Here is the the recording of my “Rainbow Tables - End of password cracking as we know it” presentation recorded at 2008-09-05. I hope that you enjoy it and please leave any feedback using the comments function.

 

 Rainbow Tables - End of password cracking as we know it 2008-08-22 (webcast): Play Now | Play in Popup | Download

Here is the the recording of my “Overcoming USB (In)Security” presentation recorded at 2008-08-22. I hope that you enjoy it and please leave any feedback using the comments function.

 

 Overcoming USB (In)Security 2008-08-22 (webcast): Play Now | Play in Popup | Download

Here is the the recording of my “Privacy in Wireless Networks” presentation recorded at 2008-08-08. I hope that you enjoy it and please leave any feedback using the comments function.

 

 Privacy in Wireless Networks 2008-08-08 (webcast): Play Now | Play in Popup | Download

In exactly 12 hours I will be presenting “Rainbow Tables: end of password cracking as we know it” live here on this site. The talk will touch on what rainbow tables are, the history of it and a short demonstration.

So I hope to see you on tonight, Friday the 5^th September at 20:00 CEST (GMT+0200).

In exactly one week I will be presenting “Rainbow Tables: end of password cracking as we know it” live here on this site. The talk will touch on what  rainbow tables are, the history of it and a short demonstration.

So I hope to see you on Friday the 5^th September at 20:00 CEST (GMT+0200).

I am starting to look at hardware for a new server. I currently use a lot of VMWare virtual machines for my R&D, but I’ve started to outgrown my regular desktop for my R&D needs and need to get a dedicated machine. First I thought of getting a 2^nd hand computer, but realizing that the price difference between a decent 2^nd hand computer suitable for my needs and building a kicks system from the ground up wasn’t that much, plus I get much more machine.

I have some requirements: first it needs to be a dual or quad core CPU with at least 4 Gb of RAM (and preferably upgrade able). I want a 1 Tb disk for data (virtual machines and stuff) and a 16 Gb CF (with a SATA-to-CF adaptor) as a system disk. CF media is getting really cheap, and I like the SSD benefits (ok, CF isn’t a real SSD - but for my needs it will work fine). On the graphics side it doesn’t need to be anything special, even on-board graphics would be sufficient for my needs as I will mainly access the system remotely. Physical footprint and noise levels are important though, as I will have it standing on my already cramped desk (not on the floor, I like my floor clutter-free).

Based on those needs I have come up with this potential shopping list (I linked the items to NewEgg, although I will probably get the parts from a more local supplier):

• Shuttle SP35P2-Pro Intel P35 Express Socket 775
• Intel Core 2 Quad Q6600 2.4GHz / 1066MHz / 2×4MB
• Corsair XMS2 4096MB DDR2 PC2-6400 800MHz (5-5-5-18) (2×2048MB) (TWIN2X4096-6400C5 G) x 2 (= 8192 Mb total)
• Transcend Compact Flash 16GB (133x)
• CF - SATA HDD Adapter
• Seagate 1TB SATA II Barracuda 7200.11 (32MB Cache / 7200RPM)
• Asus GeForce 6200LE 256MB (EN6200LE TC256/TD/64)
• Sony NEC Optiarc Internal IDE AD-5200A DVD±RW 20x (Black)
• Intel EXPI9402PT 10/ 100/ 1000Mbps PCI-Express Two Gigabit Copper Server Connections

I am not a hardware person so I am sure there are some odd components here, and I’d love to receive some feedback about that. Things like the selection of RAM modules I am a bit unsure of. The specs for the Shuttle barebone says it can support up to 800 MHz memory, but 1066 MHz if you over clock your system (but then you have to start worrying about stability). I didn’t select a faster CPU as I am paying attention to the price/performance and the higher-speed CPUs just seem to be too expensive for my taste. I need the extra NIC ports for my network tap which I use when doing network analysis.

On the software side of things I will probably end up running the 64bit edition of Ubuntu with either VMWare Server or KVM on it (never tried KVM, but a friend of mine strongly recommended it).

I will use virtual machines for many things, including:

• Testing new software
• Pentest practice targets
• Malware analysis
• and so on…

It is important that I can run a wide range of operating systems, especially the various flavors of Microsoft Windows but it would be good if I also could emulate OSX in addition to the mandatory Linux and BSD flavours. Basically I want to be able to run any system or software that I want to test, and build virtual network setups (which speaks for using VMWare Server as it is very easy to build virtual networks using that - never under-estimate the power of a good userinterface).

Last night I started installing Ubuntu-EEE, but it left me with unsuable network connections (same as the standard edition of Ubuntu did). Thanks to the information in their wiki those problems has now been resolved, and I hope that the fixes will be included in a future release of the EEE (there shouldn’t be a need to have a special EEE edition of Ubuntu, it should be supported out of the box).

I also installed the Ubuntu Netbook Remix, but I am not that impressed. It looks great, but has a serious performance problem which standard Gnome doesn’t have - and here I thought we got something specific to the UMPC community where most of them doesn’t have a speed monster of CPU under the hood (and my EEE901 is supposed to be top-of-the-line with its Atom CPU). I will however keep an eye on the Ubuntu Netbook Remix and hope that they will have resolved the performance problem in a near-future release.

I tried to install Ubuntu 8.04.1 during the weekend, but it failed pretty badly. Not the installation itself (which worked flawlessly), but the lack of drivers for both wired and wireless network adapters (bluetooth adaptor worked out of the box though).

A friend of mine recommended Ubuntu-EEE, which supposedly is a EEE optimized version of Ubuntu. As my EEE901 was already in a non-usable state (in today’s world a computer without network connectivity is more or less broken, especially when we talk about cloud computing) I went ahead and downloaded the ISO image and burned it to a disk.

The installation was again flawless (actually even a bit better then standard Ubuntu due to the consideration of the smaller screen real-estate), but when booted same problem persisted: no network connectivity.

I am still searching for a solution for my lack of network connectivity, if you have one please drop me a comment.

The Security4all blog made me aware that the DefCon16 material has been made available, although as an ISO file:

Its packed full of the slides OF ALL the talks, along with the software used to hack Joe Grand’s Defcon16 Badge

I mounted the ISO and zipped the contents because I think Zip files are more managable then an ISO file.

You can download your copy here (702 725 681 bytes, MD5 = ead92958934f0c86c62c2bc4aa2162be).

In exactly one week I will be presenting “Overcoming USB (In)Security” live here on this site. The talk will cover the various threats and attack vectors created by the mere fact of having a USB port on the computer.

This is an updated and extended presentation from when I first preformed it at the NextGen CyberCrime Conference in Singapore.

So I hope to see you on 22^nd at 20:00 CEST (GMT+0200).