25th Chaos Communication Congress (25C3) #1
First day in Hacker’s Paradise :)
This year CCC has just begun, a lot of people in the main conference room, John Gilmore on the stage. He talks about the title of the conference of this year… “nothing to hide”, well everyone has something to hide, he says that is just “bullshit” :)
He threw out some interesting questions to the people, what are you doing to be free? what are you doing to protect your privacy? what are you doing to prevent governments and big sites like google from spying you, from recollect all kind of information about you and track all our movements on the net and on the real world? some people types the URLs on the search box of google instead of using the url bar of the browser, is that the way? are you aware of the tracking techniques that telcos use on their customers? what about the RFID issue?
We know and understand the technology to protect ourselves, the tools to protect our privacy, but we don’t use it. Why the most of internet traffic is still in clear text? why crypto is not a well known subject and its use isn’t as widespread as it should be between all computer users? We’ve crypto that NSA can’t break, but we still send mails in cleartext… that’s the point.
It was a nice talk about privacy, cryptography and about what a single citizen has to do to remain anonymous, to remain unknown from the big brother eyes.
Next, jump to the PLC talk. It didn’t go as deeply as I had liked, it was a brief introduction to PLC technology, a review of available PLC hardware and their features, as to the FAIFA software. I expected a live demo of the tools, maybe some traffic sniffing and injecting, some hands-on demo about the crypto stuff, or a demo of how to use the tool for PLC security audit in the wild, but none of this happened, so I was a bit disappointed with this talk. Interesting, but not as technical as I expected, apart from that the vulnerabilities based on a unique “broadcast domain” of the electrical network in the houses, is not widely applicable because, at least in Spain, the power networks of the houses are isolated one each other, from the electricity meters located in the house basement, to the inner electrical installation in each apartment. Anyway, nice talk as an introduction to all the PLC stuff, maybe I’ll write a longer post about the FAIFA tool when I have the time to download and play a bit with it.
Here in Spain, where I live, the PLC was actively deployed and tested 2 or 3 years ago, but it never was a winner in the high competitive broadband Internet access market, DSL and cable were, and currently are, the mainly options, PLC died silently after several months of tests between selected groups of users.
The talk about the payment systems in UK using the pin&chip cards by Steven J. Murdoch was very interesting too. I attended last year talk about the relay attack, and this was a sort of continuation. This time the talk was focused on how to tamper with the PED (Pin Entry Devices) to record all the customer information. I recommend you to watch the BBC video… it’s really funny :)
I had liked to attend the hackerspaces talk, as I’m very interested in arrange a kind of geek meetings in Madrid, maybe in a cool place like the Medialab, and the feedback from the people of hackerspaces all around the world is very valuable.
After that, my first thought was to attend the wearable computing talk, but when I arrived there after lunch, it was jam-packed with people, and it was completely impossible to stand there and just hear the talk, so I decided to go to the fingerprinting of RFID talk. Well, I’m not a hardware guy, so I’ve to admit that this talk was a bit tough for me as it was focused in the techniques used to attack the RFID systems present in passports and driver licenses, but only at the physical level, ignoring all the cryptographic complexity built at higher levels. The work presented were focused on sniffing, cloning and emulation of RFID devices… well to much for me at this time :)
From there, we jumped to the talk of Gadi Evron, about the Estonia and Georgia security incidents, and other worm related incidents, as the facebook one. How a global incident has to be handled? are we ready to handle global attacks? are local CERTs really useful? Well, the talk was very informational, and Gadi made it very funny, regardless somehow he was a bit rude with some of the people that asked him questions :)
The chip reverse engineering talk was cool, the procedures to reverse engineer a chip from beginning to end were explained, and if you are not a hardware guy, talks like this one are pretty enlightening since the way these guys break the crypto algorithms are awesome. They begin polishing the chip from the outside to the inside, layer after layer, until they get all the logic in front of their eyes. With the help of microscopes, they take photos of all the components, and get the routes between them automagically with specialized software tools. With all this info they can get how the chip works and break the crypto algorithms that are implemented on it, seeing how they are built from the logic gates and basic electronic components. Those crypto algorithms, specially if they are private and non-standard obscurity-based crypto algoritms, are broken from this point, seeing the low-level implementation in the chip. The security by obscurity thing is not a good idea when you have these guys messing around with your chips, a great talk that had to last at least 2 more hours :)
Then a short break, and severals beers after, we attended three cool talks in a row. First the idev-team explained all the path that they follow since the release of the iPhone until they broke it completely. All the reverse engineering and analysis of the device is amazing, how they found all the design flaws that allowed them to own the iPhone ;) Hey! that guys are my heroes, thanks for the pwonage tool ;) Unfortunately I don’t have the superpower of ubiquity :) so I coudn’t atend the MSP430BSL cracking talk, the documentation about this talk looks very interesting, I’ve to watch the video, there’s no doubt about it.
Next, Jacob Appelbaum talked about the cold boot attacks. When they published their work some months ago, I tested it in several systems, and found all this stuff really interesting, mainly the possibility of force the reboot of a remote system using a malformed WoL frame, for example, then the system will boot using a minimal PXE image that you can provide from another system in the network, the target will dump the memory to the network, from where you can get it sniffing the broadcast frames, and after that it’s time to apply the crypto-key searching algorthms that they implemented too. The talk was all about that, not new info just the well known info that it’s published, but really cool and very funny as Jacob told the audience some really funny anecdotes. It’s worth to watch the video too :)
After that, the so expected talk of Dan Kaminsky, the showman of the security cons… all the DNS stuff on the very pure Kaminsky style :) the talk was not the same from the blackhat or the defcon, was about all the DNS bug thing and how an incident like this was coordinated and handled by Kaminsky, Vixie and all the ISPs and companies involved in this wide-scale patching effort. The talk was focused on the SSL X.509 certs problems and the Debian OpenSSL bug, the SNMPv3 bug and… wait for it… how to make a covert channel using the size parameter in the IMG HTML tag… Kaminsky, the covert-channel-man strikes again! :) Not more to say, a funny and tech talk to finish the day.
A fast dinner in the train station and back to the hostel, where I am now writing this post and having a beer… more in a few hors :)
Comments
One Response to “25th Chaos Communication Congress (25C3) #1”
Leave a Reply
[...] 25C3 #1 [...]