[PANEL] Abusing 802.11 - Weaknesses in Wireless LAN's
Panel will discuss network detection, protocol-level vulnerabilities in all the 802.11 families, new techniques for defeating WEP, vulnerabilities in WPA/802.11i, and detecting attacks against 802.11 networks. Other topics will be driven by questions from the audience.
Abaddon (AirJack author)
Dragorn (Kismet author)
Anton Rager (WEPCrack, IKECrack, WEPWedgie author)
Joshua Wright (SANS speaker, WLAN IDS researcher)
h1kari (BSD-Airtools author)
Partner / Principal Security Technologist SunStorm Security Group, Former Principal, Security Technologies, Napster, Inc.
CEO, Madscientest Foundation and Former VP of Operations, Napster, Inc.
Tension Structure Films
Director, LiveHives: theBuzz @ theBarricades
CEO, SunStorm Security Group and Security Infrastructure Consultant to Napster, Inc.
[PANEL] After Napster: The Inevitable Ascent of Peer-to-Peer Networks, LiveHives, Smart Mobs and Massive Subscription File-Sharing Services
From Napster to the current emerging techno-social phenomena of livehives and smart mobs, the evolution of peer-to-peer networks is exhibiting an exponential profligacy both in use and popularity, and actually influencing the evolution of human social interaction on both a local and a global scale.
Beginning with Napster, the popular Internet file sharing software created in 1999 by Shawn Fanning, arguably a revolution has taken place.
Napster was at the forefront of the one of the most important electronic debates of the 20th centurys fin-de-siecle: DMCA and various attendant copyright debates.
However, the perhaps the most important role that Napster played was as a proof of concept on a grand scale (98 million globally at its peak) of the power of peer-to-peer communications.
Wireless data communication devices have screamed onto the networking scene in and may be poised to revolutionize social intercourse. Blogger journos can instantly upload text, audio, and video to their weblogs from the scene of breaking news events. With conventional cellular telephones tactical organization of crowds, smart mobs, can be coordinated in political actions.. The newest breed of communication technologies can document in real-time documentation of an event without the need to rely on traditional media reports.
In proof of concept exercises, recent anti-war protests have utilized livehive and smart mob technologies to out flank police actions and effectively shut down city centers and targeted economic targets. After Napster will follow the evolution of peer-to-peer networks and their evolution as social communities of affording a new level of global awareness and action.
Leia Amidon is currently Partner and Principal Security Technologist for SunStorm Security Group located in the Washington D.C. area. Ms. Amidon lives and works from her west cost office in San Francisco.
Ms. Amidons has served as Principal, Security Technologies for Napster, Inc., and Principal Security Technologist at Logictier, an Internet infrastructure company, and the Official Internet Operations Sponsors and Supplier for the 2002 Salt Lake City Olympic Games.
Her responsibilities have included security architecture analysis and development, and evaluation and deployment of emerging security technologies and strategies.
Ms. Amidon has accrued over 10 years of expertise in consultancy, architecture, audit, intrusion detection, penetration testing, and vulnerability analysis. Other related skills include knowledgeable and adept public speaker and corporate presenter, curricula developer, and classroom trainer in subject matter specific to information security.
She has acted as a Senior Consultant at GTEI/BBN, a Principal Security Architect at Axent Technologies, and as a Senior Engineer at Barclays Global Investors.
Ms. Amidon was also a founding partner in several Bay Area Internet businesses.
In her career prior to information security practice, Ms. Amidon taught curricula at the Aspen Leaves Foundation, and worked in Television Production for Grass Roots Network, both located in Aspen, Colorado. She has also worked as a Recording Studio Manager, at Golden Sound Studios, in Hollywood, California.
Ms. Amidon began her professional career in radio, as a talk show host and Director of Public Affairs of WIBM/WHFI. She held her first position, at the age of 14, as a radio talk show host in Jackson, Michigan.
Revolutionizing Operating System Fingerprinting
Xprobe is an active operating system fingerprinting tool, which was officially released two years ago at the Blackhat briefings USA 2001. The first version of the tool was a proof of concept for the methods introduced in the ICMP Usage in Scanning project, which I have conducted. Two years after, and several versions later (mainly Xprobe2 v0.1 release), this talk would examine several issues with operating system fingerprinting we (Fyodor Yarochkin and myself) have encountered during the development of Xprobe and Xprobe2.
Mainly the talk will explain why traditional operating system fingerprinting methods suffer from a number of caveats, and how these issues directly affects the results different operating system fingerprinting tools relying on these methods produce (these issues will be explained along with different examples).
During the talk I will introduce several advancements in the field of operating system fingerprinting. The methods introduced greatly enhance the accuracy of operating system fingerprinting. Several new ways to gather information about a host OS will be uncovered along with ways to overcome many of the current issues of active operating system fingerprinting methods.
During the talk examples will be given, and the audience will be encouraged to participate in a discussion.
A paper release, and a new version of Xprobe2 will accommodate the talk.
Ofir Arkin is the founder of the Sys-Security Group, a non-biased computer security research and consultancy body.
Armed with extensive knowledge in the information security field, Ofir Arkin has worked as a consultant for several major European finance institutes were he played the role of Chief Security Architect and Senior Security Architect. In his role as Senior Security Architect, Ofir was responsible for assessing the future external and inter-bank IP communication security architecture for one of the worlds top 10 banks, analyzing the needs and solutions for an internal Single Sign-On (SSO) project for a world leading pharmaceutical company, securing the E-banking project for a leading Swiss bank, etc.. Ofir also acted as Chief Security Architect for a 4th generation telecom company, where he designed the overall security architecture for the company.
Ofir has published several papers as well as articles and advisories. The most known papers he has published are Etherleak: Ethernet frame padding information leakage, Security Risk Factors with IP Telephony based Networks, the ICMP Usage in Scanning research paper, xprobe2 (tool and paper), The Cisco IP Phones Compromise, and Trace-Back. He is currently conducting research on a number of TCP/IP protocols as well as Voice over IP. Ofirs research has been mentioned in a number of professional computer security magazines.
Ofir is an active member with the Honeynet project and participated in writing the Honeynets team book, Know Your Enemy published by Addison-Wesley.
||Government IP_TAPPING: Vendors & Techniques
Jaya Baloo (CCNP, CISSP) has been working in InfoSec for 5 years, starting at Unisource in The Netherlands. After moving to KPN Telecom, she has worked internationally for the Dutch Telecom Operator in Namibia, Egypt, Germany, and Costa Rica designing secure IP infrastructures for national operators. More recently she has worked in Prague for Czech Telecom on Lawful Interception.
Information Security Consultant
Self-Abuse For Smarter Log Monitoring
Your Unix-based webserver has logs, and you know you should be keeping an eye on them. But what should you be looking for? Would you recognize an attack even if you saw one? What sort of automated log-watchers are available, and what if you need to tell *those* what to look for?
Attacking your own system while scanning its logs is a quick way to learn what anamolous log activity looks like. Plus, it's a fun excuse to run Nessus, nmap, and whisker against someone who won't call the cops on you (i.e., yourself). In my presentation I'll demonstrate this sort of productive self-abuse, using the aforemention tools plus less-glamorous but equally useful commands like telnet and wget. My groovy two-laptop demos will show both attacks and logged messages simultaneously, adding to the overall excitement.
In addition to all that, I'll discuss how to fine-tune the mechanisms that control logging, and how to use automated log-watchers such as swatch (which needs to be told what to look for) and logwatch (which doesn't necessarily).
The presentation will culminate in a challenging game of "You Be the K1d10t," in which Def Con attendees will be welcomed to take their best shot at my wireless-connected laptop, while the audience & I watch the log messages that result (or don't). Anybody who roots my box, or causes a really entertaining log message, will receive a piece of the donated junk arrayed on the stage for that purpose. (But if my box gets DoSed beyond salvage, I'll just ask some trivia questions and call it a day, so please play nice!)
This will be a fairly technical presentation. Attendees should have a
working knowledge of the Unix variant of their choice (my demo systems both run Linux), but my presentation should be comprehensible to most Unix newbies, while still being useful to intermediate and maybe even advanced users (hey, everybody knows different stuff).
Michael D. Bauer, CISSP, is Security Editor for Linux Journal, lead author of its monthly "Paranoid Penguin" security column, and an Information Security Consultant for Upstream Solutions in Minneapolis, MN. Mick's first book, "Building Secure Servers With Linux" was published by O'Reilly & Associates last October.
Locking Down Mac OS X
Apple's OS X operating system combines BSD Unix with easy-to-use Mac operating system components. This has produced an operating system that natively runs Microsoft Office, is friendly as can be finding you people with which to chat and exchange fileshares with, and yet still runs a command line! Needless to say, it could probably use some lockdown before you want to take it to Def Con, or even to the airport, with the wireless card plugged in.
The speaker has ported Bastille Linux to OS X and learned a thing or two about locking down OS X in the process. This talk will demonstrate lockdown, showing you how to harden the OS X operating system against future attack.
Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and a core participant in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat and LinuxWorld conferences, among others. A senior research scientist with the George Washington University Cyber Security Policy and Research Institute, Jay makes his living as a security consultant through Baltimore-based JJBSec, LLC.
Jay writes the Center for Internet Security's Unix host security tool, currently in use worldwide by organizations from the Fortune 500 to the Department of Defense. He maintains the Center's Linux Security benchmark document and, as a core participant in the non-profit Center's Unix team, is working with private enterprises and US agencies to develop Unix security standards for industry and government.
Aside from his CIS work, Jay has written a number of articles and book chapters on operating system security. He is a columnist for Information Security Magazine and previously wrote a number of articles for SecurityPortal.com and SecurityFocus.com. He authored the Host Lockdown chapter in 'Unix Unleashed,' served as the security author for 'Red Hat Internet Server' and co-authored 'Snort 2.0 Intrusion Detection.' Jay's currently finishing the Addison Wesley book, 'Locking Down Linux.'
Formerly, he served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution. He now works to further the goal of improving operating system security. To read Jay's past articles and learn about his past and future conference talks, take a look at his site.
The Shmoo Group
The Shmoo Group
|Airsnarf - Why 802.11b Hotspots Ain't So Hot
As wireless hotspots continue to pop up around the country, the opportunity to take advantage of the weakest point of this new networking fad becomes greater. What weak point is that? Why, the user, of course. Why sniff traffic, or crack WEP, or spoof MACs, when you can simply ASK for and easily receive usernames and passwords? Members of the Shmoo Group discuss how wireless miscreants can garner corporate or hotspot credentials the easy way: rogue access points. Additionally, a new utility will be provided to make rogue AP setups a cinch--with a twist. Little to no wireless knowledge is needed to understand how simple it is to never again pay for wireless hotspot access.
Beetle is a member of the Shmoo Group, holds a BS in Computer Science, and is a D.C.-area computer security engineer. He is CEO of a Northern Virginia WISP, Vice President of the Capital Area Wireless Network, and licensed amateur racecar driver. His war-driving setup and adventures have been covered by The Washington Times, The Baltimore Sun, and NPR.
Bruce Potter is the founder of the Shmoo Group (www.shmoo.com), and the Capital Area Wireless Network (www.cawnet.org), a community wireless network group in the Washington D.C. area. He is the author of O'Reilly's "802.11 Security" book.
Susan W. Brenner
NCR Distinguished Professor of Law and Technology, University of Dayton School of Law
Toward a Criminal Law for Cyberspace
The traditional model of law enforcement was shaped by certain assumptions about criminal activity. These assumptions derive from characteristics of real-world crime, i.e., that victim and offender must be in physical proximity, that crime is limited in scale, that physical evidence will be found at a crime scene and that crime falls into identifiable patterns. These assumptions gave rise to a hierarchically-organized model which operates on the premise that crime is localized, i.e., occurs within a specific geographical area encompassed by a single set of national laws. The traditional model, in effect, assumes the primacy of nation-states as law enforcers.
Neither these assumptions nor the premise that crime is localized apply to cybercrime; cybercrime makes nation-states irrelevant. It evades the assumptions that shaped the traditional model and, in so doing, creates significant challenges for law enforcement. It is therefore necessary to devise a new approach for dealing with cybercrime, one that takes into account the distinctive characteristics of technologically-mediated crime.
Such an approach is evolving in the cybercrime task forces established pursuant to a mandate contained in the USA PATRIOT Act. Whereas the old model emphasized law enforcements reacting to completed crime, this approach emphasizes collaboration between potential victims and law enforcement in an effort to prevent cybercime. It also emphasizes lateral, networking arrangements in which law enforcement personnel often function more as consultants than as sole investigators. Clearly, a lateral, collaborative approach is a more advantageous strategy for dealing with cybercrime.
The problem is that individuals also need to be involved if this approach is to be effective. Currently, corporations and other entities are more likely to understand the need and have the resources to partner with law enforcement in an effort to implement cybersecurity. This is not generally true of individuals, but it may be possible to use new principles of criminal liability modified rules of criminal law and imported, modified civil law rules to create incentives for individuals to participate in such an approach.
Susan W. Brenner is NCR Distinguished Professor of Law and Technology at the University of Dayton School of Law, where she teaches Criminal Law, Criminal Procedure, a Cybercrimes survey course and a Cybercrimes Seminar.
Professor Brenner has spoken at numerous conferences, including Interpols Fourth International Conference on Cybercrimes in Lyon, Interpols Fifth International Conference on Cybercrimes in Seoul, the American Bar Associations National Cybercrime Conference, the American Bar Associations 2002 Annual Conference, the National District Attorneys Associations National Conference, the National Association of Attorneys Generals cybercrime training program and the Hoover Institutions Conference on International Cooperation to Combat Cyber Crime and Terrorism, held at Stanford University. She participated in the Økokrim Conference, The Internet as the Scene of Crime, held in Oslo and is one of a group of experts assisting with the European Commission Joint Research Centres CTOSE project on electronic evidence; she also spoke on cybercrime legislation at the Ministry of the Interior of the United Arab Emirates. She is Co-Chair of the International Efforts Working Group for the American Bar Associations Privacy and Computer Crime Committee, serves on the National District Attorneys Associations Cybercrimes Committee and is Co-Chair of the National Institute of Justice - Electronic Crime Partnership Initiatives Working Group on Law & Policy. Her internationally known website, http://www.cybercrimes.net, was featured on NBC Nightly News. She has published various articles dealing with cybercrime, including Toward a Criminal Law for Cyberspace: A New Model of Law Enforcement?, __ Rutgers Computer & Technology Law Journal ___ (2003), The Emerging Consensus on Criminal Conduct in Cyberspace, 2002 UCLA J.L. & Tech, http://www.lawtechjournal.com/articles.php, Computer Searches and Seizures: Some Unresolved Issues, 9 Michigan Telecommunications & Technology Law Review 39 (2002), http://www.mttlr.org/html/voleight/brenner.PDF and The Privacy Privilege: Law Enforcement, Technology and the Constitution, 7 Journal of Technology Law and Policy 123 (2002), http://journal.law.ufl.edu/~techlaw/. She has also written chapters for several cybercrimes books.
Professor Brenner has published numerous law review articles and book chapters dealing with issues in criminal law and two books: Federal Grand Jury Practice (West 1996) and Precedent Inflation (Rutgers 1990). Her grand jury web site, http://www.udayton.edu/~grandjur, provides information on state and federal grand juries.
Before joining the University of Dayton faculty, Professor Brenner practiced with two firms--Shellow, Shellow & Glynn in Milwaukee and Silets & Martin in Chicago. She also clerked for a federal district court judge and a state court of appeals judge and is a graduate of the Indiana University (Bloomington) School of Law.
Manyonymity: PHP Distributed Encryption
Manyonymity is an advanced, self-programmed PHP Distributed Encryption web application under the GNU GPL. Manyonymity premieres at DEFCON 11 in conjunction with a self-developed, new theory of encryption: geometric transformation. Manyonymity is a customizable, easily-maintained PHP Distributed Encryption web application including verified installation, maintenance and a powerful user interface. Manyonymity allows anyone to run their own GNU GPL encryption and fingerprinting server. We'll discuss general encryption, the functionality of Manyonymity, demonstrate a sample implementation and discuss future development. Manyonymity, it's who you don't know.
Adam Bresson owns GreentreePC a Los Angeles-based on-site network consulting service. At DEFCON 8, he spoke on Palm Security. At DEFCON 9, he spoke on PHP, Data Mining & Web Security. At DEFCON 10, he spoke on Consumer Media Protections (CMP) generating considerable industry interest and press. He founded and continues to develop two early-stage Internet startups: Recommendo.com and GetAnyGame.com
Opensource Kernel Auditing and Exploitation
For a period of up to 3 months in 2002, a part-time manual security audit of the operating system kernels in Linux, FreeBSD, OpenBSD, and NetBSD was conducted.
The aims of audit were to examine the available source code, under the presumption of language implementation bugs. Thus classic programming bugs, prevalent in the implementation language [C], exemplified in integer overflows, type casting, incorrect input validation and buffer overflows etc were expected. The initial introduction to auditing examined easily accessible entry points into the kernel including the file system and the device layer. This continued to an increased coverage and scope of auditing. From this work, identification of conjectured prevalent bug classes was possible. These results are in favour of the initial expectations; that bugs would be that in line of classical language bugs.
The results of this audit are surprising; a large [more than naively expected] number of vulnerabilities were discovered. A technical summary of these vulnerabilities will be treated in detail. Bug classes and [conjectured] less secure specific subsystems in the kernel will be identified. These conjectures support the the research of Dawson Engler's work in automated bug discovery in application to open-source kernel auditing.
Vulnerabilities after bug categorisation, are applied in the treatment of exploitation. The results are again surprising; exploitation sometimes being trivial, and primarily being highly reliable. The assumptions of exploitation difficulty, is conjectured to be a false belief due to lack of any serious focus on kernel auditing prior to this paper. This conjecture is supported by in-line documentation of kernel sources indicative of immediate security flaws.
Attack vectors are identified as a generalisation of bug classes. Risk management is touched upon to reduce the scope of attack, but is not the primary purpose of this paper.
Discussion is finally that of vendor contact, and the associated politics of vulnerabilities. First hand reports of acknowledgement times, problem resolution times and public dissemination policies are presented in candid. The author may be biased at this point, but it appears that in during this audit period, open-source holds up to the promise of security concern and responsibility in its community. Problem acknowledgement in at least one of the the cases presented is perhaps the fastest in documented history (less than three minutes).
The majority of the vulnerabilities discovered during the audit, were resolved and patched in co-operation with the open-source developers and community responsible for each respective operating system. A very large thanks must go to Alan Cox, Solar Designer and later followed by Dave Miller who made enormous efforts to continually resolve all issues uncovered.
Silvio Cesare has for many years, been involved in computer security and the many talented and lesser front page individuals behind it. In 2001, Silvio relocated from Australia to France to work in the development of managed vulnerability assessment, after the best part of the previous year in Australia establishing the legal requirements to make this possible. In 2002, he relocated again to the US, after cessation of product development in France. During the last months working in the US as scanner architect of the companies flagship MVA product, he spent his part time auditing open source operating system kernels. Silvio spoke at conferences in 2002, including CanSecWest on his reverse engineering work; for which he was at one time in negotiations for authoring a book on Unix Virus. After impending legal requirements to leave the US, Silvio returned back to Australia for 2003. During the current year, he has been quietly involved in Ruxcon, an Australian computer security conference, presenting the results of the previous years part-time auditing. Silvio spends his days currently in Australia as a System Administrator outside of industry interests in computer security.
Chungs's Donut Shop
Software Designer and Donut Dipper, Chung's Donut Shop
Chief Hacking Officer and Donut Sprinkler, Chung's Donut Shop
Conceptual Developer and Dough Roller Supreme, Chung's Donut Shop
Master Donut Sen Sei, Chung's Donut Shop
The Luna Correspondence Protocol
The Luna Correspondence Protocol is an anonymous finitely improbable data dispersal and stealth security nexus. Elaborated, Luna is a protocol designed to ensure traffic travelling across the internet can't be snooped by prying eyes. Luna is the greatest and best attempt--to date--at purely anonymous and secure data transmission by commingling various techniques involving encryption, data relaying and mathematics--absolutely not security by obscurity.
By attending our presentation, the viewer will learn of our comprehensive first-class research conducted in the fields of wide data dispersal, data security and anonymity. The attentitive listner will receive free donuts (Chung's special recipe).
No esoteric knowledge is required of the listener, only a grasp of networking, as our talk is straight-forward. Data coding and math theory (discrete math) will be discussed, so appropriate knowledge is a plus, but definitely not required.
Keith Hoerling is a pragmatist currently studying at CSUF with a Computer Science major and mathematics minor, ultimately to transfer in pursuit of a doctorates degree. Financially, Keith works part-time in the private sector as a software design and security contractor with over 8 years of professionally solid experience.
Dorian Andreatte has worked as a web developer for the last 3 years using PHP, ASP and highlevel programming software. He also currently works as a web application and network systems security tester for various small to mid-size companies. He specializes in network administration as well as database programming.
Mark Wilkerson has been involved in computer security and client/server application development for nearly a decade. He has worked as a server administrator and chief security officer of several large CR based communications networks, is a contributing author to several system and network security books, and currently administers several free, public wireless networks in southern Orange County, California. He spends his days begging for change on corners and washes windows for day old donuts."
Chung San: "Chung like koi"
Managing Security Architect,
Hacking from the Palm of your Hand
Palm handhelds have become almost ubiquitous and very cheap, every month sees the announcement of yet another flavor with new and improved functions. Yet, how effective are Palms as a hacking platform?
This presentation will cover some of the existing security tools on PalmOS before focusing on the release of a new TCP-based scanner running on PalmOS capable of net recon, banner grabbing, and web vulnerability scanning. Design criteria and implementation details will be discussed, as well as a demonstration of the tool in action. The scanner will be available for download at DEFCON.
Paul Clip is a Managing Security Architect with @stake, one of the largest independent security consulting firms, where he focuses on application security. In prior lives, he has architected and secured complex web applications, researched collective intelligence, and coded demos on his Amiga 2000. When not helping clients by breaking and securing their applications, Paul likes geeking around with technology and has been doing just that on his various Palm devices for over five years. He thinks its about time he released a tool for PalmOS :-)
Electronic Frontier Foundation
|What Hackers Need to Know about Post 9/11 Legal Changes
The Bush Administration's relentless assault on freedom and privacy online and offline hit the ground running with the Patriot Act in the immediate aftermath of 9/11, but hasn't slowed since then. While the terrorist acts had absolutely no relationship to computer hacking, hackers were a clear target in the Patriot Act and subsequent developments. The changes in the legal landscape are vast and wide, but anyone interested in computer security research, whether professionally or as a hobby, should have a basic understanding of the new world order. EFF was one of the broad coalition of groups that fought the Patriot Act -- its analysis comes up first in a Google search on the law -- and continues its work opposing all of its ugly brothers, sisters, cousins and stepchildren. The talk will focus on the portions of these laws and programs that affect hackers of all hat colors, including:
- Changes in the Computer Fraud and Abuse Act
- The expanded definitions of "terrorist" and "material assistance to terrorists" and what they may mean for toolmakers
- All your logs are belong to us - the reduced provisions for subpoenas to ISPs and others who have information about you
- What reduced judicial oversight,fewer checks and balances and more sharing among various cops means in practice
- What Patriot II/DSEA holds in store
- TIA, CAPPS II and other acronyms you should know about
- How can you legally to better protect yourself and others.
Cindy Cohn is the Legal Director for the Electronic Frontier Foundation. She is responsible for overseeing the EFF's overall legal strategy. EFF has been actively involved in nearly all areas where civil liberties are impacted online. EFF has focused in the past few years on the challenge to the constitutional rights presented by recent changes and broad application of intellectual property laws, including Felten v. RIAA, Universal v. Reimerdes (2600 Magazine), Newmark v. Turner (ReplayTV is not a crime) and advising the criminal defense attorneys in U.S. v. Sklyarov. The EFF has also worked to preserve the right to anonymous speech online and continues to defend those accused of various offenses based upon their protected speech activities. In the aftermath of the attacks of September 11, 2001, EFF has returned to its roots, focusing on the issues of government surveillance and other traditional civil liberties online.
Ms. Cohn first became involved with the EFF over 7 years ago, when the EFF asked her to serve as the lead attorney in Bernstein v. Dept. of Justice, the successful federal court challenge to the U.S. export restrictions on cryptography. That case was the first to hold that source code was protected expression subject to protection under the First Amendment. The Bernstein case was one of the major catalysts for decision by the U.S. government in January, 2000, to dramatically loosen its restrictions on the export of encryption software.
Assistant Professor of Computer Science,
United States Military Academy
Interface Design of Hacking Tools
Publicly available computer security tools are often great works of
technological expertise. A great deal of effort goes into the technical implementation, often at the expense of the user interface and overall user experience. Designed for all levels of expertise, this talk explores common user interface design techniques that will put a usable front end on computer security tools. A variety of tools will be examined and critiqued to illustrate and reinforce these techniques. Attendees will leave with an increased understanding of user interface and user experience design that they can apply to their own development projects to make them more effective.
Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a Masters Degree in Computer Science from Johns Hopkins University and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, interface design and information warfare. Greg has worked at a variety of military intelligence assignments specializing in Signals Intelligence. Currently he is on a Department of Defense Fellowship and is working on his PhD in Computer Science at Georgia Tech. He is
conducting research into Denial of Information Attacks.
|Social Engineering Fundamentals
This presentation will tell you about how social engineering and its fundamentals come into play with an attack on a network, person or company. It will inform people on how to prevent these attacks and how to tell if a person is being attacked
Alex, AKA Criticalmass, handles security consulting for Textbox Networks on the social side, utilizing numerous methods of attack from a social and physical standpoint.
Rob, AKA Phantasm, handles the majority of Unix and Linux security research for Textbox Networks. Most of his time is spent taking care of Security Consulting of Unix machines in PA. Also published in 19:4 of 2600 for Dumpster Diving.
Matt, AKA 404, works with thin client and mobile computing security research for Textbox Networks. The majority of Matt's time is spent doing consulting in South Florida.
||More Embedded Systems
The talk focuses on more embedded systems - this time, looking into the mobile world of GSM as well. How can the infrastructures and protocols in the Internet enabled GSM world be used for attacks? This session will give you an introduction to the concepts of WAP and GPRS. Equiped with this knowledge, some interesting applications of these protocols will be presented. Of course, it also covers some funny things you can do with (against) mobile phones. The second part will show you the latest advancements in Cisco IOS exploitation. While Phenoelit showed you last year that it can be done, we will go on and show you this year that it can be done better, more reliable and more elegant.
FX of Phenoelit is the leader of the German Phenoelit group. His and the group's primary interests are in security implementations and implications of standards or less-known protocols, as shown on past DefCon conventions. FX works as a Security Solution Consultant at n.runs GmbH.
Embedded Reverse Engineering: Cracking Mobile Binaries
The embedded mobile market is headed for a day of reckoning when it will become the target of virus/trojan writers. To prepare for this, security experts must understand reverse-engineering fundamentals, as they apply to the pocket PC device, so they can research, investigate and understand the impact of malware and how to prevent it from spreading.
Unfortunately, when it comes to understanding malware for the PPC environment, there is little guidance. The only exception to this is ironically found in the backyard of same people who would write the destructive code. What we are talking about is the reverse-engineering of software protection schemes.
As a result, this talk will focus on the security protection schemes built into PocketPC software, and how these protections are circumvented. Using the same tricks, tools, and techniques that crackers use to bypass anti-piracy schemes, we will demonstrate first hand how these programs are cracked using a simple 'crackme' serial validation program as an example. We will start with a discussion on the hardware environment and reverse-engineering fundamentals to provide a background and foundation for the core of the talk; a step-by-step demonstration on how to crack a real program.
Seth Fogie has co-authored three security books, the latest of which (Maximum Wireless Security) has topped the best seller list for wireless security books. He is currently the VP of Airscanner, an up and coming wireless security software company. In addition, Seth also co-hosts InformIT.com's security section, where he both manages and writes articles and book reviews for Pearson's authors.
Advanced Network Reconnaissance Techniques
Fyodor will present real-life examples of common network and firewall configurations, then demonstrate practical techniques for exploring and mapping those networks. He will cover IDS evasion, "phantom ports", advanced ping sweeps, firewall circumvention, DNS hackery, IPv6, and more using his free Nmap scanner and many other Open Source tools.
Fyodor authored the popular Nmap Security Scanner, which was named security tool of the year by Linux Journal, Info World, and the Codetalker Digest. He also maintains the Insecure.Org security resource site and has authored seminal papers detailing techniques for stealth portscanning, remote operating system detection via TCP/IP stack fingerprinting, and the IPID Idle Scan. He is a member of the Honeynet project, a co-author of "Know Your Enemy: Honeynets", and a frequent speaker at conferences such as Defcon, CanSecWest, and OSDEM. He can be reached at fyodor<a>insecure.org or approached as he stumbles out of the Alexis bar most Defcon evenings.
Chief Technology Officer, Twingo Systems
Hack Any Website
This session will learn how you can hack any website whatever its protection. The most basic and simple attack against a website is to change the content of one of its pages. When trying to attack a website, one first thinks to attack the web server. But attacking the client could be easier and more powerful. This is what you will see during this session. In one hour, you will understand how to take the full control of Internet Explorer 4.x and above and modify on-the-fly the content of any HTML page before it is rendered.
Gregoire Gentil, 30 years old, has been the founder of three software companies, the last one focusing on security for the untrusted computer (self-service computer in a cyber-cafe, home computer, ...). Gregoire Gentil has also been a consultant at McKinsey Company. He has audited highly complex IT architectures and organizations of banks, and has participated to the re-organization of the IT department of the #1 European insurance company. Gregoire Gentil has more than twelve years of experience in different languages including C/C++. Gregoire Gentil was born in Paris but now lives in California. Gregoire Gentil has graduated from Ecole Polytechnique in France, and holds a Master of Science from Stanford University.
Vice President of Research & Developmeny,
Palmtops are going in power and popularity. How is the security on these devices and what can be easily bypassed. We will look at the HP 5455 , the pinnacle of Palmtop security and see how easily it's biometric security can be overcome. We will also cover basic security holes present in all palmtops - regardless of model.
Bryan Glancey is the Vice President of Research & Development for Mobile Armor.
Mr. Glancey was formerly Vice President of Sales Engineering for Pointsec Mobile Technologies, a leader in Mobile Device Security software. He has led implementations of Enterprise security solutions at companies including Cisco Systems, CitiGroup, and Bank of America.
Mr. Glanceys innovative security ideas have led to two patent pending software security solutions for Pointsec. He has spoken extensively on information security at conferences including The Internet Security Conference (TISC), SANS (System Audit Network Security), Defcon, and PDA World.
Mr. Glancey holds a Bachelors Degree in Physics from Clarkson University where he participated in research studies for the National Science Foundation, the US Air Force, and NASA.
OSI Layer 1 Security
In today's corporate environment electronic physical security is a serious business. Every corporation has some form of access control and/or cctv system in place. There are only three really important questions to ask about it. Does it do what it's designed to do? Was is designed to do what it needs to do? WHO'S RESPONSIBLE AT THE END OF THE DAY?
This presentation will:
- A. Give in depth explanation of the different technologies used in
Access Control and CCTV today.
B. Give an overview of general system designs.
C. Give the most common security flaws that are existing today.
Michael D. Glasser is currently employed as a Security Consultant in the New York Tri-State Area. He consults primarily on electronic physical security, as well as more conventional locking systems.
Glasser has been in the security industry for more then 10 years. He started as a technician in the field installing electronic security, and brodened his technical knowledge to cover all electronic and conventional security systems.
Glasser is Licensed by New York State and a Burglar and Fire Alarm Installer, Certified as a Locksmith, and has numerous electronic security certifications. He is a an active member of many local, state and national associations. He teaches classes on electronic security in the New York Area.
Prior speaking engagements of this type have been at both the DefCon series of conferences and at the 2600 sponsored HOPE conferences.
Glasser can be contacted at mglasser<a>setec.org
Assistant Professor of Law, Marquette University Law School in Milwaukee, WI
Criminal Copyright Infringement and Warez Trading
This talk will discuss criminal copyright infringement and how it applies to warez trading. We will discuss what is legal and what isnt, who has been prosecuted, why they were prosecuted and what happened to them, and why the law is bad policy. You should expect to leave the talk more knowledgeable about what activities are criminal and how great or small the risks are.
Eric Goldman is an assistant professor of law at Marquette University Law School in Milwaukee, WI, where he teaches cyberlaw, intellectual property and legal ethics. He has taught cyberlaw since 1995-96 and has authored dozens of articles and given dozens of speeches relating to Internet law issues. His article, A Road to No Warez: the Paradigm Misstep of the No Electronic Theft Act, will be published this year. Prior to joining the Marquette faculty, he was General Counsel of Epinions.com and, before that, a technology transactions attorney at Cooley Godward LLP.
Dumpster Diving: One man's trash...
There are few things that yield more information about an individual or organization than their very own trash. This simple fact can be both fun and frightening depending upon which side of the fence you're on. Practiced by hackers for countless years, the act of Dumpster Diving has been an essential tool in the hackers toolkit; and an often overlooked area of an organizations security policies.
This speech will cover but not be limited to:
- Who are Dumpster Divers? What it is, and why they do it.
- What to wear and take with you when Dumpster Diving.
- Basic Rules to follow to stay safe and within the law.
- What to do if approached by the authorities.
- Areas to dive and not to dive.
- Interesting and Humorous Anecdotes.
- Protecting your privacy or the privacy of your organization.
Grifter has been involved in the scene for over a decade and currently runs 2600SLC, the Salt Lake City 2600 meeting, where he often lectures on a range of security related topics. He has been published in numerous online and print publications and has previously been a speaker at Defcon. He has also been the subject of several interviews for various online, print, and television pieces regarding different areas of the hacker culture over the last several years. He is also a Defcon Goon and primary organizer of the Defcon Scavenger Hunt and Defcon Movie Channel.
Owner/DJ of Detroit Industrial Underground, Spokeperson for Webcaster Alliance
Owner of Gabriel Media and President of Webcaster Alliance
Internet Radio Politics: A Tale Of Betrayal And Hope
A summary of the current legal state of internet radio. How the RIAA, a group of popular commercial webcasters, and Congress conspired to betray smaller webcasters, in an attempt to eliminate the majority of stations broadcasting on the internet. We will compare the philosophies of those who see internet radio as just another mass medium to be controlled and consolidated into as few stations as possible, and those who want to maintain a large number of stations with a rich variety of programming, and how these groups are fighting to influence the public, Congress, and the media. We'll close with a look at the future of internet radio, and outline the Webcaster Alliance's strategy to break the RIAA's hold over this new medium.
Brian Hurley runs Detroit Industrial Underground, an internet radio station which plays industrial and electronica genres. DIU has been broadcating since February of 1999. The station features music by independent artists, with an emphasis on Michigan based bands. Hurley has been active in the internet radio community since DIU started brodcasting, and has participated in Castercon 2000, and spoke at Rubi-con 5 on internet radio politics. He is one of most politically active hobbyist webcasters, and has been quoted in several publications on the subject.
He is an officer in the Detroit Electronica Coalition, and an active member of the Motor City Music Foundation Advisory Board. The MCMF produces the annual Detroit Music Awards.
Ann Gabriel is President of the Webcaster Alliance, and CEO and founder of Gabriel Media, Inc. She has been producing streaming media events since 1998. She has hosted numerous technological and entertainment-related webcasting events including annual events such as CES, COMDEX, Networld+Interop and NAB.
Gabriel Media provides complete, end to end webcasting solutions and leads the Industry in the production of live, on-location broadcast events. Gabriel Media also specializes in public relations, marketing and promotional tools and services tailored for the entire webcasting community.
Hurley and Gabriel broke the story of how HR 5469 turned from a bill to help the entire webcasting community, into something written by the RIAA to benefit itself and a select few webcasters.
The WorldWide WarDrive: The Myths, The Misconceptions, The Truth, The Future
The WorldWide WarDrive is an effort by security professionals and hobbyists to generate awareness of the need by individual users and companies to secure their access points. The goal of the WorldWide WarDrive (or WWWD) is to provide a statistical analysis of the many access points that are currently deployed.
Roamer will discuss the origin of the project, many of the difficulties the project has run into with the press and "other entities", the truth behind the goals of the project and the direction the project is moving in the future. Also, the full statistical analysis and results of the Third WorldWide WarDrive will be revealed for the first time.
Chris Hurley (aka Roamer) is a Principal Information Security Engineer working in the Washington DC area. Primarily focusing his efforts on vulnerability assessments, he also performs penetration testing, forensics and incident response operations on both wired and wireless networks. He has spoken at several security conferences, been published in numerous online and print publications, and been the subject of several interviews and stories regarding the WorldWide WarDrive. He has worked as a DefCon Goon for the past four years and is the primary organizer of the DefCon WarDriving Contest.
Why Anomaly Based Intrusion Detection Systems Are A Hackers Best Friend
The security market is booming. New types of tools are emerging all the time with promises of being able to protect networks better than the last generation.The newest trend is anomly based intrusion detection systems.These systems claim the ability to detect new types of attacks before comprable signature based systems while being able to scale to higher network speeds. Are these claims true? Will these systems be the silver bullet to protectthe clueless? Are these tools any better than the other script kiddie prevention tools? This talk will answer these questions and more.
New and improved Icer 3.1.4 is smarter and faster than the previous versions. He's more l33t than ever and his skill at breaking security tools is best. Not to mention he knows 20 ways to make the ladies call him Big Daddy.
Icer exists in a world beyond your world. What we only fantasize, he does. He lives in Atlanta, where nothing is beyond him, including ripping quotes from bad movies and consuming large amounts of guinness at the Highlander. Icer is still amazed Martin Sargent answers emails.
Credit Card Networks 101: What They Are, and How to Secure Them
Credit card networks have grown into a viable and necessary asset in large transaction based businesses. Are these networks protected? Are there formal security measures to protect these packets from external, and internal threats? Most network administrators, controllers (CFO) and CIO's are not even aware of credit card's flow or existence on a network. Further some over protect their switched network, disabling these systems from working correctly. One needs to have knowledge of these networks, know the possible exploits, and how to secure them.
Robert Imhoff S4SE*: has worked in the computer security industry for over 4 years, focusing his more recent in the credit card technology sector. He has worked with large credit card networks ranging from Casino and Hotel to Internet based e-commerce world wide. He currently works for a major eTransaction solutions provider servicing these type of major clients on a day to day bases. He is currently working on a "global solutions" project to help streamline the processes of integrating these networks security in cooperate LAN/MAN/WAN topology's.
nmrcOS provides a secure environment for the modern hacker-type to call home, which would help protect the privacy and security of the users of the system. In addition, it provides a portable working environment for the hacker on the go easy loading on simple hardware, no-nonsense command-line for uber control, yet usable by most people out of the box.
Discussion will focus on the history of the project and current design choices. Details on how to develop for the system will also be presented. Presentation includes demonstration of installation and configuration.
Inertia can neither confirm nor deny that he/she is a member of the Nomad Mobile Research Centre, an international group of hackers that explore technology. Further, it cannot be determined if he/she is co-author of ncrypt, a secure encryption tool. It is unknown whether Inertia's latest project involves the development of nmrcOS, the official NMRC distribution of Linux.
Senior Security Consultant,
Stack Black Ops: New Concepts for Network Manipulation
What can your network do? You might be surprised. Layer by layer, this talk will examine previously undocumented and unrealized potential within modern data networks. We will discuss aspects of the newest versions of scanrand, a very high speed port scanner, and the rest of the Paketto Keiretsu. Interesting new techniques will also discussed, including:
- Bandwidth Brokering - a technique that allows market-based load balancing across administrative boundries using existing TCP protocols
- DHCP-less Bootstrapping - a sub-optimal but effective strategy for bootstrapping network access for hosts that cannot directly acquire a DHCP lease
- State Reconstruction - a design model that allows stateless network scanners (such as scanrand) to acquire deep knowledge about scanned hosts
- Multihomed Node Detection - a simple set of techniques that expose firewalled hosts with alternate paths to an unfirewalled network link.
- Generic ActiveX Encapsulation - a step-by-step methodology for safely launching arbitrary win32 tools (such as putty or a Cygwin OpenSSH environment) from a web page
We will also be discussing significant advances in data visualization, made necessary by the sometimes daunting amount of raw information these sorts of tools can expose one to.
Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems, and he is best known for his work on the ultra-fast port scanner scanrand, part of the "Paketto Keiretsu", a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. He authored the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he founded the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. Dan is based in Silicon Valley.
||Fashonably Late - What Your Networks RTT Says About Itself
In this session, we will explore network fingerprinting through the use of high-frequency active probes to determine the network's delay. We will also discuss how signal analysis techniques on those delay measurements can be employed to characterize a network's performance and configuration. Using examples from a real-world enterprise network, various layer-1 and layer-2 features will be exposed including: a router or switch's queuing behavior, evidence of unrelated cross-traffic, and the presence of a configured monitoring or "span" port, perhaps indicating the presence of an eavesdropper.
Tony Kapela still has too much time on his hands. He's spoken at the past two Defcons with Adam Shand and Bruce Potter on various wireless network topics, and was a pannelist at Rubicon 5.
Currently He is spending time volunteering in a network research lab at the University Of Wisconsin, Madison, and does freelance network engineering & RF system design.
For balance, Tony often climbs radio towers (it's not really work, is it?) and hones his skills at bass guitar and percussion performance.
Information Leakage --- You posted what?!
If information is power, they why are so many organizations willing to give away this power? Are they are not aware of the risk to their network by posting network diagrams on the Internet? Or to staff, by posting the CEOs home addresses, wife and kids names on their website? Or to the organizations financial wellbeing by leave their financial transactions zipped on their company ftp server?
The focus of this presentation will show the ways organizations release information both intentionally and non-intentionally.
Joe Klein, CISSP has been involved in IT security since 1988. During that time he has performed many Competitive Intelligence studies and consulted on protecting against Information Leakage. Over the years he has been a Security Engineer and Chief Security Officer in various companys in the southeast US. He currently is Sr. Security Consultant at Avaya Corporation.
Co-founder of the Internet
Author, Privacy Advocate
At Risk! Privacy: Homeland's Rights To Take It Away And The Hacker As A Hero To Restore Privacy Via Code To Protect The Every Day User
Leonard Kleinrock <http://ttivanguard.com>, co-creator of the Internet and Sally <http://sallyrichards.com>, author and privacy advocate, talk about the past present and future of privacy and civil rights and how they pertain to the next wave of technology -- keeping your data safe from both government agencies and commercial entities leveraging your info for Big Brother and commercial uses? Will this next level of technology to block Big Brother be illegal and the technologists developing it be jailed for some government infringement of national security? Where will the code heroes of tomorrow come from? And how will they be able to leverage their code into commerce?
Lenard Kleinrock, Co-founder of the Internet
Dr. Leonard Kleinrock is a world-renowned figure in computer networking. He is the founder of Technology Transfer Institute (TTI), Linkabit Corporation, and Nomadix, Inc. Dr. Kleinrock is considered one of the fathers of the Internet, having been the first to develop the underlying principles of packet switching. A professor of Computer Science at UCLA, Len has always worked at the frontier of new technology; his current interests include nomadic computing, self-organizing networks and gigabit networks. He is the recipient of numerous honors and awards, including the L.M. Ericsson Prize, the Marconi International Fellowship Award, and the National Academy of Engineering's Draper Prize. Len has written six books and over 225 professional papers, and is an internationally recognized speaker for business and technical audiences on the future of computing, communications and the Internet.
Sally Richards,Author, Privacy Advocate
Sally Richards is an international Journalist and author who speaks out about technologists' civil rights to create technology and the users' rights to use technology -- as well as the privacy issues that have arisen out of 9/11 and Homeland insecurity. Her last book, FutureNet (John Wiley & Sons, 2002) addresses the past, present and future of the Internet as told by its creators and visionaries and features Len Kleinrock, John Perry Barlow, Dimitry Sklyarov, Phil Zimmermann and others fighting the good fight. The increased traffic on Sally's site www.http://sallyrichards.com by .gov, .mil <her increasing hits from NIPR since she spoke out in favor of Dimitry Sklyarov's favor and against the DOJ on CNN have been staggering as of late> and strange IP addresses from other government agencies throughout the world caused Sally to dig even deeper to increase her work against government agencies working toward removing civil rights and forcing technology guidelines. Sally is currently in Vegas working on her latest book describing what is going on so people can do something about it instead of having to defend to their grandchildren why they let civil rights we already had slip through our fingers. She is also the Managing Editor of the Las Vegas Business Press.
HavenCo: What Really Happened
HavenCo, an attempt at creating an offshore data haven, was launched in 2000 by a small team of cypherpunks and pro-liberty idealists.
During 2002, the Sealand Government decided they were uncomfortable with their legal and PR exposure due to HavenCo, particularly in the post-DMCA and post-911 world, and regulated, then took over the remains of the business, forcing the remaining founders out. While HavenCo continues to serve a small number of customers, it no longer is a data haven, and has exposed the ultimate flaw in relying on a single physical location in one's quest for privacy.
Ryan Lackey was with HavenCo from inception until late 2002, and will tell exactly what happened (not the PR-friendly whitewashed version) from day one until the end, what lessons were learned, and how similar goals can be achieved in the future by motivated individuals and groups.
Watching the Watchers: Target Exploitation via Public Search Engines
In today's world of all-knowing, all-seeing search engines, it should come as no surprise that very sensitive information lies in the deep recesses of big search engines' data banks.
What may come as a surprise, however, is just how much of a search engine's collected data exposes security flaws and vulnerabilities about the crawled sites. In some cases, even after a security hole is fixed, a search engine may cache data about that vulnerability, providing information about other avenues of attack. This process of "watching the watchers" is not theoretical. It happens, and it happens daily.
This session demonstrates the technique of crawling one of the most popular search engines for security vulnerabilities on one or many targets simultaneously.
Sample information will be extracted about various friendly targets without sending any data or packets to the intended targets, leaving those targets completely unawares.
A database of hundreds of vulnerabilities (and growing) will be uncovered and presented to the participants, as well as an automated tool which can be used to scan search engines for vulnerabilities on participant's hosts and networks.
A little-known research page has been started with working examples of this technique applied to one popular public search engine. See http://johnny.ihackstuff.com/security/googleDorks.shtml for details.
This presentation (especially when presented in conjunction with a live internet feed) is not only informative and eye-opening, but both refreshingly fun and amazing to watch. Most participants will have a great deal of familiarity with the search engines presented and will be delighted (and rightfully concerned) to see them operating in a manner they were not designed for. Solutions for remedying and controlling this amusing (yet very serious) vulnerability will also be discussed.
Johnny Long has actively explored both sides of the computer security fence, but since the grass was greener with a paycheck as a security professional, he now opts to spend his time as one of the good guys.
Johnny did not develop his skills within the hallowed halls of higher learning but rather by spending way too many late nights huddled in front of his computer, developing his anti-social tendencies.
Although Johnny finds it ironic that he is often asked to speak before large groups of intelligent, educated and highly technical security people, he has found his niche within the world of intelligent and highly technical security people.
Mr Long has previously presented at SANS and other computer security conferences nationwide. In addition, Mr Long has presented before several government entities including NSA, NASA, FBI, DOJ, AFOSI, AFIWC, DOE, US, canadian and Australian DOD, DCITP, DCFL, and the US ARMY. During his career as an attack and penetration specialist, Mr Long has performed active network and physical security assessments for hundreds of government and commercial clients."
White Oak Labs
Intrusion Prevention Techniques on Windows and Unix
What exactly is intrusion prevention and why the heck should we care? This talk surveys some of the common features of Intrusion Prevention systems, largely constrained by architectural layering of Windows and Unix kernels We then look at a case study of intrusion prevention and discuss how it differs from IDS, Firewall, AV, and others.
Rich Murphey was a founding core team member of FreeBSD and Xfree86. He received a PhD in Electrical and Computer Engineering from Rice University, was on the Faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies. He is currently Chief Scientist at White Oak Labs in Houston, Texas.
Mimicry is the ability to survive by mimicking your surroundings. In 1996 a book named Disappearing Cryptography by Peter Wayner was published and with it proof of concept code called the mimic functions that allow for encrypted data to be hidden in innocent looking text. This allows for encrypted data to be passed through networks undetected by filters looking for anything out of the ordinary. This talk will include an introduction to how the mimic functions do what they do and will also be an introduction to a tool called ircMimic that uses the mimic functions to hide data in an IRC conversation.
Mystic is a poetic coder and a self described "creative hacker".
Network Security Officer,
University of Chicago
Today's Modern Network Killing Robot
Today's Modern Network Killing Robot will give an overview on the new generation of DDOS tools. Back in the day, a couple of large pings could take down lots of machines. When those techniques stopped being effective means of taking down networks, people started writing DDOS programs. These programs required a little bit of manual work to install, but were effective at taking down large networks for a while. This generation of DDOS tools were made famous in the media by DDOS'ing famous websites for hours at a time. Soon people learned to control the damage done by these tools, and so a new generation of DDOS tools were born: Ones that could infect thousands of machines automatically to create large botnets, and hide their communications in order to evade detection better than their predecessors.
These botnets are now the most effective DDOS tools in popular use today. This talk will go over the more popular botnets, such as gtbot and sdbot, and talk about how they work and some ways to spot them on your network.
There will be a demonstration of an irc botnet in action.
Viki Navratilova lost on Hacker Jeopardy when she wouldn't agree that WEP is secure. After getting her B.S. in C.S., she's bounced around various corporations in the Chicago area doing computer security, 5ESS, and Unix admin stuff. She has collected clothing with company logos from all of them. Her writings on Linux and computer security have been published in web page, magazine, newspaper, and book form.
In 2001 Viki got the Chicago Tribune to publish a map of all the open wireless networks in downtown Chicago on the front page of the Business section to go along with her article on widespread unsecured wireless networks.
Viki likes pizza and beer.
Malicious Code & Wireless Networks
With over 55,000 viruses circling the globe it is no wonder we are so paranoid about protection, but are we being paranoid enough? A new threat stands to potentially disrupt systems worldwide and cause hundreds of millions in damage.
In this presentation we will discuss current wireless trends and some of the vulnerabilities they bring. In addition we will also discuss some potential wireless threats and explore some reasons why malicious code could spread within a wireless system.
Brett L. Neilson is a network and systems engineer with a strong background in the wireless industry. He previously worked for one of the leading wireless communication companies as a Senior Systems Administrator and RF Field Technician. While there he worked to develop, deploy, and maintain their national infrastructure. Currently he is working for one of the world leaders in network security and availability solutions supporting clients for security related issues. Some of his work is currently published in two information security related books, Maximum Wireless Security & Maximum Security 4th Edition. Mr. Neilson is a member of the North Texas Infragard and is an FCC-licensed amateur radio operator. In these roles he has worked with multiple government agencies providing emergency communication assistance and coordination. Mr. Neilsons broad knowledge and experience has allowed him to be involved with many organizations; providing network and security related solutions.
Simple Nomad, Inertia, jrandom, Weasel, Cyberiad, Sioda an Cailleach, HellNbak
[PANEL] Free Your Mind: The NMRC Info/Warez
New years bring new threats. Laws such as the DMCA, PATRIOT and DSEA are threatening hackers to the core. But instead of lecturing on what the underground could be doing to counter, NMRC will lead by example and present what they have been working on for the past year. New tools, new techniques, new information, and a new operating system! All open source, all full disclosure, all with security and privacy in mind.
NMRC is an international hacker collective with an active membership of fourteen men and women. Members have worked on projects ranging from operating systems and tools development to penetration testing and forensics. By day, most members live respectable lives working or consulting within the Fortune 500 in unsuspecting IT departments. By night, they hack under cloak of anonymity in the underground community.
Aura: A Peer To Peer Reputation System
Aura is a peer-to-peer reputation system designed to create localized reputation information linked to specific users and/or systems. It can also function as a carrier of information in the form of 'recommendations'. Current research in trust metrics and reputation systems will be briefly covered, and implementation and design challenges will be discussed in greater depth.
Cat Okita has a background in sociocultural anthropology, with a focus on online communities, and working for several telco and hosting companies has led to a strong interest in social and technological networks, with a vested interest in establishing trust.
Satellite TV Technology: How It Works and What You Can Do With Different Dishes
Ever wondered what that big 10' dish in your neighbor's back yard is good for? Pondered what signals you could pick up other then subscription TV on your small dish? Let OldSkoolS walk you through the wonderful world of satellite technology.
He will quickly bring you up to speed on what the difference is between C and Ku Band, and what the different protection systems used in today's satellite communications. Tips on procuring used and new hardware will be given as well as a few legal tips. A live demonstration of hardware and software will be shown (If a view of the southern sky is provided for the satellite dish). No background knowledge of satellite TV technology or systems is needed.
OldSkoolS is an active member in several TVRO groups and has been involved in the TVRO community for years. He setup his first 10 ft. dish when he was 17 and has been an avid enthusiast in the field since. He is currently a junior at the University of Utah seeking a degree in Information Systems with an emphasis in Information Security. He is currently employed as an A/V Technician in addition to being a full-time student. OldSkoolS is also actively involved in the Salt Lake City 2600 chapter and the DC801 group.
This talk will cover the components and theory behind metamorphic engines. Also, how they create a better stealth method for viruses since it will cause the body of the virus to completely change in apperance while still containing the same functionality. This method of virus writing has gained much attention since this century, compared to it's earlier day, which include the '98 Win95/Regswap and others whose techniques have now developed into what we know as Metamorphism today.
Sean O'Toole is currently in college for Computer Science and Mathematics. I've been playing around with viruses since high school and also took an independent study on computer viruses in college. As well as the above, I've also helped institutions such as NCAR use Artificial Life Algorithms for modeling.
||Beat the Casinos At Their Own Game
Tired of having casinos take your money? Did you know that it is possible to be a long-term winner in some casino games? This presentation will cover the basic information that you need to learn about card counting, sports betting and other casino games where you can gain an advantage. The presentation will also cover casino surveillance and how to avoid detection. There will also be discussion on casino comps and other ways to take money from the casinos.
ParanoidAndroid has been an active card-counter and advantage player for more than 5 years. He has experience playing in casinos all across the country including Atlantic City and Las Vegas. He can be reached at: paranoid-android<a>hushmail.com
Founder, CyberAdversary.com, The Cyber Adversary Research Center
Director Of Research, Pentest Limited (UK)
Marcus H. Sachs
Cyber Program Director, Department Of Homeland Security; National Cyber Security Division
Adversary Characterization and Scoring Systems
Cyber adversary characterization is a topic which was conceived by the panel members along side other members of the computer security and intelligence communities in an attempt to provide an accurate way to build profiles of cyber adversaries, much like the way in which criminal psychologists profile more traditional criminals.
The characterization metrics conceived attempt provide a characterization of both theoretical adversaries, classing them based on statistics harvested from the wild and an accurate way of characterizing an adversary at an incident response level by studying the methodologies used during the attack.
The panel will begin with an introduction to the topic, followed by in depth discussion regarding the various characterization metrics and their applications; toward the end, we will be taking questions from the floor.
Marcus H. Sachs - Cyber Program Director - Department Of Homeland Security; Information Analysis and Infrastructure Protection Directorate
Marcus Sachs is the Cyber Program Director in the Information Analysis and Infrastructure Protection Directorate, US Department of Homeland Security, where he is responsible for developing the implementation plan for the President's National Strategy to Secure Cyberspace. Marc was previously the Director for Communication Infrastructure Protection in the White House Office of Cyberspace Security and was a staff member of the President's Critical Infrastructure Protection Board. Marc retired from the United States Army in 2001 after serving over 20 years as a Corps of Engineers officer. He specialized during the later half of his career in computer network operations, systems automation, and information technology. His final assignment in the Army was with the Defense Department's Joint Task Force for Computer Network Operations where he was the Senior Operations Analyst and Technical Director.
Toby Miller - www.ratingthehacker.net
Toby Miller is a independent Security Consultant. He holds a bachelor's degree in computer information systems and is currently worked towards his master's degree. Toby is a contributing author for Intrusion Signatures and Analysis and Maximum Security revision 3 and 4. Toby also publishes papers for Securityfocus and SANS. Toby has spoken at various SANS conferences. Toby is also a certified GIAC Analyst.
Tom Parker - Director Of Research - Pentest Limited (UK)
Tom Parker is one of Britain's most highly prolific security consultants. He regularly contracts with international firms to provide integral security services. Tom is well known for his vulnerability research on a wide range of platforms and commercial products, developing proof of concept code to demonstrate flaws. Whilst with GIS he played a leading role in developing key relationships between public and private sector security communities. Tom has taken part in closed door workshops on cyber adversary characterization and has furthered research into this topic under Pentest Limited, provider of security consultancy services throughout Europe. Tom is also known for his research into methodologies for secure transmission of video streams over corporate networks using satellite and multicast technology.
Matthew G. Devost - Founding Director - Terrorism Research Center
Mr. Devost is a Founding Director of the Terrorism Research Center, and currently serves as President and CEO overseeing all research, analysis, assessment, and training programs. In addition to his duties as President, Mr. Devost also provides strategic consulting services to select international governments and corporations on issues of counter-terrorism, information warfare, critical infrastructure protection, and homeland security. Mr. Devost also co-founded and serves as Executive Director of Technical Defense, Inc., a highly specialized information security consultancy.
Mr. Devost has been researching the impact of information technology on national security since 1993. Mr. Devost has provided support on Information Operations and information terrorism to the Department of Defense community, Presidential Commissions, and numerous other government, law enforcement and intelligence agencies. Mr. Devost has also provided information security consulting and intelligence analysis services to private corporations, including Fortune 500 companies and critical infrastructure owners.
Mr. Devost has appeared on CNN, MSNBC, FoxNews, NPR, CBS Radio, CBS News, BBC television, NWCN, Australian television and over four dozen other radio and television programs as an expert on terrorism and information warfare and has lectured or published for the National Defense University, the United States Intelligence and Law Enforcement Communities, the Swedish government, Georgetown University, American University, George Washington University, and a number of popular press books - magazines, academic journals and international conferences. Mr. Devost holds a B.A. degree from St. Michael's College and a Master of Arts Degree from the University of Vermont.
||Streaming Media Theft and Protection
tommEE pickles presents an 101 type approach to streaming media. He will talk about sites that host streaming media, how to leech the media off of them and how to also protect site that host streaming media.
tommEE pickles, originally from New York City, co-founded Moloch Indiustries in 1999. He his known for the Defcon Cannonball run and his passion for TiVo hacking. After getting caught doing the evil computer things, tommEE has worked for large streaming media providers while giving them solutions for streaming media security. He now resides near the beach in Los Angeles, CA were he continues to consult for streaming media companies.
||Bluetooth The Future of Wardriving
By some estimates, there are more Bluetooth radios deployed than 802.11 radios. However, Bluetooth as largely been ignored by the security community. Over the next several years, this will change dramatically as Bluetooth security tools catch up with 802.11 security tools. Bluetooth devices tend to be always-on machines that generally contain and transmit highly personalized information. Due to limitations of the platforms and interfaces that utilize Bluetooth, many developers chose to avoid implementing security mechanisms. This combination of private information and lowered security makes Bluetooth a likely candidate for attacks targeted at an individual
or simply an interesting protocol to keep voyeurs happy.
This talk will cover the basics of the Bluetooth protocol and its security mechanisms. I will discuss attacks that may be carried out against Bluetooth enabled PANs. I will compare Bluetooth and 802.11, especially from a discovery and interception point of view. Finally, I will present The Shmoo Groups new Bluetooth wardriving utility.
Bruce Potter has a broad information security background. From application security assessments to low-level smartcard analysis to wireless network deployments, Bruce has worked in both the open- and closed-source communities. Trained in computer science at the University of Alaska Fairbanks, Bruce now serves as a Senior Security Consultant for Cigital, Inc. in Dulles VA. Bruce is founder and President of Capital Area Wireless Network, a non-profit community wireless initiative based in Washington DC. In 1999 Bruce founded The Shmoo Group, an ad-hoc group of security professionals scattered throughout the world. Bruce co-authored 802.11 Security published through OReilly and Associates. He is co-authoring Mac OS X Security to be published by New Riders Publishing in May of 2003.
(aka SyS64738), founder, zone-h.org
The Future Frontiers of Hacking - UMTS Mobile Phone Platform Web Intrusions: the Best Indicator of the Vulnerable Status of the Internet
- The introduction of the UMTS mobile telephone protocol will be the last frontier for hackers. How will they act? What vulnerable points will be expolited?
- How the UMTS technology will pose a treath to our everydays lifes leading to complete loss of privacy.
- Web defacements and Internet scams.A sharp overview on trends and tecniques used by web intruders.
- Linux or Windows? Internet security myths. Zone-H, the Internet
- Internet scams are the best indicator of the vulnerable status of the average Internet users.
Roberto (36) is the founder of www.zone-h.org, the most updated website defacement/cybercirmes archive. He's also CEO of an international ITsec company active on European and former soviet countries. He has been lecturer in several ITsec security conferences as well as he has been interviewed by several printed and online newspapers/tv when it was the time to talk about cyberwar and cybercrimes. He has been over the time one of the most critic about the implementation of the new mobile phone platforms.
Corporate Defense Strategies Inc.
Technical Security Countermeasures: The Real Story Behind Sweeping for Eavesdropping Devices
As a corporate security advisor, former investigator, and TSCM technician, we will dispel the myths behing bugging and wiretapping. We will separate what tappers can and can not do (everything you see in the movies is not always true!!). What companies can do that will realistically protect themselves from eavesdropper and thereby help to protect their network, proprietary information, and intellectual property. We will explain and demonstrate the sophisticated electronic tools used by a professional sweep team, and describe what happens during the sweep process. We will demonstrate how phones are tapped in homes(analog phones), small businesses (KSU telephones systems), and larger companies (PBX systems). We will show how corporate spies attempt to infiltrate company telephone systems and ultimately compromise your network infra-structure. We show how anything purchased to detect eavesdropping from a "spy shop" will only waste your money and give you a false sense of security. We lay out the planning and execution of a successful sweep, and explain how to protect your company from threats in the future.
Jeffrey Prusan is the President of Corporate Defense Strategies Inc., a security consulting and security systems integration firm, founded in 1982, and located in Woodcliff Lake, New Jersey. Mr. Prusan has provided his services to; businesses ranging from Fortune 500 companies to small "Mom and Pop" businesses looking to protect their privacy and security. He and his company have worked and continue to provide security services for local, and county government agencies, law enforcement agencies, and the Federal Government. Mr. Prusan has a strong background in investigations and corporate security, and has successfully located, and assisted in the apprehension of a perpetrator that eluded law enforcement authorities after murdering a police officer. Mr. Prusan located and apprehended an international embezzler who had stolen $45 million dollars from his employer. Prusan was deployed by the United States Federal Government to travel to the Phillipines to conduct a fact finding mission regarding the bombing of the World Trade Center, and the bombing of a Philipine airliner bound for the United States. Jeffrey Prusan has worked with and advised law enforcement agencies on all levels as to bugs and wiretaps that were discovered as a result of Technical Security Countermeasures (TSCM) Sweeps. Mr. Prusan has performed eavesdropping detection services for offices, homes, cars, yachts, and corporate aircraft. Mr. Prusan is a member of the American Society for Industrial Security, and is listed in Who's in Who in Security. Mr. Prusan has appeared on WNBC News on numerous occasions to discuss security, privacy, and protection topics. His company has appeared in print media such as; Bergen Record newspaper, Time Magazine (August 14, 2000), and Security Management. Articles written by Jeff Prusan have appeared on MSN.com and securitydriver.com, to name only a few. Mr. Prusan has also authored articles on electronic vehicle tracking, and technical Security Countermeasures.
Hacking Web Apps
WARNING: The vulnerabilities you are about to see are real. Only the names have been changed to protect the vulnerable. Viewer discretion is advised.
Is your web application secure? Many have found out the hard way: encryption and firewalls are not enough.
Since 1996 the instructor has performed security assessments against web-based applications for Fortune 500 companies. The applications audited included consumer banking (US, Europe, and Asia), business banking, credit unions, conference & travel reservation systems, credit card applications & account access, 401K account access, stock broker transactions, and consumer telephone account access.
What were the real-world vulnerabilities encountered? Come see for yourself as this fast paced course re-enacts these hacks. See what the weaknesses were and how they were exploited.
If Fortune 500 companies made these mistakes, chances are good that they are not alone. The lessons learned will apply to web portals, e-commerce (B2B or B2C), online banking, shopping, subscription-based services, or any web-enable application.
- Watch how attackers manipulate HTTP and HTML to locate web app vulnerabilities
- See the latest hacker tools and techniques for web apps
- Demo: Real-world web app weaknesses and exploits will be demonstrated live
- The vulnerabilities demonstrated will be based on real vulnerabilities seen by the instructor while auditing customers &Mac246; only the names have been changed to protect the vulnerable.
- This presentation offers valuable insight into some subtle but serious dangers for online applications
David Rhoades is a principal consultant with Maven Security Consulting Inc. (www.mavensecurity.com), which is headquartered outside Washington DC and provides information security assurance and training services. David started his career in 1995 with Bell Communications Research (Bellcore), working in their Computer Security & Telephony Fraud Group. His work has taken him across the US and abroad to Europe and Asia where he has lectured and consulted in various areas of information security. David has a BS in Computer Engineering from the Pennsylvania State University and has taught security courses for USENIX, the SANS Institute, and the MIS Training Institute.
Security Researcher and Software Developer,
HTTP IDS Evasions Revisited
HTTP IDS evasions have been prevalent ever since the release of RFP's whisker. But what's been happening since? This presentation addresses the advancement in HTTP IDS evasions since whisker. Some of the specific topics covered will be:
- The evolution of protocol-based IDS and signature-based IDS in regards to HTTP evasions. What's the same and what's different?
- Latest and greatest obfuscations in URL Encoding (what the IDS vendors don't know). We'll go into the various types of URL encodings, how the different types of Unicode encoding really work, and new encoding types and combinations that confuse IDS HTTP decoders.
- Evasions using HTTP/1.1 protocol characteristics, in the spirit of Bob Graham's Sidestep program.
The following source code will be released to demonstrate and automate the various URL encoding methods and HTTP/1.1 protocol evasions tactics:
- Source code for automatically generating URL IDS evasions using the tactics discussed in the presentation.
- Source code for generating Unicode codepoint values on target IIS machines for further fun with URL obfuscation and evasion.
- Source code that profiles web servers for what types of evasions do and do not work against them -- hopefully this can be released.
Daniel Roelker is a security researcher and software developer for Sourcefire, Inc in Columbia, MD. His most recent projects include a new HTTP protocol decoder for the Snort IDS (soon to be released) and his work on the Snort 2.0 high-speed detection engine with fellow developer Marc Norton. Previous to working at Sourcefire, Dan Roelker was a lead developer on the Dragon Network IDS at Enterasys Networks where he worked on application protocol decoders, high-speed packet capturing technology, event correlation (with Randy Taylor), and revamping the Dragon detection engine. Dan has also had fun working at the Johns Hopkins Applied Physics Lab in Information Operations for the DoD. He could tell you about it but then he'd have to kill you... His current security research is located at www.idsresearch.org, which is currently under construction but will be done by Defcon.
[PANEL] Behind the Remailers: The Operators and Developers of Anonymity Services
Anonymity and privacy are cherished rights of Internet users. This panel brings together some of the key figures behind the Type II remailer network in operation today. Intended to be an audience-directed presentation, these panelists are prepared to answer all of your remailer related questions, from topics concerning remailer software development, usage, legal implications, social aspects, and personal experiences.
Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Len is an anonymous remailer operator, and is currently the maintainer of Mixmaster, the most advanced remailer software available. Len is currently working on finding ways to make anonymity and privacy software more reliable and user-friendly.
Peter Palfrader is a student of computer science and has been a remailer operator for over 3 years. He is a lead developer on the Mixmaster project.
Peter is also the author of Echolot, the most widely used monitoring software for anonymous remailers. As a Debian Developer he maintains a package of Mixmaster which makes it easier for users to facilitate the remailer client.
noise is a remop and an attorney. She primarily represents clients with
anonymity and privacy concerns.
Michael Shinn has been using remailers since the anon.penet.fi days and has been running them since the mid 90's. He also runs the joint ACLU/EPIC web remailer, the GMS node of the Remailer Operators list and a heavily used public mail2news gateway. In addition to his privacy enhancing activities, Mr. Shinn sits on the Industry Advisory Board for the Open Policy Group and is a member of the Ops Team for the California Community Co-location Project. He is also founder and President of the George Mason Society.
Mr. Shinn is also an accomplished technologist and entrepreneur. He sits on the board of directors of several technology companies and is a semi-regular writer for several technology periodicals. Michael has built several successful technology firms and is currently Managing Partner for the Prometheus Group and co-founder of a new stealth mode company, Infracentric. Before his entrepreneur days, Michael worked at Cisco Systems, Wheel Group, the Securities and Exchange Commission and the White House, amongst other interesting places.
Michael is currently writing Linux Firewalls Diagnostics, along with co-author Scott Shinn, for publisher Prentice Hall.
Ryan Lackey has operated the havenco (defunct) and metacolo (current) remailers, and has been involved in the cypherpunks and free software movements. Additionally, he founded HavenCo, a datahaven in the North Sea, and has worked in the Caribbean and elsewhere on electronic cash and other cryptographic projects.
Punishing Collaborators Redux: CAPPS II, Passenger Profiling, and the Boycott of Delta Air Lines
Just when you thought Total Information Awareness was dead, The Department of Homeland Security rolled out plans in February of this year to introduce an Orwellian airport passenger profiling system called CAPPS II. The plan originally called for running checks on credit, banking, and criminal records every time a citizen flew on a commercial aircraft. Bill Scannell didn't feel like being asked 'papers, please' every time he traveled, so he targeted the only airline participating in the testing of CAPPS II: Delta Airlines. The resulting Delta boycott and millions of dollars in negative publicity caused Homeland Security to pull the plug on the program pending a privacy investigation, and for Congress to withhold all 2004 funding.
Bill Scannell has been active in the cypherpunk and privacy community for a number of years. A former US military intelligence officer turned foreign correspondent turned publicist, Scannell launched some of the most important privacy projects of the last few years, including HavenCo and MojoNation. Together with Paul Holman, he launched a successful boycott of Adobe Systems in 2001 in response to the arrest of Dmitry Slylarov at DefCon that year. His latest successful project is http://www.boycottdelta.org
Online Corporate Intelligence
A rapidly growing number of businesses use webbots and spiders to collect corporate intelligence about their competitors. This session will explore: the types of information companies gather about each other, where they get it and what they do with it. Weíll also discuss: privacy concerns, methods for writing stealthy webbots, and various related opportunities for the community.
Michael Schrenk has held various executive and consulting positions in the online industry and now heads the consultancy of Michael Schrenk Ltd., whose primary mission is to write webbots that create competitive advantages for companies by collecting and providing context for real time intelligence from the Internet and other digital sources.
A past DEF CON speaker; he has also created traditional online applications for Disney, Nike, Adidas and Callaway Golf and has written for Computerworld and Web Techniques magazines. He also holds a patent for mobile server technology. More information is available at www.schrenk.com
Electronic Frontier Foundation
The Internet's Private Cops: Defending Your Rights Against Corporate Vigilantes
It is not only governments that are engaged in surveillance of Internet activity. Increasingly, private actors, including corporations asserting intellectual property interests, are being given the power to police the network and demand user identities, in the name of enforcing their private interests. Even when the law does not give them the authority, some have been overzealous in sending legal threats claiming such rights. This presentation will examine the legal claims (such as DMCA, copyright, trespass) frequently raised by private parties, your rights in response, and ways to protect yourselves from these threats, including via the Chilling Effects website.
Wendy Seltzer is a Staff Attorney with the Electronic Frontier Foundation, specializing in intellectual property and free speech issues. As a Fellow with Harvard Law School's Berkman Center for Internet & Society, she founded and leads the Chilling Effects Clearinghouse, helping Internet users to understand their rights in response to cease-and-desist threats. Prior to joining EFF, Wendy taught Internet Law as an Adjunct Professor at St. John's University School of Law and practiced intellectual property and technology litigation with Kramer Levin Naftalis & Frankel in New York. Wendy speaks frequently on copyright, trademark, open source, and the public interest online. She has an A.B. from Harvard College and a J.D. from Harvard Law School, and occasionally takes a break from legal code to program (Perl).
Senior Technical Specialist
Charl van der Walt
Putting The Tea Back Into CyberTerrorism
Many talks these days revolve around cyber terrorism and cyber warfare. Some experts suggest such attacks could be effective - others say that targetted country-wide cyberterrorism is just for the movies...or a Tom Clancy book. In this talk we look at very practical examples of possible approaches to Internet driven Cyber Warfare/Terrorism. The talk will include an online demo of a framework designed to perform closely focussed country-wide cyber attacks.
Roelof Temmingh is the technical director of SensePost where his primary function is that of external penetration specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding". He has spoken at many International Conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The BlackHat Briefings (New Orleans). Roelof drinks tea and smokes Camels.
Haroon Meer is one of SensePost's senior technical specialists. He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including BlackHat Briefings (New Orleans). Haroon doesnt drink tea or smoke camels.
Charl van der Walt is a founding member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.
With over 32,000 Frontpage enabled webservers currently on the Internet, it's easy to take it for granted. However, Microsoft Frontpage is one of the least documented and most mis-understood web authoring systems available.
In this presentation we will seek to close that gap, and expose the inner working of the Frontpage and Frontpage Server Extensions protocol. We'll show the hidden flags and undocumented options within the session data, many of which are unavailable even to Microsoft Frontpage users!
Plus we will debut new open source tools geared directly toward taking advantage of the Frontpage systems, including a Perl-Gtk Frontpage vulnerability scanner.
Our presentation will cover the following areas:
- Frontpage: An Initial Perspective
"Breaking down the overall system, providing an overall process view.
- Frontpage: Decoding the System
"Explaining the authentication system, the protocol spec, command sequence, and undocumented options
- Frontpage:Knocking on the door
"Debut custom tools built to specifically manipulate the authentication system and provide an open source Frontpage vulnerability scanner.
- Frontpage: What to do when your there
"Provide a basic understanding of Microsoft's Active Server Pages Visual Basic language, and provide example hacker tools developed in ASP.
- Frontpage: Holding down the fort
"Give those supporting frontpage the much needed information to help better secure their enterprise.
Matthew Shannon is a Senior Associate with KPMG LLP's Risk and Advisory Services(RAS) practice. He has over four years of information technology and security work experience including the technical lead of multiple Network Vulnerability Assessments, Penetration Tests and Incident Response engagements. Matthew graduated cum laude from the University of Florida with a Bachelor of Sciences in Decision and Information Sciences. Matthew is an active contributer to multiple opensource projects, including the Autopsy/TASK forensic toolkit and Honeynet project.
Theft of Service Attacks
This talk will focus on the security holes prevalent in many subscription based service products such as Internet dial-up service, web hosting, software purchases, and satellite television. Specifically the talk will focus on various billing system attacks, application attacks, increasing account privileges to gain unauthorized or extended access to subscription content, and bypassing account restrictions; It will be demonstrated how these attacks are performed, and how to detect and react to them.
Robert Sheehy has been a computer enthusiast/hacker for over 13 years, He has been specializing in Unix and Windows system administration & security for the past 8 years. Sheehy has been working most recently as a consultant completing various projects such as supporting high availability Solaris clusters for Morgan Stanley and developing an embedded Linux distribution for McDonalds. Sheehy also previously taught certification prep classes and college classes on introductory programming. This is Sheehy's first year giving presentations at Defcon.
Daniel C. Silverstein
Increasing The Security Of Your Election By Fixing It
In response to the problems that plagued the last United States presidential election, many communities plan to replace existing paper ballot machines with electronic voting systems. Unfortunately, the new systems open up a Pandora's box of security issues that traditional paper ballots do not face. It is difficult to understand the issues because there is a serious lack of data describing the real world performance of these systems. This problem is compounded by the fact that the major commercial vendors' products are closed, proprietary systems protected as trade secrets. Ignorance of the unique security concerns raised by electronic voting could leave US State and Federal elections open to unprecedented levels of fraud.
This past April, a new online election system was used at the University of California at Berkeley. We present this system as a case study, which sheds much needed light on electronic voting security. We describe the workings of this system, and discuss the findings of our security analysis. Additionally, we crafted a man-in-the-middle attack that exploits a flaw inherent in the system architecture. Our talk provides a detailed technical explanation of the attack.
Finally, we discuss the implications of the case study. We will show that many of our conclusions apply to the major commercial systems, in spite of tangible differences with the case study system. We will answer questions from the audience, and offer constructive ways to address some of the concerns we raise.
This talk is suitable for attendees of all technical levels. For a thorough understanding of our man-in-the-middle attack, we suggest that you have some programming experience and familiarity with DNS and NAT.
Daniel C. Silverstein studied Computer Science at UC Berkeley. He works as a Security Engineer at a small games company in the Bay Area. He admits to harboring some disdain for those who object to the legitimate spread of information, and the growth of the public domain.
Damon McCormick studied Computer Science at UC Berkeley.
Tri-Valley Security Group
The UPS (Undetectable Packet Sniffer)
Presentation of the UPS - the Undetectable Packet Sniffer: a Hostile packet sniffer posing as an Uninterruptible Power Supply. Complete HOW-TO: Hardware configuration, Software configuration, integration into a non-functional UPS, installation and use. Proof of concept project by the Tri-Valley Security Group (TVSG).
Spyde~r - In 1999 I started Canberracomputers.com a full e-commerce web site offering computer hardware and software to the general public. In 2000 I was Ebay Australia's 4th largest IT seller and got to tour their head quarters in Sydney, Australia. In 2001 I obtained my MCSE and sold my .com to pursue a career in Silicon Valley. I currently work for an embedded systems company as Field Applications Engineer in Hayward, California. My current job involves working with companies such as NASA, GE and Disneyland creating customized systems for everything from amusement rides to missile guidance systems. Although I primarily work with hardware I have always had an interest in security and have worked extensively with 802.11b advising businesses of the potential benefits and risks of this emerging technology.
AutoNin - Security Researcher for a prominent firewall manufacturer, and former Information Warfare Analyst for the DoD.
Mystic - The one your mother warned corporate security about.
Director of Product Development, iDEFENSE
Security Engineer, iDEFENSE
Hacking the Invisible Network: The Risks and Vulnerabilities Associated with Wireless Hotspots
Wireless hotspots are emerging as an effective means of providing on-demand Internet access for users with 802.11x enabled devices. The networks typically exist in places frequented by business travelers, such as hotels, airports or in locations with persistent clientele such as coffee shops. The technology provides an efficient and cost effective way for companies to deliver Internet access to their customers and also offers an alternate revenue source, as many networks are pay for play.
Most users are enticed by the convenience of these networks, but are unaware of the security risks that they present. Companies have historically implemented security by building an impenetrable fortress around network assets. This system is flawed. It does nothing to protect the multitude of portable devices such as laptops and PDAs that are frequently used outside of this fortress. Hotspots are shared networks that broadcast traffic. By design, hotspots do not implement encryption schemes such as WEP, which provides a target rich environment for malicious attackers. Unencrypted network traffic can be intercepted and traditional remote attacks can be perpetrated on machines that are operating without protection from attack. This poses a significant risk for corporations as these devices commonly contain sensitive corporate data.
Research conducted on numerous hotspot implementations has revealed that most leave end users unnecessarily exposed to both local and remote attackers. Most networks also have weak access controls that leave business owners exposed to loss of revenue from various attack scenarios such as session hijacking, data tunneling and connection sharing.
The presentation will address the following:
- The risks associated with using Hotspots
- Specific attack scenarios identifying tools and techniques that were used
- The network design of specific hotspot implementations
- What users can do to protect themselves
Michael Sutton is the Director of Product Development for iDEFENSE, a private security intelligence company located in Reston, VA. He works on the Software Development division where he is responsible for designing and developing the technologies used by analysts for open and closed source intelligence gathering. Other responsibilities include business development and conducting research into security vulnerabilities. The primary focus of his research for the past two years has been in the area of 802.11x networking.
Prior to joining iDEFENSE, Michael established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. He is a frequent presenter at information security conferences.
Michael obtained his Certified Information Systems Auditor (CISA) designation in 1998 and is a member of Information Systems Audit and Control Association (ISACA). He is presently pursuing a Master of Science in Information Systems Technology degree at George Washington University, has a Bachelor of Commerce degree from the University of Alberta and is a Chartered Accountant.
Pedram Amini is a Security Engineer for iDEFENSE, a private security intelligence firm located in Reston, VA. Pedram works in the iDEFENSE Labs division where he is responsible for researching new information security vulnerabilities. He started and maintains redhive.com, a virtual community for friends and colleagues that among other things, houses his various programming initiatives (pedram.redhive.com). He is a recent graduate of Tulane University and holds a Bachelors degree in Computer Science.
Hacker Generations: From Building the Network to Using the Network to Being the Network
It has all happened so fast.
Eleven years of Def Con define three identifiable generations of hackers. (Yes, that's an arbitrary distinction, but it's useful.)
The first generation helped build the network, the second learned how to use the network, and the third has become the network.
The management of perception in the mind of society is the battle in which we are now engaged. Online life is threaded through with deception and counter-deception, intelligence and counter-intelligence, but that's second nature to the latest generation of hackers. They understand that intuitively. They operate in small cells, manage their egos with discipline, and execute stealthy sophisticated operations with finesse.
Richard Thieme shows how boundaries have morphed, power has been redefined, and The Matrix is more than a movie. Not since Blade Runner has a film described so well the territory that must be crossed. Owning our own souls is the ultimate intention of Third Generation Hacking, the only end that justifies the means.
Thieme holds nothing back as he addresses the deeper implications of what it means to be the network. The stakes are high and the battle is worthy of our best efforts. This talk is a call to arms to accept responsibility for the life and death battle being waged for the hearts and minds of digital humanity.
EFFI - Electronic Frontier Finland
EFFI - Electronic Frontier Finland
The Story of EFFI. How We Started a Cyber-rights Group in Finland, Which Kicks Ass
We want to show you how just a couple of fellows can start a truly efficient cyber rights group at a regional level (state, country etc) and influence the encryption, privacy, fair use etc laws & change the public opinion. We did this in Finland in a year.
EFFI was founded in 2001 and now, in summer 2003, has some 300-400 paid members and counting. We got to the nation's main newspapers in spring 2002 and hit the radio and TV in fall 2002 and been since then regulars in the media. Our top achievement so far has been stopping EU Copyright Directive (Europe's DMCA) in Finland. We've also fundamentally changed the law on the feeedom of speech and spamming (see http://www.effi.org/ for details).
Next, we'll answer basic questions on how we get there. Who proposes these laws and how can even individual hackers and tech enthusiasts influence the legislative process? How did we build relationships to politicians? How did we got ourselves to TV regulars in Finland and changedthe public opinion to our support? How can we extend our regional success to European level?
Finally we want to explain why the political, moral and legal issues are inherently global and why the hacker community should support action in every corner of the world. We get into details of US and European hacker-unfriendly politics and compare different options to support our common cause: influence parliamentary and democratic process vs. act independently & anonymously hacking the software of "evil corporations". Our approach is to act with names and do everything politically correct.
Mikko Valimaki, EFFI Chairman, mikko.valimaki<a>effi.org
Co-founder and chairman of EFFI. Works as a researcher at the Helsinki Institute for Information Technology (http://www.hiit.fi). Frequent speaker in English (and even Swedish) especially on freedom of speech, copyright and software patents. University homepage, personal homepage.
Ville Oksanen, EFFI Vice Chairman, ville.oksanen<a>effi.org
Co-founder and vice chairman of EFFI. Participated in politics (e.g. personal assistant to a member of the parliament and vice chairman of DEMYC). Researcher at the Helsinki Institute for Information Technology specializing in the intersections of law, politics and information technology. University homepage, personal homepage
Data and Network Security Council
Network Worms, What Is Possible
Network worms have been around for almost as long as the computer networks they need to spread via, but it only with the advent of mass internet access that they have become commonplace. This presentation will outline what network worms are, and how they differ from a normal computer virus. but in the main concentrate on what future worms could achieve.
The presentation will look forward to what we could see in both the near, and far future giving examples of what can be developed. Web replication and other possible distribution methods will be discussed and you will learn why so few worms currently effectively achieve mass distribution.
No prior technical knowledge is required of the audience, and should be understandable by those with limited knowledge of computers, although greater knowledge will be a plus.
Jonathan Wignall is the Chair of the Data and Network Security Council a UK not for profit information security campaign group, calling for improved online security/privacy protection. He also is an experienced college lecturer with research intrests in self replicating code and network dependency attacks.
in close collaboration with NLnetlabs,
RIPE NCC and the FreeSwan Project.
Although DNSSEC is still a moving target, it has matured enough for large scale experimenting. The first part of the presentation explains the new concepts in DNSSEC and the new record types introduced. Rudimentary knowledge of DNS is required.
The second part of the presentation is a step-by-step guide using Bind to secure an existing zone. Participants who which to secure their own domain need to have the latest Bind9 snapshot and a copy of the zones they wish to secure.
The third part of the presentation will demonstrate the interaction between the Registrant and the Registrar. The Dutch SECREG system will be demonstrated for securing .nl domains at the ccTLD. The VeriSign experiment will also be shown on how to secure the generic TLD's. Time permitting, participants are invited to try and compromise the Speaker's secured zones.
Paul Wouters has been involved with Linux networking and security since he co-founded the Dutch ISP "Xtended Internet" back in 1996. His first article about network security was published in LinuxJournal in 1997 Since then, he has written mostly for the Dutch spin-off of the German "c't magazine", focussing on Linux, networking and the impact of the digital world on society. He has presented papers at SANS, OSA, CCC and HAL.
He is currently involved with the FreeS/WAN project, a Linux IPsec stack that aims to bring Opportunistic Encryption to everyone. For this feature, a secure DNS is needed, which triggered his interest in assisting the widespread use of DNSSEC. Wouters received his Bachelors degree in Education in 1993
A Conversation with Phil Zimmermann
Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates Inc (NAI) in December 1997, where he stayed on for three years as Senior Fellow. In August 2002 PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann now serves as special advisor and consultant. Zimmermann currently is consulting for a number of companies and industry organizations on matters cryptographic, and is also a Fellow at the Stanford Law School's Center for Internet and Society.
Before founding PGP Inc, Zimmermann was a software engineer with more than 20 years of experience, specializing in cryptography and data security, data communications, and real-time embedded systems. His interest in the political side of cryptography grew out of his background in military policy issues.
He has received numerous technical and humanitarian awards for his pioneering work in cryptography. In 2001 Zimmermann was inducted into the CRN Industry Hall of Fame. In 2000 InfoWorld named him one of the Top 10 Innovators in E-business. In 1999 he received the Louis Brandeis Award from Privacy International, in 1998 a Lifetime Achievement Award from Secure Computing Magazine, and in 1996 the Norbert Wiener Award from Computer Professionals for Social Responsibility for promoting the responsible use of technology. He also received the 1995 Chrysler Award for Innovation in Design, the 1995 Pioneer Award from the Electronic Frontier Foundation, the 1996 PC Week IT Excellence Award, and the 1996 Network Computing Well-Connected Award for "Best Security Product." PGP was selected by Information Week as one of the Top 10 Most Important Products of 1994. Time Magazine also named Zimmermann one of the "Net 50", the 50 most influential people on the Internet in 1995.
In addition to the awards for versions of PGP developed before Zimmermann started a company, subsequent versions of PGP as refined by the company's engineering team continue to be recognized each year with many more industry awards.
Zimmermann received his bachelor's degree in computer science from Florida Atlantic University in 1978. He is a member of the International Association of Cryptologic Research, the Association for Computing Machinery, and the League for Programming Freedom. He is Chairman of the OpenPGP Alliance, serves on the Boards of Directors for Computer Professionals for Social Responsibility and Veridis, and is on the Advisory Boards for Anonymizer.com, Hush Communications, and Qualys.