Aug 25, 2010

BruCON Schedule 0.6 released

With only 1 month to go, we are releasing a beta version of our schedule. It's packed with good stuff, so don't wait to long to get your ticket.

We accept (online) registrations only till the 17th of September. Door prices will be slightly higher.

There is still the possibility to register for our Training sessions by some international experts:

Aug 11, 2010

Winner and solution of TheHexFactor sample challenge

The first person to answer the challenge completely was Philippe Teuwen. Kudos for solving this challenge the day itself. Since he already has a ticket, he receives a Tshirt and prices will go to the runner-up Mark Hillick!

For those who wondered what the correct answer was, here is the solution:
  • Hidden.rtf is hidden in vader.gif using steganography with the IDEA encryption protocol. Using the passphrase "hexfactor" the file can be extracted.
  • Hidden.rtf contains the following url : http://blog.remes-it.be/wp-content/uploads/2010/07/poodleman.jpg
  • Poodleman.jpg metadata contains UHJpbnNlbmdhbGVyaWosIEJydXNzZWwsIEJlbGdpdW0=
  • The base64 string contains the following information : Prinsengalerij, Brussel, Belgium
  • With Google Maps, you can find the location and retrieve pictures taken nearby. The famous statue is among them : Jeanneke Pis
  • With tineye.com, you can find out which sites also host the poodleman pictures :

http://daviddust.blogspot.com/2009/11/happy-couples.html

http://picturewar.wordpress.com/

http://blog.stuttgarter-zeitung.de/category/dumm-gelaufen-dg/

http://awkwardfamilyphotos.com/2009/11/07/sns-mans-bff/

http://profile.myspace.com/index.cfm?fuseaction=user.viewprofile&friendid=189401

http://www.cutewithchris.com/formal_cat_portraits/index.html

http://www.magazine13.com/awkward-family-photos/

http://poorlydressed.com/

http://ffffound.com/image/d0153c516c834df263886b518bcc77f827eb4508

http://www.spock.com/q/%5EDog-Groomer%5E

http://squat.net/overtoom301/pages/events.html


For those who want to have more fun and learn new stuff.... come over to BruCON and play TheHexFactor! The venue will stay open all Friday evening so you can play after the last presentations to your hearts content.


Previous posts:

Aug 10, 2010

OMG we have been hacked. OH: Not really

Today, some people on the internet discovered the properties of a wiki: editing pages. Just like the Chaos Communication Conference (CCC) and other similar conferences, we deployed a wiki so that users could actively contribute to the conference. Schedule workshops, share traveltips, help us make wallpapers and upload them etc... etc...

Although critical pages are locked down, a lot of pages can be used by our volunteers and visitors. That's the nature of a wiki and the purpose is to be interactive with the community. The downside is that sometimes people misinterpret this as the possibility to do evil and vandalism. Like @securityshell discovered today.

Yes, although we have quite good antibot protection, we are not protected against these kind of people. We could lock the wiki further down, but that is against the open nature of our wiki. It only wastes the time of our wikiadmin who is a volunteer by itself with a real full-time job and hobbies.

Making text insertions and putting iframe code in it (which displays as normal text) and doesn't work and taking screenshots of it on your blog, claiming our website contains malware, well, is not much proof at all. If you know anything about mediawiki is that you can't insert code like that. Above all, it's a total waste of time, of you, of us. We can assure you, no harm was done except wasting the time of our wikiadmin to undo some wiki vandalism. We would hate it to make the wiki less accessible. Go to wikipedia, the 26C3 or the 27C3 wiki soon and have fun there as well. It won't make you a lot of friends in the community. So please stop.

Best Regards
The sysadmin

Aug 6, 2010

Hints for the Hex Factor sample challenge

You still have till Monday to send in your answer but here is a little tip: to have an IDEA about the HIDDEN message in the picture, you just need to focus on the "hexfactor" (lowercase) ;-)

Win a prize: a Hex Factor sample challenge

Aug 5, 2010

Win a prize: a Hex Factor sample challenge

Showing you a little more of what you can do or see during 24 & 25 September. The Hex Factor will be a challenge where people are introduced to the world of security in all its different aspects, or where experienced professionals can improve their current skill set. It is not only a contest for the most elite hacker(s), the challenges are broad and meant to be fun for everyone. Visit the BruCON wiki to see more details about this challenge.

There will be prices for the winners, starting from Tshirts up to some cool hardware prices. More updates on this in the coming weeks. But you can already win a small price now. Below is a sample challenge that will give you the following price:
The challenge will be open till Monday 9th of August 10:00 (GMT+1).

We are looking for a location in Brussels. The picture on this page contains all the information needed for the challenge.



a) what is the location we are looking for ?
b) which famous statue can be found in the vicinity of this location ?
c) how was the "secret" information hidden in the picture on this website ?
d) how did you find the location we were looking for ?
* bonus :
e) give at least 4 websites that host the file which contained the location ? (more is better)


Send your answers to: contest @ brucon.org

Want to try more? Come play the first edition of the 2010 Hex Factor Challenge in Brussels on 24 & 25 September.

More information about the team can be found on their homepage http://www.thehexfactor.org and for the latest developments/solutions of last year, see their blog http://blog.thehexfactor.org