Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

ShmooCon 2008 - Day 1 recap

February 16, 2008

I’m in Washington D.C. this weekend for ShmooCon 2008. The first day (US-EST) has officially passed, and what a day it has been! Registration started at 1pm with a long line of seemingly all 1200 attendees at once. Okay, probably not. In fact, we got through the line in just a few minutes - that’s efficiency for you!

The first talk of the con was h1kar1, who reported on a project consisting of an open-source, brute-force attack on the GSM session key derivation algorithm. See http://wiki.thc.org/. In other words, if you use a GSM phone (for example, anything from AT&T or T-Mobile in the US), your conversations can be scanned and decrypted in a matter of seconds by commercial hardware costing under US $1 million. Of course, governments could already do that via various means, but it’s different when a wide variety of private sector entities have that kind of power.

Later this evening I did an interview with Hak5. Man, those guys have the love, lugging that video equipment around and giving people like me a chance to talk about our work. Thanks a lot, Hak5 folks!

Looking forward to tomorrow (today, EST) …

Search:

Archives

Recent Posts

• Debugging a NAP HRA on an Enterprise CA
• Installing Hyper-V on a Dell PowerEdge server
• Two classic Bill Gates-isms
• Microsoft Hyper-V finally RTMs
• JW Secure is now a Microsoft Certified Partner

RSS Feed

Blogroll

Security Focus: