DEFCON 14: [Video] Speeches from the hacker conventions

Abstract: In 2002 the President issued an Executive Order authorizing the National Security Agency (NSA) to wiretap phone and email communications involving United States persons within the U.S., without obtaining a warrant or court order pursuant to the Foreign Intelligence Surveillance Act of 1978 (FISA), which prohibits such unauthorized electronic surveillance. Investigate the technology timeline regarding this Contentious activity. The surveillance threat to liberty consists of multiple and overlapping collection efforts, targeted against all sources of information available by various agencies and is supported through several pieces of legislation. For this reason, the balance between technological capability and privacy will continue to remain a major concern in the future. Bio: Tim O'Neill instructs various engaging INFOSEC and OPSEC courses as an adjunct professor with the Division of Extended Studies at Boise State University. Working extensively with the National Security Agency?s Information Assurance Directorate, (NSA IAD) he was successful in designing and implementing the first NSA accredited curriculum for the Information Assurance Courseware Evaluation Program at Boise State University in accordance with the Committee on National Security Systems (CNSS) National Standards 4011 & 4013. As an associate of the FBI?s Infragard Salt Lake City Utah chapter, he works to provide assistance, expertise and resources relating to Information Security vulnerabilities, policy development and computer security best practices. His most recent speaking and organizing initiatives are: the 2005 National OPSEC Conference & Exhibition, 2005 Gowen Field OPSEC briefs, 2005 BSU Fraud & ID Theft conference, 2005 NWFIA conference. Additionally, Tim O?Neill is part of a collaborative effort with the Better Business Bureau to form a regional, small business training group, fostering trust and partnerships throughout business and industry, while providing risk mitigation, education, training and research modalities. Professional Affiliations: Association of Certified Fraud Examiners; Information Systems Security Association; Information Systems Audit & Control Association; Federal Information Systems Security Educators' Association

Abstract: It?s hard to prosecute someone if you can?t prove what they did. In this session, we will quickly cover 10 easy ways to cover your tracks using Mac OS X. The features of Mac OS X at the GUI level were in a lot of ways designed to cater to the paranoid (eg. Steve Jobs). Underneath the hood, using some easily scriptable techniques you can cover your tracks in such a way that will make it easy to hide what you?ve done as well as your identity. In this session, we will quickly cover some of the techniques that can be used to cover your tracks using case studies that illustrate ways that we have pieced together evidence as a starting point. Using a little bit of forensic evasion can go a long way to keep you free. This might also be interesting for forensic enthusiasts who can learn ways around these techniques. Bio: Charles Edge began his consulting career working with Support Technologies, Andersen Consulting and Honda to name a few. In January of 2000 Charles arrived at Three18, a boutique consulting firm in Santa Monica, California. At Three18, Charles has worked with Network Architecture, Security and Design for a wide range of clients. As a partner at Three18 Charles manages a team of engineers, security professionals and programmers. His first book, "Mac Tiger Server Little Black Book" is available through Paraglyph Press. His second book, "Web Admin Scripting Little Black Book" is also available through Paraglyph Press. The latest title Charles is working on is Mac Security Essentials.

Abstract: Radio Frequency Identification (RFID) tags are remotely-powered data carriers that augment physical objects with wireless computing abilities. This allows us to create smart homes and offices, optimize our supply chains, and keep a watchful eye on our pets, livestock, and kids. But unfortunately, RFID security and privacy issues have been addressed as an afterthought; it is regretfully easy to interfere with RFID systems, as many rely upon the integrity of RFID tag data for their correct functioning. To illustrate these problems, we have built a handheld device that performs RFID tag spoofing and selective RFID tag jamming (a bit like an "RFID firewall"). Compatible with the ISO 15693/14443 13.56 MHz RFID standards, our device is battery-powered and fits into a shirt pocket. This presentation will explain the "nuts and bolts" of RFID tag spoofing and jamming attacks, and will conclude with a live practical demonstration of these attacks. Bio: Melanie Rieback is a Ph.D. student in Computer Systems at the Vrije Universiteit in Amsterdam, where she is supervised by Prof. Andrew Tanenbaum. Melanie's research concerns the security and privacy of Radio Frequency Identification (RFID) technology, and she leads multidisciplinary research teams on RFID privacy management (RFID Guardian) and RFID security (RFID Malware) projects. Melanie's recent work on RFID Malware has attracted worldwide attention, appearing in the New York Times, Washington Post, Reuters, UPI, de Volkskrant, Computable, Computerworld, Computer Weekly, CNN, BBC, Fox News, MSNBC, and many other print, broadcast, and online news outlets. Melanie has also served as an invited expert for RFID discussions involving both the American and Dutch governments. In a past life, Melanie also worked on the Human Genome Project at the MIT Center for Genome Research / Whitehead Institute. She was part of the public genome sequencing consortium, and is listed as a coauthor on the seminal paper 'Initial sequencing and analysis of the human genome', which appeared in the journal Nature.

Abstract: The OODA Loop theory was conceived by Col John Boyd, AF fighter pilot. He believed that a pilot in a lethal engagement that could Observe, Orient, Decide, and Act (OODA) before his adversary had a better chance to survive. He considered air combat an art rather than a science. John Boyd proved air combat could be codified; for every maneuver there is a series of counter maneuvers and there is a counter to every counter. Today, successful fighter pilots study every option open to their adversary and how to respond. This panel's focus is on the government efforts to try to get inside the cyber adversary's OODA Loop and survive another type of potential cyber lethal engagement.

Abstract: The Mac OS X operating system is beautiful, but it?s not as secure as you think. It?s mostly Unix under that shiny GUI and while we?ve come to expect a very locked down system from recent Unix/Linux releases, that expectation isn?t entirely realistic when it comes to OS X. For instance, the firewall GUI tool makes it seem like you can create a default-deny firewall that only lets packets from established sessions in. The firewall it produces, though, is full of holes! Whatever you do, don?t take your OS X laptop onto the wireless network here! Write your own replacement or take the one we?ll offer in this talk, where we?ll introduce the new OS X port of the popular Bastille Linux system lockdown and audit tool, Bastille OS X. Bastille increases the security of OS X systems. It starts by building a real firewall configuration that you can tune to your needs. It continues by deactivating services like the information-leaking Bonjour service, which a remote attacker can use to get your Security Update (patch bundle) level, hardware versions and machine name. Finally, it configures the remaining operating system components, doing things like isolating local users from the service that gives them the length of all users? passwords. There?s a lot more than that, though. Come learn about OS X security, learn how to harden and see the newest part of the Bastille family: Bastille OS X! Bio: Jay Beale is a information security specialist, well known for his work on mitigation technology, specifically in the form of operating system and application hardening. He's written two of the most popular tools in this space: Bastille Linux, a system lockdown and audit tool that introduced a vital security-training component, and the Center for Internet Security's Unix Scoring Tool. Both are used worldwide throughout private industry and government. Through Bastille and his work with the Center, Jay has provided leadership in the Linux system hardening space, participating in efforts to set, audit, and implement standards for Linux/Unix security within industry and government. He also focuses his energies on the OVAL project, where he works with government and industry to standardize and improve the field of vulnerability assessment. Jay is also a member of the Honeynet Project, working on tool development. Jay has served as an invited speaker at a variety of conferences worldwide as well as government symposia. He's written for Information Security Magazine, SecurityFocus, and the now-defunct SecurityPortal.com. He has worked on five books in the Information Security space. Three of these make up his Open Source Security Series, while two are technical works of fiction in the "Stealing the Network" series. Jay makes his living as a security consultant with the firm Intelguardians, which he co-founded with industry leaders Ed Skoudis, Eric Cole, Mike Poor, Bob Hillery and Jim Alderson, where his work in penetration testing allows him to focus on attack as well as defense. Prior to consulting, Jay served as the Security Team Director for MandrakeSoft, helping set company strategy, design security products, and pushing security into the third largest retail Linux distribution.

Abstract: This talk provides an overview of new RFID Technologie used for Dual-Interfaces Cards (Credit cards, Ticketing and Passports), and RFID Tags with encryption and security features. Problems and attacks to these security features are discussed and attacks to these features are presented. After dealing with the tags an overview to the rest of a RFID-implementation, middelware and backend database and the results of special attacks to this infrastructure is given. At the end of this talk there is a practical demonstration of these discussed attacks. Bio: Lukas Grunwald works for a German Security company, and has security experience over 20 years. As hobby he writes for the iX Magazine, and other security publications. He is also the head of the Hacking Lab where new technology is evaluated.

Abstract: The ability to both conceal and detect hidden data on the hard drive of a compromised computer represents an important arms-race between hackers and forensic analysts. While rootkits and other kernel manipulation tools make hiding on live systems fairly easy, the trick of hiding data from forensic tools and offline drive analysis is much more difficult. In this presentation, we will review traditional data hiding techniques, examine their strengths and weaknesses, and then explore more advanced methods of data hiding which go beyond the detection capabilities of current forensics tools. Further attention will be given to enabling transparent access to hidden file systems while also minimizing detection, ensuring data confidentiality, and providing robustness against corruption. The culmination of our research will be demonstrated in an advanced data hiding methodology and corresponding forensic detection utility. Bio: Irby Thompson is currently a Senior Security Engineer for the Advanced Technology Laboratories of Lockheed Martin. His early interest in computer security led to a career in network and host security with a focus on operating system security and applied cryptography. Irby?s past experience includes the design and development of a secure email system including features such as guaranteed read-receipts, message expiration, one-time read, and un-send capabilities. He holds a Masters degree in Information Security from Georgia Tech and a Bachelors degree in Computer Science, Math, and Management of Technology from Vanderbilt University. Mathew Monroe has a BS in Electrical and Computer Engineering with an additional major in Mathematical Sciences from Carnegie Mellon University, and is currently pursuing graduate studies there. He is an accomplished developer specializing in embedded systems and computer security. In addition, Mathew has experience designing and implementing high performance distributed file systems and applications. He is currently a Senior Security Engineer at the Lockheed Martin Advanced Technology Laboratories. Prior to this post he implemented, deployed, and tested Lustre file systems on Lawrence Livermore National Laboratory?s MCR and ACL clusters and Pacific Northwest National Laboratory?s rx2800 cluster. The Lustre file system is an advanced high performance distributed file system used by a number of the world?s top super computers. In addition, Mathew designed and implemented firmware and low level file system code for network attached storage devices at Spinnaker Networks (now Network Appliances).

Abstract: Apple claims not to care about the enterprise market, but there is no doubt that Apple networks are growing. The number of Apple systems in enterprise networks are growing as well. For security purposes it is becoming more and more important to manage these systems in the same way that we manage Windows clients. In this session we will cover the tools that Apple and some 3rd party organizations have been quietly building for use in these environments. We will also cover the methods Apple has started using to facilitate running security updates on their workstations. This is a good session for security professionals who have Mac systems on their networks. Tools we will cover: * Mac OS X Server Managed Clients * Nagios * Radmind * Apple Remote Desktop * HenWen * Tripwire * Open Directory Password policies * ipfw and dummynet * Centrify DirectControl * Dave * AdmitMac Bio: Charles Edge began his consulting career working with Support Technologies, Andersen Consulting and Honda to name a few. In January of 2000 Charles arrived at Three18, a boutique consulting firm in Santa Monica, California. At Three18, Charles has worked with Network Architecture, Security and Design for a wide range of clients. As a partner at Three18 Charles manages a team of engineers, security professionals and programmers. His first book, "Mac Tiger Server Little Black Book" is available through Paraglyph Press. His second book, "Web Admin Scripting Little Black Book" is also available through Paraglyph Press. The latest title Charles is working on is Mac Security Essentials.

Abstract: In the age of NSA phone taps, mandatory data retention, CALEA, the PATRIOT Act, and national firewalls, establishing a truly covert communications channel without leaving a trail is becoming almost impossible. Even when strong encryption is used to protect the message, Government agencies now have the ability to use pattern analysis to pinpoint almost all participants in the conversation. Without tremendous diligence, truly anonymous communication is almost impossible. But what if you could skip having to create the communications channel entirely? What if you could have unwitting, or even willing, third parties spread your message for you? The larger the network of people spreading the message, the more difficult traffic analysis becomes as the signal-to-noise ratio increases. Convenient anonymity for the sender and recipient of the message becomes possible again. The presenters will demonstrate how they were able to create a publicly available communications channel and use thousands of unwitting participants to spread their encrypted messages. The presentation will also include speculations on how to create networks designed to foil traffic analysis attempts, and observations about the culture of the online cryptographic community, and the nature of collaborative problem solving. Bio: Strom Carlson is a hardware security researcher at Secure Science Corporation, the organizer of the Los Angeles area Defcon Groups chapter (DC213), and the co-host of Binary Revolution Radio. He enjoys tinkering with technology, playing with telephones, and having a good time with whatever he happens to be involved in.

Abstract: Event and Log Analysis is becoming one of the main tools for security analysts to investigate and comprehend the state of their networks, hosts, and applications. Recent developments, such as regulatory compliance requirements and an increased focus on insider threat has increased the demand for analytical tools to help in the process. Event correlation is one of the tools that helps addressing the challenges. However, the vast amount of events still leaves the analysts with enourmeous amounts of data to manually analyze, creating space for new tools to fill the gap. Visualization of data has proven to be the approach generating the best return on investment. This talk takes a step-by step approach to analyzing a log file, showing how AfterGlow (afterglow.sourceforge.net) can be used to analyze and understand a log file. The analysis will show how visualization can be used to detect portscans, policy violations, and misconfigurations. The talk will focus on using link graphs and treemaps to analyze the data sets. The goal of the talk is to leave the audience with the knowledge and tools to do visual log analysis on their own data. The main tool used for the talk is AfterGlow (afterglow.sourceforge.net), which in his current version supports a diverse set of operations to ease the analysis of log data. Bio: Raffael Marty, GCIA, CISSP is the amanger of ArcSight's Strategic Application Solution Team, where he is responsible for delivering industry solutions that address the security needs of Fortune 500 companies, ranging from regulatory compliance to insider threat. Raffael initiated ArcSight's Content Team, which holds responsibility over all the product's content, ranging from correlation rules, dashboards and visualizations to vulnerability mappings and categorization of security events. Before joining ArcSight, Raffael used to work as an IT security consultant for PriceWaterhouse Coopers and previously was a member of the Global Security Analysis Lab at IBM Research, where he participated in various intrusion detection related projects. His main project, Thor, was the first approach to testing intrusion detection systems by means of correlation tables. Raffael also serves on the MITRE OVAL (Open Vulnerability and Assessment Language) advisory board, is involved in the Common Vulnerability Scoring System (CVSS) standard and has been presenting at various occasions.

Abstract: Governments around the world are investing serious time, effort, and money into the next gen Internet, based on IP version 6. With important mandatory and remarkably close deadlines looming for v6 deployment, much yet remains to be understood about its security and socio-economic implications as well as our readiness to fully embrace it. While Europe and Asia have been trailblazing IPv6 industry for years now, the U.S. Government has mandated that its organizations be IPv6-compliant by June 30, 2008, yet the vague definition of compliance has already confused many considering dual-stack, tunneled and/or native environments. Imagine the bliss of IPv6 telematics, mobility, autoconfiguration, "mandatory IPSec" encrypted traffic and enough IPs to globally address everything with a battery or even a reference to a snippet of code for the world to access. Now imagine your firewalls and IDS sensors being blind to IPSec or even just cleartext 6to4 tunneled traffic. Debunking many myths, such as IPv6 "built-in security", prior to the transition is key as we watch the beloved IPv4 become legacy, say goodbye to NAT and the 6bone and welcome more DNSSEC, tunnel brokers and distributed PKI firewalls?! This presentation will cover wide-ranging research the authors have conducted and the new paradigm shift necessary to approach IPv6 differently than IPv4, including interviews with some of world's top thinkers about the sleeping giant. Whether it is yet another gov-hyped failed theory like GOSSIB or it is here to stay, you will take away enormous insight into the work that you may be responsible for and dependent on over the next several years.

Abstract: tommEE pickles (http://tommEE.net) presents an explanation of 802.1x networking. Exploring what 802.1x is and why we would use it. He explains how 802.1x might be used in a corporate environment, wireless or wired. Giving an explanation on how you can start 802.1x network and get your users on it. Hardware and Software resources will be discussed and recommendations for free ways of accomplishing it will be presented. He will talk about the current problems and how to provide possible fixes for problems. Bio: tommEE pickles has been born, raised, and possibly living in New York City. He co-founded Moloch Indiustries in 1999. He his known for the 4 Defcon Cannonball Runs and his passion for Streaming Media and TiVo hacking. tommEE has worked for large streaming media providers while giving them solutions for streaming media security. He has also developed wireless networks for several large companies. He is also know for Birthdaycon during CES and AVN weekend.

Abstract: In 2006 thousands of people will create applications based on the free Oracle 10g Express Edition. Even if this version of Oracle (based on Oracle 10g Rel. 2) is the most secure database from Oracle out of the box so far, there is still room for improvements. This presentation shows different possibilities to attack Oracle 10g Express Edition (and Oracle 10g Rel. 1 and Rel. 2). With Oracle 10g Oracle introduced some new security features (e.g. listener protection) which eliminates old attack vectors. But by introducing new features they implemented new bugs and new possibilities like SQL injection, built-in HTTPS-server, etc Bio: Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle anti-hacker trainings and gave various presentations on security conferences like Black Hat, Bluehat, IT Underground. Alexander Kornbrust has worked with Oracle products as an Oracle DBA and Oracle developer since 1992.During the last six years, Alexander has found over 220 security bugs in different Oracle products.

This topic will present a new web-app/DB pen-test tool. This tool supports both proxy (passive) mode as well as direct URL targeting. It is a mixed Web App SQL Injection systematic pen-test and WebApp/Database scanner/auditing-style tool and supports most popular databases used by web applications such as Oracle, SQL Server, Access and DB2. It has many unique features from web app backend Database automatic detection to the ability to browse database objects (without the need to ask for a passwords, of course), to the ability to locate/search for any sensitive content inside the DB and find more vulnerability points from source as well as privilege escalation.'-" Bio: Yuan Fan, GCIH, GCIA, CISSP, is the founder of DBAppSecurity Inc with consulting service on enterprise security management especially on database and application security. His expertise spans from network layer to application/database layer Security. Before that he worked 5+ years for ArcSight for a variety of security device?s connectors, and many years in network management area. He holds a Master of Computer engineering degree from San Jose State University. Last year, he presented the abnormal detection between webApp layer and DB layer. This time he is going to show the brand new sword out for the first time. The tool"MatriXray"was designed and developed by him and his partner XiaoRong in their spare (night) time is deemed to be promising from several aspects including the deep pen-test ability framework and cross database support (currently supports Oracle, SQL Server, DB2,Access).

Abstract: Zulu is a light weight 802.11 wireless frame generation tool to enable fast and easy debugging and probing of 802.11 networks. It has an intuitive command line interface and operates with the unmodified madwifi-ng and partially with prism based Linux network drivers. Individual fields in frames can be set or unset, generating frames that possibly violate the IEEE 802.11 protocol. It can generate all control, data, and management frame types and subtypes. The user-friendly command line options enable novice users to quickly generate custom frames with a combination of values placed in different frame fields. Zulu is freely available under the GNU license. Bios: Damon McCoy has worked in a variety of industry and government positions. Currently he is a Doctoral Candidate in the Department of Computer Science at the University of Colorado at Boulder. He has also worked at Sandia National Laboratories in the Center for Cyber Defenders. Prior to this he worked for IBM in the Emergency Response Services group as a network security consultant. Before this he worked for both AT&T Research and Lucent Bell Laboratories. Anmol Sheth is a Doctoral Candidate in Computer Science at the University of Colorado at Boulder. He received his B.S. in Computer Science from the University of Pune, India in 2001. His research interests include MAC layer protocol design, fault tolerant distributed wireless systems and energy- efficient wireless communication.