Subtitle: Why we should be fully-updated on this topic: InfoSec players, Finance world, citizens
Raoul is a member of UNICRI (http://www.unicri.it/), a United Nations crime and justice research institute.
Unicri research technology as well, because if normal people use technology, the bad guys use it as well.
“Every new technology opens the door to new criminal approaches”
In the 70s the first wave of hackers where searching for knowledge. In the early 80s the second wave of hackers was driven by curiosity. The third wave of hackers in the 90s where eager to hack and started to exchange information. The first communities where created. The current fourth wave is now driven by anger and money. Hacking has met politics (hacktivism) and money (cybercrime).
Why is cybercrime on the rise?
1) There are more and more targets, thanks to broadband
2) A need to make money, think economical crisis
3) Hacking got easier, 0-day attacks and skimmers can be easily bought online.
4) Fall guys are easy to recruit, e.g. for money laundering
5) The criminals think they cannot be caught
6) There is no violence, no need to face your victims
Read more…
The Tor project is a non-profit organization that has a full documented network that provides anonymity and privacy by design and is fully documented. Tor is funded by both the US DoD, EFF, Voice of America, Human Rights Watch, Google, NLnet, and you?
Tor is really a community of developers and volunteers and is still looking for developers and volunteers to enhance themselves.
Top countries in the world in bandwidth:
• Germany
• USA
• Netherlands
• France
• Sweden
Anonymity means different things to different people:
• Private citizens – Privacy
• Government – Traffic analysis resistance
• Human rights activists – Reachability
• Businesses – Network Security
Read more…
Subtitle of the talk: Making sense of new critical infrastructure threats
The talk is about the “Smart Grid”. The key components are and advanced metering infrastructure, Transmission and distribution and generation of electricity.
Advanced Metering Infrastructure enables two way communication between the meters in your home and the power company. It offers the following features:
• Load control works like this: Some power offer a discount in return for control over the thermostat of your AC or by allowing them to turn off your clothes dryer during peak hours. The main reason for this is officially to prevent black outs, but it can be used to prevent penalties as well.
• Demand response: It allows for dynamic rates to be loaded to your meter.
Why move to a smart gird?
• Energy conservation
• Cost reduction
• Improved Reliability of Delivery
Smart Grid security is significant because it has national security implications, because there are millions of entry points into the grid.
Read more…
Pavol started by showing the cards he cracked that same day at the conference. Two Polish public transport cards, one Slovacian public transport card and, by coincidence, a Dutch Public Transport Card.
He also released, into open source, an offline MiFare cracking utility that can be used to crack any MiFare card for 30 euros and with just a few hours of work.
In the past MiFare’s encryption technology, Crypto1, was only available in hardware and thus survived for a surprisingly long time.
Pavol explained how his program can computer derived keys from the main key by using the time distance between the keys.
For those people that dodn’t know. MiFare Classic can be cloned in 99.6% (Except for sector 0 that cannot be written) a ProxMark3 card emulator can emulate all cards 100% perfect.
There are currently three countermeasures:
1) User safe cards (Mifare Plus/Mifare Desfire or other)
2) Use decrement counter protection (workaround)
3) Use online checking
Read more…
Today I presented about the TLS regenotiation vulnerability I blogged about earlier.
You can download the slides below:
Special thanks to Marsh Ray for his suggestions and corrections.
Since it became apparent that the next version of AutoNessus was going to outgrow the reference to Nessus, Tennable’s Network Security Scanner, due to the inclusion of other scanners such as OpenVAS, NMAP and Nikto, the author of the program, Frank Breedijk, decided to start a contest for a new name.
On the 19th of November Frank Breedijk announced that Jason Mansfield, who runs the website http:/clinicallyawasome.com, has won the contest by sending in the name Seccubus. A bottle of Vueve Clinquot champaing will be sent to him shortly.
The author has provided the following explanation of the name Seccubus:
Read more…
Unlike the last time I was actually on time for Felix’ talk. Due to last nights activity I was surprised that he was on time himself. Again his slides included the Blackhat-O-Meter.
The first part of his presentation explained why routers are interesting targets (they are in the core), but also why routers are not actually exploited that much. One of the reasons is that the attack surface of router is quite small because routers don’t expose that much services to a truly remote attacker and are rarely used as clients.
The exception to the rule is “cisco-sa-20070124-crafted-ip-option” which is a remotely exploitable bug that causes a stack overflow on the router. Since “nobody ever updates router software” this vulnerability is still very much alive.
But routers need to support more and more, like IPv6, VoIP, XML configuration interface, luckily most services off.
Writing exploits for Cisco IOS is hard because it is not a real OS, but a single ELF binary. It is not based on a real OS we know hoe to exploit. Its only option to recover from a critical fault is a full reboot.
Another thing that makes exploitation hard is the memory layout. It is different from each single IOS version that it out there, and there are quite a few, currently there are over 270,000 different IOS images known by Cisco and you cannot get the version number remotely.
Read more…
Eddie started with a good overview of why feeds are available from D-Shield to Bluetack and U.S Department of Treasury and the properties of them, good/bad and why.
The he showed us how you can normalize the feeds and integrate them into NetWitness.
By tying infosec intelligence feeds and combining them with things like traffic statistics events on the network start making more sense. In stead of a random dynamic dns call you now all of a sudden you can tie that to a botnet infection on your network.
