My co-presenter, Justin Morehouse, just posted our slides here on SlideShare. I hope to have the iNergy code posted to Google Code later this week. Enjoy and feedback is always appreciated!
Archive for the Conferences Category
Tony will be co-presenting “Getting Social with the Smart Grid” at this year’s DEF CON in Las Vegas.
Littered with endless threats and vulnerabilities surrounding both social networking and the Smart Grid, the marriage of these two technologies is official, despite protests by the security community. Consumers love it because they can brag to their friends about how green they are. Businesses love it more because it provides fresh material for their marketing departments. Hackers love it the most because it opens up attack vectors, both new and old.
During this presentation we dissect readily available social Smart Devices, examining where they get things right, and where they fail. We expand on the failures, discussing and demonstrating attacks against consumers (think PleaseRobMe.com), the Smart Devices themselves, and the social networking sites they communicate with. We want consumers, device manufactures, and social networking sites to understand how to get social with the Smart Grid securely, and prevent social networking privacy from becoming even more complex. The tools we release during this presentation will allow consumers to review their Smart Devices’ social footprint, and provide device manufacturers with recommendations that can be implemented immediately. Attendees will leave our presentation armed with a deep understanding of the strengths and weaknesses of social Smart Devices, how to attack their current weaknesses and leverage their current strengths, and utilize our tools to further research how we all can better secure the social side of the Smart Grid.
Tony’s slated for the last speaking slot on Sunday, so for those of you who will be sticking around, make sure you drop by.
Justin and I will be on the PaulDotCom podcast tonight to discuss the latest developments with GuestStealer and the Smart Grid book. For more information, check out tonight’s episode guide and join the live discussion tonight.
Also, GuestStealer v1.1 is now available for download. This is a bug fix release that improves the error handling and prevention of downloading the same vmdk file twice (when that vmdk self-references itself). Thanks to the efforts by Ron at Skull Security, the new version is available on the tools page.
Luckily I was able to escape Washington DC’s 3rd round of snow to enjoy the tropical 40 degree weather here in Tampa today and write this post. Despite the blizzard and its many names, the ShmooCon faithful came out in full force to make another great conference. As usual, ShmooCon featured interesting presentations, shenanigans, and a chance to hang out with those friends you usually only see at Cons.
I want to thank everyone who attended the Stealing Guests…The VMware Way talk, especially since no one threw shmooballs at us. For those of you who haven’t done so yet, head on over to the Tools section of the Web site to grab GuestStealer and try it out yourself. Also, Ron over at Skull Security created an Nmap script to identify vulnerable VMware systems. Visit his blog to download the script and view instructions for installing the script.
For those of you who were unable to attend the talk…or find a video, here are the slides.
I would also like to thank everyone who came up to the FYRM booth and talked to Matt and I. The security bug killing/reaction time testing flash game appeared to be a big hit, which drew many contestants…some more determined than others. For those of you that didn’t win this time, check back often to find out details for round 2!
During the Stealing Guests…The VMware Way presentation at ShmooCon this weekend, FYRM will be holding a contest to give away an external hard drive. The first person to exploit the discussed vulnerability on the target virtual machine and yell out the hidden phrase will win the hard drive.
In the presentation, a Perl script will be released to easily exploit the vulnerability. The to-be-released tool runs on Mac OS X (with MacPorts) and most Linux distros. Currently, the tool requires the following Perl dependencies:
Bring your laptops and netbooks to the presentation to try the tool and win the hard drive. Check back often for any updates.
ShmooCon 2010 will be taking place in a few weeks and I am excited to make the annual trek up to D.C. to co-present the “Stealing Guests… The VMware Way” talk. I am also pretty excited about the activities and contest setup at our booth. Make sure you stop by before you start drinking.
I will be giving an update on XAB (Cross Site Scripting Anonymous Browser) with Jeff Yestrumskas at the OWASP DC Chapter’s next meeting on September 2 at 6:30PM. More details can be found here. See you there!