Defcon 17: Badge Hacking

joegrand

Following up on their post about the new Defcon 17 badges, Wired recently posted some of the best badge hacks of the con. Among the hacks featured were an LED frequency meter hack, a sound seeking dirigible powered by three badges, and a wireless geiger counter random number generator that sent random numbers back to a laptop equipped with a zigbee card. Probably one of the most impressive hacks mentioned, the hack that won the badge hacking contest, was the LED equipped baseball cap modeled above by [Joe Grand], Defcon’s defacto badge designer.

The hacked badge is connected to the cap by an ethernet cable, where the LEDs pulse on and off in order to defeat facial recognition systems. The cap’s designer told Wired that he initially designed the cap in order to sneak into [Grand]’s room to steal the über badges under his protection. Needless to say, the winner doesn’t have to worry about stealing the badges anymore as he was awarded his own über badge at the award ceremony. While we’re not completely sure who pulled off this awesome hack, we congratulate you and all of the participants of the badge hacking contest on your fantastic hacks.

Update: We’ve confirmed that the badge contest winner was in fact [Zoz Brooks], [Grand]’s co-star on the popular Discovery channel  show Prototype This. From all indications, his hack seems to be legitimate and not a clever idea, however we are still looking to confirm this. Also, even though Wired’s article stated that the dirigible was sound seeking, we have confirmed that it is sound avoiding. Thank’s to everyone in the comments for pointing these things out.

Smartphone Anti-virus Software

cracked

With DEFCON and Black Hat going on, a lot of security issues are being made public. This year, cellphones have been a larger target than before. More and more people are carrying complex smartphones that have more ways to go wrong. Even worse, since phones are tied to a billed account, it is possible for malicious software to charge phones discreetly. However, Flexilis promises to keep your phone safe. It’s a free mobile anti-virus that works on most smartphones and PDAs with more clients in the works. It also provides easy backup and recovery options, as well as the ability to wipe the phone if it’s lost. The phone makers really need to fix the probelms, but in the meantime Flexilis can provide a quick response.

[via WSJ Digits]

Defcon 17: Badge Details Released

humanbadge

Defcon is upon us once again, and that can only mean one thing: new badge designs. Our friends over at Wired posted the picture above along with a description of this year’s new badge. Since our last post, there has been little new information released regarding the components used for the new badge. However, we now know that it utilizes a microphone and a full color LED along with the Freescale mc56f8006, an advanced digital signal processing microcontroller. [Grand], the badge designer, told Wired that while this year’s design is a bit simplified compared to last year’s design, it is not nearly as easy to hack. Just like last year, the functionality of the badge hasn’t been announced yet. We’re hoping for some kind of communicator. Be sure to check out Wired’s article if you want to see the high res pictures.

Black Hat 2009: Parking Meter Hacking

For day two of Black Hat, we sat in on on [Joe Grand], [Jacob Appelbaum], and [Chris Tarnovsky]’s study of the electronic parking meter industry. They decided to study parking meters because they are available everywhere, but rarely considered from a security perspective.

Continue reading “Black Hat 2009: Parking Meter Hacking”

Black Hat 2009: Breaking SSL With Null Characters

Update: The video of [Moxie]’s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

Continue reading “Black Hat 2009: Breaking SSL With Null Characters”

Black Hat 2009: Powerline And Optical Keysniffing

sniff

The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.

Continue reading “Black Hat 2009: Powerline And Optical Keysniffing”

Pwnie Award Nominees 2009

[youtube=http://www.youtube.com/watch?v=5pSsLnNJIa4]

The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]’s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.