Charl Van Der Walt
On hacking and politics
I meant to blog this whilst I was still in Vegas, but only got around
to it now. Its arb, but worth a bit of thinking… Kenneth Geers’
talk titled ‘Greetz from Room 101’ was on which countries have the
Top Ten most Orwellian computer networks. In his precis he asks
“Could a cyber attack lead to a real-life government overthrow?”
I find these kinds of discussions really interesting, because of the
significant role that information technology plays in today’s wars on
crime and ‘terror’. In such “wars” the lines between right and wrong
are very loosely defined. As we saw clearly in South Africa today’s
terrorist is tomorrow’s freedom fighter. Thus, a technology that
could be used fight terror today, could just as easily be used to
oppress freedom tomorrow. Technology will serve any master.
SensePost Training at Black Hat Las Vegas
The Black Hat Briefings is arguably the most significant technical
security conference in the world. It takes every year in Las Vegas
and also includes a series of diverse technical training courses. For
the sixth time this year SensePost will be presenting a series of
courses from our ‘Hacking By Numbers’ range at the briefings. There
are a number of courses catered for most levels of technical
experience, starting with ‘Cadet Edition’ for novices and ending with
‘Combat’ for expert level hackers.
On vulnerability, root cause, white-listing and compliance
Many years ago, when we first released ‘Setiri’ one of the controls
that we preached was website white-listing. As talk-back trojans
would connect back to arbitrary web servers on the Internet, we
argued that companies should create shortlists of the sites employees
are allowed to visit. This, we argued, was much more feasible than
trying to identify and block known ‘bad’ sites. Of course, there are
a number of other compelling reasons for implementing this kind of
white-listing, and of course nobody does it (even though I’ve seen
fairly good technical implementations of this concept).
CSI Corporate Threat Modeling Talk
Whew. After much last-minute war with PPT C# and ORM our slides and
Beta 1.0 of our tool are available on our research site. I think the slides are pretty neat,
and I’m *very* excited about the tool, but unfortunately we didn’t
get as far with the latter as we’d hoped to. Still, it illustrates
the concept pretty nicely and its built pretty solid (thanks James)
so it should grow quickly from here.
Threat Modelling Talk at CSI Phoenix
After a six hour delay due to technical problems *before* my journey
even started I’m finally on the plane and waiting for take off. Tag
an additional five hour delay due to a missed connection in New York
and this quickly become a very, very long trip. Perhaps my longest
ever. Ah well, the price we pay for living at the end of the world, I
guess.
Hotel Hacking
Check out http://hongkong.langhamplacehotels.com/accom/technology.htm in Hong Kong. They provide Cisco IP phones in the rooms, but with a difference. According to an article I read in TIME the hotel will collect your most frequently dialled numbers and load them onto the touchscreen phone when you return for your next visit. Not only that, they also program the phone to show stock quotes or news and weather from your home town, AND if you forward them snapshots of your loved ones they’ll pre-load those onto the phone’s interface also.
Prev
Page 5 of 5