Ruxcon Breakpoint kicks off with a bang
The inaugural Ruxcon Breakpoint security conference has kicked off with a bang in Melbourne.
This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.
It was a fascinating presentation that gave conference delegates some real out-of-the-box ideas on target acquisition. Using Maltego it's possible to geographically target random people, for example. If you're interested in targeting agents at a spy agency, you might look for geotagged tweets that originated from the agency's vicinity.
Once you have a list of users who are sloppy with their geodata you can start narrowing down your selection, seeing where else they go, what other social media accounts they have and so on. Temmingh played a video demonstration of this type of target acquisition, honing in on one poor sap who likes to send geo-tagged tweets from the car park of a well known intelligence agency.
From there he established the target's full name, email address, date of birth, education history, employment history, family member identities, travel history, phone make and model, plus camera make, model and serial number.
Temmingh also demonstrated some of the automated network reconnaissance features in the newest release of Maltego, Radium. He's one of the only people on the planet who can turn up to a conference like this and do a one hour product demonstration and still impress people.
Roelof discussed Radium on episode 253 of Risky Business. Check it out here.
The next talk was by famed ATM hacker and all-round nice guy Barnaby Jack. Barnes turned his attention to medical device security some time ago, with his initial research focussing on insulin pumps. Today, however, he went a step further, unveiling research that would enable him to quite literally kill hundreds of thousands of people by creating a peer-to-peer spreading pacemaker and defibrillator device worm.
It would be hilarious if it wasn't so serious. I filed a piece on this for The Register, so go check it out if you're interested.
Following that was a talk by Azimuth Security's Mark Dowd and Tarjei Mandt on the security of Apple's iOS 6 operating system security. It's a topic that Mark has discussed on the Risky Business podcast before, so if you're interested in a broad-brush description of his talk, check out episode 246 here. His interview runs after the news segment.
Matt Miller, who develops exploit mitigation technology at Microsoft, gave a fascinating talk about his challenge in disrupting the workflow of exploit writers. It's more of a niche topic primarily of interest to people working at the cutting edge of exploit creation and mitigation.
That's right, we're only half way through the fourth talk and this is what we've already seen.
Risky.Biz will be bringing you blog posts and audio from the event over the next few days. It might take us a few days to edit and process the audio, so be patient. In the mean time, big thanks to our Breakpoint coverage sponsor PacketLoop. Without those guys none of this coverage would be possible, so go check out their website and sign up for their pre-launch Beta.
Day two keynote from AusCERT 2013...4 hours 17 min ago
North Korean TV has less sex, more potato farming...4 hours 19 min ago
How to turn an executives phone into your own personal gateway…4 hours 23 min ago
Not new research, but a great talk...4 hours 26 min ago
Lots of money going into "cyber"...4 hours 28 min ago
- Since you asked...
1 day 3 hours ago
- Love the Das Efx tribute.
11 weeks 1 day ago
- LOL so no comment by Adobe's
12 weeks 3 days ago
- Welcome back, great stuff as
14 weeks 6 days ago
- AEDs are very accurate and
21 weeks 2 days ago
- I did see that after we
21 weeks 5 days ago
- Great podcast, a small
22 weeks 3 days ago
- Peck of pickled peppers? We
25 weeks 2 days ago
- Link to Sophail: Applied
28 weeks 10 hours ago
- Fixed. I got autocorrected...
30 weeks 1 day ago