Day two was… interesting. However, it was not as interesting as this!

I started the day by taking in some Web 2.0 attacks and threats at Steve Orrin’s talk. I’ll admit that I’m not up to speed on this Web 2.0 stuff, XML, SOAP, etc. However, some of the attack vectors revealed piqued my interest enough to at least give the technology a shot. Since the web is moving in this direction, it’s only logical to understand this new threat.

Aaron Peterson’s talk on “Pen-testing Wi-Fi” held promise. I’m a Wi-Fi junkie. I’m always looking for something new, unique and novel. Unfortunately, the talk was anything but. I’ll give the guy props for taking existing tools and bundling them together into one useful suite of apps, but come on! There’s nothing new here folks. Next talk.

If there was one talk I had high hopes for, it had to be King Tuna’s “Hacking EVDO.” Now here’s something relevant and new! New because it’s never been talked about before. Relevant because I use EVDO when I’m on the road. In fact, I’m using it as I post this report. Wi-Fi networks are so easily hacked, I refuse to use them.

This presentation revealed ways to modify the firmware of a certain model EVDO card used on the Verizon Wireless Broadband network. By downloading some proprietary software from a torrent, he demonstrated various ways the firmware of the card could be manipulated to do things it shouldn’t do. He did suffer some technical difficulties during his demos which was painful to watch. However, I would expect to see future talks on this subject in the coming years.

If memory serves me correctly, I first heard of a rouge wireless access point referred to as an “Evil Twin” at a past DEFCON talk presented by the Shmoo Group. K.N. Gopinath’s talk, “Multipot: A More Potent Variant of Evil Twin” didn’t do it for me either. Am I being too critical? Am I asking too much when I want to see new material, something cutting edge? I don’t think so. I left the talk early.

There was one other talk on this day that I was looking forward to, “Geolocation of Wireless Access Points” by Ricky Hill. I was impressed! Here was a hardware system developed from scratch that uses triangulation to physically locate wireless access points. The system uses a yagi antenna mounted to a stepping motor combined with a digital compass and a GPS unit. With some Visual Basic code, the tool was able to geolocate wireless access points with better precision than anything else currently on the market that I’ve seen. It’s not ideal in any sense. It only seems to work well in open areas like water. If you place trees in the way or try this in an urban environment, it won’t work and the creator admits it. However, I think it represents a great first try. I hope others pick up the lead and improve on this work.

I ended the day by attending a panel discussion entitled, “Internet Wars 2007.” These discussions are always interesting because they’re very unstructured and anything goes. Personally for me, it was more for entertainment than actual useful knowledge.

Overall, day two provided a few golden nuggets in which I may find value. But for now, I think I’ll watch the video again!

The Con offered five tracks this year. The first talk I attended was by Sean Bodmer, entitled “Analyzing Intrusions & Intruders.” According to the official program guide, “… due to advances in network systems automation we now have time to pay more attention to subtle observations left by attackers…” I took this to mean we were to be treated to an enhanced form of packet analysis that could lead to clues and possible apprehension of the intruders. Instead, the talk focused on a more behavioral science and profiling approach. Not the talk I was expecting; therefore, I was disappointed in my first session.

The second session was right up my alley! Called “Meet the VCs,” we were provided a panel of real venture capitalists actively seeking new technology companies. They detailed what they look for in ideas, businesses and expectations when approached by companies seeking capital. The panel ranged from seed money VCs to well established VCs that may hold companies in their portfolios for many years before seeking an exit. This is definitely one talk worth following up with after the Con.

Since a break for lunch is never provided at the Con, some of us took the next hour and a half to grab some lunch and exchange thoughts and ideas.

Bruce Potter’s talk on “Dirty Secrets of the Security Industry” was standing room only. In fact, many people had to leave since their presence in the ailes and along the walls posed a fire hazard. Bruce loves to rant, and I love to listen! His talk can be summed up this way: There would be no need for “defense in depth” if people wrote secure code in the first place. Unfortunately, there is no formal body, organization or training program that teaches people a consistent way to write secure code. I have to agree.

“Self Publishing in the Underground” by Long, O’Hara & Wirth was an eye opener on how easy it is to get a book published in this day and age. They outlined a number of online alternatives from lulu.com to Amazon.com and their associated costs and headaches. This sounds like an easy way to quickly establish yourself as an expert in your field. It’s worth a look.

H.D. Moore and Valsmith’s “Tactical Exploitation” revealed ways to exploit or attack machines without the use of zero-day exploits. They simply used everyday protocols in ways they weren’t meant to be used! Try to research SMB/CIFS and WPAD and see if you can’t find devious ways to wreck some havoc!

BlackHat 2005 will always be known for Ciscogate. The Dark Tangent gave a behind-the-scenes blow-by-blow of the entire event from his perspective. It was an amazing tale of corporate irresponsibility run amuck with the little guy, The Dark Tangent, caught in the middle.

Sam Bowne recounted his tale of launching a hacking class at the City College of San Francisco in “Teaching Hacking at College.” He detailed how he pitched his idea to the administration, how the lab was set up, the program itself and the final outcome. This is a program worth spreading to other centers of higher learning.

And finally, for me, I ended the day with David Hulton’s talk on “Faster PwninG Assured: New Adventures with FPGAs.” Dave does nothing but amaze us with his FPGA programming foo! All I can say is this guy rocks! He’s a master with combining crypto solutions into an FPGA form factor. Is there anything FPGA related this guy can’t do?

Overall, my impression with day one ended on a positive note. I was worried during the first talk, but things soon shaped up for the better. Now it’s off to day two!

Today kicks off the fifteenth year of DEFCON. Team SSH is in the house. We hope to provide some commentary on this year’s talks. We won’t hold back. We never do.

On Wednesday, May 9th I was invited to speak at the Columbia-Area Linux User’s Group on my trials and tribulations of building and running an embedded Asterisk server at home. You can click on the Embedded Asterisk Talk to grab a copy of the presentation. As I told the group, this is an on-going project that I tinker with when I have spare time — which seems to be dwindling the older I get.

Thanks to Christopher for getting John and me on the group’s calendar to speak, and thanks to CALUG for all the great questions, participation and overall great turn out! I had a blast and look forward to running a VoIP workshop if the group decides to hold one.