cons

1391 Articles

ShmooCon 2008: Hard Drive Highlights

February 16, 2008 by 7 Comments


Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.

Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.

ShmooCon 2008: Unauthorized Phishing Awareness Exercise

February 15, 2008 by 6 Comments


[Syn Phishus] presented a pretty interesting talk. At $former_company he prepared and executed a rogue internal exercise designed to heighten awareness of phishing scams. (That is, attempts to gather personal information from users with trickery.) After noting a certain lack of effort on the part of security policy implementation, he put together an official looking email, set up a simple phishing site that didn’t actually store any collected information and set loose the dogs of war. OK, he actually sent it to a select group within the company without warning anyone else ahead of time. He purposely didn’t store any of the results to protect the foolish, but he estimates that maybe 10% of the recipients fell for it.

ShmooCon 2008: Intercepting GSM Traffic

February 15, 2008 by 18 Comments


Back in August, [h1kari] presented an analysis of the A5 crypto spec used in GSM systems. Almost all GSM conversations in the US and Europe are encrypted using this standard. At the time they were still in the planning stages of building their rainbow table of shift register states. Today we heard an update on the progress. The whole space is 2^58 in size and would take a standard PC 33,235 years to calculate. Not being patient people they built a box containing 68 express card based FPGAs. Each one is capable of doing 72 billion operations per second. So far they’re one month into the 3 month process. Once the table is completed any person can crack a GSM conversation in 30 minutes using 1 FPGA and the 2TB table. They do have plans for building an optimal system that would be based on solid state drives and 16 FPGAs that should do the crack in just 30 seconds.

Shmoocon’s Coming

February 14, 2008 by 7 Comments


Just prepping up a bit before this spring’s Shmoocon. Things will definitely be colder this round, so bring your cold weather gear if don’t want to arrive in the form of a human popsicle. I’m a fan of Shmoo’s organization tactics. Running several single session talks keeps me from missing one great talk to attend another. [h1kari]’s GSM talk promises to be interesting. Not to mention VOIP penetration testing and solid state hard drive recovery. [Eliot] and I will see you there. Don’t worry, we’ll be reporting back for the guys that have to miss out this year

Defcon 15: Wrap-up

August 5, 2007 by 3 Comments


Our friend [Alex] was a little late getting to our t-shirt free-for-all today, but I just found out why: He was writing a great wrap-up of the many Defcon talks he attended. It’s well worth your time and will give you an idea of the broad slice of info that’s covered at the convention. That picture is him repruhzenting for Hack-A-Day in Fast Company magazine.

Update: I’m finally getting caught up on my RSS feeds; check out Richard Bejtlich’s equally good summary of Black Hat: part 1 and part 2.

Shirts Are Gone, But We’ve Got Stickers

August 5, 2007 by 78 Comments


I’m pretty happy with our skybox event. [Eliot] and I’ve both got a good pile of stickers to give away, so ask us if you want ’em. It was great turn out for all the shirts we gave out. Thanks to [Eliot]s g-string water bottle, we raised $263 for the EFF. [Eliot]’s heading to CCC later, so hit him up for stickers while he’s across the pond.

Defcon 15: Exploiting Authentication Systems

August 4, 2007 by 34 Comments


[Zac Franken] gave a good talk on authentication systems. (Card readers, biometric systems, etc). After a good introduction to various access control systems, he demoed an excellent exploit tool. Rather than focus on the access mechanism, he exploited the lack of reader installation security. Most card readers are secured by a plastic cover and a pair of screws. Inside, the reader wires are vulnerable. [Zac] put together the equivalent of a keyboard sniffer for the reader wiring. With this little device in place, he was able to collect access codes and use them to exploit the reader authentication system.

The operation goes like this: Install the sniffer. Let it collect some codes. On return, [Zac] is able to use his own card to become a pseudo authenticated card owner, restrict and allow access to other cards. That’s it. No sneaking up behind people to read their cards, just a few minutes with a screwdriver.

He’s not releasing the design, simply because measures to prevent this type of intercept/control mechanism would be extremely costly.