DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии • 68

  • @Asdayasman
    @Asdayasman 2 месяца назад +166

    Imagine if we could see the slides for the first eight minutes, that'd be crazy.

    • @zoc
      @zoc 2 месяца назад +2

      💀

    • @toooes
      @toooes 2 месяца назад

      Wish granted media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where’s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

    • @rekhyl
      @rekhyl 2 месяца назад +15

      defcon in a nutshell

    • @WrknOnLvnTheLvn
      @WrknOnLvnTheLvn 2 месяца назад

      Get glasses nerd

    • @CGoody564
      @CGoody564 2 месяца назад +8

      ​@@rekhyl meh, considering how it's been the last 5 years, I'd say it's a step up

  • @edgeeffect
    @edgeeffect 2 месяца назад +55

    It'd be hard enough giving a talk when there's another one going on on the other side of the room... but when the other talk starts blasting out over-amplified noise it must be so difficult to not yell "shut the ____ up!" across the room to them.

  • @EvilGPT
    @EvilGPT 2 месяца назад +38

    I hope they paid the researchers a fat bounty on this one!

    • @youreabigguy
      @youreabigguy 2 месяца назад +7

      That's what I was thinking 😂😂
      Especially for so many exploits that's crazy

  • @Croissinate
    @Croissinate 2 месяца назад +10

    Love this talk.
    But what I really wanna know is where tf he got a copy of every single version of VSS

    • @daviddunkelheit9952
      @daviddunkelheit9952 Месяц назад

      WindowsRM or Powershell exploit would provide volume shadow copies…

  • @harrytsang1501
    @harrytsang1501 2 месяца назад +41

    By the forth cve we need yo stop being surprised...... until he just chmod -x the executable

    • @tuurblaffe
      @tuurblaffe 14 дней назад

      The windows people are not aware of what this is

  • @PeteBrubaker
    @PeteBrubaker 2 месяца назад +17

    What the hell, where are the slides?

  • @DustinRodriguez1_0
    @DustinRodriguez1_0 22 дня назад

    While I was in college (like 97-01), I worked evenings as a 'computer operator' in a bank datacenter. Basically babysitting batch processes on an ancient mainframe. I also handled the banks daily ATM network sync. I was surprised how janky it seemed. I had to dial a certain phone number on a telephone, wait for the modem connect screech, and then flip a switch on the ancient-ass modem in order to swap the phone connection over to the modem to finish the connection. That modem was hooked to a very old MS-DOS PC which was used for nothing else. That PC, I was told, contained an encryption card which cost $12,000. They had attempted to upgrade the PC it was in at one point, but the expensive ass card was, for some reason, sensitive to the clock speed of the host PC and would not function. I've always been curious if the encryption on the ATM network was even any good. It was obviously very old, and it wouldn't surprise me to find out it was still using RSA-1 or something just because banks are so cheap they don't upgrade anything until it literally breaks.

  • @MCasterAnd
    @MCasterAnd 28 дней назад +1

    It's crazy that a conference this big has this shit technical quality

  • @WeLoveWave
    @WeLoveWave 2 месяца назад +5

    Love how it's specifically a Ford pickup that is used in ram-raid attacks. hahah

    • @renakunisaki
      @renakunisaki 18 дней назад

      Surely it should be a Dodge Ram?

  • @eyezikandexploits
    @eyezikandexploits 2 месяца назад +6

    Loved this talk

  • @justanotherguy6359
    @justanotherguy6359 2 месяца назад +6

    I feel like explosive attacks are seen less in the US due to access to explosives capable of doing the job more than the money being paper. Explosives generally shouldn't cause fire to the contents of the safe if the person using them knew what they were doing at all.

    • @Bastard_Operator_From_Hell
      @Bastard_Operator_From_Hell 2 месяца назад

      In Europe they use gas and oxygen from welding gas bottles with hoses they push inside the ATM. Then ignite the gas mix and boom goes the ATM. Often this is done in Germany and the Netherlands by organized gangs.

    • @daviddunkelheit9952
      @daviddunkelheit9952 Месяц назад

      Proper tamping of charges helps…

  • @unicodefox
    @unicodefox 2 месяца назад +5

    Someone please tell this company about Linux UKIs...
    Also, the part I don't understand is, they're runing windows right? How? He says it just reboots into Windows, but how does Windows get the encryption key, and how does it prevent an attacker from getting the key during the rebootv

    • @emiliachan
      @emiliachan 2 месяца назад +2

      windows doesnt get the key, it is decrypted inside the linux os when the windows partition is being mounted

    • @Croissinate
      @Croissinate 2 месяца назад

      The entire Windows partition is encrypted. The ATM first boots into a lightweight Linux distro (which is on a partition that is not encrypted) and that Linux distro runs a command that decrypts the Windows partition.
      Then with the newly decrypted Windows partition it simply reboots into Windows.

    • @unicodefox
      @unicodefox 2 месяца назад +2

      @@emiliachan ...so they're just leaving the HDD partition unencrypted and hoping the reboot isn't interrupted?

  • @uyscuti5118
    @uyscuti5118 2 месяца назад +4

    So sick!!!

  • @WrknOnLvnTheLvn
    @WrknOnLvnTheLvn 2 месяца назад

    Thabk you for the talk. Very interesting.

  • @Koutsie
    @Koutsie 2 месяца назад +17

    16:00 i wonder what that was lmao

  • @gunnargu
    @gunnargu Месяц назад

    How are they not seeing their current way of doing things is not working?

  • @StarsManny
    @StarsManny 2 месяца назад +1

    7:51 "AKA..."? What does that mean?

    • @iainwade
      @iainwade 2 месяца назад +2

      Also known as

    • @TheCzarsoham
      @TheCzarsoham 2 месяца назад +2

      Implying an alternate name. Example: Marshall Mathers aka Eminem

  • @szaszm_
    @szaszm_ Месяц назад

    No slides in the first 9:15 minutes 😭

  • @renakunisaki
    @renakunisaki 18 дней назад

    So... they use Linux... just to decrypt a Windows partition and boot into it!? And that involves a full reboot, which could be interrupted leaving the Windows partition exposed? Madness.

  • @CCMiniBucks
    @CCMiniBucks 2 месяца назад +1

    Its disappointing when you know the only people clapping are the flogs from the financial network security sector displaying their gratitude for someone else doing their job for them.
    We all know they are told, over and over again, but their gratitude only extends to the bonus giver, not the KPI extender who just made their life harder.
    White hatting aside, maybe we should just make life hard for them, and say that illicit money from ATMs via system penetration is never insurable, therefore prompting some sort of assurance from the sector providers to do their fucking jobs properly. Tell me im wrong 🤷‍♂️

  • @AaronDedeystere
    @AaronDedeystere 2 месяца назад

    Common this gold!

  • @bumbaloe
    @bumbaloe 2 месяца назад +6

    The echo in this audio is giving me a headache

  • @ABeautifulHeartBeat
    @ABeautifulHeartBeat Месяц назад

    Dontcha Know

  • @davel202
    @davel202 2 месяца назад

    Hot and smart AND knows diebold

  • @moretzsohn7701
    @moretzsohn7701 2 месяца назад +2

    no jackpot?

  • @Irongrip62
    @Irongrip62 Месяц назад +1

    Absolute scrubs

  • @MiddlePath007
    @MiddlePath007 2 месяца назад +2

    The way the audience just doesn't want to clap as the talk goes on, it really shows how little people want to hear about past versions and the patches that stopped the speaker. Can ya do anything now? No? Ok leave

  • @shmo9943
    @shmo9943 Месяц назад

    😂😂

  • @andrewdunbar828
    @andrewdunbar828 2 месяца назад

    several simularities

  • @swampdaddy4014
    @swampdaddy4014 2 месяца назад +23

    We get it.... windows sucks

    • @Eysvar
      @Eysvar 2 месяца назад +5

      Uhhh, that's not what the talk was about at all. All of the flaws were found in the security software's handling of the Linux partition that was doing validation before booting into Windows

    • @coolm98
      @coolm98 2 месяца назад

      This does not invalidate his statement, total extinction of the windows user landscape is still the only way out​ @@Eysvar

    • @omarjimenezromero3463
      @omarjimenezromero3463 2 месяца назад

      we know that since dos creation, even microsoft know it, why the surprised comment?

  • @muuraaja-e5k
    @muuraaja-e5k 2 месяца назад

    Should have used it to bring down dollar.

  • @mrhassell
    @mrhassell 2 месяца назад +1

    Strongswan & Luks2 - Isn’t that difficult…

  • @materialoperator
    @materialoperator 2 месяца назад +1

    Any binary we want wooo!! Accept for its been fixed. Nice

    • @sunny_disposition
      @sunny_disposition 2 месяца назад +8

      huh, what, were you expecting him to show us a secret handshake and then we each race back from the conference hall to the casino and we get money too0ol!!!!
      hacking, free money, clout, smarter than the whole world, .... fucking criiiiiiinge

    • @EvilGPT
      @EvilGPT 2 месяца назад

      Lol

  • @TESTA-CC
    @TESTA-CC Месяц назад

    ATM=IOT=JACKPOT 💳💰💵💸🪙

  • @MultipleObjectSelector
    @MultipleObjectSelector 2 месяца назад +2

    I don't think he says "architecture" enough