Reliant Security experts share technology tips, retail industry insight, and other tidbits.
By Eiwe Lingefors–Senior Security Engineer, Reliant Security
Every year, for the past 17 years, a slew of the brightest minds in the information security field descend upon Las Vegas for the Defcon hacker conference –the largest gathering of its kind anywhere in the world. This year, there were over 10,000 attendees. The presentations and content of the conference attract people from all living generations. Black, white and grey hats alike flock to Sin City to learn about a wide range of topics and meet peers from around the country and the world.
Having attended seven of these conferences (since Defcon 6) it has been an interesting experience watching it grow from more of an underground affair to what it is now.
The presentations at the conference range from tutorial to expert level and deal with a wide range of different topics related to all aspects of information security.
The most revealing presentation this year was one given by Moxie Marlinspike on the topic of SSL. This talk was also given at the sister conference of Defcon, the Black Hat Security Briefings which occurs right before Defcon at a different hotel in Las Vegas.
The talk exposes a fundamental flaw in the way SSL is implemented that affects nearly all web browsers. This flaw allows an attacker to obtain an SSL certificate for any chosen domain and bypass the automated verification checks due to an input validation bug. You can then use a man-in-the-middle attack to seamlessly inject this certificate and redirect the session traffic to a location of your choosing. All unbeknownst to the end user who believes his session is encrypted with a valid certificate.
I encourage you to view the entire presentation. Please click here for the full video and slides.
This was just one of many excellent talks. However, the conference is more than just presentations. Among other things, you can also spend your time learning or improving your hardware hacking skills, participate in the Open Capture the Flag contest where you complete various hacking objectives on a closed network, or learn about quantum mechanics (yes. really!).
Defcon continues to be one of the best, completely vendor neutral security conferences. It is packed full of great content that will teach, frighten and entertain you.
If you’ve ever considered going, or if this is your first time hearing about it, I encourage you to make an effort to go in 2010.
If you go and don’t like it, you can blame me.