The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.
Continue reading “Black Hat 2009: Powerline And Optical Keysniffing”
The massive hacker camp Hacking at Random 2009 has extended their early bird ticket sales until April 14th. At EUR150, they’ve already managed to sell 1000 tickets. Every two years the european hacker community gathers together to hold a multiday camp that covers topics from hacking to art and politics. 2007’s CCCamp was largely the inspiration for this year’s ToorCamp. HAR2009 is looking for people to submit presentations, workshops, and lectures as well. They’re looking for entries that are very technology focused. The call for papers deadline is May 1st. The team is hosting a field day April 18th to tour the grounds with the various hacker villages that will be setting up. The main even is August 13-16 near Vierhouten, Netherlands.
With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.
The team behind 25C3 has published the first draft of this year’s schedule. The annual Chaos Communication Congress is happening December 27th to 30th in Berlin, Germany. There are plenty of interesting talks already in place. We’re spotting things we want to attend already: The conference starts off with how to solar power your gear, which is followed by open source power line communication. A TOR-based VPN, an open source BIOS, rapid prototyping, holographic techniques, and running your own GSM network are on the bill too.
We’ll have at least three Hack a Day contributors in attendance. Last year featured two of our favorite conference talks: [Drew Endy]’s Biohacking and the MiFare crypto1 RFID crack. We hope to see you there.
Notacon has just announced their first round of talk selections. The Cleveland, OH area hacker conference will be celebrating its sixth year April 16th-19th. When we attended this year we saw talks that ranged from circuit bending to the infamous TSA bagcam. Self-taught silicon designer [Jeri Ellsworth] presented on FPGA demoing. [Trixter] covered his demo archiving process. You can find a video archive of this year’s talks here.
We’re really looking forward to the conference. [SigFLUP] is already on the schedule to cover Sega Genesis development. Get your talk in soon though; they’re already handing out space to the knitters.
It looks like it’s time to update our event list. Here are some hacking related events happening through the rest of the year.
Did we miss anything?
[Zack Anderson], [RJ Ryan], and [Alessandro Chiesa] were sued by the Massachusetts Bay Transit Authority for an alleged violation of the Computer Fraud and Abuse Act after copies of their presentation slides were circulated at Defcon 16. The slides give an eye widening glimpse into the massive security holes present in the Boston subway system. There are at least 4 major security flaws in the subway, which allowed them to get free subway rides by finding unlocked, back door routes into the subway, spoofing magnetic and RFID cards, and attacking the MTBA’s network. Judge Douglas P. Woodlock has issued a gag order, stopping the trio from giving the presentation at Defcon or disclosing sensitive information for ten days. However, the MIT school newspaper, The Tech, has published a PDF of the slides online. The research culminated in the trio warcarting the MTBA’s headquarters and being driven off by police.
