The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.
Continue reading “Black Hat 2009: Powerline and optical keysniffing”
Annual hacker conference LayerOne will be held May 23-24th in Anaheim, CA. They’ve completed the speaker lineup and have quite a few interesting talks. [David Bryan] Will be focusing on practical hacking with the GNU Radio. It’s a software defined radio that we’ve covered in the past for GSM cracking. [Datagram] will present lockpicking forensics. While lockingpicking isn’t as obvious as brute force entry, it still leaves behind evidence. He’s launched lockpickingforensics.com as a companion to this talk. LayerOne is definitely worth checking out if you’re in the Los Angeles area.
The massive hacker camp Hacking at Random 2009 has extended their early bird ticket sales until April 14th. At EUR150, they’ve already managed to sell 1000 tickets. Every two years the european hacker community gathers together to hold a multiday camp that covers topics from hacking to art and politics. 2007’s CCCamp was largely the inspiration for this year’s ToorCamp. HAR2009 is looking for people to submit presentations, workshops, and lectures as well. They’re looking for entries that are very technology focused. The call for papers deadline is May 1st. The team is hosting a field day April 18th to tour the grounds with the various hacker villages that will be setting up. The main even is August 13-16 near Vierhouten, Netherlands.
We’ve been watching and waiting intently as ToorCamp comes together. It’s a four day hacker conference that will be held in a Washington state missile silo July 2nd-5th. While we’re excited about this debut event, its success depends entirely on those presenting. The call for papers is currently open and they’ve got a number of formats available: 20 and 50 minute talks and 1 and 2 day workshops. They’re also looking for people to organize campsites and are offering discounts for groups. We’re encouraging you to submit your talk since we’d love to see more hardware talks. You can follow @ToorCamp announcements on Twitter.
Notorious hacker conference Defcon has just published their Call for Papers. The 17th annual event will happen July 30th through August 2nd. Most of the announcement is the same boilerplate they’ve included for the past two years. Like last year, they’re not defining the specific speaking track themes and will come up with them based on submissions. New for this year is a half-day of workshops on the Thursday before Defcon for anyone that’s showing up early. This pre-con event is targeted at newbies. It certainly sounds like an interesting way to ease into Defcon instead of the usual delays and fire marshals. We’ve been attending every year since 2005 and love seeing new things. You should definitely consider presenting this year (we want to see more hardware!).
A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.
Continue reading “25C3: Hackers completely break SSL using 200 PS3s”
With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.