To follow up with Friday’s post re getting a lot of the other awesome ShmooCon Firetalks out there, here is the complete line up from Saturday night. And if you are interested in seeing all the talks from each night, IronGeek has just put out a post with two longer videos from each evening.

I again wanted to thank The Shmoo Group and our generous sponsors. Lastly, thanks to our awesome volunteers that made this year’s Firetalks the best so far. Thanks!

• CFP Review: @jack_daniel, Sarah “@dystonic” Clarke, @jasonmoliver, Nathi “@nathiet” Thwala
• Judges: @DaKahuna2007, Rob “@mubix” Fuller, Nicolle “@rogueclown” Neulist, @soapturtle
• Streaming/Recording: @georgiaweidman, Adrian “@irongeek_adc” Crenshaw
• Security: Boris “@JadedSecurity” Sverdlik, Casey “@caseydunham” Dunham, @judykavuo

And finally be sure to check back to the master Firetalks post. It provides the core content as well as quick links to all update blog posts.  Well on to the videos…

“Cracking WiFi Protected Setup For Fun and Profit”

by Craig Heffner

This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA/WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver.

“Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit”

by John Sawyer

There has been very little public research into passive fingerprinting over the last few years, and the best and most well-known tool for that (p0f) hasn’t been actively developed in 6 years. While a recent a project is using the clever technique of identifying OS’s through DHCP options, it isn’t looking beyond simple OS identification. Why not? If you’ve ever been responsible for IDS monitoring in a large environment, you know there’s a huge amount of juicy data waiting to be snarfed up–interesting information that could be collected passively to identify vulnerable targets in a pen test. Some commercial solutions have these passive vulnerability detection capabilities already, but it’s never trickled down into the free, open source world.

In this presentation, we will look at some of the data that can be gleaned passively, how it can be used for offensive (and defensive) purposes, and announce a new project designed to use existing open source IDS engines (Snort & Suricata) and IDS rules to enhance penetration tests through passive fingerprinting. The project will utilize existing rules from projects like Emerging Threats, develop new rules to address gaps in detection, and give back to the community by contributing newly developed rules back to similar projects. A focus will be on identifying bleeding edge devices, vulnerable applications, and passively gathering sensitive information (SSNs, CCNs, passwords, etc.).

“Ressurecting Ettercap”

by Eric Milam

In December 2011 Ettercap had its first official release in almost 6 years. This talk will discuss how I went from the creation of a simple bash script to taking over one of the world most loved penetration testing tools. Topics will include, easy-creds, communications with Alor & Naga and the new team charged with moving the project forward.

“Security Onion: Network Security Monitoring in Minutes”

by Doug Burks

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what’s happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

“Remotely Exploiting the PHY Layer”

by Travis Goodspeed

Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet. The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur. The attack works on perfectly standard-compliant implementations of 802.15.4, 802.11B, and most other wireless protocols.

#####

This will be the final ShmooCon 2012 FireTalks post. It’s been a blast! See ya…Today’s post image is brought to you from Wikipedia.org.

I had the great opportunity to attend ShmooCon 2012 two weekends ago. As most of you know, the con offered various hacker models and infosec discussions. Friday and Saturday night activities concluded with a series of 15-minute sessions known as Firetalks in which the presenter cuts to the chase and discuses the core content of their presentation.

Here are some of my lessons learned for the next Shmooby…

Program Confusion: As a first timer, I was obviously confused about the whole program. It took me a while to figure out what I needed to do first and the different locations of the various activities and talks.

Talk Overload: It’s ok … you do not have to attend all the talks. This is extremely exhausting and you miss all the other fun stuff like lock picking, Hack Fortress, and so forth. The sessions are usually recorded so you can always catch-up on what you missed later.

Stressful Commute: If you are a local, I recommend staying at the hotel if possible as it ensures you do not get burned out with the commute each day. This also gives you extra cycles to network with others in the evening as well as adequate time to get ready for talks in the morning.

Unintelligible Content: Don’t feel bad if you attend a talk and don’t understand the content. We all have our strengths and weaknesses when it comes to the different subjects in the infosec world.

#####

That’s it for now. Do you have any more advice for the next Shmooby? Please let us know in the comments below. Today’s post image is from the EFF.com.

Last night we put out a post with the ShmooCon 2012 FireTalks winners so this morning we thought we’d follow up with a quick article on some of the other talks that occurred last weekend. This post is dedicated to the talks on Friday night. Thanks to Bulb Security and IronGeek for recording and processing the videos so fast!

And finally be sure to check back to the master Firetalks post. It provides the core content as well as quick links to all update blog posts.  Well on to the videos…

“Exploiting PKI for Pentesters”

by Thomas Hoffecker

Based upon my hour long talk presented at DerbyCon and HackerCon. This 15 minute version is specifically aimed at pentesters. PKI provides a large source of information to pentesters. Signed and encrypted email establishes a level of trust. Many organizations employ PKI but do not provide much public information about it. Pentesters are already trained to find this information using the recon phase of pentesting. Analysis of public PKI certificates can provide information on the internal infrastructure of the target. While the target may have deployed a split DNS architecture many times only a single PKI system is deployed. If public certificates are be accessed then potential servers and other interesting equipment can be identified since the PKI cert will contain the fully qualified domain name. While phishing success rates remain high, utilizing encrypted or signed email makes an email that much more trust worthy. It also ensures that spam and virus scanners at the mail server cannot read the email contents. Encrypting the email provides assurance that only the targeted subject can open and read the email. User security awareness training teaches users that signed and encrypted email is absolutely safe. Beyond my existing talks’ content I will demonstrate means to find information of specific corporate PKI implementations. Provide examples to obtain PKI email certificates from public sources for those that do not publish or otherwise distribute PKI email certificates. I will also discuss recently publicly revealed attack against smartcards that store PKI certificates, examples of these smart cards include the DoD CAC and the HSPD-12 PIV cards.

“Bending SAP Over & Extracting What You Need!”

by Chris John Riley

At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many “red pen” items on penetration tests and audits alike… but no more! We will no longer accept the cries of “Business critical, out-of-scope”. The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it’s our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It’s time to scrub this SAP system clean with SOAP!

“ROUTERPWN: A Mobile Router Exploitation Framework”

by Pedro Joaquin

Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection.

“Security Is Like An Onion, That’s Why it Makes You Cry”

by Michele Chubirka

Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It’s enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn’t, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet’s name as passwords, etc…. But what if this isn’t because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind’s resistance to change?

“Five Ways We’re Killing Our Own Privacy”

by Michael Schearer

At DEFCON, I talked about how our privacy rights are under attack. Our sea of liberty is drying up due to the ever-encroaching power of the government. A litany of abuses continue to chip away at the historical foundations of privacy: administrative searches as pretexts to avoid search warrants, national security letter, and suffocating public surveillance just to name a few. Yet the government alone is not the only source of our ever-diminishing privacy. In this talk, I turn my attention…to you. Yes, believe it or not, you (and me) and the other 310 million of us in this country are also responsible for our diminished expectation of privacy. Why are we responsible? Who wants our information, and why is it so valuable? Is there anything we can do to stem the tide?

“How Do You Know Your Colo Isn’t ‘Inside’ Your Cabinet, A Simple Alarm Using Teensy”

by David Zendzian

As everyone knows, the security of your equipment starts with securing it physically. To accomplish that many will lease cabinet or cage space within the a commercial colo. However, all colos require access to your equipment (in case of fire, or other emergency). Even withstanding the emergency access I have seen colo’s enter cages and cabinets to run cables or to shorten their walk around a row in the facility. Other than installing a commercial alarm or a motion sensor camera, both of which are expensive solutions, what can be done to monitor access into your cabinet or cage. This talk will show how we have used a Teensy board from PJRC to build a simple alarm system that can be easily integrated into whatever host / network monitoring system already configured for your network.

#####

An interesting thing happened this year … none of the talks on Friday night won. Maybe this gave the Saturday presenters time to pay the judges off. This post’s featured image is from Babble.com. See ya…

Well you’ve probably already heard by now but just in case you didn’t … here are the winners for this year’s ShmooCon 2012 Firetalks. Also, be sure to check back to the master Firetalks post. It provides the core content as well as quick links to all update blog posts.

Well on to the winners…

Win: “Remotely Exploiting the PHY Layer”

by Travis Goodspeed

Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet. The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur. The attack works on perfectly standard-compliant implementations of 802.15.4, 802.11B, and most other wireless protocols.

Travis won a Parrot AR.Drone Quadricopter along with an iPod Touch to control it. Thanks to Milton Security Group supplying this awesome prize!

Place: “Cracking WiFi Protected Setup For Fun and Profit”

by Craig Heffner

This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA/WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver.

Craig picked up a netbook with the latest version of BackTrack pre-installed. Thanks to Dirty Security, Lares Consulting, and Leverage Consulting & Associates for supporting this prize. [Oh and Craig ... please contact us so we can arrange to ship the netbook to you.]

Show: “Ressurecting Ettercap”

by Eric Milam

In December 2011 Ettercap had its first official release in almost 6 years. This talk will discuss how I went from the creation of a simple bash script to taking over one of the world most loved penetration testing tools. Topics will include, easy-creds, communications with Alor & Naga and the new team charged with moving the project forward.

Eric took home the “Sad Trombone” award, basically one of Apple’s new iPad Minis. Thanks to Liquidmatrix Security Digest for supplying the third place prize!

#####

Congratulations to all the winners! Today’s featured image is from Sasatien.Blogspot.com. See ya!

Yes, the day is finally upon us … ShmooCon there will be! I’ve been lucky enough to attend the past five or six years of this awesome conference. You could almost call me a veteran attendee … and as such I wanted to pass on a bit of advice for anyone heading down to DC today. In honor of the movie Fight Club I present to you the …

“The Rules of ShmooCon”

1st RULE: You do not talk about SHMOOCON.

… unless it’s on Twitter and you use the #shmoocon hashtag …

2nd RULE: You DO NOT talk about SHMOOCON.

(see the 1st Rule for details)

3rd RULE: Only three talks to a day.

And on a bit more serious side… The first time I attended ShmooCon, I over-scheduled myself by focusing too much on the scheduled talks. Overall, I probably attended about 20 talks. At the end each day, I was exhausted and just headed home to recover. What I hadn’t realized was that I only took part in a small portion of what the conference had to offer.

Instead I’m suggesting that you attend just three talks each day (no cheating here) and spend the rest of the time taking in everything else ShmooCon has to offer … Firetalks, Hack Fortress, Lockpick Village, Shmooganography, … and most of all … networking with other hackers and just enjoying yourself.

4th RULE: If there is a party in the executive suite and someone breaks the genitalia-shaped vase, the party is over.

… or maybe not.

5th RULE: Turn off what you don’t need.

Remember … this is a hacker conference so be cautious with our usual array of electronic goods we carry around. You need to be very careful of how your devices will interact with anything at the conference. With that in mind, I recommend that you disable any and all connections to your devices (Bluetooth, WiFi, NICs, USB ports, etc.) and only turn them on when needed.

6th RULE: Don’t f*ck with the con’s secure wifi, local ATMs, or the hotel’s information kiosks.

We want the good folks at the Hilton to have us back next year (and maybe improve cellular coverage for us) so please don’t ruin it for the rest of us. Of course as I write this late Thursday night, I see we’ve already broken the kiosks part of this rule.

7th RULE: Always wear a cheap “Hello I am …” sticker with your your Twitter name and avatar.

This is not so people recognize you … but for you to recognize others. I know … most of us are pretty introverted but this is a great time to get out from behind our computers and meet many of those we regularly interact with online. Here’s the magic move to start a conversation with anyone at the con. Find someone with a familiar avatar and say, “Hi, I’m [name] from [location]. How’d you get your ShmooCon ticket?”

8th RULE: Talks will go on as long as they have to.

… unless it’s a Firetalks … those only last 15 minutes. For all other talks you might risk getting pelted by a barrage of spongy darts from modded Nerf guns if you go over time. Of course that could happen at the Firetalks too.

9th RULE: Always connect securely.

If you absolutely need to connect to the Internet, the secure ShmooCon network is a good start but it’s probably better to use a cellular network. Of course cellular signal is another issue as I mentioned above so you may want to invest in two or three other mifi pay-as-you-go access points. I’ve heard Virgin Mobile/Sprint, T-Mobile and Clear usually work well. And just to be safe you might want to VPN out as well (think the DEFCON allegations we had back in August). For those that don’t have VPNs provided through their company, I’ve looked at a few options before (see the comments there for other suggestions too).

10th RULE: If this is your first time attending SHMOOCON, you HAVE to get on your buddy’s shoulders during the opening or closing ceremonies and yell “Bow to my firewall!” at the top of your lungs.

#####

Well that’s all I got… Can you think of any additional “Rules of ShmooCon?” Let us know in the comments below. Today’s image came from DiggingForFire.net (and they also have the original Fight Club rules reprinted there).

Well … we are withing two days of ShmooCon and the first night of Firetalks and I’m actually a little ahead this year. I don’t think I got last year’s schedule out until late Thursday night! Anyway, below you’ll find the schedule for the talks.

Also some people might have heard that you can attend the Firetalks without a ShmooCon badge. Unfortunately, this is not true. You MUST have a badge to attend due to all those contracts, insurance, and other fun biz stuff associated with holding an event as big as ShmooCon.

If you want to keep up with all the Firetalks going-ons throughout the weekend, you might want to check back to the master Firetalks post or subscribing to one of our “feeds” (@novainfosec on Twitter, our FaceBook Page, or RSS). But given the craziness of cons I’d recommend just following my tweets (@grecs) or the #firetalks tag.

Finally, I want to put out one last reminder for the ShmooCon Epilogue event that is being held the Monday after ShmooCon. If you are from out of town and can still grab one of the free tickets, why not extend your stay an extra day and get another dose of great talks and networking with fellow hackers. See the NoVA Hackers post for all the details.

Well and onto the schedule…

Friday

Note 1: The times for Friday are currently tentative as we noticed the regular con schedule will probably push these times back. I’ll be keeping this post updated so please check back or follow me (@grecs) or the official #firetalks tag on Twitter.

Note 2: Updated the times below…

8:30: Opening

8:40: “How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy” by David Zendzian

9:00: “Bending SAP Over & Extracting What You Need!” by Chris John Riley

9:20: “ROUTERPWN: A Mobile Router Exploitation Framework” by Pedro Joaquin

9:40: “Security Is Like An Onion, That’s Why it Makes You Cry” by Michele Chubirka

10:00: “Five Ways We’re Killing Our Own Privacy” by Michael Schearer

Saturday

6:30 Opening

6:40 “Cracking WiFi Protected Setup For Fun and Profit” by Craig Heffner

7:00 “Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit” by John Sawyer

7:20 “Ressurecting Ettercap” by Eric Milam

7:40 “Security Onion: Network Security Monitoring in Minutes” by Doug Burks

8:00 “Remotely Exploiting the PHY Layer” by Travis Goodspeed

If you are a speaker and cannot make the scheduled slot, please let me know ASAP via mentioning it to me at @grecs on Twitter. Also if you are an alternate you’ll need to be present both nights. And just to make things run smoothly, we ask that all speakers be present at least two talks prior to your scheduled time slot. We will have reserve seats for you in to the first row to the left of the podium if you are facing the stage.

#####

Can’t believe ShmooCon is almost here! See ya all on Friday… Today’s post picture is from Harvard.edu.

Just a short post to announce the second round speakers for this year’s ShmooCon Firetalks… With several more submissions between our last post and the CFP due date, the selection committee has been hard at work trying to pull together a diverse program with the most interesting talks combined with a good mix of established and new speakers.

But before we get on to the talks I just wanted to thank the selection committee for all the hard work they put in over the last few weeks. Since some may not want their full names out there, I’ll just list them all by their Twitter handles … @dystonic, @jack_daniel, @jasonmoliver and @nathiet. And I would again like to thank our generous sponsors for not only providing some awesome prizes but also other contributions that are going to make this year’s Firetalks the best so far. Thanks!

• Milton Security Group
• Dirty Security
• Lares Consulting
• Leverage Consulting & Associates
• Liquidmatrix Security Digest
• Bulb Security

And finally if you want to keep up with all the Firetalks going-ons, be sure to check back to the master Firetalks post periodically. It is the home for any and all information relating to the ShmooCon 2012 FireTalks. You can also subscribe to receive these updates through any of our “feeds” if you wish (@novainfosec on Twitter, our FaceBook Page, or RSS) to keep up with things. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information using the #firetalks tag.

And without further ado … we are pleased to announce the second round speakers!!!

Cracking WiFi Protected Setup For Fun and Profit

by Craig Heffner

This talk will detail the recently disclosed vulnerability in WiFi Protected Setup which allows wireless attackers to recover plain text WPA/WPA2 pass phrases in just a few hours, as well as my WPS brute force attack tool, Reaver.

Passive Aggressive Pwnage: Sniffing the Net for Fun & Profit

by John Sawyer

There has been very little public research into passive fingerprinting over the last few years, and the best and most well-known tool for that (p0f) hasn’t been actively developed in 6 years. While a recent a project is using the clever technique of identifying OS’s through DHCP options, it isn’t looking beyond simple OS identification. Why not? If you’ve ever been responsible for IDS monitoring in a large environment, you know there’s a huge amount of juicy data waiting to be snarfed up–interesting information that could be collected passively to identify vulnerable targets in a pen test. Some commercial solutions have these passive vulnerability detection capabilities already, but it’s never trickled down into the free, open source world.

In this presentation, we will look at some of the data that can be gleaned passively, how it can be used for offensive (and defensive) purposes, and announce a new project designed to use existing open source IDS engines (Snort & Suricata) and IDS rules to enhance penetration tests through passive fingerprinting. The project will utilize existing rules from projects like Emerging Threats, develop new rules to address gaps in detection, and give back to the community by contributing newly developed rules back to similar projects. A focus will be on identifying bleeding edge devices, vulnerable applications, and passively gathering sensitive information (SSNs, CCNs, passwords, etc.).

Remotely Exploiting the PHY Layer

by Travis Goodspeed

Packet-in-Packet injections are a new type of in-band signalling attack, one which allows a packet to be injected into a remote wireless network through the body of any other type of packet. The attacker never needs a radio, and no software or hardware bugs are necessary for the injection to occur. The attack works on perfectly standard-compliant implementations of 802.15.4, 802.11B, and most other wireless protocols.

Ressurecting Ettercap

by Eric Milam

In December 2011 Ettercap had its first official release in almost 6 years. This talk will discuss how I went from the creation of a simple bash script to taking over one of the world most loved penetration testing tools. Topics will include, easy-creds, communications with Alor & Naga and the new team charged with moving the project forward.

Security Onion: Network Security Monitoring in Minutes

by Doug Burks

Traditional Intrusion Detection Systems (IDS) can be costly, difficult to install, and may not provide all the capabilities that you need to defend your network. Network Security Monitoring (NSM) combines traditional IDS alerts with additional data to give you a more complete picture of what’s happening on your network. This presentation will demonstrate how to deploy NSM in just a few minutes using a free Linux distro called Security Onion.

Beyond the formally announced talks we also chose a few alternates that just missed getting selected. These speakers should be ready to present either night.

• Georgia Weidman: Stopping Android Permission Leak
• Thomas Hoffecker: Exploiting PKI for Pentesters

#####

Look for the final schedule to be posted early next week. See ya!

After pushing the team to do some reviews over the last few days we have finally come up with the first round of speaker announcements for the ShmooCon 2012 Firetalks! It’s been a painful process trying to rate all of the awesome submissions but I think the team did a great job at finding a nice mix of talks up to this point.

Before continuing on I would like to let everyone know that there are still five additional slots available and the CFP is open through this Friday at 5:00 PM EST. So if you have a topic and are contemplating whether or not to submit … don’t hesitate much longer. To get started head on over to the EasyChair SC2012FT portal.

We are still looking for a few volunteers, specifically someone to create and hang some poster-sized signs so people can easily find where the sessions will be (usually in Track 3, which is typically held a bit off the beaten track). Also since the sessions are being recorded and streamed, we need someone to coordinate with the ShmooCon and hotel AV teams (audio/video … not anti-virus ) so we can hopefully get direct audio feeds for better quality. There are also some other smaller roles (e.g., a timer) so please check out the master post for all the available volunteer positions. And if you have a cool idea to help make FireTalks better and are willing to volunteer to coordinate it, let us know… Also don’t worry about volunteering interfering with you dinner plans … we’ll be providing a free dinner for all those helping out thanks in part to our sponsors – Milton Security Group, Dirty Security, Lares Consulting, Leverage Consulting & Associates, Liquidmatrix Security Digest, and Bulb Security. Oh and by the way … could someone volunteer to coordinate the dinner thing.

And don’t forget … for all the latest happenings, check back to the master Firetalks post periodically. It is the home for any and all information relating to the ShmooCon 2012 FireTalks. You can also subscribe to receive these updates through any of our “feeds” if you wish (@novainfosec on Twitter, our FaceBook Page, or RSS) to keep up with things. And as usual … I’ll be regularly updating my Twitter stream at @grecs with all the information using the #firetalks tag.

And without further ado … we are pleased to announce the first round speakers!!!

Bending SAP Over & Extracting What You Need!

by Chris John Riley

At the heart of any large enterprise, lies a platform misunderstood and feared by all but the bravest systems administrators. Home to a wealth of information, and key to infinite wisdom. This platform is SAP. For years this system has been amongst the many “red pen” items on penetration tests and audits alike… but no more! We will no longer accept the cries of “Business critical, out-of-scope”. The time for SAP has come, the cross-hairs of attackers are firmly focused on the soft underbelly that is ERM, and it’s our duty to follow suit. Join me as we take the first steps into exploring SAP, extracting information and popping shells. Leave your Nessus license at the door! It’s time to scrub this SAP system clean with SOAP!.

Five Ways We’re Killing Our Own Privacy

by Michael Schearer

At DEFCON, I talked about how our privacy rights are under attack. Our sea of liberty is drying up due to the ever-encroaching power of the government. A litany of abuses continue to chip away at the historical foundations of privacy: administrative searches as pretexts to avoid search warrants, national security letter, andsuffocating public surveillance just to name a few. Yet the government alone is not the only source of our ever-diminishing privacy. In this talk, I turn my attention…to you. Yes, believe it or not, you (and me) and the other 310 million of us in this country are also responsible for our diminished expectation of privacy. Why are we responsible? Who wants our information, and why is it so valuable? Is there anything we can do to stem the tide?

How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm Using Teensy

by David Zendzian

As everyone knows, the security of your equipment starts with securing it physically. To accomplish that many will lease cabinet or cage space within the a commercial colo. However, all colos require access to your equipment (in case of fire, or other emergency). Even withstanding the emergency access I have seen colo’s enter cages and cabinets to run cables or to shorten their walk around a row in the facility. Other than installing a commercial alarm or a motion sensor camera, both of which are expensive solutions, what can be done to monitor access into your cabinet or cage. This talk will show how we have used a Teensy board from PJRC to build a simple alarm system that can be easily integrated into whatever host / network monitoring system already configured for your network.

ROUTERPWN: A Mobile Router Exploitation Framework

by Pedro Joaquin

Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all “smart phones” and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection.

Security Is Like An Onion, That’s Why it Makes You Cry

by Michele Chubirka

Why is the security industry so full of fail? We spend millions of dollars on firewalls, IPS, IDS, DLP, professional penetration tests and assessments, vulnerability and compliance tools and at the end of the day, the weakest link is the user and his or her inability to make the right choices. It’s enough to make a security engineer cry. The one thing you can depend upon in an enterprise is that many of our users, even with training, will still make the wrong choices. They still click on links they shouldn’t, respond to phishing scams, open documents without thinking, post too much information on Twitter and Facebook, use their pet’s name as passwords, etc…. But what if this isn’t because users hate us or are too stupid? What if all our complaints about not being heard and our instructions regarding the best security practices have more to do with our failure to understand modern neuroscience and the human mind’s resistance to change?

#####

Don’t forget … you still have time to submit your talk! The CFP closes this Friday at 5:00 PM EST. Today’s image is from 1CaseyColette.blogspot.com.

Well it’s been a few weeks since our last update. We hope everyone had a nice holiday break and at least a few people lucked out with the final round of ShmooCon tickets sales. Over the past several weeks @jack_daniel has been hard at work gathering sponsors to support the prizes and other fun stuff we have planned. So at this point we would like to announce the prizes and sponsors for this year’s Firetalks!

But before we get into the prizes and sponsors I did want to make a few announcements regarding some of our upcoming activities. We’ve received a record number of submissions this year and will be announcing the first set of talks on Monday or Tuesday next week. If you have been thinking of submitting and haven’t yet, please do … the more topics we get, the better we can provide a balanced program. As before … just head on over to the EasyChair SC2012FT portal. The RFP will be closing at 5:00 PM on Friday the 13th.

I am also happy to announce is that the NoVA Hackers Association will be running a ShmooCon Epilogue conference/meetup following ShmooCon on Monday the 30th. If you haven’t locked in your travel plans yet, you may want to push them out a day or two to attend this event. It will feature talks from many of the local infosec pros as well as some of the ShmooCon presenters. They are still in the planning stages at this point, so please head on over to the official ShmooCon Epilogue post to find out how to participate.

Lastly, we are still in need of several more FireTalk volunteers. If you’ve volunteered previously and I haven’t contacted you, please hit me up again via @grecs on Twitter. Right now we are looking for someone to coordinate the judging panel, some muscle at the door (i.e., security), an AV coordinator, a timer (I’d really love a big red countdown clock if anyone has one), and someone to create and hang poster signs for leading people from the main conference area over to where the Firetalks will be held.

Thanks for putting up with those few announcements and now on to the good stuff … this years Firetalk prizes and sponsors!

1st Place

Milton Security Group will be bringing us a Parrot AR.Drone Quadricopter controlled WITH an iPod Touch to control it. Now that is one cool prize! Hopefully, I can get my hands on it before Sunday’s closing ceremonies.

2nd Place

No one sponsor came out with a dedicated 2nd place prize so we are combining some of the cash contributions together to get the ultimate hacking platform – a netbook with the latest version of BackTrack pre-installed (maybe even pre-p0wned ). Ok … well maybe not the “ultimate” but at least something light and portable. To the right you see my best effort at creating some kind of collage that represents all the sponsors for this prize. They are also linked below for quick reference.

• Dirty Security
• Lares Consulting via Chris “@indi303” Nickerson
• Leverage Consulting & Associates via Mike “@theprez98” Schearer

3rd Place

Lastly, Liquidmatrix Security Digest brings us the “Sad Trombone” award, basically one of Apple’s new iPad Minis.

Other Support

Beyond the prizes there are several other ways that people are helping out.

• Milton Security Group will also be offering some cool swag to toss out during the event.
• The remaining contributions from the DirtySec/Lars/Leverage consortium will be used for speaker gifts and maybe a few surprises.
• Bulb Security via @georgiaweidman will be providing live streaming and filming of the event. There’s an interesting story behind this company’s name. Be sure to ask Georgia about it.

#####

And that’s about it. Again please tweet a big thanks to @jack_daniel for pulling together some awesome sponsors. Today’s featured image is from Sasatien.Blogspot.com. See ya!

Although many of the details are still being worked out we wanted to put out a quick post to announce the ShmooCon 2012 FireTalks CFP and solicit sponsors.

CFP

This year we are planning on having up to five 15-minute speaking slots each night depending on the final discussions the ShmooCon team is having with the conference hotel. We are hoping to accommodate many of the awesome submissions that ShmooCon was not able to accept due to the finite number of speaking slots. If you are already speaking at ShmooCon, please be considerate and leave submissions open to others. Other than that … the only thing we are looking for is a nice mix of established and new speakers.

To ease our submission load, we will be using the free EasyChair Conferencing System. We used it to handle submissions in the past and it worked nicely. It just requires that you create an account, login, and select New Submission from the top menu. From there just fill out as much information as you can and hit the Submit button. To get started head on over to the EasyChair SC2012FT portal.

Call for Sponsors

Similar to last year we will have prizes for the top 3 presentations and are looking for sponsors willing to put forward some awesome contributions (maybe a few iPads … one for the organizer too ). You’ll get your logo placed on the master ShmooCon 2012 Firetalks post, some of the update posts, and several mentions during the two night event.

Based on the last few years we are looking for three sponsors at around the $500, $300, and $200 levels. If you are interested in sponsoring, please contact @jack_daniel. If you have any problems contacting Jack, just mention it to me (@grecs) on Twitter or email us using our Contact Us form.

#####

Stay tuned for more info on the ShmooCon 2012 Firetalks. And check out the master post with all the consolidated details. Today’s feature image is courtesy of RochesterSecurity.org. See ya!