BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Defcon And Black Hat Wrap-Up: Wifi And VPN Crypto Cracked, NSA Chief Asks For Hackers' Help, Android Vulnerable To Brute Force Attack

This article is more than 10 years old.

Forget Olympic gymnastics, weight-lifting and water polo. The truly epic events of the last weekend were reverse engineering, lockpicking and codebreaking.

The annual five-day, back-to-back Las Vegas security conferences Black Hat and Defcon provide the main stage for the information security community's biggest stunts and revelations--more than any one reporter can cover. So here are a few of the highlights from this year's hacker bonanza that I haven't already written about.

In a bizarre meeting of worlds, National Security Agency chief and U.S. Army Cyber Command general Keith Alexander addressed Defcon for the first time ever, calling on the hackers present to help secure America's infrastructure. Alexander flattered the audience as "the world's best cybersecurity community" and even referred them to a job recruitment site set up specifically for the conference. When an audience member asked if the NSA compiles profiles on every American, Alexander called the claim "absolutely false." But an ex-NSA analyst and others on a panel the following day took issue with Alexander's remarks, accusing him of hiding the full story on domestic surveillance.

Crypto hackers Moxie Marlinspike and David Hulton announced the release of tools for a cracking the cryptography of common wireless networks and VPNs by attacking a Microsoft authentication scheme known as MS-CHAPv2. Hulton and Marlinspike found a weak link in the protocol's security in its implementation of the Data Encryption Standard, an encryption scheme known to be insecure. The pair has added a $200 service for breaking the scheme to Marlinspike's CloudCracker.com, a site for password cracking and penetration testing launched in February.

Researcher Thomas Cannon showed that Android encryption can be easily cracked due its weak passwords--the device uses the same short PIN or unlock pattern to encrypt and decrypt data as to unlock the handset after a short period of idleness. That means a lost or stolen phone could have its data compromised by a brute-force password-guessing attack.

The group of hackers that calls itself Ninja Networks, known for throwing an elaborate annual party at Defcon, outdid themselves by building a private GSM network called "Ninja Tel" and distributing 650 phones with a custom operating system to invitees. The phones featured an app that spit sodas out of nearby vending machines as well as a conference call party line, but its  privacy policy left something to be desired: "You hereby grant Ninja Tel permission to listen to, read, view and/or record any and all communications sent via the network to which you are a party," it read in part. "Before you get all upset about this, you already know full well that AT&T does this for the NSA."

Apple broke its usual silence on security issues, sending its manager of platform security Dallas De Atley to give Black Hat's audience a primer on iOS architecture. But the talk was criticized as little more than a well-rehearsed reading of a whitepaper, and De Atley refused to take questions before escaping out a service exit rather than mingle with members of the audience. "Steve Jobs he is not," wrote the New York Times.

For Forbes' complete coverage of the two conferences, check out some of our previous stories:

Hacker Demos Android App That Can Wirelessly Steal And Use Credit Cards' Data

How To Bust Your Boss Or Loved One For Installing Spyware On Your Phone

Unsafe Gun Safes Can Be Opened By A Three-Year Old

Meet ‘Rakshasa,’ The Malware Infection Designed To Be Undetectable And Incurable

Want To Find Jay-Z’s Or Bill Gates’ Private Jets? OpenBarr Tracks ‘Untrackable’ Flights

Next-Gen Air Traffic Control Vulnerable To Hackers Spoofing Planes Out Of Thin Air

DARPA-Funded Researcher Can Take Over Android And Nokia Phones By Merely Waving Another Device Near Them

Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks

Using Twitter To Identify Psychopaths