- Bruce Schneier has a post up at the Schneier on Security blog that serves as sort of a response to the famous Black Hat 2013 Cryptopocalypse paper. Again, this is one of those subject areas where my skills are weak; I don’t know who is right or wrong here (or if both sides are both part right and part wrong) but I wanted to point out Schneier’s post in the interest of giving equal time to the other side.
- Here’s a link to Justin Engler’s GitHub repo, which includes build info for R2B2 (the PIN cracking robot), the control software, presentation slides (though I’m not sure if these are from DEFCON 21) and some interesting material related to PINs. (By way of the presentation slides, here’s another interesting bit of PIN related statistical information.)
- If you’re interested in the “Android master key” bug, here’s a link to Jeff Forristal’s BlackHat 2013 presentation. (If you don’t know what that is, “The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature; that in turn is a simple step away from system access & control.”)
- Two interesting and related things from Daniel Crowley: “The Way of the Cryptologist” and cribdrag, a tool for cryptanalysis of “ciphertext encrypted using an XOR operation with a predictable key” (for example, ciphertexts encrypted with a one-time pad, where somebody reused the one-time pad. Bad mojo. Don’t do that).
- Hoorah! Hoorah! The Doug DePerry/Tom Ritter/Andrew Rahimi “Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell” presentation just went up. This link takes you to the iSEC Partners website, where you can find both slides and video.
- Nicholas Baldanos has been updating his blog with more information on the ccTalk protocol. Part 1: details of the protocol. Part 2: coin acceptor handling.
This entry was posted on Monday, August 19th, 2013 at 4:21 pm and is filed under DEFCON 21, Geek. You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.