http://www.tomshardware.com/business/200408021/index.html By Humphrey Cheung August 2, 2004 The 12th annual Defcon hacker convention was held at the Alexis Park Hotel in Las Vegas Nevada. For three days, hackers exchanged ideas, presented new and sometimes scary information and partied hard. More than a hundred speakers gave dozens of talks on computer security, hacking and privacy issues. For a mere $80 attendees received access to the talks, contests and the after-hours parties. In this article we will cover some of the more interesting contests and give you an overall feel for the convention so that you can decide whether you want to attend next year. Three download videos are included. Wall Of Sheep The Wall of Sheep is a projector screen that displays captured usernames and passwords. The Wall, which originally was named as the Wall of Shame, is a time-honored tradition at Defcon where a loose knit group of people continuously sniffs the network for any plaintext usernames and passwords on the wired and wireless networks. Since this is a hacker convention, attendees using the Defcon network should protect their logins by using VPN, SSH or other encryption technology. Some attendees apparently didn't get the message. In the first few years, the usernames and passwords were written on paper plates and then taped to the wall. As the number of passwords found grew, a better solution had to be found. A computer security engineer, named "Riverside", wrote the Wall of Sheep software from scratch. He also was one of the original people who started the Wall. The usernames and passwords cycle up and down so people can see all the information gathered since the start of the convention. In addition only the first three characters of the password are shown in order to protect the privacy of the user. Riverside said that some people have been so ignorant in using the wireless at Defcon. He gave several examples of people who had their passwords intercepted, who then tried to change their passwords on the same insecure network, only to have the information intercepted again! Riverside examines all the new attacks at Defcon and then implements a defense at his daytime job. About 200-500 passwords are found every year at Defcon. The typical passwords are email, FTP and other login passwords. This year, someone was dumb enough to email their tax returns in .PDF format at the convention. This traffic was immediately intercepted and the above humorous message was displayed on the projector. Also another person was emailing people asking how to get a fake ID. This was also intercepted and displayed. I have blacked out some identifying information to protect the users' privacy. [an error occurred while processing this directive] As Riverside explains, "The Wall has shown people the importance of using encryption, not just at Defcon but in all network traffic. I have had security experts who have attended Black Hat, SANS and other conventions thank me for showing them how vulnerable their traffic was." [...] _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Fri Aug 06 2004 - 07:20:59 PDT