Dailydave mailing list archives
Re: The Game / ISS SCADA talk
From: Tom Parker <tom () rooted net>
Date: Mon, 30 Jan 2006 20:50:15 +0000 (GMT)
Although I'm a Brit and therefore naturally charming (therefore not needing such material;), a number of friends who I go out with on a fairly regular basis have read The Game, and now sware by it. As much as it pains me to say - it all works awefully well. Check out the tic-tac-toe trick. Just a few quick thoughts about the ISS ppt (I didnt stick around to see the talk).. 1) When it comes to looking at this from a technical POV, I think they're at least somewhat on the ball; making the point that most SCADA kit can be popped using legacy techniques and that a 'real' attack from a nation-state actor would not nessesarily leverage an 0day. 2) Their case for credible threats against SCADA systems diminishes from there on.. They admit that they have no visibility into the nation state (or 'al qaeda' as they sighted in their slides) - so why try? As my co-speaker noted in my talk earlier in the day; its very easy to play the blame-bin-laden game; and ignore the other potential actors which also fall into the nation-state bucket. I think (and again, I didnt see the talk, so apologies if I'm not giving due credit here) that the ultimate shortfall of this is attempting to anticipate an unidentified and potentially non-existent adversary, through the interpretation of a limited amount of data with a western mentality. Their concluding slide attests to the feasibility of 'cyber terrorist' attacks against SCADA systems, though the use of limited skills. Well sure, let's assume that's true. But who is to say that they would have the know-how to operate the SCADA system on compromise (and the number of other factors that might be associated with the ultimate objective being a success). As a topic, I think it's a whole lot more convoluted than people think once you scratch the surface. 3) Did they get permission to reproduce that Simpsons screengrab ;> -Tom On Mon, 30 Jan 2006, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 <!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --> Recently I read a book called ?The Game? which is a discussion of the psychological techniques pick up artists use when trying to approach groups, which they call ?sets?. Most people would find the book just full of funny anecdotes and insane ideas, but as I am impressionable by what I read to the point of being feeble minded, I spent BlackHat with phrases like ?AMOG? in the back of my head at all times. To sum the theories in the book up, you pick up a woman by becoming the alpha male of whatever group she is a part of. In other words, picking up women is not about the woman, it's about you and your place in society. They've documented many techniques for manipulating situations to become the alpha male of a group and named them all silly names. And, of course, this is BlackHat in a nutshell, since there's so few women at security conferences (not including Microsoft recruiters) that the last conference I went to they had to go up on stage and apologize for having no idea how to speak to Joanna politely. So after becoming burnt out on information security talks, I sat at the back of BlackHat Federal 2006 and cataloged a few of the more common AMOG techniques. For example, David Litchfield uses commercial-grade ?push-pull?. Halvar opens sets with false time constraints. I was giving my best shot at the cocky-funny technique. Dr. Linton Wells has a sophisticated wingman pattern going on. Always good to see people's games in real life. :> You can buy ?The Game? at your local bookstore. It's the one that looks like a bible that lots of dudes have flipped through before they thought about how they already knew everything there was to know about the subject. Myself, I always felt cheated this kind of material wasn't in the Psychology and Sociology texts. If you're too lazy to read paper, you can read about all the wacky theories on fastseduction.com. If right now you're thinking ?but I'm married? then email your wife and ask how she feels about being seduced. As Earthlink's kung-fu anti-spyware team would say, ?Two fives makes a ten?. Whatever that means. :> The point is: Get over the fact that these people are losers and just learn what they know. It's like what the Feds with their 2.5 children and houses in the Maryland suburbs think going to Defcon. With every conference I go back and examine the talks I saw and what surprised me in some sort of note, and this is that note. First of all, I expected to find Johnny Long not as funny as I did. But his volunteer talk on ?Hollywood Hacking? was quite amusing. Billy Hoffman's talk on web application worms was fascinating. Who would have known that XSS was on some sort of ?edge?? He needs to learn to speak slower though so those of us without a slow-time bubble can parse his speech in realtime. John Heasman's talk on ACPI bios rootkits has gotten two reactions. 1 Hoglund, myself, and others who like to write rootkits loved it. 2 People who don't like to write rootkits cited the versioning issues and general level of difficulty as being reasons this isn't worth worrying about. (Phew! :>) Adam Shostack won the award for best question at the keynote for ?And how exactly do you plan to scale up your process for analyzing all that source code you're collecting?? He's in some stealth-mode privacy company now. Joanna demoed a quicky kernel backdoor that evades all current detection tools and pointed out that reading kernel memory is not trivial in Windows. My favorite Joanna quote: ?Hiding a process with a rootkit is a waste of time.? Basically, not all rootkits need a process. It's a service you can OFFER as a rootkit, but one that makes you a lot easier to find. And of course, Halvar's talk was great. It was good to see him nervous and out on the edge of his stuff again. As for my talk, updated slides are on our web page now, and we've thrown a flash movie of the preliminary demo of our VisualSploit project up at http://www.immunityinc.com/resources-papers.shtml. <http://www.immunityinc.com/downloads/vsploit_demo/> In other news, the Immunity Unethical Hacking class is full now (sorry), but we'll have another one in late May if you missed this one. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFD3lF7B8JNm+PA+iURAjESAJoCip4UIVDnpdvWEKiF/GcCa2VgDgCfRPao siGW0Ip7dZhKogu3FWi2GpE= =66h8 -----END PGP SIGNATURE-----
Current thread:
- The Game Dave Aitel (Jan 30)
- Re: The Game Adam Shostack (Jan 30)
- Re: The Game / ISS SCADA talk Tom Parker (Jan 30)
- Re: The Game halvar (Jan 30)
- x86_RE_lib Joel Eriksson (Feb 03)
- Re: x86_RE_lib Dave Aitel (Feb 03)
- x86_RE_lib Joel Eriksson (Feb 03)
- Re: The Game Jonatan B (Feb 08)