SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit

Filed Under: Featured, Podcast, Privacy, SophosLabs, Vulnerability

Sophos Security Chet Chat logoThis Chet Chat is the last one from our summer hiatus and features Peter Szabo and I discussing a few more of our favorite talks from Black Hat and DEF CON 2012.

I started our discussion with Moxie Marlinspike and David Hulton's talk "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2". They explained some of the mistakes Microsoft engineers made in their implementation of MS-CHAPv2 a common authentication protocol used for VPNs and WiFi access points.

Because of these flaws, the cryptographic strength is somewhere in the neighborhood of 56 bits. This allowed Marlinspike and Hulton to launch a service using general purpose FPGAs that can crack any key in 24 hours or less for approximately $200.

Peter went to a talk on reverse engineering firmware titled "Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole". The tool is not yet available, but will be released allowing anyone to peer inside of firmware blobs for printers, routers, phones or any other flashable device.

I attended a very sensible talk about smart meter security called "Looking Into The Eye Of The Meter" in reference to the infrared "eye" that can be used to talk to this latest generation of meters.

SecureState have released a toolkit to assist others in performing vulnerability assessments of meter infrastructure.

Pete wrapped up by sharing the entertaining talk he attended on hacking public transit systems called "How to Hack All the Transport Networks of a Country". The presenter explored all the different ways that technical skills and social engineering can be combined to manipulate any large, complicated system.

(10 August 2012, duration 14:34 minutes, size 8.4 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 97, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

, , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.