Hackers' Delight: Security Holes Abound at DefCon

Now in its eighth year, Def Con has grown from a small private party to a large hacker social event featuring workshops on exploitable vulnerabilities, defence strategies and the latest technology and tools for the security community. It attracts hackers from around the world whose refined skills bedevil network administrators everywhere.

This year's event also drew officials from the U.S. Central Investigation Agency, the National Security Agency and the U.S. Department of Defence, making the annual game of "spot the fed" an easy exercise. During the opening session, Arthur Money, CIO at the Pentagon, gamely thanked audience members for withholding attacks against the Pentagon's systems during the Y2k transition and appealed to attendees to use their talents on behalf of the U.S. government.

"More hackers are getting their lunch money from the feds as they work with security companies and the [government]," said Tweetyfish, a member of the hacking group Cult of the Dead Cow. "All the cool stuff happening on the Internet now, and the cool stuff happening in security, is being built by hackers."

One of the most anticipated events was the annual presentation by the Cult of the Dead Cow, which released the Back Orifice hacking tool at Def Con in 1998 and announced an updated version of the Trojan horse program that targets Windows NT systems at last year's conference. This year, members of the group offered information on a type of denial-of-service attack that can disable NetBIOS services on Windows machines.

The NetBIOS protocol flaw was described by a member of the Cult of the Dead Cow known as Sir Dystic, who developed a tool called NBName that he said can exploit the hole by rejecting all name-registration requests received by servers on TCP/IP networks. NBName can disable entire LANs and prevent machines from rejoining them, according to Sir Dystic, who said nodes on a NetBIOS network infected by the tool will think that their names already are being used by other machines. "It should be impossible for everyone to figure out what is going on," he added.

However, Microsoft last week posted an advisory on its Web site saying that the company is aware of the potential NetBIOS vulnerability. The company said a patch addressing the problem on Windows 2000 systems can be downloaded now, while others for the various versions of Windows NT 4.0 are due "to be released shortly." Microsoft added that external attacks shouldn't be possible "if normal security practices have been followed" by companies.

Members of the Cult of the Dead Cow, whose tools potentially could be used to both attack and defend corporate networks, also appealed to so-called script kiddies to stop vandalising Web sites during their Def Con presentation - after which they were attacked by two teen-agers armed with Silly String.

Other well-attended sessions included a workshop on Web application security led by a hacker named D-Krypt. Attendees were warned about the ability of the JavaScript programming language to capture Internet cookies that often store detailed information about Web browsing activities of users.

D-Krypt noted that the ability to seize the cookies creates the potential for attackers to impersonate users in online transactions such as stock trades. JavaScript also allows crackers to change item prices and other input variables in Web-based shopping cart applications, he said.

To avoid these kinds of attacks, D-Krypt advised, application developers should store cookies in secondary domains and use tools that strip out JavaScript code executed on the browser or from message boards and chat rooms.

More advice was offered by a hacker named Daremoe, who reviewed techniques that crackers use to profile systems - including ping sweeps, port scanning and analysis with a tool called Nmap. These tools can profile host systems and provide enough access to give potential attackers a general map of firewalls and other network defences, he said.

While inexperienced script kiddies typically target systems with obvious vulnerabilities, Daremoe noted that more experienced crackers will map specific hosts and create a vulnerability matrix that profiles their applications. The profile can then be compared against a database of known vulnerabilities to see which exploits could be used to access information and gain entry. "Protect against profiling," Daremoe said. "What other people know about you can hurt you, and you need to take network mapping seriously."

Daremoe suggested several defensive strategies to prevent network mapping, including setting up controls at firewalls to manage access requests based on the Internet Control Message Protocol, removing the ability of NetBIOS traffic to pass into a network and using registry keys to limit remote access. He also suggested deploying intrusion-detection technology and so-called "honey pots," which set up apparent vulnerabilities to lure in would-be crackers.

In addition, Daremoe encouraged hackers to simply learn from network profiling and move on instead of exploiting the vulnerabilities they discover. And he strongly cautioned against trying to map government or military networks. "They will come looking for you," he warned.

In another session, respected cryptographer Bruce Schneier cautioned the audience to be alert to flaws in biometrics systems, which authenticate users by scanning their fingerprints or other identifying characteristics. The systems can be highly useful if they include a human observer who can witness users confirming their identities via fingerprints, Schneier said.

But he added that biometrics technology has the potential for "terrific failure modes" because the potential for fraudulent use of such systems is high. "It's very easy for me to capture your digital finger and inject it into the stream," said Schneier, founder of Counterpane Internet Security in San Jose, where he is chief technical officer.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ann Harrison

PC World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?