Security - Frank Berger, IT-Dienstleistungen

29.12.200617.01.2013

23C3 - Brain Overflow Mitigation

Die Aufnahmefähigkeit des menschlichen Gehirns ist doch sehr begrenzt und so kommt es beim Besuch einer Messe oder einer Konferenz wie dem 23C3 schnell zur Überlastung. Die Halbwertszeit des aufgenommenen Wissens sinkt dann sehr schnell auf unter 30 Minuten. Aus diesem Grund habe ich mich zur möglichst schnellen Aufbereitung der Vortragsinhalte - unter anderem mit diesem Blog - entschlossen.

Ich bin echt begeistert vom bisherigen Verlauf des 23C3. Die Organistation ist gut und bisher scheint alles glatt und ohne Zwischenfälle zu verlaufen.

Today I had a few minutes of spare time and coded my first test program in Groovy, which uses GSQL and Groovy closures to access an Oracle database via JDBC:

import groovy.sql.Sql;

def my_id = 3;
def sql = Sql.newInstance("jdbc:oracle:thin:@localhost:1521:XE",
            "DS2", "DS2", "oracle.jdbc.driver.OracleDriver");

println("Printout all Products:");
sql.eachRow("SELECT prod_id, title from products order by prod_id") {
    println("${it.prod_id}, ${it.title}");
}

println("Printout Product with Prod_id=3:");
sql.eachRow("SELECT prod_id, title from products where prod_id = ${my_id}") {
    println("${it.prod_id}, ${it.title}");
}

I am really impressed by Groovy. Nice scripting language and if you know Java it is quite easy to get started! But be careful with it. The power of that language comes from heavy usage of OO techniques like Introspection and Reflection. Extensive usage can make a program quite slow. So it is up to you and your requirements...

Yesterdays presentation on "JSON RPC - Cross Site Scripting and Client Side Web Services" by Steffen Meschkat gave some inside information of the Google Maps API. He described in depth their approach with is very similar to an XSRF attack. They create SCRIPT-Tags on the fly to circumvent the same origin policy.

Again my stack for today:

12:45 Saal 4 - Fuzzing in the corporate world
14:00 Saal 1 - Bluetooth Hacking Revisited
16:00 Saal 3 - SIP Security - Status Quo and Future Issues
17:15 Saal 3 - Subverting AJAX
18:30 Saal 1 - Security in the cardholder data processing?!
21:45 Saal 1 - Automated Exploit Detection in Binaries

28.12.200617.01.2013

23C3 - The Beginning

Die Faszination im IT-Bereich liegt mitunter darin das es quasi jeden Tag etwas komplett Neues zu entdecken gibt. Diesem Leitsatz folgend gab es gleich am ersten Tag des 23C3 eine geballte Ladung an neuen Themen.

Im ersten Vortrag von Rechtsanwalt Peter Voigt ging es um die Neufassung des deutschen Strafrechtsparagraphen 202c. Der Vortag war insofern interessant als das bereits bekannte Fakten nochmals für den rechtlichen Laien aufbereitet dargestellt wurden. Die Einführung dieser Änderung wird jedenfalls erhebliche negative Auswirkungen auf die Arbeit im IT-Security Bereich haben.

Sputnik RFID
The picture above shows the active RFID tag of the CCC Sputnik Project. The Sputnik project
is an self made location tracking system. The tag consists of an micro-controller and an NRF24L01 RF-IC. The location tracking is based on transmitting the tag ID with 5 different power levels and software based correlation of several readers.

In the next talk "Fudging with Firmware" the speaker mainly focused on how to get started with an firmware image file - like you get it from your DSL-Router vendor.His tool UWfirmforce looks really interesting:

[frank@t01 UWfirmforce-0.0.1]$ wget http://www.uberwall.org/releases/UWfirmforce-0.0.1.tar.gz
[frank@t01 UWfirmforce-0.0.1]$ tar -xzvf UWfirmforce-0.0.1.tar.gz
[frank@t01 UWfirmforce-0.0.1]$ cd UWfirmforce-0.0.1
[frank@t01 UWfirmforce-0.0.1]$ make
make[1]: Entering directory `/tmp/UWfirmforce-0.0.1/plugins'
cc -W -fPIC -Wall -g -O2 -c ar.c

...

cc -o UWfirmforce UWfirmforce.o plugin.o  
UWfirmforce.o: In function `UWfirmforce_dlerror':
/tmp/UWfirmforce-0.0.1/UWfirmforce.c:298: undefined reference to `dlerror'
collect2: ld returned 1 exit status
make: *** [UWfirmforce] Error 1
[frank@t01 UWfirmforce-0.0.1]$ cc -o UWfirmforce UWfirmforce.o plugin.o -ldl
[frank@t01 UWfirmforce-0.0.1]$ ./UWfirmforce -v wgt634u_1_4_1_10.img | less

Analyzing file: wgt634u_1_4_1_10.img
Matching GZIP signature #0 at offset 26788
compression deflate, flags FNAME, 06/04/2005 07:27:46, OS Unix
Score: 100%

Matching CPIO signature #1 at offset 90769
binary big-endian, uid 21197, gid 19184, 16/06/1952 00:54:47
Score: 0%

...

The talk "Java wird Groovy" was even more interesting. It was an short but quite good introduction to Groovy. The final talk of the day about the OpenXPKI project made references to the tools sscep and CertNanny which you should definitely checkout if you have to deal with SSL certificates.

Like yesterday my stack of talks for tomorrow:

11:30 Saal 2 - Router and Infrastructure Hacking
12:45 Saal 2 - JSON RPC - Cross Site Scripting and Client Side Web Services
14:00 Saal 3 - Secure Network Server Programming on Unix
16:00 Saal 1 - A Hacker's Toolkit for RFID Emulation and Jamming
17:15 Saal 1 - RFID hacking
18:30 Saal 1 - Stealth malware - can good guys win?
21:45 Saal 1 - Black Ops 2006 Viz Edition

26.12.200617.01.2013

23C3 - The Arrival

23C3 Berlin Central Station

Ich bin gerade mit dem Zug in Berlin angekommen um - wie jedes Jahr ;-) - am Kongress des CCC teilzunehmen. Ein ganz besonderer Gruß geht an dieser Stelle an meine Freundin Kerstin, die leider aus beruflichen Gründen nicht mit nach Berlin kommen konnte.

Hier schon mal mein "Vortrags-Stack" für den ersten Tag:

10:30 Saal 1 - Who can you trust? Opening Ceremony and Keynote
11:30 Saal 1 - Das neue gesetzliche Verbot des Hackings
14:00 Saal 2 - Project Sputnik - Realtime in-building location tracking at the 23C3
16:00 Saal 4 - Fudging with Firmware - Firmware reverse-engineering tactics
17:15 Saal 4 - Java wird Groovy - Eine Einführung in die neue, dynamische Sprache für das Java-Ã–kosystem
21:45 Saal 4 - Building an Open Source PKI using OpenXPKI

23.11.200517.01.2013

22C3 is coming up

Wow, the end of 2005 is coming, so - same procedure as every year :-D
In my case that will be the 22nd Chaos Communication Congress. Just finished booking the train ticket and hotel.

The line-up of interesting talks is quite overwhelming this year. There are a lot of talks about buffer overflows and related topics - I am very curious about new approaches and developments concerning that craftwork...

The degree of collateral damage for this years congress will also be very amusing :-D. Last year we got a mass defacement for over 18.000 websites. Well nothing spectacular, but it hit the news and makes up the reputation...

If you are interested in digital life and/or computer security you may want to check out the 22C3 webblog or the schedule.

You also attend the 22C3? If you like get in touch with me... I am always happy to meet new and interesting people.

16.05.200517.01.2013

21C3 Video Recordings

Wow, it finally happend - the video recordings from the 21th Chaos Communication Congress are in the Torrent! Just have an look at the offical BitTorrent tracker.

Well I have my own list of favorite talks:

013 The Art of Fingerprinting
019 Verdeckte Netzwerkanalyse
057 SUN Bloody Daft Solaris Mechanisms
070 Fnord-Jahresrueckblick
074 Hacker-Jeopardy
097 Das Literarische Code-Quartett
105 Honeypot Forensics
109 Anti-Honeypot Technology
123 Gentoo Hardened
146 Mehr Sicherheit fuer HostAP-WLANs
176 Passive covert channels in the Linux kernel
308 MD5 To Be Considered Harmful Someday

To play the videos I had to make some small adjustments to mplayer. The AVI-Files use H.264 as videocodec and AAC (MPEG4) ID 0x706D as audiocodec. To get the audio I had to register libfaad2 for the ID 0x706D to hear the audio within mplayer. But that was all I had to do.