Posts by Erica:
Shmoocon, Day 1
A few weeks ago the HacDC e-mail list alerted me to the fact that Shmoocon was coming to DC. I had never heard of it before but it is one of the better known hacker / security conferences, and is strictly limited to 1,500 attendees. I then discovered that all the tickets were gone, and had in fact sold out within one minute of going online. But thanks to eBay (and their new Blackberry app), I was able to get a second-hand ticket.
Systems intrusion and computer security is not really my main area, but it is hard to resist a conference that encourages you to throw balls at speakers you disagree with and has a contest for the most creatively printed barcode. And by default I am the Chief Security Officer for SentryLink.
For those of you not on the East Coast, DC was hit today with one of the worst snowstorms in history. So getting to the conference was something of a challenge. The worst snowfall started tonight so I thought I could go to some afternoon sessions, mostly travel by Metro, and only have a short drive in the storm. This more or less worked as planned, though I was almost the only car out driving at 6pm tonight.
The opening session made the point that most of us do not use common sense in protecting our networks. We have password policies that aren’t all followed, computers are more interconnected than they should be, and a great deal of existing hardware won’t support upgraded security. I must admit that we certainly are guilty of that. One thing I am very glad about, is that our servers are separate both physically and from a network perspective from anything in the main office. But the depressing fact is that a skilled hacker could undoubtedly find a way in. We try not to have anything valuable in our database, and the few things that might be use our own private encryption scheme, which is completely non-standard and separate from the database itself. Nevertheless there is always more that can be done.
After that slightly demoralizing but valid opener, the next talk was on GPUs (graphics processing units) vs. CPUs (computer processing units). This is something that I learned about in my computer graphics course last year, and it is very interesting stuff. For tasks that can be broken up into lots of parallel pieces — not always easy to figure out — GPUs are incredibly fast. And they are very cheap too, as their evolution has been driven by computer games. And if you need to break into a system by running through every single password possibility, why yes, you can make that a parallel process very easily. It is possible to break 40-bit encryption, standard for many SSL sites, given a few hours. Scary. For more information on programming with GPUs, I recommend the CUDA site.
I was really looking forward to the talk on Economics of Cybercrime, but the weather prevented that speaker from getting here. So I wandered around a bit, and stumbled onto to the room run by TOOOL, The Open Organization of Lockpickers. There were tables with padlocks, combo locks, and handcuffs, and people trying to get them open. One fellow loaned me a tool and showed me how to open handcuffs with it, which I was able to do within a few minutes — fairly easy and satisfying. Then there was a presentation on opening keyed locks. I couldn’t resist this one, so I paid $20 for a lockpicking kit and started trying various padlocks. This was harder than it looked. But after 10-15 minutes I was able to get an “easy” padlock opened. Then another fellow showed me how to open a combination lock.
I am sure that if I had to do this in the real world, I would be very very slow at getting a lock open. I am glad to know the basics though, and who knows, maybe it will be useful. The kit is very small and light, easy to carry around.
There is supposed to be two feet of snow on the ground by tomorrow morning. If that happens, I’ll be watching day 2 of the con through the free live video.
Making a Speed Vest
When I got volume 19 of MAKE magazine I saw a project that I immediately wanted to build. Called the Speed Vest, it is a cycling vest that shows your speed in glowing neon as you pedal. I like to bike and I wanted to start an electronics project, what could be better? Here is […]
thekanes.org relaunched!
We have owned this domain name since, oh, at least 2003. We had two pages and one photo. The site was hosted on Verio which quietly sucked out $25 a month for the privilege of being there, and offered nothing special. I finally remembered this, and moved to GoDaddy. Only $5 a month and there […]