Thoughts from Black Hat

Good info on bad deeds from the Black Hat conference

Hacking RFID

For my money, Chris Paget, director of R&D for IOActive, provided great entertainment from his RFID hacking demos and gun-shooting videos. Paget and his company developed a low-cost, handheld device for cloning RFID cards. Paget held up several RFID cards, waved them close to his cloning device, and in seconds created a usable copy of the original RFID card. He even placed one of the RFID cards into a protective sleeve that is advertised to keep the RFID card safe from cloning. Within 3 seconds, his device successfully read the information stored on the RFID card. In conclusion, Paget said, "If you use 125KHz proximity cards, your doors are highly insecure!"

At the back of the audience, another vendor, Identity Stronghold, was handing out free "secure sleeves" to help protect security cards from malicious cloning. I asked if the card sleeve would prevent the cloning that Paget was demoing. "No," was the reply, "not 125KHz cards." Maybe it's time to investigate your company's RFID frequencies.

Phil Zimmerman showed off his new Zfone VoIP security software. It adds solid encryption protection to any software-based VoIP security software simply by installing the free software and pointing your VoIP software to a new host port. It doesn't use persistent keys or PKI. Mr. Zimmerman spent lots of time answering the audience's questions about the Zfone and encryption software in general. But he had me at "Today, what I really care about is making sure democracy continues to thrive." You have to admire a guy with a 30-year burning desire for the betterment of the commons.

Bruce Schneier gave a great second-day keynote on the psychology of security. If you've been following any of Bruce's writings over the last year, you're already intimately familiar with the topic. I think I've read more than half a dozen of his essays on the subject, but he still managed to bring fresh information to the table and was a good speaker. I believe everyone, involved with security or not, should read Bruce's provocative information.

Brandon Baker of Microsoft spoke on Windows Server 2008's new virtualization model used in the Windows Virtualization Server (WSV) server role. Although I'm unsure if the new security changes apply to just WSV or virtualization in general, here's the gist of the newer security implementation: In older-style VMs, Guest OSes ran their kernel in the processor's Ring 1 (instead of Ring 0) and their applications in Ring 3. This necessitated that VM software fake the Guest OSes' kernel into thinking it was running in Ring 0, as it expected. This requires virtualization tricks and special VM drivers.

The newer VM security model uses Intel and AMD hypervisor processor extensions to separate memory, CPU, and other resources into one or more partitions. The software portion of the hypervisor and the VM software run in the root partition. All Guest OSes run in separate partitions with separate resources, but with access to Ring 0 and above. This means no special VM drivers are needed. However, Guest OSes are prevented from directly accessing hardware by the extensions built into the CPUs.