TASK Defcon Rollup
Continuing with my community gust blogger theme... I asked Brian Bourne from TASK and CMS Consulting to let you all know about the meeting on Wednesday (see www.task.to/eventss/upcoming.php) for details.
Defcon Review
Just by quick introduction, I’m a long time techie and now run a Microsoft-Triple Gold Certified partner company by the name of CMS Consulting Inc. We’ve got some of the best Microsoft infrastructure and security guys in the business working here, and provide customers with subject matter expertise before they embark on things like Active Directory or Exchange migrations, SMS or MOM projects, security efforts, etc.
For those not “in the know”, Defcon’s claim is that they are the “largest underground hacking event in the world”. The event is run by the same organizer who runs the much more formal BlackHat event so well covered by the press this year for the Cisco/ISS/Mike Lynn story.
So why is Defcon a significant event? And why would a company like CMS send 10 consultants? Let me answer. There are two reasons to go to Defcon. First, to learn more about all the new attacks that are available to the hacker community that everyone is aware of, and secondly, to learn about all the new attacks that exist but aren’t yet being talked about! For any company that claims to have an expertise in security, Defcon is a must attend event. It allows us as consultants to come back with new defense strategies for our customers and at minimum, it gives us some focused time to really understand the under-pinning of various technologies and how the underground commuting is exploiting them.
This year was really no exception. The event ran with the usual amount of chaos and disorganization, a big percentage of presentations were either old news, or badly put together. But the presentations that were at hit, were truly a hit. One particular presentation to receive a lot of press was the presentation by Adam Laurie (aka Major Malfunction). He presented his research with infrared hacking. Particularly hacking hotel TV systems. Turns out that the only security feature preventing you from seeing your neighbour’s hotel bill, and ordering pay-per-view on your neighbour’s hotel bill is the room number assigned to the TV. Also turns out that he’s figured out how to use his laptop to send the required infrared signals to get into the TV setup. This is a great example of a presentation that every layman can understand – however there were many other, very deeply technical “hit” presentations also.
Exploits and attacks presented showed no prejudice and favoured no particular vendor or operating system. Everything was under attack, from everyday devices like locks, cell phones and hotel TV’s to the more traditional application and operating system attacks. Possibly the best example of everything being under attack, is the Shmoo group release of a number of attacks against actual hacker tools, the effort is being dubbed by the group “PotKettle Industries” (introducing pot to kettle).
Truth be told, some organizations need to be very afraid, and others have nothing to worry about. Most of these attacks are easily thwarted by what is becoming standard practice for that cliché line “defense in depth”. Those that need to be afraid are those organizations that turn a blind eye until something happens – those without any patch management strategy (for all devices, not just Windows boxes), and those without any layered defense. Any company that says “but we already have a firewall” is probably already “0wn3d”. What so many people continue to forget, is that most attackers go out of their way to “own” your systems without being detected. So if you are waiting for some big event to happen before you act, it may have happened already.
If you didn’t get a chance to go to Defcon, we’ll be reviewing some of the highlights of the best presentations and news at the upcoming TASK event. We meet every month to talk about various security topics and “what’s new” in the world of IT security
Some of the highlights to be talked about include creation of MD5 collisions, WPA attacks, Google hacking updates, new tool releases, infrared hacking and much more.
For more topics click here (www.task.to/events/upcoming.php).
If you don’t get a chance to come out to the TASK event, just pop by the TASK forums www.task.to/forum.