UPDATE: Slides

This was probably my favorite talk at the conference and I hadn’t even planned on going till someone pointed out what bunnie’s previous work was. There are a couple reasons why bunnie enjoys reverse engineering silicon: It is constrained by physics, silicon is hard enough to design before thinking about security, and the chips have to be reverse engineered during the production process. He has a really interesting example on his blog of how he hacked the PIC18F1320 which will give you a good overview of the process.

Continue reading “TC7 Day 2 – Hacking Silicon: Secrets Behind The Epoxy Curtain” →

Apparently when Jason Spence isn’t reading Hack-A-Day he is reading manufacturer data sheets. He’s fun in real life; I swear. The talk started with an overview of motherboard architecture. By studying manufacturer data sheets you can figure out a pathway to attack the BIOS. A proof of concept BIOS backdoor has already been developed. This is a very scary situation since the OS isn’t even loaded yet and will be completely blind once it is up. Jason pointed out that smaller manufactures (VIA, SIS) don’t publish data sheets fearing patent infringement. This lack of information makes security a lot harder to pull off. Jason says he’ll be contributing a couple articles in the future.

UPDATE: Jason has posted his uncensored slides.
UPDATE: Slides on the Toorcon site.

Continue reading “TC7 Day 2 – Hiding Behind Antiquity” →

UPDATE: Slides

The Shmoo group (Beetle pictured, blurry in real life) presented phishing using rogue access points. The demo showed a rogue access point serving pages and gathering usernames and passwords as they came in. This could become a real problem in areas where there is heavy demand for wireless access like airports. With an EVDO card you could be the only AP in the area. They are developing user tools to watch the the local wireless infrastructure and warn you when things are going pear shaped and it is really unsafe to connect in that area.

Continue reading “TC7 Day 1 – 802.11 Bait: Badass Tackle For Wireless Phishing” →

UPDATE: Slides

Roger Dingledine gave a presentation on Tor, which we’ve covered before. It was really interesting and covered common misconceptions. People often talk about Tor being abused, but the fact is true criminals have far better botnets that they can use for their work instead of Tor. Something that I hadn’t realized before is that if you have a Tor exit node on the same IP address as your web server all of the Tor users will get the benefit of a fully encrypted link to your website instead of the usual plain text final hop. The EFF is currently running a GUI competition. Somebody needs to build a Sneakers style Google map of hops. Any takers?

Continue reading “TC7 Day 1 – Anon. Communication For The U.S.DoD… And You” →

The slides from the conference presentations haven’t been posted on the Toorcon site yet, but I’ll be linking as soon as they come in.

Continue reading “TC7 Day 1 – Status Update” →

UPDATE: Slides, paper and code

Andrea Bittau (not blurry in real life) gave a demo of the WEP fragmentation attack. The attack only requires one sniffed packet from the WEPed network unlike replay attacks which usually require you to get an ARP packet. He built a simple tool to sniff a packet and then build packets to create a legitimate connection to the access point. At this point a server on the internet is contacted to flood the network with packets at up to 1400 packets per second. This generates a ton of unique IVs and aircrack is called every 100000 packets till the WEP key is cracked. In the demo it took under 5 minutes for the automated process to complete.

Continue reading “TC7 Day 1 – The Fragmentation Attack In Practice” →