Friday, December 29, 2006

CCC: Day 3 Of The 23C3

Got to the CCC at 10:30 am, I would have preferred to stay in bed for another couple of hours, but I wanted to watch Jacob Appelbaum's talk, which was in the first session of the day.

Unlocking FileVault
A talk on security of Apple FileVault, an encryption system built into Mac OS X. Like many good hacker talks, it started with a song. Jacob Appelbaum and Ralf-Philipp Weinmann then discussed their investigation into FileVault security and a tool they had built. Special guest Hikari (David Hulton) then demonstrated a high speed password cracking method using an FPGA on a Compact Flash card.

Fuzzing In The Corporate World
Talk on the use of fuzzing in software testing by an Israli security consultant. He began his talk by asking the audience how many of them had sold out and were now working for big corporations. He was quite embarrassed when nobody put their hand up. European hackers don't sell out as easily as hackers in the US and other countries do. The talk was basic but so is my knowledge of fuzzing, so things worked out well. I was sitting at the back of the room and couldn't really see the speaker. There was, however, a good wireless signal so I was able to watch the speaker on my laptop using the IP streaming that had been set up.

Nintendo DS
This was a nice talk on reverse engineering the Nintendo DS handheld games console. I don't like games consoles, but reverse engineering interests me greatly. A good talk overall, although my low opinion of consoles still stands.

"An Introduction To Traffic Analysis"
Most of the examples in the beginning of the talk were covert channel attacks, not traffic analysis. The speaker tried to emphasise the importance of traffic analyis but didn't have any strong examples in his talk. Afterwards, someone asked for a concrete example and the speaker showed a map of Indymedia nodes. From the map a list of the top 100 nodes was made. Killing the top 100 nodes would probably destroy Indymedia.

"Security In Cardholder Data Processing"
This talk didn't contain any information on credit cards, instead it detailed standard security auditing of companies which run credit card systems. I found it to be both interesting and useful, although the delivery was poor.

"On Free, And The Differences Between Culture And Code"
A silly American saying a lot of silly stuff about copyright. The presentation was well done, but ultimately, the guy had nothing to say. Talks like this bring out the worst in the hacker community. Speakers know that if they talk about free software, open source, hackers being clever etc., they will get a good response. Stupid people talking to stupid people.

"Automated Exploit Detection In Binaries"
Luis Miras gave this presentation on a software project of his which uses automated reverse engineering techniques to look through compiled programs and find possible buffer overflows in them. Even with my limited knowledge of C and assembly, I was still able to follow it without difficulty. The software is designed to be multi-platform and therefore uses a virtual machine. Simply coding the VM itself is a difficult task, so the whole project is a serious undertaking. For reasons that weren't made clear, the code was being written in Objective C.

No comments: