#ToorCon 2012: San Diego's Hacker Conference

This past weekend at the Emerald Plaza Westin Hotel, the 14th ToorCon was held and yours truly was in attendance. Also in attendance were other alternative media people (Better known than me) Darren Kitchen from Hak5 and Nixie Pixel from OS.ALT.

This was my third time being at ToorCon. On a strange side note, it appears that I make it to the conference every three years. The first time I went was when I worked at Websense in 2006, then in 2009 I was able to convince my employer at that time, Newland Communities, to let me go. This year since I actually do have an InfoSec role in my current company, I was able to convince them to let me go this year.

At this year's conference there were some interesting talks. The first one I will mention came from Dan Tentler from Aten Labs. He gave his talk on using Shodan to find all sorts of things online from security cameras and traffic cameras to fuel cells and dams. All of them easily accessible with default passwords, or no credentials at all. He gave a similar talk at Defcon. Check it out:



The next talk I will mention was by Drew Porter, aka RedShift. What he is doing is building little "Internet in a Box" kits in the event the government ever creates their Internet Kill Switch. He is calling his project DuskNet which according to the ToorCon site is:

A complete cellular/WiFi darknet in a box, allowing for rapid deployable anonymous communication to counter act the shutdown of networks in other countries. DuskNet is a complete solution from backend servers to comm boxes to end devices.

Currently the plans to build these DuskNet boxes include components that cost around $4,000 to build yourself, however Porter says that is mainly because he put some powerful stuff in there.

The last talk I will mention was by Joseph Giron on hacking password safes, namely KeePass and Gorilla. What I learned from his talk was that the security issue isn't in the password safe programs or encryption themselves, but a problem with Windows copy buffer. His exploit basically looks for a common string when you copy your password out of KeePass, then writes the plain text of your password to a text file. Simultaneously when a password is grabbed out of the copy buffer, a screenshot is taken so the attacker can get the username as well as whatever else you have open.

Currently this only works in Windows, but it's important to know that this does work with browser plugins that autofill passwords from KeePass. I would say that it works more like a keylogger, except it isn't capturing key strokes per se. It is simply capturing copy buffer information whenever a specific string is detected. Pretty slick if you ask me.

There were a bunch of other talks that were done, but the three above were the most interesting to me. A full list of the talks given are available here. If you wait a while, I'm sure those talks will make it up on Youtube.

Did you go to ToorCon this year? What talks did you like the most? Let me know in the comments.