Incident Response, Network Security, TDR

How corporate security guys in the trenches made my DefCon visit a success

Now that DefCon 15 has passed, I'm feeling the need to have a really good reason to dredge up people's happy, but increasingly distant memories of the industry's beloved Dionysian hacker-fest held in August.

Because of poorly coded software, I spent the majority of my time at the industry's largest hacker conference recruiting attendees to hack into my own system.

The second moral of this story speaks to why DefCon matters. The show lived up to its marketing hype as one of the few places where hackers, feds, corporate IT geeks, the media and miscellaneous security wonks can meet in a safe, open forum to share ideas and information, argue and drink. In my case, a common cause had the same effect. In the 48 hours it took for me to hack back into my system, I had an extremely diverse cross-section of DefCon attendees — one tech support guy, two reporters, one hacker, one federal agent, one forensics expert and two corporate IT guys — offer some tangible form of help. I knew only two of these folks prior to the show.

My work laptop is a nine-month old, souped-up IBM x60s, which came loaded with a hefty client security suite that included several options for stronger user authentication. For some reason, I chose to use its username and password function instead of the way cooler fingerprint reader option. That turned out to be a bad call because, according to the Lenovo tech support guy, “The software was designed for biometrics, not username and password.” Translation: the username and password function was very buggy.

I corralled my good buddy Bob Garza, who wears several security hats. He's no stranger to problem-solving, and a good enough friend that I had no qualms demanding his assistance. He quickly whipped out a USB stick containing the pen-testing suite BackTrack, which included the password-cracking program John the Ripper. When my system didn't recognize the USB stick as a bootable device, Bob was unfazed.

We moseyed our way over to the DefCon press room, where Security Fix blogger Brian Krebs took pity on me. He gave me his Noptix CD, a different security testing suite, which included, among other programs, a more recent version of John the Ripper, which unfortunately still didn't work.

Thank God for John, a senior technical security consultant for a large Midwestern health care organization, who I met on the escalator at Caesars during Black Hat. He attacked my problem with a refreshing zeal. He pulled out a copy of ERD Commander 2005, confident that any issues around not being able to read my hard drive could easily be dealt with by downloading a driver.

His confidence would have been warranted, had I a floppy drive, which was required for the driver to load on my system. Why would software published in 2005 require a floppy to fix a compatibility issue with newer drives?

While I pondered that question, John set plan B in motion, which was to go online and get a copy of Hiram's Boot CD. Thankfully, it had a password program designed by someone with the good sense to load all required updates automatically on boot. Forty-five minutes later, I was back in my system, and uninstalled the client security software. For better or worse, my system is no longer password protected. Right now I'm willing to trade protection for access.

So after all this, a major shout-out to corporate security guys in the trenches. My problem was not a hard one to solve, but did have a couple of mitigating factors. Multiply that by a whole company full of end-users like me, add in politics and an inadequate budget and I can only imagine what John and his peers deal with on a daily basis.

Thanks to well-connected DefCon loyalists, the integrity of DefCon as an open forum is preserved. See y'all there next year.

- Elizabeth Safran is president of Bottom Line Communications, a New York City-based public relations consultancy specializing in information security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.