Mar 29 2007

How not to gain some recognition at Shmoocon

Published by Martin at 9:21 am under Hacking

One of the vendors at Shmoocon got some unwanted attention this weekend.  The had a nice string of USB light up hubs strung along the front of their table.  Since the hubs needed to be powered to light up, they plugged it into one of the vendor laptops on the table.

A young gentleman called Render Man noticed this and happened to have a USB toolkit in his pocket; I think he said it was from HOPE.  He was able to plug his USB key into the string of USB hubs unnoticed and retrieved it several minutes later when it had sucked down password files and other assorted goodies.

Render Man said he was going to erase the file and I hope he has.  The event was relayed to the entire audience at the Shmoocon closing ceremonies, so if you’ll probably find out who the vendor was. 

It’s important to be especially vigilant about your computer when going to events that advertise to hackers.  Turn off wireless, bluetooth and USB.  If you do bring a computer to the show, make sure it’s as hardened as possible.  Another option is to put out a computer to be hacked, but in that case you’re better off being part of one of the labs.  Better yet, don’t bring a computer to the event floor at all.
I had to fix a typo in the subject line. I wonder how long the post will show up wrong on all the replicant pages on the internet?

Technorati Tags: , ,

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 Responses to “How not to gain some recognition at Shmoocon”

  1. # Jason Huggetton 29 Mar 2007 at 10:36 am

    Now that is funny! Hak5 put out some cool USB utilities called USB Switchblade and Hacksaw that were quite versatile.

  2. # RenderManon 30 Mar 2007 at 1:05 pm

    That was me BTW.

    The vendor was CORE security, makers of the infinitely cool and infinitely priced CORE impact. It used the Hak5 USB switchblade on a sandisk u3 drive. It only took about 30 seconds to dump the cached credentials.

    I have since deleted all of the files retrieved and what was publically displayed had only the first couple letters of the password visible, the rest were starred out (I’m not a complete jerk :) )

    I just did it because I was bored and I wanted to find out if a company selling that high end a product would have hardened their laptops against the USB switchblade

    Drop me a line if you need more info.

Trackback URI | Comments RSS

Leave a Reply