Blog‎ > ‎

34C3 - TUWAT - Talks - Part 1

posted Jan 20, 2018, 11:12 PM by Sami Lehtinen   [ updated Jan 20, 2018, 11:12 PM ]
Compact list of listened talks and related keywords & personal thoughts:
  • Dude, you broke the Future - Yes, future is extremely hard to predict. Technology is changing so fast. Anyway, only future will tell. We'll see what kind of AI's and "autonomous agents" there will be connected to our IoT and Social Networks stuff in future.
  • The eavesdropping programs of the secret services - Nothing new here. Not news, that everything is being spied as much as possible.
  • The Ultimate Apollo Guidance Computer Talk - Architecture: Memory addressing, CPU registers, Banked RAM / ROM and Assember langauge code, Interrupts and Interrupt Handlers, Counters, I/O registers, absolutely awesome. All the usual stuff. But that's not all, then it continued to the Microcode level. Hardware: Magnetic Core Memory and hand wolven Core Rope Memory. Peripherals. Simply amazing and wow. I mean,of course tech is what it is. But who creates such a great talk, about such an old tech. User Interface: Flashing digits and number keyboard + DSKY buttons with lamps. Cool. So retro. - Lol, system working internally in metric system, but the user interface converted everything into imperial units. - Lecture continues into what else, space navigation. They got autopilot, but we're still waiting one from Tesla. Haha.- Different methods to rendezvous in Moon orbit. - Finally the fun part, what could go wrong? - As general comment, very fast talk too. Tons and tons of information.
  • Just my own thoughts which came up while watching the previous talk: Task queues haven't changed a lot, the task queue with priorities and "postpone execution", is exactly what I've implemented.
  • Internet of Fails - Where IoT has gone wrong -. Lol, not so unexpected either. "FAIL = First Attempt In Learning" - Insecure children's and adults toys. Haha. Regulation, GDPR, data breaches and so on. Also short summaries of just so many security flaws, especially in 2017 of course after the history section.
  • Demystifying Network Cards - Let's see if there's anything new in this talk. Probably not, but you'll never know. - Yep nice talk in general. I'm not afraid of tech stuff, so no worries. I do low level I/O just fine. - Nothing new, thanks.
  • Everything you want to know about x86 microcode, but might have been afraid to ask - This one is quite timely talk, due to important Intel Microcode updates being out there, yet which have been widely reported to be buggy. Microcode isn't signed, it's just check summed. Wow, lots of deep reverse engineering. Microcode level back doors in CPUs. Cryptographic exploits. When things are deeply nested, almost any lawyer can be used to attack the whole.
  • Free electron lasers - Interesting tech stuff, particle physics and synchrotron radiation light sources, x-ray free electron laser. Very good talk, nice introduction, even if this should be known for everyone. It's good to cover background too. Ultrashort pulse, Femtosecond lasers. Wiggler and undulator magnets. X-ray crystallography. Defraction pattern data analysis must be quite CPU intensive task. Even if not directly computer related, this must be one of the most interesting talks. Incoherent radiation to coherent radiation.
  • Unleash your smart-home devices: Vacuum Cleaning Robot Hacking - Hacking using tinfoil. Vacuum cleaner is running Ubuntu. Communication, internal details, processors, operating systems, encryption, cloud APIs. Remote updates. Update process seems to be pretty much what's expected, yet it's bit better done. With decryption, checksums and new root passwords etc. At least they're using static encryption keys and passwords for part of time, which is business as usual. Nice reverse engineering. Rooting vacuum cleaner. Installing own software. Modifying firmware. - Dustcloud. Installing malicious software.
  • Inside Intel Management Engine - Is this official back door by Intel to all Intel computers? Ha? Let's see what the talk offers. JTAG fun. Integrity and Confidentiality Keys extracted.
  • Ecstasy 10x yellow Twitter 120mg Mdma - Old project. But that newer stuff, <script> in bookname broke many sites. Of course this shouldn't happen. But as stated earlier, nobody cares even if e-commerce sites are secure. - Personal experience: Yet this is nothing new, it's so often possible to inject all kind of stuff into systems, javascript, sql, etc. Because nobody mostly cares about things getting seriously broken. - I guess this is nothing new for anyone doing integrations. Everyone always is assuming, that someone else is guaranteeing that the data is valid and secure, until boom. In context of system integration, data isn't handled as 'user input' but already cleaned and secure. Which is of course security failure, but doesn't usually matter at all. Because we're only dealing with trusted parties, right?
  • Deep Learning Blindspots - Interesting title, but is there anything new? Machine learning. Neural Networks, Deep Learning. Adversarial Examples how to fool neural networks. Fast Gradient Sign Method vs Jacobian Saliency Map. Black Box Attacks. Cleverhans, Keras, Theano and TensorFlow. Deep-pwning. Vanderbilt. DeepFool. FoolBox. Evolving AI Lab: Fooling. Uses: Spam filters, Network Intrusion, Self-Driving Cars, Data Poisoning, Malware heuristics, etc. Steganography.
  • Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection. Interesting, more surveillance technology. Off-topic comment, I loved spy vs spy games. - Audio evasedropping is a real threat. Nowadays required technology is ridiculously cheap and widely available. They started with history and The Seal Bug / The Thing. Induction powered devices. Some of the methods: Metallic-point wiring, fiber-optic video surveillance, laser monitoring of sound vibrations on windows, transmitting bug in adhesive material stuck on window, microwave monitoring of computer emissions (TEMPEST), bugs in sockets (phone, electric, light switches, etc), microwave bugs, direct sound surveillance with directional microphones, bugs hidden in desktop items / furniture and so on. Btw, this list was in history section. Surveillance via applications, like FinFisher  and Salamandra SDR @ GitHub.
  • Sockpuppet social media personas - GCHQ social manipulation, FBI tracing user identities, - GCHQ - https://en.wikipedia.org/wiki/Government_Communications_Headquarters - targets hackers. Operation techniques. People targeting. Covert agents spying in multiple chat channels. Private messaged people to corroborate information or entrap them. - I guess this is nothing new. This was problem already decades ago. Personal comment: "That's just why OPSEC is so important when doing something, which isn't public. Requires total personality dissociation and minimizing communication. ". lurl.me. I guess it's not news that URL shortening services are used for click tracking. Even I did that, when I had my own URL shortening experiment. JTRIG, HUMINT operations. Also using proxy to log traffic, sounds well, just decades old school. Been there, done that, of course. Distracting, discrediting and providing disinformation using fake on-line aliases and personalities.Censorship-resistance. Government sockpuppet accounts only posted during WRK hours on UTC. Funny. Basic rule, don't trust anyone. Don't share any information.