My first time at Pumpcon and it was quiet educational and fun. Nothing like being with a small group of smart people drinking and talking about computers. Considering this is an invite only group I have to thank the speaker that allowed me to come along. Overall there were two talks that really got my attention. These were from the two Brads. There was another presentation also by Travis Goodspeed.
The First Brad
This was an entertaining and informative talk on Blueray hacking. It appears most new Samsung devices all use the same underlying OS. This includes the TVs. Brad went into good detail about how he soldered wires to the different debug connectors on the board to monitor the electricity with a volt meter and logic analyzer. He took us through his epic adventure of being denied console access through just about every approach. Eventually all this research had lead him to an approach where he was able to setup a telnet listener and obtain console root access to the device. I’m sure there will be a blog with more detail on this eventually at Open Security Research. For now one of the biggest nuggets of information he supplied was to check out SamyGo before doing any Samsung hacking.
The Second Brad
The BacNet Attack Framework talk was interesting. This typically goes a little outside of the realm of this blogs core topic of information security, but it’s very important because of the significance around ICS and SCADA equipment. Brad went through some discussions about BackNet listening and suggested a good portion of the items he is studying all talk on UDP. Based on my understanding it appears many of the items he is discussing really could be mitigated with unidirectional firewalls or other known protection mechanisms.
What Else?
The rest of the Con was spent with drinking and talking about sexual harassment images in presentations. It was in regards to whether or not certain images should be shown at conferences now since there are more and more women attending. I think eventually the best response to this was “let’s just end this discussion and talk about computer shit”.
InfoSecAlways.com 