Now that I knew what I was in for, the second day of Black Hat DC took quite a bit less adjusting to, I felt more okay to skip parts of a presentation to chat was presenters, which I did after the Tor presentation.

In the morning, Dan Kaminsky gave a brief review of the DNS exploit he found last year, and the current status of the source port randomization patch. The estimate for patch coverage was about 60% of DNS servers, though the unpatched servers are being pretty actively exploited. He also clarified his stance on DNSSEC, that he’s neutral to the technology, but feels that it can provide end to end trust, something that DNSCurve cannot do, and has a higher chance of being accepted on the root since it doesn’t require pre-operation cryptography. A big implementation hurdle that he sees is for the deployment of DNSSEC servers to be turn-key and not require extra maintenance or knowledge to use.

The following presentation was an interesting one that provided a technical solution to a political problem, how to share data without compromising the data privacy, and without letting the data sharing knowing what is being searched for.

After that, a researcher from Vietnam showed how to break the facial recognition software built into laptops. Simply by taking a photo of the user, and editing it for proper lighting and tones. I got to be the lovely assistant in this presentation, enrolling my face into one of his laptops, then having him take my picture through a Skype chat, then using that picture to unlock the computer. This got the crowd laughing and very impressed with how this technology can actually sell.

The presentation on Tor did very little for me, the research was of marginal value, but the talk after with the presenter and the creator of Tor was eye opening. The most important thing I brought back from that talk was that Tor is not meant to protect you from big brother, but to keep you anonymous from the sites you are browsing, and your ISP. After I saw that shift, I was able to accept the many attacks that have come out of the woodwork over the past few years, and finally put Tor in the proper place in my cyber tool chest.

Finally, the memory snorting presentation was very slick, it seemed to be a very clever way to reuse the signature data already in existence, and be able to both analyze a saved memory dump, and also potentially find malicious code before it hits the wire.

Overall, the show was a blast, and I hope to have the privilege of attending sometime in the future.

Peace and chow,

Ranok

My first day at Black Hat was pretty neat, I learned quite a bit, and I had my expectations shifted around. Originally, I was expecting the presentations to be the core aspect of the conference, and everything else on the sidelines. I quickly learned that the presentations are just a small part of the greater networking and information exchange going on.

The keynote was very interesting as it wasn’t technical in the least, but more a call for discourse about the tough questions that the country needs to ask about how the government and private sector need to work together to protect the country’s cyber resources. It also brought to light a question regarding cyber weapons, and who is responsible to clean up the online equivalent of a Katrina.

Moxie’s presentation on defeating HTTPS was interesting, but was more leveraging holes in other aspects of the network to gain control of an SSL tunnel. Why clever and very neat to see in action, it didn’t blow me away nor was it particularly ground breaking.

After Moxie’s talk, I spent a while chatting with Dan about the advantages of DNSSEC versus DNSCurve and how take the strengths of each to find a happy medium. I hope to implement his suggestions into LadieBug (which he thought was a bad name to have ‘bug’ in the name).

I left half way through the Mac OSX presentation since it was pretty useless. The presenter assumes you have access to a Mac and can run arbitrary code/modify binaries. From my perspective, one you’ve got that, the game is pretty much over.

After lunch I made my way to the packed room where the gang from the Invisible Things Lab talked about their TXT exploit. This was a highly anticipated talk, and I must say I personally was slightly disappointed. While their findings were interesting, due to their deal with Intel, they basically gave an overview of TXT and then talking about the Q35 hack in more detail, which is old news. Esentially, the summary of their findings were that TXT doesn’t check the SMM handler, and they disassembled the handler and found a number of bugs. The need for Dual Monitor Mode or an STM as they called it seems needed, but perhaps more eyes on the SMM handler code to help find bugs.

Hailing from AFIT, the speaker for the SecureQEMU project gave an overview of using emulation to encrypt and sign code that can’t be modified from the guest. While impressive that they managed to get it working on an unmodified OS, it was slow, and not a very complex concept.

Last, but not least was a just for fun talk on satellite hacking. This one had the room laughing for much of the hour while the speaker showed us a live demo of decoding a stream from a satellite over Africa. He then showed us how laughable the security in the RFID passports is, easily cloning and modifing his son’s passport to have Osama Bin Laden’s face, and doing a MitM attack using two $15 RFID readers/emulators.

That’s all for today, check back tomorrow for a review of the next set of briefings, and as always I’ll be updating regularly on Twitter.

Peace and chow,

Ranok

I just made the discovery the other day that I’ve been on co-op for over a month, and time shows no sign of slowing down! For those of you who haven’t had the delight of hearing me expound on how much I love my co-op, I have really found a place where I fit in, am challenged everyday, and don’t have to do any tedious work, just cutting edge security research!

Anyways, now that I’ve gotten that over with, I was up at Clarkson the other week for the career fair, and I went up the night before for the COSI meeting. That evening a new member introduced a new project to add easy to use AI libraries to the Processing language. I thought that is might be a good idea to take a look at AI stuff before I take the class when I return, so I’m excited to dive in and learn what I can! Also, after learning how little I really know about virtualization, and seeing how popular it is, I thought I’d like to jump on the bandwagon and learn about it. Last night I bought Running Xen and its sister book The Definitive Guide to Xen and I proposed (through Zach) that to learn more about it, I’d like to form a rag tag groups of hackers and write our own, open-source virtualization application, whatever that entails. I hope to post soon as I start learning what I’m in for.

Peace and chow,

Ranok

Being in the wilderness as I have, as a canoe trip leader, helps you adapt to uncomfortable situations. Recently, I was put into a less than desirable situation, programming in Windows. I thought it would be a good idea to learn how to survive on the dark side. I started with a stock Windows XP install, with all the fancy development tools, Visual Studio, WinDDK, sample code for Win32 programming, and a (relatively) open mind. As I started using it, the following became major annoyances:

• The command line (cmd.exe) is horrible, not full screen, the history is bad, and it’s just plain ugly.
• Visual Studio is a waste of space, it doesn’t even provide the ability to compile a file. That alone made me get rid of it.
• The lack of multiple desktops make screen real estate very limited. Even with a sizable screen (27″) is makes looking up references a pain

So, to fix some of these woes, I did away with Visual Studio, edited the console preferences to take up much of the screen, and installed emacs, I then wrote some batch scripts which I put in the PATH to enable me to just type emacs foo.c, and ls instead of dir.

Now, I finally have a system that I can work with, it’s not great, but I’ll survive. Unforntunatly, developing on Windows is much like trying to glue a dead weasel onto a balloon — non-sensical and smelly. From my short exposure to the Windows system, I’ve found the following lacking:

• The kernel memory layout
• The poorly documented API
• Lots of caps, and non-standard types, it’s like programming in old HTML.
• The verbose and utterly convoluted device communications (IRPs?)
• Complete lack of modularity (if my driver segmentation faults, I get a BSOD)

To sum it up, while it’s been an informative foray into the world of Windows, I think I’ll stick to slightly more sane and open operating systems.

Peace and chow,

Ranok

With less than two weeks until I depart from Clarkson for winter break, it’s crunch time for my friends and I. Below is a list of the things I need to finish before I can pack my things and head home for some much deserved rest before my co-op:

• Final paper for ANTH330 due Monday
• CS350 final group project & presentation due Thursday
• Two CS456 assignments to polish up and turn in
• Final paper for CS456 due next Friday

After that is all taken care of, I have three finals next week to study for and take.

Peace and chow,

Ranok