Wrapping up my reporting on ShmooCon 2008 (http://www.shmoocon.org/), Day 3 (Sunday) held a special place in my heart, since I finally gave my talk on “Hacking Vista Security” and could then stop stressing out about it! The Shmoo people say they’ll be posting slides and videos by the end of the week. Additional resources for folks who want to play around with the security tools I discussed:

http://www.jwsecure.com/dan/2007/06/06/more-information-about-the-ipsecping-sample-code/
http://www.jwsecure.com/dan/2007/10/23/new-vista-security-demo-videos-uploaded/

The final highlight of the con: the talk entitled “PEAP: Pwned Extensible Authentication Protocol” by Josh Wright and Brad Antoniewicz. Based on their earlier work (see http://asleap.sourceforge.net/), they showed some interesting wireless password cracks against PEAP and TTLS. A couple of interesting notes about the latter: it seems that few network administrators lock down the trusted root certificates list applicable to WiFi server authentication on the client, nor do they specify the server DNS name(s). The result is that anyone with a valid VeriSign cert, for example, can act like a wireless authentication server in that network. This can be a key factor in exposing the underlying password auth to brute-force.

1 Comment »