He submitted a paper to the Defcon17 call for papers and was one of the luck few selected to present. He was ready to go to Las Vegas and give his presentation: “Cracking the Poor and the Rich”, but then learned that his passport was canceled by the government of his home country Venezuela.
Hacker Public Radio host Finux interviews Chris John Riley and Frank Breedijk about their visit of Defcon 17.
http://hackerpublicradio.org/eps/hpr0420.mp3
Matt Weir presented his research project which was aimed at finding better ways to crack passwords by making better password guesses.
Update: Matt’s blog, Slide deck, Sebastien Raveau’s word list (1, 2)
There are basically two types of password cracking, Online by trying usernames and passwords directly in the login screen. This only gives you a few tries since the system and its countermeasures is still opertional.
Offline, by trying to match passwords against password hashes, mostly for forensic reasons.
Read more…
This talk explained and demonstrated an exploitable Linux Kernel USB driver vulnerability and explained the fuzzing process used to find it. Unfortunately due to legal issues, the details could not be attacks.
While the speaker did not test windows, it is highly likely that these flaws exist in Windows as well.
This talk is about privacy. Privacy is good, but it is also a haven for “evildoers”. It also hurts law enforcement and prevents social control.
Privacy is broken, because it is too complex. One of the ways to measure this is to see if the users IP address can be obtained. This is the gold standard.
Rsnake and Jabra demonstrated client site exploits that will defeat common proxy techniques such as classic HTTP proxies, CGI proxies, SOCKS proxies, and Tor.
Unfortunately, Matt Fiddler could not make it to the talk because of acute appendicitis. There three guys are from http://in.security.org. They presented the results of their attempts to break high security electromechanical locks. Unfortunately they are not able to disclose the details of how they attacked the locks in the USA, but more information will the disclosed at Hacking at Random in Vierhouten in the Netherlands from 13 to 16 August.
This talk described the investigation of a criminal server, but how do you start?
The speaker noticed that the same malware turned up on two compromised sites he investigated, so it seemed that there should be a relationship between the two sites. Both sites called back to a url with hostname gwtsdjeni.com. The name schema of the site seems to indicate that this is a torpig site, with one single deviation; the url contained an extra d before the word jeni. So this seemed to be a modified version of the torpig network.
The talk is designed to demonstrate that an endless stream of applications, platforms, and even critical infrastructure is actually vulnerable to Cross Site Request Forgery (CSRF).
Most vendors that refuse to address these issues all use the same argument: “If users do something stupid it their problem.” Well, if they do it in your context it is your problem. This is what the guys from securewebmail.com found out as well.
Chris and Mario presented and demonstrated the new Metasploit modules that are designed to find and identify Oracle databases, find the SIDs, brute force passwords and escalate privileges.
An interesting comment is that they where actually able to evade Snort detection by base64 encoding the attack.