After a two year absence due to unavoidable other obligations like good friends’ weddings, I finally made it back to one of my favorite hacker conferences, Toorcon. San Diego is always beautiful when I happen to be there with nice weather and a cool mix of people, both locals and visitors who are there for the conference, and this year was no exception.
This last weekend I took a trip up to Montreal for REcon. If you’re unfamiliar with REcon, it’s a small security conference focused on topics most interesting to reverse engineers. As such, the talks are more technical than you will find at other more mainstream conferences like BlackHat or DEFCON, and generally require a certain level of expertise as a baseline. If you don’t understand assembly language, you’ll probably not get much out of at least half of the lectures.
Ok, enough with the APT marketing and journalism diarrhea… It’s really quite simple:
ad·vanced – /ædˈvænst, -ˈvɑnst/ -adjective
1. ahead or far or further along in progress, complexity, knowledge, skill, etc.: an advanced class in Spanish; to take a course in advanced mathematics; Our plans are too advanced to make the change now.
per·sist·ent – /pərˈsɪstənt, -ˈzɪs-/ –adjective
1. persisting, esp. in spite of opposition, obstacles, discouragement, etc.; persevering: a most annoyingly persistent young man.
2. lasting or enduring tenaciously: the persistent aroma of verbena; a persistent cough.
3. constantly repeated; continued: persistent noise.
threat – /θrɛt/ –noun
1. a declaration of an intention or determination to inflict punishment, injury, etc., in retaliation for, or conditionally upon, some action or course; menace: He confessed under the threat of imprisonment.
2. an indication or warning of probable trouble: The threat of a storm was in the air.
3. a person or thing that threatens.
This term has been around for ages, and means exactly what the acronym’s words mean. It’s not any single attack, it’s not any trivial or obvious piece of malware, and it’s not the bogeyman that the hot new security product will save you from. It’s a particular class of threat. The term gained critical mass being used as early as a few decades ago in the intelligence community where it is used to describe advanced and generally covert modus operandi for ensuring the ongoing gathering of intelligence about an individual or other entity. The term has been more recently applied, although still at least a decade ago, to Information Security where it is used to describe an ongoing campaign of targeted, sophisticated attacks, or the actors facilitating or conducting said campaign. In other words, a threat that is both advanced and persistent.
Please, for the love of all that’s holy, stop using “APT” interchangeably with “malware”. A particular piece of malware may be an APT, or a component used by an APT, but not every APT is malware. In fact, most of the time malware can’t be considered an APT as the majority of malware is neither relatively advanced nor persistent, and to be APT it would have to be both.
April 1st is always a fun day for technologists. Pranks, jokes, and spoofs have a special place in many geek’s hearts, and what could be more enticing than an entire day devoted to it? The allure is difficult for many to ignore, thus on April 1st productivity essentially goes through the floor as those who have devised something for the holiday release it to the world, and everyone else is constantly distracted as they are forwarded links for each newly-discovered April Fools prank on the Intercloud. On April 1st, it’s quite hard to stay focused…
Here’s my April Fools 2010 link roundup:
- Google renames itself to “Topeka”
- Lots of ThinkGeek items, as usual.
- F-Secure’s internal sample management interface joke
- F-Secure’s Rick-roll Protector
- XKCD console interface / MUD (tons of commands…)
- Razer Venom intravenous gaming stimulant
- YouTube text mode
- CERN LHC discovers a “paleoparticle”
- EFF time-travels to support robots’ digital liberties
- Metasploit’s new Cyber Warfare business model
- egypt’s “earsplitter” Metasploit Cyber War module
- Moog Auto De-tune
- L0pht’s Pwr2Own Pwn2Own spoof.
- AMD “lottery core” CPUs
- Solar minimum/maximum vulnerability in Juniper SRX
- Upside down kernel.org
- deadmau5 vs. Felix daHousecat
- Man from the future at the LHC
- Woot.com moves to “choose your own adventure” format
- Fermilab’s “unprecedented day without an outage” (among others)
Taking place over the last week was the CanSecWest 2010 security conference, with their now annual Pwn2Own contest. For those that are unfamiliar, the Pwn2Own contest presents a number of devices usually consisting of mobile or cellular devices and laptops as targets and allows contestants to attempt to compromise them in some way. These targets are patched up through the most recent vendor patches, and if a contestant is able to Pwn (compromise) the device, they get to Own (keep) it. This is always a nice publicity stunt as the contest is widely publicized by it’s sponsor, providing researchers with some fame and a prize as a bit of a return on their invested effort researching vulnerabilities and developing exploits. The Zero Day Initiative (ZDI) who sponsors the contest also offers to buy the vulnerabilities used by the winners and “responsibly disclose” them to the affected vendors, providing a bit of a cash incentive as well.
Over the past few years however, some things have drastically changed in the value and marketability of such vulnerabilities.
Yesterday I came across Cleverbot, an “AI” from icogno. As far as I can tell, it’s an incarnation of their jabberwacky AI which supposedly learns from it’s past interactions. I’m always skeptical of anything that is claimed to be AI, because actually creating a convincing fake AI, much less a real one, is an extremely hard problem to tackle. So, chatting up Cleverbot, my skepticism was quickly justified in my own opinion, but I’ll let you be the judge. Here’s the tail end of my conversation with Cleverbot:
I recently purchased the Motorola Droid from Verizon, and am so far very happy with it. Other than finding the physical keyboard a bit lacking from being extremely spoiled by the Sidekick’s physical keyboard to which no other physical keyboard could ever hope to live up to, I’ve really had no complaints with the device or the Android 2.0 operating system that runs on it. I have however, noticed that touch-screen smart-phone unlock screens (not just the Droid’s) are getting progressively less secure.
Earlier today, this article from ComputerWorld came across my desk. The headline grabbed my attention, having indicated controversy and disagreement, which of course I’m going to look into. The article, which cites Microsoft’s semi-annual security intelligence report, claims that Microsoft has only been right in it’s vulnerability exploitability predictions about 27% of the time. Others quoted in the article purport that since their accuracy is so low, what’s the point?
They’re obviously missing the point, and I suggest that the premise of even trying to calculate such a metric as its accuracy is fundamentally flawed.
After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon. After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about in my BlackHat USA 2009 post. After an extremely long night I crashed in the early morning and slept through most of the first day of DEFCON talks. I did however catch Richard Thieme’s talk about UFOlogy, which was one of the talks I really wanted to see.
Shortly after Richard’s talk and some discussion with friends about what to do for dinner, I started not feeling well so I went back up to my room. After an hour or two I knew I really was sick because I started getting the fever sweats, cold chills, and headache, so I ordered some room service since I probably needed to eat, called it a night and went to sleep. I stayed in bed pretty much all day Saturday and only came downstairs once in the afternoon during the conference to speak during the Metasploit track, and then went right back upstairs to my room. By then I had a horrible cough and chest congestion, but was feeling much better regardless, so I decided to take a walk for a couple hours and let the dry desert air into my lungs for a bit.
I hadn’t yet walked the length of the Strip this visit, and also hadn’t eaten a FatBurger, both of which are personal Vegas traditions. Since I was running out of days in Vegas during which to accomplish these, I decided to walk from the Riviera up on the North end of the Strip all the way down to FatBurger which is near the South end of the strip, get a burger, and then walk back, which took around 2.5 hours and immensely helped my lungs and cough.
By the time I got back to the Riviera, I was feeling well enough to attend some parties, so I went up to the Penthouse for a while to check out the IOActive Freak Show party for a bit. It was similar to last year’s party, but had some new attractions so that wasn’t too bad. I tried to dance for a bit but my chest cold was severely holding me back since I could only dance for a few minutes before not being able to breathe. I left that party shortly after Keith went on since I couldn’t really dance and he started off with tracks that were a little too glitchy for my taste anyhow. Unfortunately I missed the fire dancer at the IOActive party who had a fire hoop like my friend Angi’s, but living in Austin surrounded by burners I think I’m a bit spoiled regarding fire spinning/dancing/performance anyhow. After leaving the Penthouse I took the Ninja Shuttle over to the Ninja Party and hung out there for a few hours talking to friends and waiting in line at the bar until I decided not to push my recent health luck and went back to my room at the Riviera and went to sleep.
On Sunday I slept a little late still trying to fully recover until I needed to check out of my room. Unfortunately this meant that I missed Richard Thieme’s other talk on BioHacking, but I did manage to catch a few more of the talks before I had to head to the airport to catch my plane back to Austin. You can read my thoughts on the talks that I saw below:
Last week and through the weekend I was in Las Vegas for this year’s annual block of hacker conferences, BlackHat USA and DEFCON. This year was a bit different for me as my employer no longer covers conference expenses (even if you’re speaking!), so since I was there not representing a company and entirely on my own dime, I stayed with some local friends for the first half of my stay and did a lot less gambling… none actually. My gracious hosts did a lot of ferrying me around for the first half of my stay as well to help me avoid cab fares.
One of the highlights of BlackHat was obviously the Pwnie Awards. This industry awards ceremony, highlighting the successes and failures of the security industry of the past year, has quickly become one of my favorite parts of BlackHat. If you’re interested, you can find this year’s nominees and winners listed over at the Pwnie Awards website. The impromptu dinner afterward was very enjoyable as well, where I shared a meal with the likes of the lovely Shyama Rose, that beef-hunk (nsfw) Alex Sotirov, Pusscat, who needs no introduction, the code machine I call a boss, HD Moore, some d00d from Rhode Island, slow, and a slew of other interesting and intelligent people.
I didn’t make it to many parties this year, but one of the few BlackHat parties that I did make it to was the Microsoft party over at Treasure Island. An awesome mix of people made for some good conversations, but the music indoors was horrible… The DJ was playing all kinds of early-90’s tunes like Bel Biv Devoe, Boys II Men, etc. Outside the music was much better (house!) except that the DJ kept having to stop the music for any number of reasons, the longest of which being the Pirate show going off just outside the balcony on the waterfront between the club and the street.
Overall BlackHat was a fairly enjoyable experience. I would have liked to have seen more of the presentations but due to an extremely late night Wednesday night culminating in my friend locking himself out of his hotel suite, soaking wet, in his boxers, I ended up sleeping late on Thursday and then attempted to get over to DEFCON early to get registered and get one of the electronic badges to play with. You can however read my thoughts on the various presentations I did see below: