Toorcon Day 2 and more No Starch Press
Well Toorcon 8 is now officially over. Even though there at workshops tomorrow the toorcon closing talk happened here in San Diego tonight.
I have to say, I am quite impressed with the entire con experience. Toorcon was well put together and ran smoothly all weekend.
I attended the afternoon talks today and they were mostly on par with topics from yesterday. "Breaking Pocket PC executable" by WebSense was rather dry but pointed out that Pocket PC is not is not off the hackable scale. With the proliferation of Pocket PC based cell phones measures should be taken now to hinder any future malware advances. Next was a talk entitled "LoLPhone" by ASM and covered the topic of VoIP hacking; caller ID spoofing and man in the middle attacks using Asterisk VoIP ( http://www.asterisk.org/ ) software. The man in the middle attack was interesting since you could call person A using person Bs number and person B with person As number and then connect the two. Some funny audio was played of a few unknown people with the expected "You called me. No, you called me" conversation. ASM's little bio in the Toorcon program says "I have a BS in neuroscience" and that was clear when he loaded up a program that modeled the section of the brain that responds to audio. The OpenGL program ran on the screen as he played the audio from some of the prank calls; that was really cool in my book.
The last two talks of the con were awesome. Really can't say anything else other than just plain awesome. The first was "TrackSploit" given by James Lance and Josh Brashars from Secure Science Corporation ( http://www.securescience.net ). I had talked to these guys a bunch yesterday and it was cool they gave a talk. What they talked about was tracking and catching hackers and phishers. They work for a security company and went into decently deep detail of how they have models of typical hacking and phishing groups and how they can track these groups and nail them before thousands of credit cards are compromised. Their talk pretty much said phishers are stupid. It was quite surprising that these 'L337' groups use pre built phishing software that thousands of other groups use. Obviously (as with most popular software) this can be tracked with a simple google search for a config file; l00sers. Another funny bit was a story of some kid who was running a bot net using the same handle as his myspace page. The myspace page had all the contact information about him and a bunch of his friends, geeze what and idiot.
The final talk was titled "SQL Infection" by Matt Fisher from SPI Dynamics ( http://www.spidynamics.com ). This talk was REALLY good to see at the end of the con. The talk was about SQL Injection and outlined how somebody could pull up almost any information from a database using standard SQL queries sent to a page with poorly written code. I have to say, my jaw was on the table for most of this as Matt showed example after example of how this could be done. The bottom line is one could structure a sequence of URLs to map out an entire database system, with nothing else other than an internet connection and a bash script. It was just plain awesome to see.
What conference or expo is complete without free/cheap sw4g? Yesterday I mentioned I talked with the guys from hackaday. Today I ran into Will and he gave me a free shirt for being a loyal follower, Thanks Will! At the closing talks the goons were just giving stuff away, I walked out with two free issues of Blacklisted 411 and a Blacklisted hat that has "Hack the System" on the front which i really think is cool. While the free stuff is cool I couldn't pass up getting two books from No Starch Press, "Hacking the Cable Modem" and "Wicked Cool Shell Scripts". After I took a look at what firewire bought yesterday there was just no way I could let these go...that and they were 30% off :-). The guy Tyler from No Starch and I talked for a while yesterday and then again today. As I was buying the books I told him about firewire's post on "Steal this Computer Book" and he asked if Geeksinside would like to be a reviewer of No Starch's publications! Of course I said hell yeah. So in the future Geeksinside.com might be an official book reviewer of No Starch! http://www.nostarch.com
Well that's it, this is the longest post I've ever made on GI but I think it was warranted. I am going to start looking at "Hack the Cable Modem" tonight and crash.
Later
EDIT: It looks like the guys from BanTown (the ones who did the LOL talk at Toorcon yesterday) have generated a lot of heat from their announcement of 30 exploits for firefox. Here's links to the slashdot article and a Cnet one.
http://it.slashdot.org/it/06/10/01/148202.shtml
http://news.com.com/Hackers+claim+zero-da...08.html
[ Link ]
