Saturday was kind of a rough day at DEFCON 18. But then, Saturday is always a rough day at DEFCON.
I don’t feel it’d be fair to review or summarize the “Extreme-range RFID Tracking” panel; I came in about 20 minutes late. (We lingered a bit over a very good breakfast at Blueberry Hill.) What I was able to gather is that Padget’s set a new record for long distance RFID reading, and that upping the radio power works for increasing RFID reading range up to a point. (Edited to add 8/10/2010: added link to Black Hat 2010 version of paper. Here’s a link to Paget’s blog entry about the session.)
I was not able to get into “Jackpotting Automated Teller Machines Redux” due to extreme overcrowding. (Edited to add 8/9/2010: The Black Hat website has what purports to be MP4 video of Jack’s version of the presentation at Black Hat 2010. I have not sat down and watched it yet.)
I did attend the “This is not the droid you’re looking for…” panel, mostly because I was camping out for the next talk. This panel turned out to be more interesting than I expected; the presenters demonstrated a proof-of-concept rootkit for Android phones that allows you to do all sorts of fun stuff; grab contact information, grab SMS messages, grab location information (all three of these are stored in SQLite databases on the Android), and even make phone calls from the phone. The presenters haven’t weaponized the attack yet, but claim it should be easy to do so.
“Practical Cellphone Spying“: Another nifty panel. Padget discussed the concepts behind IMSI catching, and gave a live demo of cellphone interception on the AT&T network. The key takeaway here for me was that the same technology used by law enforcement to intercept calls is now coming down to the point where it will be wrapped in a turnkey package and sold to people with more questionable motivations. (Edited to add 8/10/2010: added link to Paget’s blog entry which includes slides.)
“How to Hack Millions of Routers“: I went to this because Lawrence put in a special request. The short version is that a large number of commercially available routers (such as those used by Verizon FIOS) are vulnerable to a clever attack using DNS rebinding and load balancing. Heffner has also released a tool that automates this attack. (This is another Black Hat talk that got a lot of attention in the press; the link above includes a copy of Heffner’s white paper which details the attack vector.)
(Edited to add 8/9/2010: I’ve added a link to Heffner’s Black Hat version of this talk, which as far as I can tell, is pretty similar to the DEFCON 18 version.)
I didn’t attend either “Hacking with Hardware: Introducing the Universal RF Usb Keboard Emulation Device – URFUKED” or “Programmable HID USB Keystroke Dongle: Using the Teensy as a Pen Testing Device“. (Edited to add 8/10/2010: added a link to the Teensy project from the Irongeek website. The bottom of that page has a link to the DEFCON presentation. I’ve also added a link to HackerWarrior.com for the USB Keyboard Emulation Device; that directory appears to contain a copy of the presentation, plus code.)
Instead, I left a little early, had a very nice sake fueled dinner at Shabu-Shabu Paradise in Henderson (a restaurant I enthusiastically endorse), sidecars at the iBar in the Rio (sadly, we did not get to play with the Microsoft Surface), and Penn & Teller.
The three of us saw Penn and Teller back in 2006, and we wondered how much the show had changed since then. Mike the Musicologist estimated that about 50% of the show was new; I think the percentage is a little higher than that, but my memory may be faulty. I was not unhappy that they ended the show with the .357 magnums; the bullet-catching illusion fascinates me, and I’m still trying to figure out how Penn and Teller do it. (Jim Steinmeyer’s The Glorious Deception: The Double Life of William Robinson, aka Chung Ling Soo is a very good history of the bullet-catching illusion, and yet another book I strongly recommend to anyone with even a casual interest in the history of magic.)
The other thing we all noticed is that Penn and Teller’s show has become a bit more explicitly political; in addition to the .357 magnum closer, which has always included 2nd Amendment references (and big kudos to P&T for reciting the Four Rules), the show also included references to flag burning, the Chinese Bill of Rights (“What Chinese Bill of Rights?” Exactly.) and the stupidity of the TSA. Penn and Teller even sell the Security Edition of the Bill of Rights in their gift shop for a lousy $5. (Quote: “We want McCarran Airport to be flooded with these.”) Not that any of us were bothered by the politics; I think all three of us lay claim to at least some form of Libertarianism. And if you’re the kind of person who would take offense at Penn and Teller’s politics, I won’t tell you “don’t go”; I’ll tell you “go, and have your world view challenged”.
(I’d also like to give Penn and Teller kudos for keeping gift shop prices low. Both Andrew and I picked up DVDs of the Teller-directed “Macbeth” for only $10. Teller, if you’re reading this, thanks for signing my copy. And for everything else you do, too.)