Cryptography and PKI
The speaker was Lawrence E. Hughes, an information technology and computer security fields visionary, with specialized interests in secure digital communication and IPv6. He also founded InfoWeapons Corporation, which is involved in providing security solutions for small to large size enterprises. His talk on cryptography was clear and concise, yet it did not touch on steganography or crypto-analysis. He discussed the two types of cryptography – symmetric (secret key cryptography) and asymmetric (public key cryptography). He stressed the benefits of signed-certificates and demonstrated their use in sending and receiving emails. Lawrence introduced TrueCrypt, a free open-source software for cryptography that can encrypt files and an entire drive.
Paul Sabanal hosted this talk about the implementation of sandboxes in popular applications like Adobe Flash Player and Adobe Reader X. The approach elevates the security restriction on accessing and modifying the configuration machine. Unfortunately, a weakness still exists, which was demonstrated with the use of a suspicious PDF file. Upon opening the PDF file, it changed the assigned policy settings for Adobe Reader’s sandbox. Paul concluded that when implemented, malware authors will have to deal with sandboxes before compromising a machine. Sandboxing adds one more step they must overcome.
AdverGaming the System
Online advertising has been the primary revenue generator for most Internet-based businesses. In this talk, Chris “PaperGhost” Boyd showcased how ads are increasingly being infused into PC, console and mobile video games, sometimes to the point of becoming intrusive during actual gameplay. Chris eloquently provided insights into the history, development and current state of in game advertising – AdverGaming – and how it affects people.
Mac Binary Analysis: A Sn3ak Peak
The day ended with a talk by Christopher Daniel So, on the topic of malware within the Mac environment, specifically OS X. The presentation was very technical, and began with a brief history of Mac. A refresher in C and C++ and its assembly structure equivalent followed. Before introducing the objective C, Christopher introduced objective-oriented programming. He showed that binary in Mac uses the MOV assembly command, whereas Windows uses a push command. Mac malware in action was also demonstrated. This talk confirmed that threats to Mac users are very real and are increasing in frequency and complexity. During the Q&A, and considering Mac binary assembly resembles the Linux C binary we asked the speaker, “Is there a possibility that malware can exist in both Linux and Mac?”
“Yes, there is indeed malware that exists in Mac and Linux,” was the answer.
View the ROOTCON event website here: https://www.rootcon.org/.