cons

1386 Articles

Upcoming Events

April 1, 2008 by 11 Comments


We’re headed to Cleveland at the end of the week (we’ve heard rumors it rocks) and thought it would be good to list the events we’re planning on hitting in the next five months.

  • Notacon / Blockparty April 4-6 Cleveland, OH – This will be a first for us, but we’re definitely excited, especially for the demoscene madness at Blockparty (like Trixter’s MONOTONE PC speaker tracker).
  • ToorCon Seattle April 18-20 Seattle, WA – In its second year, this small gathering is sure to be a blast just like last year.
  • The Last HOPE July 18-20 New York, NY – Our first HOPE and the last one ever.. since the hotel is being torn down.
  • Black Hat US August 2-7 Las Vegas, NV – If anything gets released this year, it’ll be here.
  • DefCon August 8-10 Las Vegas, NV – The first con we ever went to. It’s not the best con, but it’s always interesting.
  • SIGGRAPH August 11-15 Los Angeles, CA – SIGGRAPH is where you need to be if you want to see cutting edge graphics and interaction projects. It’s a favorite of ours and a nice break from computer security.

Anything we’re missing?

UPDATE: Maker Faire May 3-4 San Mateo, CA – Can’t believe we forgot it. Thanks [pt]!

The 2008 Shmooball Gun

February 17, 2008 by 23 Comments


I caught up with [Larry] from pauldotcom.com and got a quick walk-through of his Shmooball gun. After several less successful attempts, this one worked pretty damn well and featured a distinctive sound that caused a notable glimmer of fear in the eyes of the speakers. *cough*[renderman]*cough*. Read on for the secrets of the Shmooball gun.

Continue reading “The 2008 Shmooball Gun”

ShmooCon 2008: Hard Drive Highlights

February 16, 2008 by 7 Comments


Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.

Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.

ShmooCon 2008: Unauthorized Phishing Awareness Exercise

February 15, 2008 by 6 Comments


[Syn Phishus] presented a pretty interesting talk. At $former_company he prepared and executed a rogue internal exercise designed to heighten awareness of phishing scams. (That is, attempts to gather personal information from users with trickery.) After noting a certain lack of effort on the part of security policy implementation, he put together an official looking email, set up a simple phishing site that didn’t actually store any collected information and set loose the dogs of war. OK, he actually sent it to a select group within the company without warning anyone else ahead of time. He purposely didn’t store any of the results to protect the foolish, but he estimates that maybe 10% of the recipients fell for it.

ShmooCon 2008: Intercepting GSM Traffic

February 15, 2008 by 18 Comments


Back in August, [h1kari] presented an analysis of the A5 crypto spec used in GSM systems. Almost all GSM conversations in the US and Europe are encrypted using this standard. At the time they were still in the planning stages of building their rainbow table of shift register states. Today we heard an update on the progress. The whole space is 2^58 in size and would take a standard PC 33,235 years to calculate. Not being patient people they built a box containing 68 express card based FPGAs. Each one is capable of doing 72 billion operations per second. So far they’re one month into the 3 month process. Once the table is completed any person can crack a GSM conversation in 30 minutes using 1 FPGA and the 2TB table. They do have plans for building an optimal system that would be based on solid state drives and 16 FPGAs that should do the crack in just 30 seconds.

Shmoocon’s Coming

February 14, 2008 by 7 Comments


Just prepping up a bit before this spring’s Shmoocon. Things will definitely be colder this round, so bring your cold weather gear if don’t want to arrive in the form of a human popsicle. I’m a fan of Shmoo’s organization tactics. Running several single session talks keeps me from missing one great talk to attend another. [h1kari]’s GSM talk promises to be interesting. Not to mention VOIP penetration testing and solid state hard drive recovery. [Eliot] and I will see you there. Don’t worry, we’ll be reporting back for the guys that have to miss out this year

Defcon 15: Wrap-up

August 5, 2007 by 3 Comments


Our friend [Alex] was a little late getting to our t-shirt free-for-all today, but I just found out why: He was writing a great wrap-up of the many Defcon talks he attended. It’s well worth your time and will give you an idea of the broad slice of info that’s covered at the convention. That picture is him repruhzenting for Hack-A-Day in Fast Company magazine.

Update: I’m finally getting caught up on my RSS feeds; check out Richard Bejtlich’s equally good summary of Black Hat: part 1 and part 2.