Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
It's funny. Laugh. Security

Reporters At Black Hat Get Bounced For Hacking 128

Posted by Soulskill from the no-brownie-points-for-you dept.
rickb928 and several others have written to inform us that three reporters for the French publication "Global Security Magazine" were booted out of the Black Hat convention for uncovering the login information of other reporters. Quoting the AP: "The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn't take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away. It didn't appear to be a complicated hack. The network was working properly, but it wasn't set up to shield each journalist's computer from one another."
This discussion has been archived. No new comments can be posted.

Reporters At Black Hat Get Bounced For Hacking More

Reporters At Black Hat Get Bounced For Hacking

Comments Filter:

  • It was Defcon, not Black Hat (Score:0, Informative)

    by Anonymous Coward on Friday August 08, 2008 @10:15PM (#24534345)

    The Wall of Sheep is at Defcon, not Black Hat. Priest announced that he was looking for the French reporters during the talk I was in, but didn't say why.

  • Re:Switches are not expensive (Score:5, Informative)

    by foom ( 29095 ) on Friday August 08, 2008 @10:25PM (#24534407) Homepage

    Are they using a hub for wired connections at a security conference? Seems like the most plausible explanation for a simple "hack" like this with the network "working correctly"...

    It's a common misconception that switches prevent snooping. Switches are *not* security devices, they are an performance optimization. As such, they mostly "fail open".

    If you flood the switch with many different MAC addresses, such that its internal ethernet routing table fills up, it will usually simply direct *all* traffic to your port, rather than potentially incorrectly dropping some traffic you should have received.

    And then you can snoop to your heart's content, with nobody else the wiser.

  • Re:It was Defcon, not Black Hat (Score:3, Informative)

    by Anonymous Coward on Friday August 08, 2008 @10:39PM (#24534463)

    wrong:

    http://www.blackhat.com/html/bh-usa-08/wallofsheep.html

  • Re:Did they forget there role? (Score:2, Informative)

    by Anonymous Coward on Friday August 08, 2008 @11:15PM (#24534671)

    What are you talking about. You are completely wrong. The organizers could have done much more.

    By properly laying the wiring, they could ensure that you could not set-up such a passive filter. Each group of journalists could have had their own separate connection to a properly configured router - that way, if you wanted to snoop on another journalists traffic, you would have to walk over to their table and jack into their Ethernet connectors, which is significantly mitigates the severity of the problem.

    Another thing - there's any number of industry-standard authentication & encryption systems out there. IPSEC, 802.1X, Radius, etc. The organizers were just lazy and decided that they would simply call it a trusted system and not actually bother securing it.

    I'm sorry, but this demonstrates hypocrisy on the part of the organizers. They criticize (rightly) businesses for being lazy when it comes to security, yet turn around and do the same thing themselves.

    As far as I'm concerned, the journalists acted at least within the spirit of the conference.

  • Re:Not Surprised (Score:4, Informative)

    by fmwap ( 686598 ) on Friday August 08, 2008 @11:16PM (#24534679) Journal
    and even one more difference, from TFA:
    Organizers said the trio was caught when they took their purloined password prizes to Wall of Sheep workers and asked them to post the information. The workers refused.

    So...they turned themselves in.

  • Re:Many low cost switches... (Score:5, Informative)

    by LostCluster ( 625375 ) * on Friday August 08, 2008 @11:50PM (#24534837)

    "ARP poisioning" is what it's called, and your explaination sums it up pretty well. If the other side of a port is claiming to have enough MAC addresses reachable by it the cache will fill and the switch will start over with a blank cache which renders it into a hub until it learns what's really where, then gets poisioned again, rinse, wash, repeat.

    Dumb switches will fall for this trick and have no way for anybody to notice, smarter switches will log this and let the admin know there's more than one MAC address being reported on a port... you just trace to who's on the other end of the report and you've busted them.

  • Re:DMCA violation, anyone? (Score:3, Informative)

    by cduffy ( 652 ) <charles+slashdot@dyfis.net> on Friday August 08, 2008 @11:59PM (#24534887)

    Computer misuse is illegal, yes, but not under the DMCA.

  • Re:Many low cost switches... (Score:3, Informative)

    by cheater512 ( 783349 ) <nick@nickstallman.net> on Saturday August 09, 2008 @12:02AM (#24534901) Homepage

    Far easier than overflowing the memory.

    Just look for the other computer's MACs and then tell the switch that they are on your port.
    You then send a copy of their data to them.

  • Re:To prove a point (Score:2, Informative)

    by Anonymous Coward on Saturday August 09, 2008 @11:19AM (#24537385)

    How is this insightful the parent obviously didn't RTFA. The wired LAN was off limits to this activity, please trying reading first before you post, it's in the summary for Christ sake

Slashdot Top Deals

Always draw your curves, then plot your reading.

Close