bit-tech.net

Defcon 15 news roundup

Defcon 15 news roundup

Defcon 15 was held this year in Las Vegas from August 3-5.

This year's Defcon was chock full of events with many physical securities shown to be vulnerable, favorite sites such as Gmail being unsecure, critical infrastrure flaws, and even undercover reporters.

First up was some physical security news. A team of security specialists has announced that they have been able to bump and pick high-security locks used by the likes of the White House and Pentagon.

While many security devices such as RFID and biometric readers are in place in many places, nothing has managed to replace the good, old fashioned lock when trying to secure a room or area from unwanted intruders. Even high security areas such as the White House still rely on locks and many use a lock that is said to be unbumpable and unpickable.

As much as Medeco would like to deny that its locks are beatable, researcher Marc Weber Tobias proved to the world that they are at Defcon 15.

Wired has the full write up so go ahead and check it out.

Other security measures aren't any better at keeping people out, as Zac Franken has demonstrated.

Franken showed attendees that it was possible to splice into the wires in security card readers and copy the information from security cards that are swiped with his “gecko” device.. It is then possible to gain unauthorized access to restricted areas by telling the gecko to use the same signal copied from an earlier card.

He has plans to use a similar method to bypass retinal scans used by many companies.

In other news, Michelle Madigan, a reporter for Dateline NBC, was ousted after it was discovered that she was hiding a hidden camera in her purse.

On four separate occasions, she had refused to get a press pass in an effort to get convention goers to admit to engaging in illegal activities concerning hacking. If she had just gotten the press pass to begin with, nothing would have transpired. She was uncovered in a surprise game of “Spot the undercover reporter” that follows the premise of “Spot the federal agent” that Defcon is renown for.

The cheers and jests made by the attendees almost make you want to side with her, but you can decide for yourself after watching the video.

Another issue on the table involved e-mail security. While this isn't really new, a security flaw was shown to have made it possible to hack into your Gmail account if you're using WiFi. Apparently, Google only uses SSL on the login page and everything after the login process is vulnerable to being intercepted. You can do a quick fix by telling Gmail to use SSL for the entire session by going to https://gmail.com.

Last but not least in this roundup of this year's Defcon is a security flaw that can compromise critical infrastructures that help control you day-to-day life.

Supervisory control and data acquisition (SCADA) systems are the computer systems used to control important infrastructures such as power transmission facilities, oil and gas pipelines, and water treatment plants and are the systems that have been identified as having a major security flaw. Ganesh Devarajan demonstrated the vulnerability to attendees but would not name the maker of the software company responsible for the systems due to security concerns.

A full schedule of events from this year's Defcon can be seen over at the convention's website.

Make sure you check out all the links so you can get the full information behind each of the stories and then let us know what you think over in the forums. Don't forget you can always just leave a comment below if you're in a hurry.

15 Comments

Discuss in the forums Reply
wafflesomd 7th August 2007, 17:52 Quote
How about that video where the undercover reporter was cuaght.
Hugo.B 7th August 2007, 17:58 Quote
I read about that undercover reporter... apparently she was chased out of the building by ~150 defcon attendees wanting to take her picture!
She must be incredibly embarrassed.
DougEdey 7th August 2007, 18:12 Quote
By the sounds of the end of the video, they're going to screw her life up
specofdust 7th August 2007, 18:14 Quote
One hopes the stupid cow's career is ended by this. What she did is exactly the sort of highly scummy activity that makes people hate reporters and the media. It was underhand and simply rude.

edit: And yeah, hopefully they do the basics like calling her for a few weeks, screwing with her work and personal email/phone/sms stuff, any accounts she has on any social networks, as much as they can. The more they **** with her the better as far as I'm concerned. She (and her company) should be punished severely for what they did.
DougEdey 7th August 2007, 18:17 Quote
Quote:
Originally Posted by specofdust
One hopes the stupid cow's career is ended by this. What she did is exactly the sort of highly scummy activity that makes people hate reporters and the media. It was underhand and simply rude.

edit: And yeah, hopefully they do the basics like calling her for a few weeks, screwing with her work and personal email/phone/sms stuff, any accounts she has on any social networks, as much as they can. The more they **** with her the better as far as I'm concerned. She (and her company) should be punished severely for what they did.

I agree with some of Datelines work, well, one piece, the paedophile traps. But they got them help and off the streets.
bloodcar 7th August 2007, 18:29 Quote
Quote:
Originally Posted by Hugo.B
I read about that undercover reporter... apparently she was chased out of the building by ~150 defcon attendees wanting to take her picture!
She must be incredibly embarrassed.

I won't say that it serves her right, but she should have known better. Defcon has the famous "Spot the Fed" game that they partake in every year (it's all fun and games and even the feds enjoy it) and it's hit the mainstream media once or twice before. She should have realized that she had a slim chance of getting out of there without being discovered.
Dr. Strangelove 7th August 2007, 18:52 Quote
What happened to all the Iphone hacks, were they all made obsolete by the update?
Techno-Dann 7th August 2007, 19:16 Quote
Quote:
Originally Posted by bloodcar
I won't say that it serves her right, but she should have known better. Defcon has the famous "Spot the Fed" game that they partake in every year (it's all fun and games and even the feds enjoy it) and it's hit the mainstream media once or twice before. She should have realized that she had a slim chance of getting out of there without being discovered.

Especially after she was contacted no less than four times, asking if she'd like a press pass...

And yes, I do think that getting run out did serve her right - she violated the TOS, she got banned. Simple as that. Although, IMO, any further hacker activity would be over the line. Continuing to harass her would just enforce negative stereotypes, and all that.
pendragon 7th August 2007, 19:59 Quote
what Techno-Dann said ^^^
Kipman725 7th August 2007, 20:39 Quote
seems to have lost it's balls... I thought defcon was the place for specific details, examples, workshops. Not hey look we can do this but I can't even explain what we can do because some of you might do bad things with it... sigh
bloodcar 7th August 2007, 20:57 Quote
Quote:
Originally Posted by Kipman725
seems to have lost it's balls... I thought defcon was the place for specific details, examples, workshops. Not hey look we can do this but I can't even explain what we can do because some of you might do bad things with it... sigh

Defcon has always been like that man. Mainly high security exploits are released there only after trying to get the manufacturer/software maker to patch the holes.

Plus, I don't think that the feds who are always present at Defcon would like you very much if you just told the world how to take down a critical infrastructure.
Tyinsar 7th August 2007, 21:34 Quote
Quote:
Originally Posted by bloodcar
I won't say that it serves her right, but she should have known better. Defcon has the famous "Spot the Fed" game that they partake in every year (it's all fun and games and even the feds enjoy it) and it's hit the mainstream media once or twice before. She should have realized that she had a slim chance of getting out of there without being discovered.
I saw it put this way on another forum: Spot the reporter, well, let's see - guy, guy, geeky guy, guy, guy, HOT BLONDE, geeky guy,... Tough call that one. ;)
Quote:
Originally Posted by Techno-Dann
Especially after she was contacted no less than four times, asking if she'd like a press pass...

And yes, I do think that getting run out did serve her right - she violated the TOS, she got banned. Simple as that. Although, IMO, any further hacker activity would be over the line. Continuing to harass her would just enforce negative stereotypes, and all that.
Thirded
bloodcar 8th August 2007, 05:58 Quote
Quote:
Originally Posted by Tyinsar
I saw it put this way on another forum: Spot the reporter, well, let's see - guy, guy, geeky guy, guy, guy, HOT BLONDE, geeky guy,... Tough call that one. ;)

The person who filmed that video of her being ousted was a woman as well.
Khensu 8th August 2007, 10:22 Quote
As pathetic as her attempt at getting a "story" was, equally pathetic is the ridiculous mob mentality that ensues. Then again, I reckon most guys that followed her out never came so close to a real woman before without paying.

Nice arse, though.
Tyinsar 8th August 2007, 16:31 Quote
Quote:
Originally Posted by bloodcar
The person who filmed that video of her being ousted was a woman as well.
Yeah, there are at least two slightly different videos on youtube and I specifically looked to see what the gender balance was. There were a couple of females but they were Very definitely in the minority. I'm not saying that there aren't any good looking women into computers (there are a few) but by the actions of the monkeys in the videos any women, and especially any physically attractive ones, at this event are likely receive a disproportionate level of attention and scrutiny.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums