Thought I would post a few thoughts on today's talks:
Adam Laurie delivered a great presentation on weaknesses in RFID, peppered with live demos that kept the audience engaged while not glossing over the technical details. He demonstrated the process of cloning various RFID cards using a reprogrammable Q5 tag and some custom Python code. He talked at length about how RFID is implemented in passports and some of the inherent weaknesses in the internationally adopted passport standard. The encryption key is derived from the document number, date of birth, and expiration date, all of which are printed on the passport. He was able to brute force the key for a British passport based on the fact that the passport numbers are issued sequentially (doh) and the issue date was stamped on the outside of the envelope, making the expiration date trivial to derive. The notion of passport profiling based on implementation errors was also discussed, with one example being Australian passports which incorrectly generate the random ID and handle the access control protocol slightly different from other countries.
I have to question what the CanSecWest screening committee was thinking when they accepted the idea of presenting Fun with IPv6 Routing Headers in 3D. The slides were laden with text and packet diagrams, so even though 3D glasses were handed out, they didn't help much. Adding to the frustration was the fact that the presenters, Philippe Biondi and Arnaud Ebalard, spoke with a heavy French accent and most people had difficulty understanding them. Normally when you can't follow the presenter, you can rely on the slides to help you derive some technical context. Unfortunately this was impossible with this 3D slide deck. All I know is that IPv6 Type 0 Routing Headers are similar to source routing in IPv4 and they aren't handled consistently across various OSes and hardware vendors. Here's hoping they publish a legible version of the slide deck because I'm sure there's some interesting content. I lasted about 20 minutes before walking out of the room with a headache.
Tomorrow looks promising, with presentations from Barnaby Jack, HD Moore, and Luis Miras, as well as a couple talks on Vista.
[Update: Flat version of the IPv6 Routing Headers presentation is online.]