The best kittens, technology, and video games blog in the world.

Friday, March 09, 2007

Live Hacking at CoolKon III

Trinity hacks Matrix with nmap and sshnuke (fair use)I gave a 2h talk on computer security ("Hacking na żywo") at fantasy convent CoolKon.

I promised to upload the slides, so here they are. They're all in Polish, sorry.

It was mainly for RPG players and other lay audience, so I didn't demonstrate any new exploit technique ;-), just the basics in highly simplified and easily digestible form.
For those who weren't there, here's a short summary:
  • What's wrong with the way media talk about computer security
  • Matrix Reloaded as a surprising exception
  • What is security, and how far can we go by pretending the problem doesn't exist
  • Major classes of security problems - buffer overflows, sql injections, cross-site scripting, not patching regularly enough, using known-to-be-broken software like IE and sendmail, plain lack of responsibility
  • A short movie from 21c3 talk on physical security and lockpicking showing that even protecting against every known problem doesn't guarantee security (movie - skip to minutes 34 to 38, more info)
  • Highly abridged version of how networking, TCP/IP, and packet dumpers work
  • Live demonstration of tcpdump, tcpflow, and ettercap
  • Theory and live demonstration of nmap
  • Diffie-Hellman key exchange, man-in-the-middle attacks, and certificates that users ignore anyway
  • Full disclosure and why is it so important. How software vendors really react to reported security issues
  • Exploits and exploit data bases
  • Scarying people by showing them how many exploits are there in ExploitTree data base
  • SQL injections and anti-PHP rant
  • Buffer overflows and anti-C rant
I have no idea why I forgot to include cross-site scripting demo.

No comments: