Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for January 7th, 2010

Top black hat conference

Posted by brainfoldb4u on January 7, 2010

Here’s a list of the top 20 hacker conferences out there today with a short description that I found from one of hacking website. I am not very sure where i got it from but sure some valuable information . They aren’t ranked from best to worst, because I am in no position to judge them since I haven’t been to all of them. If you think I missed a great one, feel free to mention it in the comments.

  • DEFCON @ www.defcon.org – DEFCON is one of the oldest continuous running hacker conventions around, and also one of the largest. Originally started in 1993, it was a meant to be a party for member of “Platinum Net”, a Fido protocol based hacking network out of Canada. As the main U.S. hub I was helping the Platinum Net organizer (I forget his name) plan a closing party for all the member BBS systems and their users. He was going to shut down the network when his dad took a new job and had to move away. We talking about where we might hold it, when all of a sudden he left early and disappeared. I was just planning a party for a network that was shut down, except for my U.S. nodes. I decided what the hell, I’ll invite the members of all the other networks my BBS (A Dark Tangent System) system was a part of including Cyber Crime International (CCI), Hit Net, Tired of Protection (ToP), and like 8 others I can’t remember. Why not invite everyone on #hack? Good idea!
  • Blackhat @ www.blackhat.com – “From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to a global conference series with annual events in Tokyo, Amsterdam, Las Vegas and Washington DC. It has also become a premiere venue for elite security researchers and the best security trainers to find their audience.”
  • ChicagoCon @ www.chicagocon.com – “features security-focused boot camps, exams on-site followed by a two-day ethical hacking conference. Learn from the pros and network with peers in order to advance your InfoSec career.”
  • Toorcon @ www.toorcon.org – “San Diego’s hacker conference bringing together the top security experts to present their new tricks of the trade and have fun in the sunny and beautiful city of San Diego.”
  • ShmooCon @ www.shmoocon.org – “ShmooCon is an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues. The first day is a single track of speed talks, One Track Mind. The next two days, there are three tracks: Break It!, Build It!, and Bring It On!.”
  • Hackinthebox @ http://conference.hackinthebox.org – “Asia’s largest network security conference held annually in Kuala Lumpur, Malaysia and more recently the Middle East.”
  • HOPE @ www.thenexthope.org – “The HOPE conferences have been running since 1994. HOPE stands for Hackers On Planet Earth and it has become a gathering point for thousands of computer hackers, phone phreaks, net activists, government spooks, and a whole lot of curious people from all corners of the globe. This will be our sixth one (hence the name) and we expect to continue to grow and have more imaginative events, cool speakers, and fun projects than ever before. “
  • Notacon @ www.notacon.org – “ an annual conference held in Cleveland, Ohio, explores and showcases technologies, philosophy and creativity often overlooked at many “hacker cons”. Our desire is not to supplant other events, but complement them and strike a balance that has gone unnoticed in our community for far too long. “
  • HackerHalted @ www.hackerhalted.com – “Hacker Halted aspires to be a complete and comprehensive conference cum workshop that will educate and equip its participants with the in-depth knowledge of understanding the vulnerabilities and the countermeasures to overcome the security infringements present today.”
  • ConFidence @ www.confidence.org.pl – International IT security conference held in Poland.
  • Nullcon @ www.nullcon.net – “If you too share this passion for knowledge, if a core dump brings glimmer to your eyes, if you want to share your hack with others and you have an inquisitiveness to learn, then nullcon is the place for you. If meeting hackers/researchers/phreaks in a 2 days event packed conference and the sun-bathed beaches of the tropical paradise called Goa won’t get you off your bed, nothing ever will. So crack you knuckles, fire your Live CDs, dust your Debuggers and get ready for some serious action this February.”
  • Phreaknic @ www.phreaknic.info – “Phreaknic was started years ago by JonnyX. After 5 years of working his bony ass off putting together a con on a budget, he had to leave Nashville to get a good job and survive. He passed on the duties to Dolemite, who with the help of his amex card, put together a group of directors and formed a non-profit corporation to put on the con. Dolemite built on previous successes, and has made phreaknic a well organized, finely tuned machine… Well, fairly well tuned. We have our moments. After Phreaknic 11, Dolemite stepped down as President of Nashville2600, the non-profit that puts on Phreaknic. A vote was taken and skydog was elected as President of the Nashville2600 Organization. This is our 13th year. We are the longest running annual hacker con in the United States. DefCon is the longest running, having just had their 17th con.”
  • Dnscon @ www.dnscon.org – “DNS is a data and network security council conference. This being the annual meeting of UK security professionals and interested individuals. The UK’s longest running open information security conference provides an opportunity to find out about new threats to information security.”
  • bruCON @ www.brucon.org – BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Brussels, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. It’s affordable, accessible and entertaining. BruCON is a conference by and for the security and hacker community.
  • thotcon @ www.thotcon.org – “THOTCON (pronounced \?th?t\ and taken from THree – One – Two) is a new small venue hacking conference based in Chicago IL, USA. This is a non-profit, non-commercial event looking to provide the best conference possible on a very limited budget. “
  • SEC-T @ www.sec-t.org – “SEC-T is an annual vendor and company independent information security conference in Stockholm, Sweden. The conference is a single track conference with one hour time slots. All presentations and official communications will be in English to allow our non-swedish-speaking presenters and attendees to participate without restrictions.”
  • Summercon @ www.summercon.org – “Summercon is known as the world’s oldest (and drunkest) computer hacker convention. While it has been held in many places around the globe, it has called the ATL home for the last two years. We’re happy to inform you that it will be held in ATL for 2009! Other cons may try to tell you that they will be ‘informative’ or ‘ground breaking’. We at SummerCon can only promise you the time of your life and an opportunity to meet life long friends. If you happen to learn something, we take no responsibility. Please stop back frequently as the site will be updated constantly.”
  • Shakacon @ www.shakacon.org – “The Shakacon security conference is a laid back conference where industry, government, academia and independent experts will get together to share knowledge and experience in one of the most beautiful places on Earth, Hawaii. “
  • Hacking At Random @ www.har2009.org – “an international technology & security conference. Four days of technology, ideological debates and hands-on tinkering in the Netherlands.”
  • RSA Conference @ www.rsaconference.com – “RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Japan. Throughout its 19 year history, RSA Conference has consistently attracted the world’s best and brightest in the field, creating opportunities for conference attendees to learn about IT security’s most important issues through first-hand interactions with peers, luminaries and emerging and established companies.”

Once again, if you think I missed a great one, feel free to mention it in the comments below.

Posted in Information Security | Leave a Comment »

Adobe's javascript issue

Posted by brainfoldb4u on January 7, 2010

I was reading this article from Threat post where Adobe’s security chief Brad Arkin had  interviewed by Threat-post editors Dennis Fisher and Ryan Naraine. It was long but interesting conversation with Brad Arkin explaining about what the recent malware exploit and what really went wrong and how there team responded to this  exploit. Questions from Dennis and Ryan were more straight to the point and made more sense on adobe’s reply on this issue. It is interesting to know how impossible it is to completely remove javascript without causing major compatibility problems.  But it is a lengthy conversation and here are the few very informative key points.

JavaScript black list:

i am not sure how many of you out there are aware of the JavaScript blacklist function a new feature that shipped along with their October update. JavaScript blacklist will allow users to define any specific javascript API as a black list item, which than wont be called. By putting a javascript into the black list, any PDF document that it attempts to call that will be denied. it’ll deny valid calls as well as malicious calls that try to corrupt the call to create a crash. And this is something users can do, and also administrators for managed desktop environments can also do this using group policy objects to roll-out the change as a registry key.

Document.netplayer:

The actual malware identified in adobe flash and adobe reader is in an API called Document.netplayer. Brad’s response for the possible disruption this API can cause is

Docmedia.newplayer is not one of the new API calls that is showing-up in every single PDF that we see.  It’s something that’s used a lot less often.  And so, if you were to disable JavaScript altogether, that would disrupt a lot of things.  Disabling this here, you know, for the people who rely on it, obviously, it would disrupt what they’re doing.  But, the majority of PDFs that use JavaScript don’t have this in it.  And so, for most users, their experience and their workflows are gonna be the same.  It’s something that, you know, enterprises need to understand what’s in their workflow so they can check what the impact would be.

Mitigation:

  • Utilizing the JavaScript black list function.  This is the most powerful mitigation.  It completely protects users against the attack, and at the same time it will cause the least disruption for legitimate uses of the program.
  • Something that’s a lot more disruptive, but also completely mitigates the current attack is disabling JavaScript altogether

Adobe’s steps to mitigate future attacks:

Back in May we announced this security initiative that the Reader and Acrobat engineering teams were working on.  And the – the three big legs of that process, we were doing – improving our process for urgent patch release, and then moving through the quarterly security update cycle.  But, the most important thing that we were doing there was the code hardening activities, and a big part of the code hardening, for us, was looking at the JavaScript APIs and doing things like looking for problems and fixing them, but also tightening up input validation, so that even if there might be a latent bug somewhere deep in the code that we don’t know about, if we can prevent the ability of the attacker to get malicious data to that weak spot in the code, then that’ll protect against the problem.  And so, tightening-up the input validation, working on, you know, any potentially risky areas and seeing what we could do there.

Why don’t you just remove JavaScript support from Adobe Reader?

No.  JavaScript is really an integral part of how people do form submissions.  And so, anytime you’re working with a PDF where you’re entering information, JavaScript is used to do things like verify that the date you entered is the right format.  If you’re entering a phone number for a certain country it’ll verify that you’ve got the right number of digits.  When you click “submit” on the form it’ll go to the right place.  All of this stuff has JavaScript behind the scenes making it work and it’s difficult to remove without causing problems.

Flash cookies

Flash player local shared objects, because they behave quite differently from browser cookies.  But, the local shared object is something that – what we find is that there’s a lot of great uses for that where the developer will store data locally, it’ll improve network performance, it’ll improve the user experience where they can queue stuff up immediately and not having to wait for network latency.  But, then we’ve see there’s some confusion about how to manage the local shared object, and then also there’s things that subvert the user’s intention where, you know, we’ve seen things like this respawning that you talked about.  And so, our goals are to make it as easy as possible for the user to exercise whatever it is they’re intending to do.  And it’s actually not any harder managing local shared objects through Flash Player in terms of just, if you measure the number of clicks required.  It’s just, it’s less familiar to users, and so people know how to go to their browser file menu and click on, you know, “clear cookie cash.”

But, doing those same clicks for Flash Player is something that people aren’t as familiar with, and we for a long time have tried to work with the web browser vendors for them to open-up the API, so that when the user clicks “clear browser cookies,” it’ll also clear the Flash Player local shared objects.  But, the browsers don’t expose those APIs today.  And so, that’s something that we’ve been working with those guys, because if they can make that open up that API ability, then we can hook into that as Flash Player, so that when the user clicks “clear” it’ll clear Flash Player as well as the browser cookies.

For complete story click here. Now its time for me to research how possible is to get browsers to clear the flash cookies along with browser cookies when user clicks “clear it”?  If you got any ideas please do comment..

Posted in Exploit, Information Security | Tagged: , | Leave a Comment »