Thursday, April 7, 2011

Hackito Ergo Sum 2011 - The first half day

The first half day of HES 2011 is done. The first two talks were pretty cool, I'm gonna post some quick summaries:

Keynote - Eric Freyssinet / hacking investigations 
Eric manages a team in the Gendarmerie (one of the two French police forces) that focuses on internet investigations. He was formerly working in Forensic analysis team in same org. His team opens over 600 cases per year, focusing on child porn and most of the rest on fraud.
Mentioned a trend of serious cyber-criminals using kids as "mules" to perform crimes. e.g. a 14 year old from an online hacker community was used as a mule to transfer money from hacked PayPal accounts to the criminal's accounts.
He mentioned a bit about anonymous and said they coordinated some of their attacks against Bank of America from French servers that his team had to take down. He also mentioned the recent espionage case against French govt. and that leads point to China and that they're trying to work with Chinese authorities to find the sources.

Mate Soos / Breaking Industrial Ciphers at a Whim
I really enjoyed this talk. Anybody that is security minded knows that you shouldn't invent your own crypto, especially not closed source one because:
A. it will be reverse enigneered
B. it will probably be broken
Mate focused on HiTag2 which is a Philips cipher used for access control for cars, military bases, etc...
He basically converts the problem to a SAT problem in CNF format and then feeds it to a SAT solver - really cool. He estimates it shouldn't take more than 48 hours to break a HiTab2 key from transaction data.
Mate is one of the lead devs on the open source CryptoMiniSat project that won SAT Race 10. He also had some cool visualizations I hope he will share on his homepage.

I have high hopes for Itzik's talk about permanent denial of service in the afternoon

No comments:

Post a Comment