72 Hours of Pwnage: A Paranoid N00b Goes to Def Con(motherboard.vice.com) |
72 Hours of Pwnage: A Paranoid N00b Goes to Def Con(motherboard.vice.com) |
> “Aren’t those the people who break into computers?”
>
> “Yes—also phones, cars, airplanes, and human bodies.”
>
> “I thought that stuff was illegal.”
While I think they're truly innovative and inevitable, the advent of "secure CPUs" [1] over the last decade or two will eventually become the norm. And once they do -- lookout, brother. The woman who was having this conversation scoffs at how Def Con can even take place if the subject matter is what she thinks it is. In a short time, the computer attacks which cause embarrassing leaks and expensive losses will add up to legislators deciding something must be done. At that time, the number of us who will still like and prefer to be able to run whatever code on whatever processor we care to will be so small that it won't matter.[1] by "secure CPUs" I'm referring to ones that support signed bootloaders, facilitating good things like more-difficult-to-pwn-by-attackers and bad things like DRM and limiting code to proprietary walled garden app stores.
Consider all the phone "OSes" (aka ROMs) you can install on phones with locked boot loaders that just replace a few binaries/files here and there in an existing OS to change how it works/feels. The maker of said ROMs may not have the ability to replace the kernel but any vulnerability in said kernel will allow them to replace everything else which is precisely where userland security lives.
So the hardware may be "secure" from the perspective of the manufacturer but not from the perspective of the user. They can still be pwned.
http://www.crash-safe.org/assets/ieee-hst-2013-paper.pdf
https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
https://web.archive.org/web/20150315020829/http://palms.ee.p...
https://theses.lib.vt.edu/theses/available/etd-10112006-2048...
Original one that ran businesses which is still immune to lots of attacks vectors and reliability issues:
http://www.smecc.org/The%20Architecture%20%20of%20the%20Burr...
So, spread word on things like those, esp CHERI given FreeBSD support, instead of that DRM garbage that uses the word security but is more about marketing & control. ;)
Thats not to say there isn't neat stuff to do at Def Con (I've seen plenty of neat talks) but its mostly a big party. There's nothing really scary going on there.
Not really worth the time to read.
As an active DEF CON attendee and seeing the press coverage over the years, I can start to "see the matrix" of how to lazily assemble a news story. He even links to the Hacker Manifesto FFS. I thought VICE was aiming higher than this kind of trash.
It makes me distrust reporters. Do they just turn off the "I'm a noob" angle, assume the standard authoritative tone they always use and cover other topics with just as flimsy of an understanding?
Yes. See [Murray] Gell-Mann Amnesia:
“Briefly stated, the Gell-Mann Amnesia effect is as follows. You open the newspaper to an article on some subject you know well. In Murray's case, physics. In mine, show business. You read the article and see the journalist has absolutely no understanding of either the facts or the issues. Often, the article is so wrong it actually presents the story backward—reversing cause and effect. I call these the "wet streets cause rain" stories. Paper's full of them. In any case, you read with exasperation or amusement the multiple errors in a story, and then turn the page to national or international affairs, and read as if the rest of the newspaper was somehow more accurate about Palestine than the baloney you just read. You turn the page, and forget what you know.”
― Michael Crichton
https://www.goodreads.com/quotes/65213-briefly-stated-the-ge...
Then, if you configure secure links to be WPA at work, WPA at home, and your VPN, there should be little risk to joining an open network to bring up a VPN.
Examples:
http://www.friendsglobal.com/papers/High_Assurance_Wireless_...
http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=BF0...
Last I checked, it was a bit more difficult to do on Windows, because it didn't allow interface-specific rules, and because software installers had a habit of opening holes for themselves in the firewall without asking you.
In greed we thrust.
I was under the impression that photographs were not allowed.
I had exactly the same impression - mostly a lifestyle / social / political thing, pretty light on in the way of talks with actual technical detail. Kind of like TED talks - well presented, entertaining, but not really actionable.
In years gone by, I went to some excellent events, with talks on really specific, useful things (kernel internals, gdb use, ELF dynamic loading, ltrace / strace use, that kind of thing). Can't help but wonder if those sorts of conferences still exist, or the whole scene has changed into something less practical and more lifestyle.
Maybe they don't do a lot of talks on the intricacies of C anymore (which is a bummer) but there is still a lot of technical knowledge going down at these events. I had s great time and learned so much
Just to add to your point, I suppose.
Many I know in this group of people (DefCon/HOPE attendees) do things like trade around craigslist-cash-purchased laptops.
At volume. But if you only need one (or ten), assuming your time has some non-trivial value, it's much cheaper to just buy off the shelf.
Last time I went most of the interesting Blackhat talks were getting re-run at Defcon, so really not a lot of point in paying out for the Blackhat option, just go to Defcon and see them there.
https://xi.hope.net/schedule.html#-coding-by-voice-with-open...
There was definitely some good stuff, just seemed to me that overall, the mix of practical/technical vs cultural/lifestyle/political at events like this has changed a lot over the years. Either that, or my perception has changed, it's hard to tell.
http://www.freetronics.com.au/products/leostick
...and stick it inside a generic keyboard (which has plenty of room).
I always thought that the fact that big corporations hand out the same keyboard to everyone enables these sorts of attacks. Any would-be spy could just make a handful of hardware key-logging generic HP and Dell keyboards and easily swap out any given keyboard at any given big company without having to even think.
I never use my employer's provided mouse/keyboard combo. Mostly because they're always absolute crap but also because I want to give any potential attackers a hard time. I can only imagine the look on some attacker's face when they show up at my desk and see custom hardware everywhere =)
Look for "Split access", it's pretty similar to what you're talking about. Basically you'd just send all your traffic on your default routes table to 127.0.0.1 (nowhere), and all the traffic on your VPN routes table to the VPN. That way when the VPN isn't active all your traffic gets blackhole'd, when your VPN is active it'll all get sent over the encrypted tunnel though.
Same technique could work, just more annoying (static route for VPN provider IP to your LAN gateway, and static routes for your trusted DNS provider, then only allow a default route to be established once VPN is connected).