Archive for February, 2011

 

CanSecWest 2011

Feb 01, 2011 in Security

[SecurePlanet Wiki][SecurePlanet RSS Feed][SecurePlanet RSS Vulnerabilities]

Last weekend I went to Shmoocon (http://www.shmoocon.org/), which is now my favorite East Coast hacking conference. After another good conference of great talks, lots of alcohol, and just straight old hacking, I come to deliver information on some of the talks I found interesting.

Computer Search and Seizure : Marcia Hofmann
EFF’s talk was on how you should protect your data when traveling. Pretty much a straight forward talk on illegal searches and seizures of your computer equipment. The gist of it all, password protect your computer and encrypt that bad boy. There are a lot of laws still being developed on this type of search and seizure procedures for computer and data. Stay informed, visit eff.org and if you are ever in some need, contact EFF lawyers!

Fun with Flow: Richard Friedberg
The Network Situational Awareness (NetSA) group at CERT has developed and maintains a suite of open source tools for monitoring large-scale networks using flow data.

The System for Internet Level Knowledge (SiLK) is an efficient network flow collection and storage infrastructure that will accept flow data from a variety of sensors. SiLK also provides a suite of efficient command-line tools for analysis.

Yet Another Flow Sensor (YAF) processes packet data into bidirectional flow records that can be used as input to an IPFIX Collecting Process. YAF’s output can be used with the NetSA Aggregated Flow (NAF) toolchain and the SiLK tools. –
http://tools.netsa.cert.org/index.html.

CERT has developed a lot of different tools for utilizing and analyzing NetFlow data. They also include some cool features such as pulling out top ten user agent strings from netflow traffic to see what type of traffic is in your environment. Go visit cert.org and try these tools out. They even have a VM image for the lazy.

Printers Gone Wild : Ben Smith
Discussed vulnerabilities in PJL (Printer Job Language) for HP printers. PJL is used to manage printers and used by many different printer manufactures, usually running over TCP port 9100. One point Ben makes is even if SMNP is disabled, you still can make SMNP calls on port 9100. He said to google “PJL DMINFO ASCIIHEX” for additional info. He also demonstrated that HP has a lot of other vulnerabilities such as using printers as your network storage device. Tools will be released soon.

Project Ubertooth: Mike Ossman
Great talk on how to develop a usb sniffing bluetooth device for under $100. I recommend you visit http://www.kickstarter.com/projects/mossmann/ubertooth-one-an-open-source-bluetooth-test-tool and watch the video. The device he is developing has the ability to be put into monitor mode and potentially sniff bluetooth communication. Join the Kickstarter Project today!

An Evite from Surbo? : Trent Lo
Trent discussed the vulnerabilities that lie within the Evite system. He was able to read any Evite invitation, modify them, add/remove users and comments, and many other fun attacks. The issue in the Evite system… Everything. There isn’t proper authorization and authentication mechanisms. He should be putting up his slides soon on http://www.i-hacked.com/.

URL Enlargement: Daniel Crowley
Someone else posted a good article on this: http://www.portable-digital-video-recorder.com/shmoocon-2011-url-enlargement-is-it-for-you/. Pretty much don’t store sensitive data via url shorteners.

That is all.

-Cheetz