Didier Stevens

Tuesday 8 April 2008

Quickpost: Back from Black Hat Europe 2008

Filed under: Hacking,Quickpost — Didier Stevens @ 7:44

Back from Black Hat Europe 2008, my laptop has undergone another lobotomy.

Mikko from F-Secure was in my training class.

Some briefings I really liked:

  • New Viral Threats of PDF Language
    Good overview of the format of PDF files, and the inherent security issues. Good demos (like rewriting the Acrobat reader alert dialog box to mislead the user) and interesting insights (a PDF has a logical and physical structure, changing the physical structure doesn’t change the content of the document: this is polymorphism). The speaker confirmed that his exploits don’t affect Foxit reader. But the slides don’t to this justice, let’s hope they publish more details. And it was fun to see some French military lingo popping up in a BH presentation.
  • Intercepting Mobile Phone/GSM Traffic
    THC explained how they cracked GSM A5/1 encryption, FPGA style and with 2 TB of rainbow tables. Interesting tidbits: mobile operators don’t provide the strongest available encryption A5/3 (my guess as to why: cost), and the GSM status channel will carry permanent subscriber IDs, although the protocol only foresees temporary IDs.
  • Mobile Phone Spying Tools
    Tools mainly used by untrusting spouses, but I see potential uses for industrial espionage: sales man leaves company for competition, installs mobile phone spying tool on his corporate mobile phone just before handing it back.
  • DTRACE: The Reverse Engineer’s Unexpected Swiss Army Knife
    Looks really powerful and flexible, let’s hope someone is brave enough to attempt a Windows port.

And the networking was great, shout-out to Malta Info Security.

Quickpost info

Carnival of the Security Catalyst Community 2008/04/08

Filed under: Fellow Bloggers — Didier Stevens @ 7:38

The Security Catalyst Community is a free forum for IT security professionals, it’s one of the few communities where I’m an active member. One of the things I like about the SCC is that a lot of the discussions are non-technical. Let me illustrate this by highlighting some message threads (you’ll need to create an account if you want to read these):

There are no trolls in the SCC, it’s low-volume, and sometimes, someone comes with a technical puzzle that will get my eager attention. And you’ll get the opportunity to discuss with security authors, bloggers and podcasters like Rebecca, Martin and Harlan.

Blog at WordPress.com.