SSCC 96 - NFC hacking, audio steganography, IPv6 security and automated malware analysis

Filed Under: Featured, Malware, Podcast, Privacy, SophosLabs

Sophos Security Chet Chat logoThis week's Chet Chat features Peter Szabo from SophosLabs as my guest to discuss some of our favorite talks from Black Hat and DEF CON. A small contingent of us were lucky enough to have Sophos send us to Las Vegas to learn (and party) with the best security experts in the world.

Peter and I largely took a divide and conquer approach to the talks at the conferences. By attending different talks we could cover more ground. In this Chet Chat we chose two favorites each to share our thoughts with our listeners.

We both were able to attend Charlie Miller's talk "Don't stand so close To me: An analysis of the NFC attack surface" where Miller explained his methodologies and shared his findings on the security of the NFC stack on both Meego and Android devices. Peter discovered that the simplest way to stop someone from surreptitiously scanning your NFC cards is to buy a stick of gum.

Peter attended Thor's talk "Socialized Data: Using Social Media as a Cyber Mule" on steganography. For those who aren't familiar, steganography is the technique of taking some sort of sensitive information you wish to transmit in secret and hiding it inside of some other type of file. For example you might send a message by hiding it in slack space inside a JPEG image.

Peter explains how Thor's technique utilizes social media and what is called a waterfall effect.

I attended a talk titled "The myth of twelve more bytes: Security on the post-scarcity internet" presented by Alex Stamos and Tom Ritter. Many folks are under the illusion that the vast number of IP addresses available on the IPv6 internet will make attacking infrastructure much harder, if not impossible. In this talk Stamos and Ritter talk about the new risks introduced when using IPv6 and even some of the troubles with DNSSEC and secure name services.

Lastly Peter explains the new File Disinfection Framework project announced by Mario Vuksan of Reversing Labs. This tool can be used by malware researchers to automate the unpacking of obfuscated malware samples. Peter does a lot of reversing work for SophosLabs and gave listeners his impressions.

(03 August 2012, duration 14:08 minutes, size 8.5 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 96, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

, , , , ,

You might like

One Response to SSCC 96 - NFC hacking, audio steganography, IPv6 security and automated malware analysis

  1. Ellie K · 683 days ago

    I was trying to find out a little more about this so-called audio steganography. Thor's talk, which from what I could tell in a three sentence summary in a husband-and-wife infosec blog, in French, was that it wasn't anything new in particular... the part about hiding messages in Facebook might be more significant, not like I'll ever know... I am so jealous of everyone who goes to Defcon... I want to, I really really do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.