These noted security experts will discuss
current IT security issues and provide an insight into strategy
and security concepts during two conference days.
RFID Reverse-Engineering – Nohl und Starbug
Proprietary algorithms are often kept secret in the false belief that this provides security. We discuss our approach to reverse-engineering proprietary algorithms from silicon chips, in which we open chips, take pictures, and analyze the chips' internal structures. Using these techniques, we hacked the Mifare RFID tags and some other chips, which caused quite a bit of public discussion about proprietary cryptography and "security by obscurity".
The secret cryptography used on proprietary tags is usually weak. Hence, we were able to identify several vulnerabilities in the Mifare tags including weaknesses in the random number generator, protocol weaknesses, and statistical flaws.
Teenage computer crime: A new form of juvenile delinquency? – Shirley McGuire
The presentation will focus on understanding why older children and teenagers participate in computer crime. I will review current theories of juvenile delinquency and discuss ways that we can adapt these psychological models to understand the development computer crime, a new form of children’s behavior problems. Examples will be provided using data from a survey of Internet use (and misuse) in a large, diverse sample of U.S. high school students.
Cisco IOS attack and defense : The State of the Art – Felix 'FX' Lindner
The talk will cover the past, present and future of Cisco IOS hacking, defense and forensics. Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag.
To each attack type, we will also see what defensive measures are taken, what should be done and how Cisco forensics people will identify the attack and nail the attacker (or not).
iSCSI Security (Insecure SCSI) – Himanshu Dwivedi
The iSCSI presentation will discuss the security issues that exist in the default implementations of iSCSI storage networks/products. The presentation will cover iSCSI storage as it pertains to the basic principals of security, including enumeration, authentication, authorization, and availability. The presentation will show how iSCSI attacks can compromise large volumes of data from iSCSI storage products/networks. The presenter will also follow-up each discussion of iSCSI attacks with a demonstration of large data compromise. Each iSCSI attack/defense described by the presenter will contain deep discussions and visual demonstrations, which will allow the audience to fully understand the security issues with iSCSI as well as the standard defenses.
Cold Boot Attacks on Hard Drive Encryption – Bill Paul and Jacob Appelbaum
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at room temperature and even if removed from a mother-board. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
Living on the Edge: The Sources of Creativity – Richard Thieme
The edges of our thinking, the edges of consensus reality, the edges of organizational structures - that's where new ideas first show up. Those we call "geniuses" see them first and give them names. Using the insights and wisdom of the best and the brightest of the infosec and hacking worlds as well as the practice of the craft of intelligence, this presentation demonstrates how creativity infuses the best practices of security and intelligence, how to tend it and make it more likely to happen, and how to capture it on the fly.
The questions for information security practitioners include: How do you generate your creative best in a world driven by cyber attacks and down-sizing? How does creativity fit into the big picture we all know is true in the Dilbert-world of the real work place? This keynote responds to those questions with deep and real insights, grounded in the nitty-gritty of life in the trenches. Thieme argues persuasively that you must tap into your creative potential to succeed as a person-of-interest /and/ a security professional. This talk helps professionals recontextualize how they think about challenges in security by seeing the deeper context of their work.
Stealing the Internet: An Internet-Scale, routed Man-In-The-Middle attack – Anton Kapela
“Stealing the Internet" will describe a method where an attacker exploits trust relationships in the BGP routing system to facilitate transparent interception of IP packets. The method will be shown to function at a scale previously thought by many as unavailable to anyone outside of intelligence agencies and carrier networks.
The talk highlights a new twist in sub-prefix hijacking that I demonstrated at Defcon 16: using intrinsic BGP logic to hijack network traffic and simultaneously create a 'bgp shunt' -- a "feasible path" -- towards the target network. This method will be shown to preserve end-to-end reachability while creating a virtual 'wire tap' at the attackers network. I'll also demonstrate that the attack doesn't require prior coordination with any devices or hardware in or adjacent to the target network. Additive TTL modification will be presented as a means for the attacker to obscure the presence of the interceptor.
Results of a recent inter-provider filtering practices survey will be presented as further rationale for stronger route filtering and increased routing security research.
There will not be a live demonstration of the hijack or interception methods. Those interested in observing the attack in action and the original demonstration are encouraged to view the video of the presentation, posted at www.defcon.org.
Trusted Computing – Christoph Wegener
The Trusted Computing Platform Alliance (TCPA) was established almost 10 years ago - in 1999. TCPA, replaced by the Trusted Computing Group (TCG) in 2003, propagates the Trusted Computing (TC) technology as a solution approach in secure future IT. The so-called Trusted Platform Module (TPM), which is to form the trust base, provides the foundation. This is hidden - often unnoticed by the user - in most modern PCs. Reason enough to focus on this technology.
After an introduction to the technology of trusted computing, the lecture is defining a TPM, explaining what it can do, but also what it cannot do. Other issues include the integration of a TPM using OpenSource, problems associated with its use and the scope of possible attacks on TPMs. The lecture also includes a comparison with the traditional smartcard and an explanation of data protection.
The legally compliant website: liability on the Internet – Jörg Heidrich
A link to a page with illegal content, a pinched image in a forum or an insulting blog entry: there are a variety of possibilities for an online operator to get into a costly liability trap even without being at fault. The speech shows the basics of liability on the Internet and related characteristics in the field of liability for links as well as Web forums and Web 2.0 contents. The main focus here is how to avoid or at least minimize liability risks.
The problems with cyberwar –Marcus J. Ranum
“Cyberwar" - it sounds so clean and practical, until you start to look at the logistical, military, and political problems implicit in the concept. In fact, while cyberterror and cybercrime may be eminently practical, cyberwar suffers from several fundamental flaws which its proponents wilfuly ignore. In this presentation, we will look at why cyberwar is not likely to be a serious part of any nation-state's set of military options.
Microsoft Security Fundamentals: Engineering, Response and Outreach – Andrew Cushman
MS08-067 – A Case Study in the Evolution of the MSRC Andrew Cushman –
Sr. Director of the Microsoft Security Response Center provides Microsoft's unique perspective on 2008 security ecosystem changes and a behind the scenes look, using actual case studies from 2008 security updates, to highlight the continued transformation of the MSRC.