Find out what you don t know
Download
1 / 19

“Find out what you don’t know…” - PowerPoint PPT Presentation


  • 372 Views
  • Updated On :

“Find out what you don’t know…” Agenda Introduction To disclose or not to disclose What is Defcon Defcon 12 Presentations The Future Questions Introduction Who am I? Why am I here? What are we talking about? To disclose or not to disclose… Vulnerability disclosure Long running debate

Related searches for “Find out what you don’t know…”

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' “Find out what you don’t know…”' - libitha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Agenda l.jpg
Agenda

  • Introduction

  • To disclose or not to disclose

  • What is Defcon

  • Defcon 12 Presentations

  • The Future

  • Questions


Introduction l.jpg
Introduction

  • Who am I?

  • Why am I here?

  • What are we talking about?


To disclose or not to disclose l.jpg
To disclose or not to disclose…

  • Vulnerability disclosure

    • Long running debate

    • Most security companies have a formal disclosure policy

      • CERT/CC - http://www.cert.org/kb/vul_disclosure.html

      • Microsoft - http://www.microsoft.com/technet/security/bulletin/policy.mspx

      • @Stake - http://www.atstake.com/research/policy/

    • Provide various levels of information

    • But how much information should be provided


What is defcon l.jpg
What is Defcon?

One of many different “underground” conferences:

Defcon (Aug) Las Vegas, NV

Toorcon (Sep) San Diego, CA

PhreakNIC (Oct) Nashville, TN

HOPE (Jul) New York, NY


What is defcon6 l.jpg
What is Defcon?

Defcon is a convention for the more "underground" elements of the computer culture. Defcon is geared towards hackers, programmers, phreaks, cyberpunks, cypherpunks, open source hackers, civil liberty and privacy advocates, HAMs, casual bystanders, lookieloos, feds, reporters, and anyone interested in seeing what's going on in the computer underground today.

– www.defcon.org


Defcon 12 presentations l.jpg
Defcon 12 Presentations

  • A few starting points:

    • This presentation is just the tip of the iceberg

    • Over 70+ presentations at Defcon

  • Look at examples of presentations that effect:

    • Securing Workstations

    • Passwords

    • Trouble on the Internet

    • Personal Responsibility


Defcon 12 presentations securing workstations l.jpg
Defcon 12 PresentationsSecuring Workstations

  • Black Ops of TCP/IP 2004

    • Dan Kaminsky

  • DNS – Domain Name System – Converts human readable names into IP addresses

  • DNS tunneling – allows communication via a covert channel

  • Many interesting uses/issues with protocol

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Kaminsky/dc-12-kaminsky.ppt


Defcon 12 presentations securing workstations9 l.jpg
Defcon 12 PresentationsSecuring Workstations

  • The Insecure Workstation

    • The Results of Poorly Defined and Deployed Group Policies

    • By Deral Heiland

  • Windows group policies are not bullet proof

  • Misconceptions

    • If I can’t get around it - it must be secure

    • They aren’t hackers they won’t figure a way around it

    • So they break out of it. That don’t matter (There is nothing important there)

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Heiland/dc-12-heiland-up.ppt


Defcon 12 presentations passwords l.jpg
Defcon 12 PresentationsPasswords

  • MySQL Passwords

    • Password Strength and Cracking

    • By Devin Egan

  • How to crack MySQL passwords

  • Why? For auditing.

  • Best practices for MySQL passwords

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Egan/dc-12-egan.ppt


Defcon 12 presentations trouble on the internet l.jpg
Defcon 12 PresentationsTrouble on the Internet

  • Mutating the Mutators

    • Metamorphic computer virus

    • Sean O’Toole

  • “How-To” make a virus harder to detect

  • Pseudo code given in presentation

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/OTool/dc-12-otool.ppt


Defcon 12 presentations trouble on the internet12 l.jpg
Defcon 12 PresentationsTrouble on the Internet

  • Far More Than You Ever Wanted To Tell

    • Hidden Data in Document Formats

    • By Maximillian Dornseif

  • The problem – The format of data files can be complex and they are getting more and more complex

  • This problem is not limited to just MS Office data files

    • Other formats such as HTML, JPEG as well as many others have problems

  • http://md.hudora.de/presentations/2004-BlackHat/HiddenData-LV.pdf


Defcon 12 presentations trouble on the internet13 l.jpg
Defcon 12 Presentations Trouble on the Internet

  • Credit Card Networks Revisited: Penetration in Real-Time

    • By Robert Imhoff-Dousharm

      “This interactive demonstration will give first hand experience in

      understanding and searching out credit card traffic on TCP/IP networks.

      It will also demonstrate how to deconstruct, rebuild and transmit rouge

      credit card packets. As an added bonus, prizes will be handed out to

      those who can craft and transmit rouge packets by end of speech. My

      incentives and guidance will illustrate how vulnerable credit card data

      is on merchant networks.“

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Imhoff-Duncan/dc-12-imhoff-duncan.ppt


Defcon 12 presentations personal responsibility l.jpg
Defcon 12 PresentationsPersonal Responsibility

  • Bluesnarfing – The risk from digital pickpockets

    • By Adam Laurie, Martin Herfurt

  • Bluesnarfing

    • First publicized by A L Digital, November 2003

    • ‘Snarf’ – network slang for ‘taking an unauthorized copy’

    • Copy data via Bluetooth, including phonebook, calendar, IM and images

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Laurie-Herfurt/dc-12-laurie-herfurt.zip


Defcon 12 presentations personal responsibility15 l.jpg
Defcon 12 PresentationsPersonal Responsibility


Defcon 12 presentations personal responsibility16 l.jpg
Defcon 12 PresentationsPersonal Responsibility

  • Attacking Windows Mobile PDA’s

    • By Seth Fogie

  • Intrinsically lacking in security

  • Contain sensitive information

    • Passwords

    • Names / Addresses / Phone Number

    • Credit Card Information

    • Proprietary business information

    • Personal email

    • Business email

  • http://www.defcon.org/images/defcon-12/dc-12-presentations/Fogie/dc-12-fogie.pdf


The future l.jpg
The Future

  • Security will continue to be a challenge

    • How much security is enough

    • Cost vs. protection

    • Is it working

    • Preparing for the unknown

  • Never under estimate the threat

  • KNOWLEDGE is the key

  • Defcon 13 – July 29-31, 2005



Links l.jpg
Links

  • Defcon

    • http://www.defcon.org/

  • Defcon Media Archive

    • http://www.defcon.org/html/links/defcon-media-archives.html

  • Sound of Knowledge

    • http://www.tsok.net/tapelist.tpl?_wsConference_Codedatarq=2000-DEFCON&ac=DEFCON


ad