Posts Tagged ‘DEFCON’
DEFCON 18: Jackpotting Automated Teller Machines Redux 3/3
April 13th, 2012 | 
Author:
Speaker: Barnaby Jack The presentation “Jackpotting Automated Teller Machines” was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks. I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: defcon.org
Posted in 
Tags: 
DEFCON 18: How I Met Your Girlfriend 2/3
Speaker: Samy Kamkar How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: defcon.org
Millenium Concert 2000. Originally from the “Back on top” album/cd. *Copyright music and lyrics owned by Exile
DEFCON 15: Z-Phone
Speaker: Philip R. Zimmermann The time for secure encrypted VoIP for the masses is upon us. The Zfone Project has come a long way in the two years since Phil Zimmermann demoed a prototype at Black Hat. It’s now a family of products, running on Symbian and Windows mobile phones, soft VoIP clients on Mac OS X, Windows, Linux, and in the Asterisk PBX, in both open source and commercial products. Zfone lets you whisper in someone’s ear from a thousand miles away. Phil will be explaining the ZRTP protocol used by Zfone, and demoing it. The ZRTP protocol does not rely on a PKI. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. This means your VoIP security doesn’t depend on VoIP service providers who don’t always act with your best interests in mind. ZRTP performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. And it supports opportunistic encryption by auto-sensing if the other VoIP client supports ZRTP. The law enforcement community will be understandably concerned about the effects encrypted VoIP will have on their ability to perform lawful intercepts. But what will be the overall effects on the criminal justice system if we fail to encrypt VoIP? Historically, law enforcement has benefited from a strong asymmetry in the feasibility of government or criminals wiretapping the PSTN. As we migrate to VoIP, that asymmetry collapses. VoIP interception is so easy …
DEFCON 18: Jackpotting Automated Teller Machines Redux 1/3
Speaker: Barnaby Jack The presentation “Jackpotting Automated Teller Machines” was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks. I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: defcon.org
Video Rating: 5 / 5
Fraser Howard, Principal Researcher for SophosLabs, explains what Fake Anti-Virus (FakeAV) is, why it’s a popular method of attack, and why it is so dangerous.
DEFCON 18: Jackpotting Automated Teller Machines Redux 2/3
Clip 2/3 Speaker: Barnaby Jack Director of Research, IOActive Labs The presentation “Jackpotting Automated Teller Machines” was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks. I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. More information can be found at: bit.ly
DEFCON 18: Jackpotting Automated Teller Machines Redux 2/3
Speaker: Barnaby Jack The presentation “Jackpotting Automated Teller Machines” was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks. I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: defcon.org
Video Rating: 4 / 5
Based on a book by WP Kinsella, Director Bruce McDonald brings this intriguing drama to life. Dance Me Outside is a film is set on the Kidabanesee reserve in Northern Ontario. Silas Crow (Ryan Black) is a young man confused about his direction in life; he wants to take an automobile mechanic’s course in college, but is uncertain whether he should apply. His general confusion with life is most evident in his apparence. He wears an old, ratty black hat resembling a fedora, as well as a long, black trenchcoat. Frank Fencepost (Adam Beach) is Crow’s best friend, and Sadie Maracle (Jennifer Podemski) is his ex-girlfriend. Events are set in motion when, Little Margret (Tamara Podemski) a young girl from the reserve is murdered by Clarence Gaskill (Hugh Dillon), a white man who gets off with a light sentence, prompting the community to demand vengeance. In this scene Hogarth Thunder (Vince Manitowabi) leads a rally to demand justice with surprising consequence.
Video Rating: 4 / 5
DEFCON 18: Jackpotting Automated Teller Machines Redux 1/3
Clip 1/3 Speaker: Barnaby Jack Director of Research, IOActive Labs The presentation “Jackpotting Automated Teller Machines” was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I’m armed with a whole new bag of tricks. I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I’ve got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I’m doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. More information can be found at: bit.ly
Video Rating: 0 / 5
DefCon 15 – T112 – No-Tech Hacking
DefCon 15 – T112 – No-Tech Hacking
Video Rating: 4 / 5
DEFCON 18 registration line at Black Hat USA
In an attempt to quell the long registration lines at the Riveria where DEFCON is held, Black Hat set up an ancillary DEFCON registration area at Caesars Palace. There sure are a lot of people in that line!
Diamond Dave is the owner and site coordinator of www.Blackhatworld.com (BHW). Most webmasters and internet marketing experts know and follow all the latest Search Engine Optimization (SEO) techniques on the internet at BHW. In fact, Blackhat World is not only the #1 website on the internet for cutting edge Search Engine Optimization methods it is the No 1 "authority" site. Some of the topics discussed on BHW include but are not restricted to: Outsourcing, Blogging, email marketing, Social Networking, Google Adsense and Google Ad words, hiring freelancers, webmaster tools and many more categories and subjects of interest. In addition, BHW is a great resource for beginners (newbies) and seasoned veterans.
