One of the highlights of Defcon is the badge. While this may normally seem like a meaningless thing, the Defcon badges are always special. Every year is a new design that incorporates some kind of technology into the badge. This year was no exception. The main feature of this year’s badge was a new type of microcontroller by Freescale (MC56F8006VLC) that, with the installed firmware, reacts to ambient audio levels and lights up an led depending on how loud it is. Another feature is that all of the badges from the different classes of attendees (Human, Press, Vendor, Speaker, Goon, Contest, and Uber) can combine together.
|Front of Press Badge||Back of Press Badge|
Recently they added a new competition that involved hacking the badge to perform tasks that it was not initially programmed for. At the end they award the top 3 most ingenious, obscure, mischievous, obscene, or technologically astounding badge modifications.
One of the scariest presentations at this year’s Defcon was the defeating SSL presentation by Moxie Marlinspike. This talk was also given at Black Hat, but due to time constraints we were only able to view it at Defcon. The bug he found and subsequent exploit he wrote proves to be one of the greatest MITM hacks in recent history. His new tool sslsniff picks up where sslstrip leaves off. This new hack takes advantage of multiple exploits in how SSL certificates are issued and how they are parsed by web browsers. All of these combined, result in a deadly MITM attack that is near impossible to detect without active network scanning. The slides from the Black Hat presentation can be found here. A narrated version of the slides with better explanation of the exploit can be found here.