Finally sitting down at Paul’s laptop to write up some notes on the talks I’ve seen so far. I’m going to break it up into days becaus eI’ve taken a lot of notes :) Here goes, with comments in brackets:
- EU security operations / CERTs are not very organized
- cyber warfare is mostly bull****
- They’ve fully soft-unlocked the phone, but it’s been done in such a way that Apple can still fix it with a software update
Memory Forensics with the Cold Boot Attack
- attack has been fully weaponized to USB keys (or functional iPods) and PXE boot
- Jake has found a somewhat unrelated bug in Mac OSX’s Login.app which results in logged-in users’ passwords being stored in RAM; Apple is aware of the issue and not fixing it. Same for FileVault keys [o_0]
- Linux dm_crypt is vulnerable
- loop_aes devs thought they weren’t vulnerable because of some key-shifting stuff they do, turns out it just means that they store twice the keydata🙂
- Co-author of USENIX paper Nadia wrote an awesome keyfinding tool which can grab keys from RAM even with something like 75% corruption
- Bitlocker default / simple mode is totally pwned
- Even with TPM in use Bitlocker is still vulnerable if precise timings are used
Dan Kaminsky – Why were we so vulnerable to the DNS vulnerability?
- random person named Paul sitting beside me on the couch by the Go boards describes it as “+5 insightful”
- My Paul is all excited that Dan is now publicly in favour of DNSSEC🙂
Edited to add: For some additional perspectives on Day 1, have a look at my Belgian friend Security4All’s blog post, which has a different selection of talks.
Looks like just day one was worth a trip.
Keep us posted.
J