IT Security and other matters

Home - Profile - Archives - Friends - RSS Feed
Back from DefCon - Posted at 11:59 AM on 8/7/2007 by GenesysWave
I had an awesome time at DefCon, even though I missed a couple of presentations that I wanted to see.  I am reviewing the presentations I missed now.

I went for 3 main reasons
  • Gain knowledge
  • Compete in the LosT @ Con Mystery Challenge
  • Meet up with other members of the Trusted Catalyst and Security Catalyst Community.
Knowledge gains:

I learned how to pick a basic lock which got me thinking about physical security and how a simple lock makes people feel safe but may not offer much protection against a skilled individual.  This makes a great transition to IT Security in that many companies are looking for a golden device that is going to solve the problems that they have been experiencing.  Most people would not put just a single lock on their house, they will put multiple locks and set up lighting to increase the visibility around the house. So why are they looking for a single device to solve their problems.  Layered Security is an ongoing process, it should never stop.  If installing a lock was good enough to keep a thief out, it would never need to actually be locked.  It is an on going process to verify that the lock is in good working order and engaged when needed.  If you notice problems with your locks, you have a professional work on them or replace them.  The same should be true for your network security.

Staying with the physical to network security correlations, I saw a presentation by Matt Richard about going beyond penetration testing.  It goes to the idea that you need to be aware of what can go out of your network and could be utilized to compromise your network.  We all plan or should plan the escape routes out of our homes in case their are fires, but we should also remember that points of egress can also be used as points of ingress.  (Often referred to the Moshe Dayan problem "The Syrians will learn that the road from Damascus to Tel Aviv - is also the road from Tel Aviv to Damascus...")  Matt has developed an application called eescanner (I am unable to currently find my link to the app and will update when I find it) that can do outbound scanning to determine what is allowed out of a network.  I think it is a brilliant idea.  This presentation as has given me an idea for a presentation, but I will wait to talk about that later.

The LosT @ Con Mystery Challenge:

The concept is that a team of 5 is given a box which they must access and then solve any problems related to the box.  Last year the solution to the problem was made in 2.5 hours.  This year was a bit more complex and the teams struggled (including the Security Catalyst team).  First we were given a sheet of text with some clues on it, a note pad with another clue and the letters of the alphabet except for the letter e on cut outs that included pictures of books.  9 hours after starting the first teams broke the code (with clues from LosT) that it was a 1 time pad cypher of the text on the sheet using the first paragraph of the 21st chapter of a book called Gadsby by Ernest Vincent Wright.  This then gave us a clue to a picture and phrase we would have to present to LosT.  We were then given a large metal box with a circuit board with an LCD discplay  attached to the outside  and three locks.  We were told that we needed to get inside without killing the sequence that was running on the circuit or tipping the box over.  We were then told we needed to start on the bottom of the box with the Brinks R70 lock.  We took off with our box and started trying to get inside.  After about an hour of trying to open the R70 we decided that it was time to forget what LosT had said about going in the bottom and go in through the top.  After using Bell Splices to add a second battery and by pass some wires that were preventing the locks on top from being easily removed, we accessed the box and found components to make a circuit board that would translate light inpulses to sound.  We built that and were ready to go find out if we had the solution.  Unfortunately LosT had packed up for the night and we had to wait until the next morning.  We told ourselves that the bottom of the box was a red herring because we could see that there was no space for any parts and we thought all we needed was the piece we had just built.  However when we arrived the next morning 2 other teams had much more complicated devices and we went back and tried to get into the bottom.  Eventually a member of one of the other teams told us that he thought the instructions in the locked section were useless and that all we needed was the piece we built.  By the time this had happened 2 other teams had already solved the puzzle so we were left to try for 3rd place.  We were then able to use our device to pick up a broadcast from an led that LosT had placed in black skull with a pirate patch (show on the the document for building the circuit)  which gave us a sequence of Hex that needed to be translated into a phone number that was to be dialed on a special phone that LosT had sitting at the table.  After one more puzzle we were able to secure 3rd place.  If we had trusted our initial insticts we could have won, but we made a poor decision and ended up in third.

So what I learned was cyphering, lock picking, electronic fabrication, social engineering and to do a better job of trusting my own instincts.

Team Security Catalyst will be back next year and we will win.

One really cool thing is that the winning team gave their black badge (lifetime entry to Defcon) to LosT for running such an awesome contest.   I think that was a really classy move on their part and a great tribute to LosT

Meet up with other members of the Trusted Catalyst and Security Catalyst Community.

I had the opportunity to meet face to face with members of the Trusted Catayst and Security Catalyst communities.  I have been talking with Larry Pesce, Mike Henry, Jonathan Squire, Cutaway, Martin McKeay, David Mortman, Adam Dodge, Acr0nym, Perry Carpenter, Marcin Wielgoszwski  and others within the community for the last several months and have developed good frienships with them .  This was my first opportunity to meet any of them.  It made the weekend all the more  fun  and increased the opportunities to learn.  Plus  several of us go the chance to be on CyberSpeak with Ovie and Brett.  I got to meet Andy Lockhart (should have brought my  copy of his book for him to sign) and the group from 303  (hey bluknight and Databeast).  I was able to participate in conversations with Johnny Long and  Joe Grand  ( he has something big coming up  but I can't say what  yet -  those who know were asked to keep it quiet, so I will honor that).

I did get Larry to sign  the print outs of the covers of his two books and while we were hanging out in the vendor area I kept telling people who were looking at the book that I could arrange to get it signed for them.

I know that I missed meeting Amrit Williams and  Mike  Murray (though I did make one of Mike's presentations) and will have to catch up with them the next time we are in the  same city.   If there are other  members of the Security Catalyst Community I missed ,  drop me  a message through the  forums and  I will  remember to call and say Hi if  I am ever in town.


Please leave any feedback you have at the Security Catalyst Forums.


Last Page :: Next Page
Login | Browse Blog Directory | Free Blog Hosting Blogger Team - Start Your Own Blog
Web Hosting | 3GP | Pakistani Music | Mobile Videos | Alojamiento Web