Confidence - (19-20.11 2009 Warszawa)
Język: polski | english

Brad ‘RenderMan’ Haines

Temat: Wireless threats; They’re not dead yet!

Język: angielski

RenderMan is a Canadian born and raised hacker who spends way too much time figuring out ways of inserting electronics into treasured childhood toys. A frequent speaker at hacker and security cons around the world, he has also help author 2 books, RFID security and Kismet Hacking, both from Syngress. Consultant by trade, hacker by birth, black hat by fashion.

As co-refounder of the Church of Wifi and recent member of the NMRC, he spends his time adding to his expansive collection of con badges and thinking of new ways to subvert wireless networks and childhood memories.


Synopsis: Great strides have been made over the last few years in wireless security. Security on the access point is getting better but clients still make a very juicy target. Our ever increasing mobile workforce also means that the number of opportunities to attack these clients keeps growing. In addition the number of wireless devices and variety of protocols in use mean that its not just 802.11 devices that are at risk.

Dragorn and RenderMan will show how wireless threats are still present and now causing even greater harm when blended with recent vulnerabilities in common browsers, web apps, SSL, and other technologies.

Description: Attacks targeting client devices are becoming more sophisticated. Kismet Newcore makes breaking WEP a passive action. Airpwn has received a facelift and is now capable of more unspeakable actions over open links (hotels, airports). Karma as well is flypaper for clients running wireless without any thought to protection. Recent vulnerabilities in browsers and other protocols that are often dismissed as ‘too hard to exploit to be useful’ are suddenly very possible and dangerous when wireless is involved, and attacks crossing from layer 2 directly to layer 7 vulnerabilities will be shown.

Reasoning: The message that wireless is unsafe has permeated the IT zeitgeist, however people still forget client devices. If I can control layer 2 I control everything on the network. Wireless makes it very easy to implement non-wireless attacks that are often overlooked or marginalized. This talk moves away from guarding the access points to guarding the clients. Considering the fun that is continually had by the authors at airports and public networks, this is a message that needs to get out.