Category Archives: General Security

MI6 camera sold on eBay? 007 is pissed!

Filed under General Security
Tagged as ,

This article was just too good and worthy of a blog post…apparently a MI6 digital camera went missing and went up for sale on eBay…for only $30. The kicker is that the camera’s memory card contained the following information:

Via Reuters:

“Its memory had names of al Qaeda members, fingerprints and suspects’ academic records as well as pictures of rocket launchers and missiles, the Sun newspaper reported.”

Opps… So did the camera have a “If lost, please call the following MI6 number” sticker on it? 🙂 That is one big mistake for the British intel boys…

Black Hat/Defcon 16 Recap from Vegas

Filed under General Security
Tagged as , ,

I am on my way back from Black Hat and Defcon 16 in Las Vegas with a three hour delayed flight so this is probably a good time to talk about Black Hat and Defcon 16.

To start off…this was one busy and eventful week! I met so many people this week it was crazy. I am officially overflowed with business cards! I got lots of opportunities to not only meet some of the people that I admire in the security industry but also had a chance to network with a great many others that I just met. There were some really good parties (umm..networking opportunities) at both Black Hat and Defcon. Some worth mentioning that I was at were Mozilla, Core Impact, Ethical Hacker, and I-Hacked. I also attended a Security Twits meetup on Friday night at Sushi Roku and got to meet many of the Security Twits in person which was really cool. Thanks to @quine for organizing this event!

I attended several talks at both Black Hat and Defcon. I was able to attend everything that I wanted at Black Hat and even attempted to “live tweet” the Dan Kaminsky talk. You can see my updates through TweetScan or other Twitter search tools by searching for #blackhat and #defcon on my Twitter ID (agent0x0). Most of my time at Defcon was spent watching my wife win the Guitar Hero 3 Medium contest…(first woman to win this contest at Defcon) and improving my lock picking skills in the lock picking village. I have to say that I focused a lot of my time at Defcon just enjoying the contests and meeting new friends. I absolutely love Defcon. It’s the greatest meetup of the good, bad, and everyone in between. One talk that was a highlight for me was Jay Beale’s talk on “Owning the users with the Middler”. I interviewed Jay on the Security Justice podcast about a week ago where he talked about the tool. Jay’s talk was packed! Standing room only (goons were sent in to crowd control). He did a good job even though he couldn’t finish his talk because time ran out. If you get an opportunity to see Jay speak, I highly recommend it! Speaking of goons…I have to hand it to the Defcon goons this year for doing a great job with crowd control! I overheard one goon say that he was doing crowd control for a “f***ton” of people! Oh, and the badges were pretty cool as well…once I waited in a long line for mine on day 2. The badge is actually a “tv-b-gone”…I could turn the TV on and off in my hotel room with the badge. Neat!

Speaking of podcasts…I was fortunate to participate in the live podcast at Defcon 16 right before the I-Hacked party in one of the Sky Boxes. I podcasted with Chris and Jay from Securabit, Larry from PaulDotCom, Matt from SploitCast and Martin McKeay from the Network Security Podcast. Rob Fuller (@mubix) coordinated and hosted the event. Hopefully some of you were able to tune into the live video and audio and chat via IRC. Not sure if the recording will be released or not. I’ll post a link if it is.

Finally, lots of pictures were taken!! I will be posting mine to both my personal and the Security Justice podcast web site Flickr account soon.

It looks like my plane just arrived…I hope to post more stuff on Black Hat/Defcon in the coming days.

Talks to attend at Black Hat USA ’08

Filed under General Security
Tagged as , ,

I thought I would throw my list into the mix of other Security Twits that are posting about talks they are either going to or wish they were going to at Black Hat this week. Most of my picks have a pentest perspective to them (a lot like CG’s over at Carnal0wnage). Here is my tentative list of talks I plan on attending:

August 6th
10:00 to 11:00

Nmap: Scanning the Internet – Fyodor Vaskovich

If your a penetration tester, don’t miss this one…Fyodor is a legend (heck, even some girl at (NSFW!) thinks so…the man has stalkers! 😉 ) and I’m looking forward to hear about new and unique ways to use Nmap.

11:15 to 12:30
Black Ops 2008: Its The End Of The Cache As We Know It – Dan Kaminsky

Unless you have been living under a rock for the last month then you should know about this one. It will be crowded (like all of Dan’s talks) but well worth attending.

13:45 to 15:00
Client-side Security – Petko D. Petkov

Another not to miss talk in my book. Petko or better known as pdp heads up GNUCITIZEN which is one of the sites that I closely follow. GNUCITIZEN releases some amazing security research and are always on the cutting edge. As a bonus it looks like pdp will provide details of a QuickTime 0day for Windows Vista and XP.

15:15 to 16:30
Bluetooth v2.1 – a New Security Infrastructure and New Vulnerabilities – Andrew Lindell

This one should be different. I recently started gaining more of an interest in Bluetooth vulnerabilities. Andrew will “show that it is possible to pair with a device that uses a fixed (but unknown) password, even when the password is random and reasonably long”. Sounds interesting.

16:45 to 18:00
MetaPost Exploitation – Val Smith

This is one I am really looking forward to. This is one just for penetration testers. I saw Val Smith and HD Moore present last year on “Tactical Exploitation” and it was outstanding.

After hours…
The Pwnie Awards 2008

If I’m not totally beat I plan on attending this. Should be fun to check out before hitting some of the parties.

August 7th
10:00 to 11:00
Satan is on My Friends List: Attacking Social Networks – Shawn Moyer and Nathan Hamiel

I was tossed between this one and “Encoded, Layered and Transcoded Syntax Attacks”. However, I am really on a social network security kick as of late so I think I will attend this one. If it is lame, I’ll jump in the other talk.

11:15 to 12:30
Threats to the 2008 Presidential Election (and more) – Oliver Friedrichs

While not pentest specific…this one looks pretty interesting. The synopsis notes the following: “…we will discuss domain name abuse, including typo squatting and domain speculation as it relates to candidate Internet domains. We will present and demonstrate how widespread this activity has already become. Secondly, we will discuss the potential impact of phishing on an election.” Sounds cool!

13:45 to 15:00
Hacking and Injecting Federal Trojans – Lukas Grunwald

The “infection proxy” demo seems worth seeing! The other talk that sounds cool is the one Joanna Rutkowska is doing. I saw her talk at Black Hat last year. Joanna is a brilliant mind, but a *fast* talker…with the amount of technical detail she usually covers…it’s tough to keep up.

15:15 to 16:30
…Continuing “Hacking and Injecting Federal Trojans”. If it seems to suck, I’ll be at the following:

The Internet is Broken: Beyond Document.Cookie – Extreme Client Side Exploitation – Nathan McFeters, John Heasman, Rob Carter


Get Rich or Die Trying – Making Money on the Web, the Black Hat Way – Jeremiah Grossman, Arian Evans

I can’t decide between these two, perhaps I will attempt to see a little of both! 🙂

16:45 to 18:00
Methods for Understanding Targeted Attacks with Office Documents – Bruce Dang

We all have seen a rise in this type of attack over the last year. It’s true…there isn’t a ton of information about the technical details of these types of attacks. Hopefully this talk sheds some light on what’s behind them and help with introducing some new prevention methods.

Wow. Packed schedule with lots of great talks! Looking forward to Las Vegas as well! Always a good time (if I can break even…it would be better). Oh, and hopefully I will be able to hook up with some of the other Security Twits during the week. I’ll be at Defcon as well so if anyone wants to have a beer hit me up on Twitter…or, just stop by the Podcaster/Blogger Meetup at Defcon 16. I’ll be there representing the Security Justice podcast.

Stay tuned for my Defcon 16 “talks to attend” post in the next few days.