This morning's first presentation was a talk by Roelof Temmingh, the creator of Maltego. The Maltego software, for those who don't know it, is essentially a data analysis and reconnaissance tool with some pretty powerful features.
It was a fascinating presentation that gave conference delegates some real out-of-the-box ideas on target acquisition. Using Maltego it's possible to geographically target random people, for example. If you're interested in targeting agents at a spy agency, you might look for geotagged tweets that originated from the agency's vicinity.
Once you have a list of users who are sloppy with their geodata you can start narrowing down your selection, seeing where else they go, what other social media accounts they have and so on. Temmingh played a video demonstration of this type of target acquisition, honing in on one poor sap who likes to send geo-tagged tweets from the car park of a well known intelligence agency.
From there he established the target's full name, email address, date of birth, education history, employment history, family member identities, travel history, phone make and model, plus camera make, model and serial number.
Temmingh also demonstrated some of the automated network reconnaissance features in the newest release of Maltego, Radium. He's one of the only people on the planet who can turn up to a conference like this and do a one hour product demonstration and still impress people.
Roelof discussed Radium on episode 253 of Risky Business. Check it out here.
The next talk was by famed ATM hacker and all-round nice guy Barnaby Jack. Barnes turned his attention to medical device security some time ago, with his initial research focussing on insulin pumps. Today, however, he went a step further, unveiling research that would enable him to quite literally kill hundreds of thousands of people by creating a peer-to-peer spreading pacemaker and defibrillator device worm.
It would be hilarious if it wasn't so serious. I filed a piece on this for The Register, so go check it out if you're interested.
Following that was a talk by Azimuth Security's Mark Dowd and Tarjei Mandt on the security of Apple's iOS 6 operating system security. It's a topic that Mark has discussed on the Risky Business podcast before, so if you're interested in a broad-brush description of his talk, check out episode 246 here. His interview runs after the news segment.
Matt Miller, who develops exploit mitigation technology at Microsoft, gave a fascinating talk about his challenge in disrupting the workflow of exploit writers. It's more of a niche topic primarily of interest to people working at the cutting edge of exploit creation and mitigation.
That's right, we're only half way through the fourth talk and this is what we've already seen.
Risky.Biz will be bringing you blog posts and audio from the event over the next few days. It might take us a few days to edit and process the audio, so be patient. In the mean time, big thanks to our Breakpoint coverage sponsor PacketLoop. Without those guys none of this coverage would be possible, so go check out their website and sign up for their pre-launch Beta.