DEF CON in the news

Security BSides will coincide with the popular Black Hat and Defcon ... It is a free, two-day event made up of 65 attendees (so far), 15 presenters, and six organizers.
...
According to the organizers:
"A number of quality speakers were rejected, not due to lack of quality but lack of space and time." .... "Our goal is to provide people with options by removing those barriers and providing more options of speakers, topics, and events."

I hope to bring you original interviews and information on the latest research, illuminating the stories behind the data. In many ways, this will be a reporter's notebook ....
For the next few week, I plan to peer into the research that will be presented next week in Las Vegas at the Black Hat Conference and the following DEFCON hacking conference.

The decision over whether to do that or wait until next month's Patch Tuesday may hinge upon whether attackers begin exploiting these other vulnerable areas by using Microsoft's patch (and Flake's research) as a guide to locating the flaws. What's more, this bug is almost certain to be discussed at Black Hat and Defcon, the world's largest annual security conferences, being held next week in Las Vegas.

Lt. Col. Robin Williams, aka “Montana,” of the 57th Information Aggressor Squadron does not rebuff comparisons of the 1980s movie “WarGames” and his team at Nellis.
...
The Information Aggressors supplement their knowledge of such threats by staying in contact with the usual alphabet soup government agencies — FBI, CIA and NSA — and also anti-virus and firewall companies such as Norton and Symantec. There are also field trips to Black Hat Briefings and the DEFCON hacker conventions.

During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases.

Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give out "all the tools to break the 'unbreakable' Oracle as Metasploit auxiliary modules," according to a summary of their presentation on the Defcon Web site.
...

...
"One good thing about the [economic] downturn is that the Riviera Hotel has been easier to deal with," said Moss, who was recently named to the Homeland Security Advisory Council. "They're letting us have access to the pool, so we'll have pool parties, and they've allowed us to do more social things that we wanted to do."
...
Juniper Networks pulled a talk one of its researchers was set to give about a flaw in ATM software after the ATM vendor complained. In his presentation entitled "Jackpotting Automated Teller Machines," Barnaby Jack was planning to provide a live demonstration of an attack on an automated teller machine.

"I'm disappointed Barnaby Jack's talk was canceled," said Moss. Another speaker this year was "forced or encouraged" not to release a tool, Moss said, but he couldn't remember which speaker or talk it was.
...

* By Kim Zetter | August 2, 2009 | 4:32 pm | Categories: ATM Hacking, DefCon *

LAS VEGAS — There’s no honor among thieves, nor apparently among hackers.

A malicious ATM kiosk was positioned in the conference center of the Riviera Hotel Casino capturing data from an unknown number of hackers attending the DefCon hacker conference before someone noticed something suspicious about the kiosk.

An organizer for the conference said security authorities seized the device. It’s not known how long the ATM was in the hotel or whether it was placed there by a DefCon attendee to catch his fellow hackers or simply by an outside criminal group trying to target conference attendees.

Witnesses say the kiosk was well-placed to avoid surveillance cameras.

“In any casino anything that is considered that high value has a camera,” said Brian Markus, CEO of Aries Security who saw the machine, “and they placed it where there were no [hotel] cameras visibly watching that exact spot where the ATM was.”

Markus said it was clear to him the ATM was fake when he looked at the smoked glass on the front of the machine and noticed something funny about it. When he beamed a flashlight through the glass, instead of seeing a camera behind it, he saw the PC that was set up to siphon card data.

The ATM had been placed right outside the hotel’s security office.

Yikes!

Malicious ATM Catches Hackers

http://www.wired.com/threatlevel/200...tches-hackers/

There's a photo of the offending ATM on the linked page.

Yikes!

Malicious ATM Catches Hackers

http://www.wired.com/threatlevel/200...tches-hackers/

There's a photo of the offending ATM on the linked page.

Gaming execs: Despite reports, hackers didn’t touch ATMs

By Steve Green
Wednesday, Aug. 5, 2009 | 6:58 p.m.

Gaming executives Wednesday disputed reports that hackers in town for the annual DEFCON conference over the weekend perpetrated frauds involving casino ATM machines.

Some broadcast and Internet reports said scammers had wheeled a fake ATM machine into the Riviera hotel-casino on the Las Vegas Strip with the goal of having people try to use it so the scammers could capture their card and PIN numbers.

That didn't happen, the Riviera said Wednesday.

In fact, the ATM in question in the hotel's convention lobby is owned by the hotel-casino and was deactivated as a security precaution while DEFCON was in town.

One Internet headline proclaimed: "Hacker exposes hacked Las Vegas ATM at DEFCON"

But it appears the Riviera and its security staff may have outsmarted the hackers by simply turning off the machine.

"Although it has been reported as an ATM machine purposely placed in the Riviera’s convention lobby by some unknown hacker to capture data on others that attempt to use it during DEFCON, the truth is, the Riviera-owned-and-operated ATM was turned off and the cash was removed as a precaution in preparation for the conference," Robert Vannucci, president of the Riviera, said in a statement.

Suggestions that hackers tampered with an ATM at the Rio hotel-casino also turned out to be untrue, said officials with Global Cash Access Inc. of Las Vegas, which operates ATMs at casinos around the country.

After hearing reports about problems with an ATM at the RIO, GCA's technology chief was sent to investigate Tuesday and found nothing wrong with the machines there, said Scott Dowty, GCA executive vice president of business development.

He said there have been recent problems at casinos in Las Vegas and elsewhere known as "cash dispense errors" when customers try to obtain cash and their accounts are charged, but the machines don't dispense the cash. These problems are associated with a recent change in technology platforms involving certain machines -- but not those at the Rio, Dowty said.

He said customers who don't receive money because of machine errors should call GCA customer service at 800 644-0439.

...
US news site NetworkWorld reported that the US Department of Defense's director of futures exploration Jim Christy claimed that he attended the Defcon hacking show as far back as 1999 and "several thousand federal employees" attended the event this year. The show describes itself as "one of the oldest continuous running hacker conventions around, and also one of the largest".

US Air Force Colonel Michael Convertino also claimed to have attended Defcon in 2009 and 2008 when he reportedly found "about 60 good candidates for both enlisted and civilian positions", according to NetworkWorld.

Both Black Hat and Defcon were set up by US hacker Jefff Moss who despite going by the moniker Dark Tangent - sits on the US Homeland Security Panel.
...