Showing posts from February, 2009

Shmoocon Roundup

Shmoocon has to be my favorite computer security conference. Everyone's actually happy smart and nice which is amazing. As far as the content goes, you see a lot of work in progress, and initial findings which is a plus. Many of these talks will probably be polished up and the final product displayed in August when Defcon rolls around, but here you can get a rough snapshot of where the security community will be going in the next 6 months or so. Then there's the Shmoo staff who as one person put it, is the only hacker group nobody hates, which says a lot. They really do their best to make the conference accessible , and ensure the conference helps the security community as a whole. As far as the talks go, here is my take on the ones that stood out Building an All-Channel Bluetooth Monitor by Michael Ossmann and Dominic Spill This was the rockstar talk in my opinion. I've done a lot of wireless security, and the lack of tools to audit bluetooth has always worried me

We do not take a trip. The trip takes us.

Finally back from Shmoocon and Washington D.C. I had an absolute blast and now I'm ready to get back to work. While there's a lot I want to talk about regarding the Con and some of the other research going on, I'll save that for my next post. I finally got a chance to sit down and watch my own presentation on rainbow tables, and there are a couple of things I'd like to add. The real focus on this research is to help law enforcement . Ideally I see a central agency who has the spare computer power generating rainbow tables containing very complex word mangling rules and large dictionary files. They would then distribute these tables to state and local agencies who don't have the resources to do much in the way of password cracking. This way these local agencies can cheaply crack a large number of passwords without having to invest in the resources to do so. Now this won't help with salted files, but in instances where the bad guy uses the same password on both t

This is why being able to crack passwords is a good thing