Posts Tagged ‘Infosecurity’

Déjà vu

Monday, December 24th, 2012

The story about PGP becomes really funny.

Three and a half years ago (in April 2009) our company took part in InfoSecurity Europe in London. I should confess that London is one of my favourite cities; besides, I love events on security — so that I was really enjoying that trip (with my colleagues). But something happened.

(more…)

DC4420

Tuesday, May 12th, 2009

Apart from official IT Security events, London ethical hackers like to organize monthly meetings such as DC4420 in clubs, sometimes changing their location. In an informal manner they exchange their experience, represent new ideas and technologies.

We learned about this event first from icesurfer who follows us on twitter when he dropped by our booth at InfoSecurity Europe 2009 to say hello and so we’ve been lucky to get an invitation to this underground “techno-party”. 
 
After a busy day at the exhibition talking to all from sales guys to journalists this warm and welcome gathering tempted us to stay longer. However, our plane (back to Moscow) was to take off the next morning that is why we could only hear the first presentation (out of three) and to be frank got an over-the-top-pleasure hearing it.
In brief, Andrea Barisani and Daniele Bianco explained how one could find out what is being typed on the keyboard through searching electric signal oscillation registered on a common power socket or even water-pipe. All accompanied by humorous visuals starred by both speakers.
 
 
The second part of presentation introduced a new approach to a pretty known technology for electronic-acoustic reconnaissance – using laser microphone for registering sound vibration as far as 200-300m away. The idea is not fresh, and usually a common window serves as sound reflector. But our techies decided to use laptop cover/display for recording vibrations caused by pressing different keys on the keyboard. Each key has its particular sound. After analyzing laser vibration we get possible variants of typed text. Provided we know what language is being used, it is not a problem to find a right variant.
 
Smart presentations sandwiched between informal chatting and drinking beer gives an absolute sense of belonging to the world of wayward technologies.
 

From InfoSecurity, “the number One in Europe”

Tuesday, April 28th, 2009

We never thought that our participation would bring such kind of trouble (or at least a disappointment).

Monday early morning we came to prepare our stand and apply our wallpapers (yes, we do it ourselves, sort of team building :) ). Practically, everything went smoothly, except for the fact that the organizers did not fix our company name board, electricity was not there and finally – we have got less space than we ordered (and paid for) because wall panels were not constructed properly. But after all, [almost] everything was fixed. Unfortunately, we have not made any pictures, but here is how it should look like (by design):

Click to enlarge

Next morning (the first day of the exhibition) we came to our booth in advance (about half an hour before the exhibition opens). And what we have seen? Two persons (from Reed Exhibitions, the organizers of this event) removing one of the wall papers from our booth – the one that said that we’re doing PGP password recovery. Moreover, we were not able to get the clear answer why they’re doing that, except the fact that “PGP Corporation complained”. And the reference to some “regulations” we still have not seen. We asked for some official paper (act?) about our “violation”, and still waiting for it. When (if?) we’ll get it, we’ll scan it and publish here.

Fortunately, we had the camera handy, and so made several photos of this “process” (removing our wall paper). Organizers (Reed) did not like that, too, and tried to hide their faces from the camera. But they failed, so you can see them now (and the whole “process”):

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Click to enlarge

Cliick to enlarge

Click to enlarge

So we had to put the following note here (fortunately, on one panel only):

Click to enlarge

Click to enlarge

Only two hours later, they (Reed Exhibitions Group Event Director) came to our booth and asked to remove this note. Oops, sorry: not asked, just removed. Without explanation. Well, the explanation was: we have the right to do anything here.

What are they (PGP) scared about? I don’t have an answer. Do we say that PGP protection/encryption is not secure? No we don’t. But we DO say that PGP passwords can be cracked – if they are not selected carefully. But if PGP people cannot explain that to their clients – this is not our fault.

Update: see What does "The only way to break into PGP" mean?

GPU Assisted Password Cracking at Troopers 2009

Tuesday, April 28th, 2009

Last week a colleague of mine, Andrey Belenko, gave a speech at the Troopers conference in Munich. Olga wrote about it in this blog. All the talks at Troopers were awesome. Soon the videos and slide shows will be available for downloading on Troopers website.

If you have an opportunity, visit Andrey’s talk about green password recovery at Infosec, London. It’s on Wednesday, April 29th, at 15:20, at the Technical Theare. Also visit our booth K35 at Earls Court for free software trials.