Confidence 2009 in Cracovia19/05/2009 Written by Boris Mutina (minor)
Once again I was lucky to attend really perfect security conference and here are some notes from there. Confidence is the one really high-profile conference in Central Europe. The strongest “magnets” this year were Bruce Schneier and Joanna Rutkowska. Here are few notes from this event.
Since I didn’t knew anything about the road reconstruction that is taking place now in Poland, I arrived to the conference venue too late and missed those “magnets”.
Adrian Pastor “A Pentester’s Guide to Credit Card Theft Techniques”
As the name of the presentation says, Adrian tried to explain confused pentester’s feelings with PCI DSS and explaining weak points when comparing to conventional pentest.
Mario Heiderich “I thought you were my friend Malicious markup, browser issues and other obscurities”
Very interesting presentation showing new elements affecting the browser security in the meaning of the code executed by the browser (and bypassing IDS, IPS and WAF using common html code). He showed few different possibilities to trigger XSS using elements of code (XML, SVG fonts…). The most interesting part was the triggering XSS by using prepared and malicious GIF image (actually containing JS inside).
Pavol Luptak “Public transport SMS ticket hacking”
If you travel with the public transport in some cities, you can buy a ticket using the SMS message, shortly you should receive SMS response with confirmation code. Using this kind of attack, there is just one phone connected to hacker’s server that is sending request for ticket and distributing its confirmation code in a spoofed message not over SMS but over TCPIP using the data connection to anybody who may be requesting it because of the inspection. Working attack method was presented, with description of necessary tools, attack framework etc. From my point of view, one of the best presentations at Confidence. Happy Birthday, Pavol!
Martin Mocko “Race to Bare Metal: UEFI and Hypervisors”
As the name states, UEFI — Unified Extensible Firmware Interface and it’s features was described as a next generation of hardware “BIOS”. Since all the HW vendors are now trying to use UEFI, we will hear a lot about it in the future. UEFI can contain features for boot time, like disk support, USB support, working TCPIP stack. All is written in C language and modular. Interesting part comes, that UEFI has to be loaded first before any other (maybe also chip embedded and malicious) system hypervisor does. Nevertheless even the UEFI is loaded, attacker still can try to add new driver to be loaded before UEFI enters from boot mode to runtime mode. He also presented secret and undocumented functions for UEFI in Vista.
Jacob Appelbaum - “Tor Network”
He explained status of TOR project, how it works, what features except anonymisation TOR has, and how can TOR help to people that have troubles accesing certain websites (even for human rights activists). I had after this presentation good talk with Jacob mostly about possibility of eavesdropping on TOR network and the incident that happened, when passwords from embassies leaked by eavesdropping on TOR. Thanks for your time, Jacob.
Rich Smith “VAASeline: VNC Attack Automation Suite”
As the name of the presentaton tells, Rick presented about the VNC and RFB protocol used by VNC. He showed also all in one working solution allowing automated actions to be taken on VNC systems.
Alexei Kachalin “Efficiency Estimation of Network Security Systems of Global Networks.”
Very interesting presentation about creating a framework, that could simulate viral outbreak in the monitored network. While this project is still in preparation, it can be useful when monitoring client’s network for illicit activities.
Michael Kemp “Rootkits are awesome: Insider Threat for Fun and Profit”
As Michael appeared on the stage, I was sure, this guy will make a great presentation. He presented about the risks of DLP software (data loss protection) made by most of antivirus vendors and it’s behavior like a rootkit. He pointed out that such software requires to stop anti-* software for installation, it cannot be detected by antivirus software, antirootkit etc… so basically it is a “undetectable” rootkit. Then he showed on real example how such software is actually a detectable rootkit, what registry entries it makes, what files it calls and uses and how to detect it and prove, that it is actually a rootkit.
More information about COnfidence 2009 can be found on