2009-09-23 05:09:42
By Tim Brown
Last month myself and a number of my team had the distinct pleasure of attending HAR 2009. Since a lot of good folk missed it, here are some notes I made on my personal highlights of the conference.
Rootkits Are Awesome - Really thought provoking, D(ata) L(oss) P(revention) solutions essentially have similar characteristics to rootkits and all the vendors appear to have agreed not to detect each others. Apparently they're deployed on the National Grid? Well worth some further research, the speaker discussed trojaning them to do malicious things.
Advanced MySQL Injection - Talk was a bit light weight and his discussion about using the injection to upload a PHP script to the web root to write a meterpreter binary was contrived and awkward but he presented quite well... up until the demo where it all went wrong. He did eventually rescue the demo but it seemed to fluster him and he failed to answer several simple questions from the audience including one on PHP's safe_mode. Really brought home how good the team I work with is when it comes to finding and exploiting such vulnerabilities.
Securing Networks From An ISP Perspective - Interesting talk by the JANET CSIRT guys. Not much tech, but a lot of talk about what they do, how they make their processes work, some interesting stats, speaker was good to talk to later.
The IBM AS/400 - Not much new here, at least for me, speaker ran through basic architecture of AS/400 platform. One thing to note is that the shell you get on connection has an interactive shell where you can use wildcards to match commands and F4 will show their options.
Classic Mistakes - Not my field of interest, but a random discussion on design flaws with Mifare (as used by Oyster), certainly seemed to be lots of them.
Developing Embedded Devices Using Open Source Tools: Application To Handhold Game Consoles - Interesting talk about cross compiling, uLinux and RTEMS. Speaker talked about using newlib to port stuff (it's like cygwin.dll but for obscure OSs). Found the timing of this good as I had been cross-compiling with newlib the week before building my Windows CE netbook for HAR.
Side Channel Analysis And Fault Injection - Speaker worked for riscure.com, who apparently do analysis of hardware based crypto platforms, he talked about measuring power consumption / EMF to identify what the circuit was doing and look for flaws using differential analysis. Apparently the EMF generated during RSA crypto sounds like techno. He then moved on to attacking the circuits to cause operations to be skipped, again using EMF/power against specific components. Finally discussed some of the mitigations used by vendors but said most are useless if you spend the time.
The Dangers (And Merits) Of Carrier Grade NAT - I came across the RFCs for this in 2008 and thought it sucked then, sounds like it hasn't changed. Talk started off by telling everyone what it is. The speaker from xs4all was curious as to how much people valued end-to-end connectivity and asked how much people would pay for a public IP. Got the impression that whilst he didn't like it, he felt it was inevitable based on economics. He then opened up to the floor and asked for comments. Most were from end users, but I got to speak wearing my PI RIPE member hat. Since this was recorded I'm probably on the stream.
Kaminsky turned up and did his Blackhat talk on SSL. Some cool revelations, but he seems to attract grief like a magnet. Probably wasn't helped by the amount of alcohol he consumed on stage.
Why Tor Is Slow - The brief summary of this talk was that Tor is slow, we have some ideas why, we have some things we would like to play with, this might affect the anonymity of users, we can't do this. Spoke to the speaker afterwards and suggested setting up a test network.
Since I've just created myself a new PGP key I thought the key signing party would be a good idea. Lots of key signing, as well as getting my PGP signed I'm now a CAcert assurer having got enough points. Funniest bit of entire trip for me was my argument with one guy who refused my passport and told me it was a fake.
Public Transport SMS Ticket Hacking - Started off looking quite promising, looking at the idea that one ticket could be shared by multiple people. By the time he had accounted for ticket inspectors cross checking tickets and factored in the cost of the VOIP/GSM kit needed to do this it would actually cost more than the price of n tickets (each person would be challenged at least once and new tickets were distributed to all when this happened). Speaker didn't seem to understand this (despite multiple challenges), and I decided to give the rest of it a miss.
The night life was fantastic, with some insane constructions playing host to the attendees. I mostly hung out with the OpenVAS, Uncon and DC4420 folks but found time to make some new acquaintences including Autonessus, C-base, Indymedia and CAcert folk. Autonessus was particularly cool and allowed me to hijack his workshop to field questions on the OpenVAS specific bits (mental note, we need OpenVAS swag). Totally awesome con, feeds are at Rehash, check them out.
Mood: Tired
Music: Nothing playing right now
You are unknown, comment