ShmooCon 2009: Chris Paget’s RFID Cloning Talk

February 16, 2009 by Eliot 13 Comments

[googlevideo=http://video.google.com/videoplay?docid=-282861825889939203]

When we first saw [Chris Paget]’s cloning video, our reaction was pretty ‘meh’. We’d seen RFID cloning before and the Mifare crack was probably the last time RFID was actually interesting. His ShmooCon presentation, embedded above, caught us completely off-guard. It’s very informative; we highly recommend it.

The hardest part about selling this talk is that it has to use two overloaded words: ‘RFID’ and ‘passport’. The Passport Card, which is part the the Western Hemisphere Travel Initiative (WHTI), is not like the passport book that you’re familiar with. It has the form factor of a driver’s license and can only be used for land and sea travel between the USA, Canada, the Caribbean region, Bermuda, and Mexico. They’ve only started issuing them this year.

Continue reading “ShmooCon 2009: Chris Paget’s RFID Cloning Talk” →

Defcon 17 Call For Papers

February 9, 2009 by Eliot 6 Comments

defcon

Notorious hacker conference Defcon has just published their Call for Papers. The 17th annual event will happen July 30th through August 2nd. Most of the announcement is the same boilerplate they’ve included for the past two years. Like last year, they’re not defining the specific speaking track themes and will come up with them based on submissions. New for this year is a half-day of workshops on the Thursday before Defcon for anyone that’s showing up early. This pre-con event is targeted at newbies. It certainly sounds like an interesting way to ease into Defcon instead of the usual delays and fire marshals. We’ve been attending every year since 2005 and love seeing new things. You should definitely consider presenting this year (we want to see more hardware!).

The 2009 ShmooBall Gun

February 6, 2009 by Eliot 10 Comments

larry

The registration desk hasn’t opened yet at ShmooCon 2009, but we’re already running into old friends. We found [Larry Pesce] and [Paul Asadoorian] from the PaulDotCom Security Weekly podcast showing off their latest ShmooBall gun. ShmooBalls have been a staple of ShmooCon from the very beginning. They’re soft foam balls distributed to each of the attendees who can then use them to pelt the speakers when they disagree. It’s a semi-anonymous way of expressing your dismay physically. [Larry] has been building bigger and better ways to shoot the ShmooBalls for the last couple years. You may remember seeing the 2008 model. This year the goal was to make the gun part much lighter. The CO2 supply is mounted remotely with a solenoid valve and coiled air line. The pistol grip has a light up arming switch and trigger. The gun is fairly easy to transport: the air line has a quick disconnect and the power is connected using ethernet jacks.

ToorCamp 2009 To Be Held At Missile Silo

February 3, 2009 by Eliot 12 Comments

toorcamp

After running a successful hacker convention for ten solid years, the people who brought you ToorCon are planning a new event to shake up the US hacker scene. ToorCamp will be held July 2nd-5th, 2009 at a former missile silo in central Washington state. Hackers will camp on-site for two days of talks followed by two days of workshops. Art and music events are planned for every night. Camps like this are already help biannually in Europe: What the Hack in 2005, Chaos Communication Camp 2007, and Hacking at Random 2009, coming this fall. The complex is one of three Titan 1 missile complexes in the Moses Lake area. The sites were in operation less than three years between 1962 and 1965. The former missile command center has been converted to a secure data center run by Titan I, LLC. ToorCamp promises to be a very unique experience and we’re looking forward to attend this and future years.

Mobile RFID Scanning

February 2, 2009 by Eliot 18 Comments

[youtube=http://www.youtube.com/watch?v=9isKnDiJNPk]

[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.

The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.

Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.

[Thanks Zort]

Defcon Calls For New CTF Organizer

January 14, 2009 by Strom Carlson 6 Comments

Kenshoto, organizer of the official Defcon Capture the Flag contest for the last four years, has stepped down from the position, and thus Defcon is looking for a new organizer for the event. If you’re highly competent, and maybe a little crazy, this might be your chance to step in and run one of the most well-known and prestigious hacking contests in the world. Please understand that the staff is looking for someone who wants to take ownership of the contest and make something new, unique, and challenging, and that Kenshoto has left extremely huge shoes to fill. Merely offering to replicate the existing contest and keep things mostly unchanged isn’t going to cut it.

If you’re up to the challenge, check out Dark Tangent’s post on the Defcon forums (which, for some odd reason, sounds strikingly like his 2005 post calling for a CTF organizer), where he comprehensively lays out what the staff is looking for in a new event organizer. If it jives well with you, get in touch with the Defcon staff, and maybe we’ll be covering your contest later this year.

Hacking At Random 2009 Call For Papers

January 4, 2009 by Eliot 1 Comment

With the Chaos Communication Congress concluded, it’s time to start looking towards the next massive European hacker event. This means Hacking at Random August 13-16th in the Netherlands. It’s a four day long camp experience that will feature many conference talks, interactive projects, and more.

The team has selected three tracks in their official call for papers: Dealing with data, Decentralization, and People and politics. You can find more details in the post. Deadline is May 1st.

[photo: mark]