This past week I was in Las Vegas attending DEFCON 15. The next few Blogs will cover areas I saw of interest while I was there. The forum consisted of 5 tracks that ran from 10:00AM to 9:00PM in the evening. The amount of information that is provided is tremendous. For those that are not familiar with DEFCON it is titled as the “Largest Underground Hacking Convention” held at the Rivera Hotel in downtown Las Vegas. This year there were over 7000 hackers and security professionals attending the show. It is unique in that there is no pre-registration; in fact there is no registration at all. You show up in the hotel lobby with $100 cash and you exchange the money for a badge. No questions, no lists, and no record of who attended. Due to time I have I will only be able to discuss a few of the presentations that I attended.
A new contest has been added to the venue... spot the undercover press official (a take off of spot the Fed). The story goes that a female reporter was trying to interview unsuspecting young hackers for a pending story on hackers. She was confronted and requested to wear press credentials. After she refused, the question was posed to the attendees, what should we do with the undercover press official. After discounting the cries for lynching it was decided to ask her to leave the conference. The last that was seen of her was her running for the door (see the YouTube video below)
http://www.youtube.com/watch?v=2kbar4ahK7M
http://www.youtube.com/watch?v=3n2cBSBIAP0
For a more serious comment on day one I will talk about Bruce Schneier’s Q & A session. No speech from Bruce would be complete without his ragging on the TSA (not that they don’t deserve it). The point of his TSA talk was that it is possible to fly on commercial airlines without showing a government ID, regardless of what you have been told. To prove the point he traveled to DEFCON in Las Vegas without any identification.
He was asked about encryption algorithms and if he considered SHA1 still to be secure to use. What he said about encryption was that even weak algorithms are hard if not impossible to break. The problem is with the passwords or use of limited key space. He went on to say that the FBI doesn’t try and break encryption, they just install a key logger or send the hard drive to AccessData Corp and have them search for the password in some file or slack area of the drive. He believes that SHA1 still has about 5 years of use before it must be replaced. He though that there was plenty of time to develop the next generation of encryption.
Next he was asked about Data Privacy. His thoughts were, it was really a little too late to be worrying about it. We all have so much sensitive data in the public domain that we have lost control of it. The other problem is that we don’t own the data about us. When we go to Amazon dot com they collect information about what we buy, how we paid for it, and where we live. They are able to use this data, share it with there partners, or sell it. Until we get control of the data that is collected about us we will not be able to protect our data privacy. His believe is that Society as a whole will have to decide how it important this data is and force controls to be put into place to protect it. With Web 2.0 and social Web sites this problem will only become worse.
More breaking news on simple hacks for office doors…
Hacking a office door reader
http://www.youtube.com/watch?v=z7oPn7V5mHg
12 year old girl bumps a look at Defcon 15
http://www.youtube.com/watch?v=D1LH7lrftKA
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment