AOH :: ISNQ5254.HTM

The Best (and Worst) Hacks of Defcon Computer Security Conference 2009




The Best (and Worst) Hacks of Defcon Computer Security Conference 2009
The Best (and Worst) Hacks of Defcon Computer Security Conference 2009



http://www.fastcompany.com/blog/kit-eaton/technomix/defcon-computer-security-conference-scary-all-sorts-reasons 

By Kit Eaton
Fast Company
August 3, 2009

Computer security is a famously murky world that tends to generate 
alarmist headlines--like the ones about Apple's vulnerabilities from 
last week. Defcon 2009 has just finished, and lived up to this 
reputation in many, surprising, ways. We've rounded up some of the best 
worst most interesting bits of news.


Closing Down the FAA

Righter Kunkel, a computer security expert and pilot who spoke at the 
conference, delivered some very scary news to the FAA--and, indeed, to 
nervous fliers the world over. According to Kunkel, the FAA's network is 
extremely at risk from a denial of service attack. And, unlike some 
computer network vulnerabilities which require devious coding and clever 
implementations, it seems that gaining access to the FAA's is 
terrifyingly simple.

Assume you're a hacker with malicious intent, you first have to get fake 
ID, and use that to get a flying-fitness medical certificate. With this, 
you'd obtain a student pilot's certificate number, and thus gain access 
to the FAA's flight plan submission system (a legal requirement for 
flights within the U.S.). Then, since you're now a trusted member, you 
issue such a deluge of fake flight plans that the system is overloaded 
and no longer working.

Kunkel held back some of the details, of course--he has no wish to bring 
down the system and endanger lives. Instead, he hopes that the exploits 
he revealed that could serious damage flying operations in the country 
will get the FAA to perk up its network security.

[...]


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods