Thursday, December 28, 2006

CCC: Day 2 Of The 23C3

Slept for a few hours and then was woken by the voice of a girl telling me that breakfast was ready. I intended to get some work done while eating, but it was not to be.

Sleep deprivation has impaired my ability to think coherently, I sat at the breakfast table with my notepad, failing to write anything of value. The food in my hostel is really good and eating breakfast is already having a positive effect on me. In 2007 I'll aim to eat breakfast more often...

Annoyingly I didn't arrive at the CCC in time for the talk on infrastructure hacking. It discussed weaknesses in backbone routing protocols and sounded very interesting. Yesterday I met Raven, the woman who was giving the talk. She said she had been investigating insecurities in routing protocols in the US and had found some massive security holes. She contacted the Internet Service Providers concerned and got some pretty stupid responses including "Please don't publicise that weak password you found because we're not going to change it". All talks at the CCC will be available for download at some point in the near future, so I'll download it then.

"Detecting Temperature Through Clock Skew"
This talk was on identifying computers remotely across a network by using a side channel attack. It was given by a Scottish(?) guy called Steven J. Murdoch who works at the Cambridge University computer lab. He was an excellent speaker, and that talk was full of deep hacker magic. The basic idea is that the various clocks used in computers tend to drift due to the temperature inside the computer case. This drifting(clock skew) can be measured using TCP timestamps and is unique enough to be useful as a fingerprint for the specific make, model and even individual PC.

"Tor And China"
This talk was mainly about Tor, an Electronic Frontier Foundation project for anonymous communication which uses a series of tunnels. It was all quite silly. I'm starting to think that the EFF are fighting battles which have already been lost and that they lack understanding the big picture. The talk began with a series of very questionable assumptions upon which Tor is based. People think Tor is important because it is fun and it sounds cool. Currently, for whatever reasons, the people involved with developing it are not people with a good understanding of the nature of the world or the nature of security. This may change in the future, but it's likely that Tor is fundamentally broken, and unless the project is seen as nothing more than a way to learn about some interesting topics, its value is limited.

Quick break for food and coffee, followed by talk on RFID:

"A Hacker's Toolkit For RFID"
The talk covered RFID jamming and spoofing as well as auditing RFID systems. The speaker was a young American woman, and she was quite good, all things considered. One of the problems she suffered from was common to many hackers: she talked about how to make bad stuff slightly better instead of talking about how to destroy the bad stuff. This is wrong.

The Apple Powerbook's crap wireless is really starting to piss me off. Everyone around me seems to be using the wifi here with ease, but due to the crummy Apple wifi card and the poor built-in aerial, I get nothing.

"RFID Hacking"
Another talk on RFID, this one given in three parts by three different people, Karsten Nohl, z0ccor and Henry Plotz. The first part was about making a fake ticket for a World Cup game. It wasn't very detailed but was still interesting. One of the most interesting things was a photo of a ticket that had been placed in a microwave for 2 seconds. You could see the charred paper around aerial and battery of the RFID tag. This suggests that although microwave ovens can be used to destroy RFID tags, it's not a useful method if you then had to present a document containing the tag at a checkpoint etc. Part two covered privacy issues with RFID. The concept presented was that tracking people by RFID is easier than one would imagine. This is a very important point, because most previous studies had always assumed the person would have a single tag. In fact, over the next few years most new clothing will be tagged, so it won't be unusual for people to be wearing 6-10 tags. Part 3 gave a practical blueprint of how to reverse engineer an RFID card system. The speaker lived in university accommodation which used RFID cards as keys. He was able to successfully spoof the key to his room using an Ipod and a homemade transmitter. He went step-by-step through the whole process, using tools such as GNUradio and USRP.

"Stealth Malware"
This talk covered rootkits, trojans, viruses, worms and other nice things. It was given by Joanna Rutkowska. At the first CCC I went to(21C3) I saw her give a talk on passive covert channels in Linux. Although is was basic, and she had got a few things wrong, the talk was still very good and it got me very interested in the stegonographic use of TCP/IP. Her talk on malware was interesting, but nothing special. A bit like Rutowska herself.

"Homegrown Interactive Tables"
This talk was in German, but was still very cool. It was given by a team who built their own version of Multitouch, a giant touch screen which can recognise multiple points instead of just a single point. The touch screen they built is in the lounge area of the CCC, I played around with it a bit and thought it had a lot of potential. I'm going to look into building one.

Black Ops of TCP/IP
Although Dan Kaminsky is selling more of his soul each day, his talks are still very interesting and very entertaining. This year his talk covered graphical tools for analysing bineries, various SSH issues and fuzzing. Kaminsky's style is great, and he has a knack for looking at old tech in new and interesting ways.

No comments: