Blog‎ > ‎

32c3 comments, random ramblings, thoughts, notes, dump part I

posted Feb 4, 2016, 7:37 AM by Sami Lehtinen   [ updated Feb 7, 2016, 12:14 AM ]
32c3 videos - Watched, in no particular order: Windows drivers attack surface, What does Big Brother see, while he is watching, Towards (reasonably) trustworthy x86 laptops, Thunderstrike 2, The Great Train Cyber Robbery, Shopshifting, Shooting lasers into space – for science, New memory corruption attacks: why can't we have nice things, My Robot Will Crush You With Its Soft Delicate Hands, Lifting the Fog on Red Star OS, Internet Landscapes, How the Great Firewall discovers hidden circumvention servers, Household, Totalitarianism and Cyberspace, Hardware-Trojaner in Security-Chips, Datahavens from HavenCo to Today, Console Hacking, Avoiding kernel panic: Europe’s biggest fails in digital policy-making, APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for, Beyond your cable modem, Plunge into Proxy Politics, One year of securitarian drift in France, Logjam: Diffie-Hellman, discrete logs, the NSA, and you, Let's Encrypt - What launching a free CA looks like, Ecuador: how an authoritarian government is fooling the entire world, Evolution of Brain-Computer Interfaces, Verified Firewall Ruleset Verification, Rowhammer.js: Root privileges for web apps, Quantum Cryptography, All Our Shared Spectrum Are Belong to Us, Iridium Update.
Short random thoughts about 32c3 talks: Red Star OS stuff made me lol a few times, especially the file tagging feature. Great Train Cyber Robbery was quite awesome talk too. Beyond your cable modem was also really fun, just so typical fails you can see everyday everywhere. Beyond your cable modem was awesome. I wonder how bad the security guys telcos are. Hah hah. If I said some talk weren't technically impressive, at least the "New memory corruption attacks" was very detailed, and absolutely awesome talk. How the Great Firewall discovers hidden circumvention servers. The talk didn't contain anything new for me, except Alkasir, which I haven't used so far.  Trolling GFW suggestions weren't really effective afaik, fighting those attacks they presented is trivial. Only total prototype / n00b code would suffer from the attacks they presented. Hacking consoles talk was also nice, so many fails and nice low level technical details. Loved it. Also the parts about cipher cracking were absolutely amazing. Now it's not some random light talk, it's hardcore talk with facts! One of the insightful comments about privacy and anonymity was that don't try to do online banking over Tor or shady anonymous VPN service providers, because you'll account will very likely end up being locked down. When hardware must just work talk was awesome including testing schemes, emulation, simulation, etc. Lovely! Fixing and working around silicon issues. Not my field, so I really enjoyed the talk, even I guess the stuff is pretty obvious for people working in the field. rad1o++ - HackRF, looked like a really nice device. Nokia 6100 display lol. Unfortunately I don't have time to play with one. The Iridium update visualizations were just simply beautiful. Data with IMEI only, hmm.  This is good stuff, this is awesome talk. I love it! The packet details etc. Packet analysis was truly awesome. <3 Yep. Uncrypted, etc, very old tech from 1990s.This talk is pure love. Satellite Interception System (ISI). Wormholing & Time Traveling was also awesome. Cool NFC attacks! Concept of Friendly Jamming was also nice. Seeing with Wi-Fi 2.4GHz Radar, Covert Channels, Information Hiding, Confidentiality, Transmitter Fingerprinting, nothing new. Antenna wars. Firewall Ruleset Verification was nice too. Spoofing protection. Talk about fake Mega Corps was really nice. I didn't know that sites like that are hunted down. Isn't that evil? Electronic Emergency Brake Light as Vechile2Vechicle Communication based on IEEE 802.11p. Message Routing, Awareness based communication,  Ha. Just so basic stuff, all these considerations need to be done whenever building whatever P2P network. ETSI + SAE & ISO/IEC. The proposed Security & Privacy solution with all certificates and cert chaining & cross validation does look really vulnerable. I just wonder what kind of fun hackers can have with V2V comms. GeoNetworking, BTP, CAM, DENM. Car 2 Car communication consortium. Collective Perception. Rowhammer talk was nice, memory bit flip modification using row hammering, cache attacks. LRU cache eviction, bitflip, Graphs, Drones, Phones, Tagging, Tracking and Locating (TTL). Strategic Big Data Meets Social. Target Development and Discovery utilizing network graph analysis. After this social analysis, it's able to profile these potential suspects. Counterinsurgency manual and insurgents strategy manual, graph density shift based on actions taken aka shaping operations. Starting point for the analysis is known targets and contacts. All of this stuff actually does also directly apply to any mesh style P2P network. Goal is to implement fragility into the network structure. Palantir, Scale, Speed, Agility. Many military drones carry electronic eavesdropping equipment collecting and targeting different sources. Highly targeted weapons WID (Weapons of Individual Destruction). This is also awesome direction, when we're going to see smaller attack hunter-killer drones, which strike selectively on listed individuals. Nothing new, if you have watched Ghost in the Shell The New movie. Anti-radiation missiles (HARM, AARGM), Encryption keys, entropy, random, random number generation, unpredictable numbers, CSPRNG, cryptographically secure pseudo-random number generator. Just telling here that a Threefish cipher is based on tweakable Skein hash. Entropy pool. Uh, long talk about /dev/random and /dev/urandom difference, shouldn't be that hard. Hardware True Random Number Generators, TRNG or HWRNG. Or like Intel RDRAND.