Threat Research

Hashdays 2012 wrap-up

By Axelle Apvrille | November 07, 2012

I enjoyed the Hashdays conference very much. For those who missed my talk, read this blog post. And now, more about other talks.

Christien Rioux (@dildog) opened the conference with an interesting and unusual keynote about how hackers evolve (or not) through years. He illustrated his talk with his own experience, a lot of hacking at first, then improving his hacks and finally managing his own teams and company. He went through a few golden rules to be a good manager (such as how to earn respect from one's team). I guess everybody has different motivations and opinions, but this was an unexpected keynote.

Nicolas Oberli (@Baldanos) is a fan of old arcade games and has built his own arcade machine from various bits and pieces. His presentation focused on coin handling devices, coin hoppers etc. Those devices communicate with each other using a protocol named ccTalk. He wrote a few tools to help him analyze that protocol such as ccParse or ccSniff, a ccTalk Python sniffer. As ever, ccTalk revealed a few flaws. Among others, I remember I was surprised that its encryption algorithm was obsolete (DES!) and only planning for AES in 2013.

Jean-Philippe Aumasson (@aumasson) presented Keccak, the SHA3 hashing function winner. Although he was naturally sad his own BLAKE algorithm did not win the contest, he made a good job describing how and why Keccak was selected. Mainly, it seems that the jury liked the fact it was different from SHA2, had excellent speed results on ASICs with only few gates, and was usable for HMACs. But we also understand that the decision must have been hard, because there are many points to be compared (speed on FPGA, software, security margin...) and no algorithm came first on every point.

Kyle Osborn's (@theKos) talk was mainly around his Android tool, p2p-adb (phone-to-phone adb), and how he could use it to detect if a phone was rooted, root it, grab various personal information, crack the gesture pattern (antiguard). Quite strikingly he also showed that some google account information he collected would help an attacker gain access to the victim's google account without any need for a password... He reminded hackers to turn off adb on their Android phones.The talk was excellent. But I hadn't understood he'd be talking about that from the title and the abstract ;)

In the middle of Kyle Osborn's demo

Xavier Mertens (@xme) talked about correlating information of various security tools so as to react upon them. For instance, if a user fails to login 5 times on a given login page, the HTTP error will probably end up in a given web log, the user nname in another log and the IP address perhaps in an even other log. By correlating data, it is possible to dynamically update the firewall with a new rule, to ban that specific user. To do so, Xavier uses OSSEC, an open source tool.He warned users however that there were issues to such reactivity: compliance issues, problems to yield control to an 'automated' system, risks of banning one's own account etc.

-- the Crypto Girl

Join the Discussion