-A-Day Meetup (T-Shirts!) On Sunday
Yes. Free T-shirts. Free stickers. At Defcon 15. (No virtual begging.) We’ll have skybox 206 on sunday, but we’re only planning to be set up around noon for an hour or so. Come get em.
The swag is free, but we’d like it if you’d toss us a buck or two to donate to the EFF.
