- I moved from Infra to Privacy
- Wait, what?
- Yup.
I started working with Privacy PE to support teams that create solutions to keep our user’s private information, private. So I’m still a Production Engineer but instead of shipping logs now I’ll fix, improve, automate or scale services that deal with user data.
Because I believe I can contribute to make Facebook safer.
I am a Facebook user, most of my family is, however most of my friends are not, basically, because they don’t trust us.
We have our issues with privacy. We have a history of leaks and abuse. I want to help change that so one day, hopefully, we set the standards for others to follow.
My new team’s first engagement is to improve the production systems that do data discovery and classification. They built a service to analyze all the databases we have in order to determine if they contain user identifiable information (UII). There is a recent paper with more information out there . We use this system as a safety net alongside our other data policy enforcement systems to ensure no UII is left without data retention and access controls enforced.
That’s the kind of service I’ll be working on from now on. It’s a big change and a great challenge.
I think I’ll be up to it.
Érase la ekoparty 2009 cuando armamos una W.O.P.R. para poner en el escenario.
Si no sabés qué es la W.O.P.R. sos demasiado chico o no tenés que estar leyendo mi blog. Ver War Games
La AI (ja-ja-ja) mostraba sus leds parpadeantes y un display, tal como en la película. La parte de atrás servía de escritorio y hasta tenía una pequeña lámpara suficientemente buena como para poder enchufar el cable VGAen la laptop del speaker. El panel de control, que estaba a la izquierda, era el tablero de una inyectora de plástico que por algún motivo creí que era buena idea comprarle chatarrero (obviamente compré la inyectora también...). Sobre ese panel montamos un semáforo conectado a unos timers para indicarle sutilmente al speaker cuánto tiempo le quedaba y si se tenía que bajar del escenario.
También, hicimos un cartel que mostraba el estado actual y teníamos un colaborador que iba cambiando el estado DEFCON a medida que la charla se ponía más picante, llegando a 1 cuando se mostraba el PoC.
Tenía cientos de leds y un display de 7 segmentos, controlado por un AVR atmega32, unos uln2002 y una fuente de PC. Basicamente el controlador randomizaba números y los mostraba en el display de 7S y después los leds estaban cableados en serie/paralelo, también en forma aleatoria.
Éramos cuatro trabajando en esto (perdón si me olvido de alguien). Yo hice el diseño, el montaje de la estructura de madera y el PCB con la electrónica, otros dos trabajaron en enchaparlo y pintarlo y finalmente Seba, mi socio del momento, hizo cada agujerito en una placa de acrílico, pegó led por led y les soldó un cablecito a cada una de las patitas.
Les dejo una serie de fotos que encontré. Tienen horrible resolución, fueron sacadas con un nokia en la oscuridad de un galpón en el barrio de Caseros por allá en 2009.
Esto apareció para editar en forma colaborativa en un rincón de internet.
Si tienen algún arreglo para meter dejenlo de comentario.
Hoy cayó otro, y salió en la tele. "Pibe preso por escándalo informático", "Hacker detenido por meterse en un banco"...
Pendejos de mierda. Son todos iguales.
Pero alguna vez, con esa mentalidad de morfarte cualquier gilada en la tele, te preguntaste qué es ser un hacker? Qué le copa…? qué lo hizo ser así…?
Soy un hacker, bienvenido a mi mundo…
Mi mundo empieza en la escuela... Soy más inteligente que los otros pibes; las boludeces que nos enseñan me aburren…
Pendejo mediocre. Son todos iguales.
Estoy en la secundaria. Ya escuché a los profesores explicar cómo simplificar fracciones por enésima vez. Estoy re podrido. "No, Sr. Perez, No escribí el desarrollo completo, lo hice mentalmente..."
Pendejo de mierda. Seguro se copió. Son todos iguales.
Hoy descubrí algo: una computadora. Está buenísima y hace lo que quiero. Si lo hace mal es porque la la cagué yo, no porque no me banca…
O porque la intimido...
O porque cree que soy canchero…
O porque no le gusta enseñar (ni debería)…
Pendejo de mierda. Todo el día jugando a los jueguitos. Son todos iguales.
Y así pasó... me abrió la puerta del mundo... el pulso electrónico viajando como droga por el cuerpo de un adicto, refugio de las pelotudeces diarias, un lugar para postear.
"Este es mi lugar..."
Acá los conozco a todos… conozco hasta a los que nunca ví, a los que no charlé y hasta a los que nunca me voy a cruzar otra vez" Los conozco a todos.
Pendejo de mierda. Siempre conectado. Son todos iguales...
Obvio que somos todos iguales... nos daban mamadera y queríamos morfar asado... si había algo de carne venía pre-masticada y sin gusto. Nos dominaron los sádicos, nos ignoraron los apáticos. Los pocos que tenían algo para enseñar nos encontraron con ganas, pero eran los menos.
Este es nuestro mundo ahora...el mundo del electrón, del switch y de la belleza del bit. Usamos un servicio sin pagar que podría ser baratísimo si no estuviese manejado por la grasa de las capitales y nos llaman delincuentes. Buscamos conocimiento, y nos llaman delincuentes. Existimos sin nacionalidad, color ni religión... y nos llaman delincuentes. Ustedes crean bombas atómicas, financian guerras, matan, engañan, nos cagan y nos chamuyan diciendo que es para nuestro propio bien pero nosotros somos los delincuentes.
Sí, soy un delincuente. Mi delito es la curiosidad. Mi delito es juzgar a la gente por lo que dice y piensa, no por cómo se ve. Mi delito es ser mas piola que ustedes, eso no me lo van a perdonar nunca.
Soy un hacker, y este es mi manifiesto. Me podés parar a mi, pero no podés parar a todos… después de todo, somos todos iguales.
Adaptación libre de Hacker's Manifesto, por The Mentor.
Here are the 8 English talks given at ekoparty last year.
They were professionally translated to Spanish simultaneously for the non-English speaking audience.
Of course, we did the same for talks in Spanish (but translated to english, of course)
In no particular order, the talks:-
Direct X – direct way to Microsoft Windows kernel - Nikita Tarakanov
Graphics technologies expose a large number of APIs in kernel mode drivers that need to be accessible by ring 3 code. Whether you are creating a resource for a video game or a video player you will end up using one of the low level functions that the Windows Display Driver Model provides for interaction with kernel driver. Graphics operations are intensive, complex and accessible as unprivileged user. This research focuses on how to find vulnerabilities in low level, common ring 3 to ring 0 interactions as defined by WDDM and exposed through GDI user mode library. On this presentation we will show you fuzzing statistics, methodologies, and vulnerabilities found on Intel, NVIDIA and ATI drivers.
Faux Disk Encryption: Realities of Secure Storage on Mobile Devices - Drew Suarez and Daniel Mayer
The number of mobile users has recently surpassed the number of desktop users, emphasizing the importance of mobile device security. In traditional browser-server applications, data tends to be stored on the server side where tight controls can be enforced. In contrast, many mobile applications cache data locally on the device thus exposing it to a number of new attack vectors. Moreover, locally stored data often includes authentication tokens that are, compared to browser applications, typically long-lived. One main concern is the loss or theft of a device which grants an attacker physical access which may be used to bypass security controls in order to gain access to application data. Depending on the application's data, this can result in a loss of privacy (e.g., healthcare data, personal pictures and messages) or loss of intellectual property in the case of sensitive corporate data. In this talk, we discuss the challenges mobile app developers face in securing data stored on devices including mobility, accessibility, and usability requirements. Given these challenges we first debunk common misconceptions about full-disk encryption and show why it is not sufficient for most attack scenarios. We then systematically introduce the more sophisticated secure storage techniques that are available for iOS and Android respectively. For each platform, we discuss in-depth which mechanisms are available, how they technically operate, and whether they fulfill the practical security and usability requirements. We conclude the talk with an analysis of what still can go wrong even when current best-practices are followed and what the security and mobile device community can do to address these shortcomings. At the end of our talk, attendees will understand the significant challenges involved in storing data on an always-on and portable device, how to securely store data for different use cases, and how to uncover secure storage flaws in real-world applications.
Stick That In Your (root)Pipe & Smoke It
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.
Satellite TV Receivers: from remote control to root shell - Sofiane Talmat
The evolution of Satellite TV encryption was closely followed by the emergence of new generation of Open Set Top Boxes (Satellite receivers) operating on most of the time on full linux operating system making them more computers like than simple receivers and bringing them to join the IoT. In this engaging session we will teardown a common satellite receiver and deep dive into its vulnerabilities from both design and technical point of view highlighting how far are Satellite TV Receivers from being secure IoT devices. We will start from hardware analysis and components identification to firmware and protocols analysis discovering its vulnerabilities at each level and their exploitability and attack vectors. We will also describe technically how easy an attack could be conducted at every step including its impact knowing that millions of such devices are connected to internet.
Warranty Void If Label Removed - Attacking MPLS Networks - Georgi Geshev
This talk will be a walk-through of research findings from assessing multiple MPLS implementations and the various key weaknesses that were found to affect a number of leading vendors. General MPLS and MPLS related terms and concepts will be briefly introduced to the audience, followed by an overview of a typical service provider network, classic topologies and basic traffic engineering strategies. Several network reconnaissance techniques will be presented that allow an adversary to partially or, in some cases, fully reveal the MPLS backbone Label Switching Router (LSR) interconnections by leaking internal LSR IP addresses. The attack scenarios against service provider infrastructure will then be followed by attacks on customers of the MPLS domain. It should be noted that none of the examples and demonstrations require access to the MPLS backbone, i.e. attacks are executed from the perspective of a client of the MPLS domain. This talk will be concluded with both general and, where applicable, vendor specific best practices and recommendations on reducing the attack surface of an MPLS network.
Secure DevOps is possible: How osquery is built - Teddy Reed & Javier Marcos
Facebook's osquery is a Linux and OS X intrusion detection and response tool. It supports 10 OS flavors and is continuously built for 8 of those. It is very important that the infrastructure used to test, build, and publish security software be secure itself. This discussion presents how our Security team has enabled any Github contributor to submit C/C++/bash code to our CI and build server, safely. We will guide the audience through our CI hardening process and the attack and vulnerability reports we have received through our bug bounty targeting CI. This includes isolating a Mac Mini fleet of build slaves, not trusting Jenkins as much as possible, automatically building, signing, and publishing packages to AWS S3, doing the same for OS X kernel extension code, adding 2-factor to everything.
System updates, Attack and Defense - Sofiane Talmat
From device firmware to full complex operating systems, system updates are critical to maintain an up to date version of the running software, providing security patches and fixes for vulnerabilities, however many update and upgrade systems contain vulnerabilities that could make things go wrong. In this talk we will not only dissect in details some existing system updates vulnerabilities, we will also deep dive into common vulnerabilities concepts discovered during this research and previous work, we will describe different attack scenarios and approaches and how this could lead to the whole system subversion. We will also talk about both common design and technical mistakes and best practices on how to design secure system updates and upgrade for both devices and softwares.
Learn about the enemy - Moonbeom Park
Many hacking incidents and cyber terrors happen in the South Korea. KrCERT/CC has been analyzing and profiling on 500~1,000 incident cases every year. Among those incidents, there are some of attack and cyber terror against government agency, media, broadcasting services, critical infrastructure, financial sector by organizations from different nation(Suspicious of North Korea cyber warfare activity). They have been using simular malware and attack method that were made for same organization since years of planning, Conclusion can be leaded to unknown enemy that causes cyber warfare. This presentation will be dealing with North Korea cyber warfare organizations and there activity. Presentation includes analysis result of malware and hacking method(Techniques that were used by North Korean hacker). You will be able to learn about malwares and attack method in different incidents by them has something in common.
