ShmooCon Day 2

A got down to the conference a little late. I missed the morning sessions and headed straight over to the hacker arcade and lockpick village before the lunch crowd. I’m glad that I did.

I got about an hour of audio and permission to use it from Deviant Ollam and Mouse. Deviant did a series of quick hit presentations on a variety of different locks and on handcuffs. Mouse give some great, more one on one, suggestions for how to get started learning to lock pick in earnest. I got a little time with some of the training locks they had set out and managed to open the one, two and three pin locks.

I caught Billy Hoffman’s session of JavaScript grey goo. Not very surprising given the increasing ubiquity of JavaScript. There were a few ideas I hadn’t considered, before. I was particular fascinated by his discussion of how even though the sandbox model prevent directly getting at information that blind requests could still be made via AJAX and information deduced by a more or less opaque result. The explanation of how to port scan in JavaScript was especially intriguing. The use of public and widely available web services as proxies that allow circumvention of the sandbox simply by how they work was a little chilling.

Dan Kaminsky’s talk was intriguing if a bit more abstract. I had encountered context free grammars before in the arena of compression, so wasn’t particular surprised by his discussion of them. He ranged from discussions of the limits of human memory and recognition and how this constrains the security of passwords and correctly identifying bad hashes to new ways of visualizing files, other than the traditional hex listing, for a variety of purposes. Good stuff, plenty of Shmoo balls and beer involved.

The last session I caught before heading out was Chris Paget’s on subverting WPAD. WPAD is the protocol for HTTP proxy auto discovery and configuring. He had a demo that was pretty clear on the ease and impact of this flaw. The good news is that there is a Microsoft knowledge base article out or forthcoming on securing against this problem.

More tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *