Enjoying Defcon and Black Hat

defcon16badge I have been in Las Vegas since this last Tuesday attending Black Hat and Defcon security conferences. As those familiar with these events know, Black Hat is the more industry or corporate event and Defcon is really a hacker convention. There is massive overlap in attendee and some duplication in talks but there are quite a few people who come for Defcon that don’t go to Black Hat. This may partially be because Black Hat costs over $1,000 to attend (thank you, Mozilla!) and Defcon costs a little over $100.

You can see the schedule for Defcon at their site and a lot of talks will have their slides posted either their or in the forum. We did lose one talk, schedule for today, on subway card hacking in Boston for the MBTA. The presenters received an injunction to stop them (which came after we all received CDs with the slides from all presentations) on Friday. You can read about this here and here.

I’ve attended a bunch of talks on phishing, social network exploitation (including Livejournal for my friends there…), and man in the middle attacks. I particularly enjoyed Jay Beale’s talk on his tool, The Middler, which streamlines doing man in the middle attacks. For those unfamiliar, man in the middle attacks are attacks where an attacker is between two parties intercepting communications between them without their knowledge. In a common case (which Beale’s tool covers), the man in the middle can be software that is intercepting all web traffic (by pretending to be your wifi access point, for example), replacing SSL certificates for sites with its own or, more easily, just logging all of your cleartext traffic. Since a lot of sites use secure communications for logging in, it may be difficult to get someone’s password but, on most sites, communication after that is in the clear. So, I might not be able to log into your Gmail or Livejournal account as you but I can read over your shoulder as you do all of your private entries or e-mail…

I also attended a couple of sessions to do with Tor, which is one of the anonymity tools of which I am a proponent, both in general and in various ways at Mozilla. I got to see Mike Perry again, who works on the Torbutton Firefox extension, and to meet Roger Dingledine, who is one of the main forces behind Tor and their former project manager. I spent a bit of time talking to both of them outside of sessions and it was nice to get more of a chance to chat and to meet Roger in the flesh.

One area that I attended talks on that I hadn’t expected is on Cable Modems. Like many people, I have a cable modem at home (it’s Comtastic, which means it basically sucks). Even though I spend a lot of time in tech circles, with hackers, and on blogs, I had somehow missed the fact that people have been hacking cable modems for the last six or so years (and that there was a book published on it two years ago). I attended a talk on anonymous Internet access through cable modem hacking. This is basically using a cable modem with modified firmware to be able to do things like have anonymous net access or to control the upload and download speeds available to it. I also attended a talk on packet sniffing cable modem networks. I knew it was theoretically possible but hadn’t really investigated the idea. It turns out that everyone within a particular subnet on a cable network is basically sharing data and that while encryption is part of the standard for these communications, it is optional and weak. So, all of your cable modem data is either being transmitted to everyone else in your local subnode (which can have something like 200 other installations in homes) in the clear or it is being done with encryption that can be brute forced. The speaker, Guy Martin, used a cheap tv tuner card (with coax input) to pull data from a test cable network and to show how you could use a normal packet sniffer to look at the data. Not rocket science, by any means, but something that bears some thought if you use a cable modem at home, as I do.

This morning, I attended a talk by Peter Berghammer on Open Source Warfare (OSW), which I have been interested in for a few years. This is the application of open source techniques and information sharing by military groups, especially insurgents, over the last few years. Think of the evolution of IEDs in Iraq and how various decentralized groups pass information and technology (or techniques) to each other around the world. John Robb was the first person whose work I read much of on this and he maintains a blog that is pretty well known, as well as having a book out on the topic. Berghammer’s talk was fairly brief but he, I, and a few others spent most of the next hour in one of the Q&A rooms discussing OSW in more detail, which I found very informative.

For more posts about Defcon in blogs, try this search. You can also read the high quality posts on Defcon over at the Threat Level blog.

I have a couple of more talks to see and then I’ll be catching my plane back to Oakland. The last couple weeks of mostly travel have kind of wiped me out and I’m ready to be home until Burning Man in a few weeks.

Update: Mike Conner and I attended a last minute talk that showed how certain people with large amounts of net access could do a man in the middle attack on chosen portions of the Internet. They also happened to explain how Youtube was taken offline briefly back in February.