The Next Hope Part 1 - Friday Notes

I just came back from the HOPE 2010 conference, and now have the time to share my notes of those talks I attended.

For those of you who don't know the HOPE Conference is the Hackers on Planet Earth Conference, sponsored by the hacker magazine 2600: The Hacker Quarterly, where the conference content is devoted to security, freedom, and general fun hacking: http://thenexthope.org

Most conferences schedule speakers and then have 'lunch' or 'breaks'. Not HOPE. 10am to midnight/1am with quality talks. My head is 'full' with information, I absolutely loved every minute of it.

And the registration fee was only $100 at the door ($85 if pre-registering). Wow, what a value and service to the hacker community. Please consider supporting http://www.2600.com/ with a subscription!!

Here are my list of notes with extreme summaries pulling out most important points of each talk:

IPv6 - This talk was given by Joe Klein.
Basically we all know where running out of IP addresses using IP version 4, and IPv6 is the answer.

IPv6 address space provides the potential for a maximum of 2 raised to the 128th power, something like 340 billion billion billion billion addresses. Compare that to 2 raised to the 32nd power, 4,294,967,296, about 4.2 billion! See this link for more: http://geekswithblogs.net/devdevin/archive/2008/03/25/120750.aspx

Work is going on now to convert the IP space over to version 6, however most likely in the next 36 months will see a lot of work being devoted. So if you are a consultant, or contractor, this could be a great opportunity to get some solid work!

He brought up some good discussion items, like thinking about security on an IPv6 network, RFC 3756, definitions of trust models would be a good read.

References:

CALIPSO - Common Architecture Label IPv6 Security Option
http://www.rfc-editor.org/pipermail/rfc-dist/2009-July/002329.html
RFC 3756
http://www.ietf.org/rfc/rfc3756.txt

Location privacy - this talk was given by Ben Jackson

Ben has created http://icanstalku.com/which basically is downloading pictures from Twitter, extracting the geolocation tags, and putting them on the website to give those details out.

The intention of this program was to bring about security awareness and implications of simply taking a picture and posting it on the Internet. Potentially people can extract a good amount of information about you.

The tool that does this is exif tool.

The bottom line was be careful of what you post, and turn off geo tags if your camera provides that if you care about your privacy. This talk was well done and a lot of fun!


WiFi Security - this talk was given by Mike Kershaw and Brad Haines

The management frames in 802.11 are not encrypted, offering no protection at the network level. For example the beacon frames, that are broadcasted by a wireless access point.

You can sniff a wireless network when you put your wireless adapter into monitor mode or rfmon mode, assuming your driver and wireless card does support that.

A good model for security on a wireless network would be WPA Enterprise, as AES encryption as of yet is unbroken, and TKIP is showing flaws, and going away in favor of CCMP.

Have a look also at airpwn, evilgrade, airbase, and karmetasploit tools. The Rsnake VPN paper was also suggested as a good read, as that outlines cache control.


The Keynote speech was given by Dan Kaminsky

Securing String Interpolation

This idea is since developing code is a challenging process that leads to cross site scripting, cross site request forgery, SQL injection, and so forth, why not just make a unified way of making a boundary between data and code. Essentially he was suggesting to use his techniques using base64 encoding and decoding to maintain that boundary, you can find more here: http://www.recursion.com/interpolique.html

One of the ideas he has is that the application should fail close versus failing open, that way if the application is running, you know you're doing it securely, if it fails, you know you're not.

This was a great idea to at least put forward, as basically he was coming from the aspect of stop yelling at your developers to do it the way you want, and come up with a solution that will make it easier for the developer to develop secure code.

Great Hacks at the Olympics - this talk was given by Colin Keigher

This talk focused on the fact that the last Olympics spent $1 billion on security, yet the author and noticed that there were almost no security issues, other then a broken window on a storefront. He also noted it was easy to pose as a cleaning person, or a network reporter and the pass that allows you to gain access to the Olympics seems to be very easy to make (the actual barcode and actual pass shown in HDTV).


SHODAN for Penetration Testers - this talk was given by Michael Schearer

http://www.shodanhq.com/ was touted as a new tool for the penetration tester. For those who haven’t seen it basically this tool is indexing not the content of a page but the HTTP headers and errors of each page. This can make for some interesting querying to say the least!

Easy hacks on apartment phone systems - this talk was given by Davi Ottenheimer

In this talk of the author had found in his research some of those keycode entry systems at apartments unfortunately have been installed in the default mode. This means the password is likely the default, the admin mode is probably enabled remotely, and the open door sequence is easily gotten from the manufacturers website. So knowing the make and model of the security system, coupled with a default system makes for an easy entrance into an apartment, at times. The author had done some work and shared some of the details of getting into an apartment system, that are released in the wild.

This was a very interesting talk and one that needs further investigation if you live in an apartment.

MonkeySphere - this talk was given by Daniel Kahn Gillmor

Monkey Sphere is an opensource project whose goal is "to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify servers we connect to, as well as each other while we work online" per the website http://web.monkeysphere.info/

What I found interesting was that it could bring PKI into OpenSsh, in a real way. No longer will you need to have an out of and phone call with the administrator confirming the key fingerprint of the remote hosts key. Sweet!

Risk Analysis - this talk was given by Nick Leghorn

In this talk the author was trying to suggest a way to do a risk analysis and boil things down into a way that the other party could really grasp. The key points that I heard was:

-That is very important to show a pattern in your chart, instead of simply "presenting data".
-Raw data is great if you have it, otherwise try to produce that data yourself, whether that's doing packet dumps, reading log files, etc. In the absence of any real data ask some experts for their opinion.
-When you rate a threat on a scale, it is more powerful to use even numbers that odd numbers.

Finally the six questions of risk, where you can find all here:

http://blog.nickleghorn.com/?p=583

Defending networks from malware using Nepenthes - this talk was given my Marco Figaro

In this talk of the author showed how to use the basics of the Nepenthes software - http://nepenthes.carnivore.it, which is open source software used to generate signatures from malware. "It acts passively by emulating known vulnerabilities and downloading malware trying to exploit these vulnerabilities." per the site. From there you could submit to your antivirus vendor, or your IDS vendor, etc.

The author is currently working on a very interesting security project called http://shaolintools.com/

on to The Next Hope Part 2 - Saturday and Sunday Notes