As compared to day 1 of Defcon I did a little better and actually got into Defcon before noon. And after a quick lunch I headed off to check out several talks.
Android Weblogin: Google’s Skeleton Key: Craig Young gave a surprising talk demonstrating how easy it is to get a malicious app into the Google Play store that passes off the weblogin authentication token to a malicious developer. With this credential Craig was able to take over that user’s session and perform some nefarious bits, including accessing all of that person’s Google Apps (e.g., Gmail, calendar, etc.) and installing apps on their phone. In the case where the user happens to be an admin of a Google Apps domain/business account, Craig demonstrated actions such as adding new administrative users.
Old-Timers v N00bs: This fun and informative SkyTalks panel included a dozen or so “old” folks from Defcon’s past telling some great stories. Filled with lots of drinking (including one awesome stout home-brew), several ghosts of Defcon’s past reared their ugly heads but it also covered some of the more commonly asked questions, such as why Defcon was even started. One of the key themes stressed throughout the panel was the loss of the close-knit feel as the con has grown. Several of the panelists suggested ways to help bring back this aspect to the con however I feel your best bet is to head over to BSidesLV instead. Defcon has just grown too big.
De-Anonymizing Alt.Anonymous.Messages: Tom Ritter presented a very informative talk detailing some of the pros/cons of various anonymous communication tools (e.g., Tor, RedPhone, TextSecure, Cryptocat, and remailers/shared inboxes) through five privacy/security properties. In the end Alt.Anonymous.Messages, a remailer/shared inbox, seemed to fulfill most of these characteristics the best. After this overview Tom did his best to statistically analyze several years of anonymous and encrypted messages to form some potential conclusions. Although I found parts of the talk a bit over my head, the presentation was a good introduction to this old school technology.
Did you see any talks you really liked and want to provide a quick summary? Let us know in the comments below. Today’s post pic is from UrbanESecurity.com. See ya!