He submitted a paper to the Defcon17 call for papers and was one of the luck few selected to present. He was ready to go to Las Vegas and give his presentation: “Cracking the Poor and the Rich”, but then learned that his passport was canceled by the government of his home country Venezuela.
A silent disco was held on Saturday August 15th, 2009 at the Hacking at Random gathering in Vierhouten, Netherlands. There were two DJs playing, each on their own channel that you could listen to with the free wireless headsets. At one point I put the headset near the mic on the camera so that you could hear a little of the music, but it is more interesting to listen to the ambient sounds coming from the dancers (and the occasional comments of people standing nearby or the DJ asking everyone to “jump” or “wave your hands”).
The Silent Disco was made possible by Schuberg Philis.
How did you get the network here in the middle of the field (10Gbps). By The NOC team
Internet was provided by XS4ALL, BIT and OpenTransit. There were direct peering connections with Akamai, Google and Giganews.
First problem: how do you get from Vierhouten to Amsterdam? In Vierhouten you have several options:
• 3KM fibers to Nunspeet
• There are two fibers of KPN and UPC in Vierhouten
So what is a hackerspace? “Desperate collaboration, rats and cooking with high voltage electricity”.
Esther started her presentation by showing a hackerspaces video. Which explained that hackerspaces are groups of people who are into hardware hacking and try to figure out how technology stuff works, and what you can make from basically whatever?
Read more…
Links from the HAR2009 site: Talk description and Slides.
Roland started off by explaining the basics of DNS Cache poisoning and the details of the trick discovered by Dan Kaminski last year. Explaining why you don’t have to wait for the answer to expire to in order to poison the cache.
Quite a bit of the patching done after the Kaminski attack became public is actually been undone by NAT-ing firewalls, who do not randomize the source ports the use to keep track of their NAT table.
Read more…
Slides are here
Bert Hubert introduced us in the world of DNS. He opened by stating that “DNS is Scary and complex” and “DNS it is everywhere”.
Nice way to upload files to a webserver. While there is nothing
new about uploading a file to a web server and then executing it, using SQL injection to do it is a novelty. By using a Zlib compress, base64 encoded payload and uploading them via SQL injection the speaker would be able to bypass standard defenses like extension limiting and file type checking.
Hacker Public Radio host Finux interviews Chris John Riley and Frank Breedijk about their visit of Defcon 17.
From: Rational Survivability
This song quite captures the spirit of Defcon.
Matt Weir presented his research project which was aimed at finding better ways to crack passwords by making better password guesses.
Update: Matt’s blog, Slide deck, Sebastien Raveau’s word list (1, 2)
There are basically two types of password cracking, Online by trying usernames and passwords directly in the login screen. This only gives you a few tries since the system and its countermeasures is still opertional.
Offline, by trying to match passwords against password hashes, mostly for forensic reasons.
Read more…