One month ago we blogged about my interview for Security Justice. Yesterday I got a tweet from Security Justice that the recording of my interview is now available.
To my surprise the interview turned out a lot better then I remembered it.
A silent disco was held on Saturday August 15th, 2009 at the Hacking at Random gathering in Vierhouten, Netherlands. There were two DJs playing, each on their own channel that you could listen to with the free wireless headsets. At one point I put the headset near the mic on the camera so that you could hear a little of the music, but it is more interesting to listen to the ambient sounds coming from the dancers (and the occasional comments of people standing nearby or the DJ asking everyone to “jump” or “wave your hands”).
The Silent Disco was made possible by Schuberg Philis.
How did you get the network here in the middle of the field (10Gbps). By The NOC team
Internet was provided by XS4ALL, BIT and OpenTransit. There were direct peering connections with Akamai, Google and Giganews.
First problem: how do you get from Vierhouten to Amsterdam? In Vierhouten you have several options:
• 3KM fibers to Nunspeet
• There are two fibers of KPN and UPC in Vierhouten
So what is a hackerspace? “Desperate collaboration, rats and cooking with high voltage electricity”.
Esther started her presentation by showing a hackerspaces video. Which explained that hackerspaces are groups of people who are into hardware hacking and try to figure out how technology stuff works, and what you can make from basically whatever?
Read more…
Links from the HAR2009 site: Talk description and Slides.
Roland started off by explaining the basics of DNS Cache poisoning and the details of the trick discovered by Dan Kaminski last year. Explaining why you don’t have to wait for the answer to expire to in order to poison the cache.
Quite a bit of the patching done after the Kaminski attack became public is actually been undone by NAT-ing firewalls, who do not randomize the source ports the use to keep track of their NAT table.
Read more…
Slides are here
Bert Hubert introduced us in the world of DNS. He opened by stating that “DNS is Scary and complex” and “DNS it is everywhere”.
Nice way to upload files to a webserver. While there is nothing
new about uploading a file to a web server and then executing it, using SQL injection to do it is a novelty. By using a Zlib compress, base64 encoded payload and uploading them via SQL injection the speaker would be able to bypass standard defenses like extension limiting and file type checking.
Unfortunately, Matt Fiddler could not make it to the talk because of acute appendicitis. There three guys are from http://in.security.org. They presented the results of their attempts to break high security electromechanical locks. Unfortunately they are not able to disclose the details of how they attacked the locks in the USA, but more information will the disclosed at Hacking at Random in Vierhouten in the Netherlands from 13 to 16 August.