DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption

DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch

Рет қаралды 32,224

DEFCONConference

Күн бұрын

Пікірлер: 63

@Asdayasman Ай бұрын

Imagine if we could see the slides for the first eight minutes, that'd be crazy.

@zoc Ай бұрын

💀

@toooes Ай бұрын

Wish granted media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Matt%20Burch%20-%20Where’s%20the%20Money%20-%20Defeating%20ATM%20Disk%20Encryption-white%20paper.pdf

@rekhyl Ай бұрын

defcon in a nutshell

@WrknOnLvnTheLvn Ай бұрын

Get glasses nerd

@CGoody564 Ай бұрын

@@rekhyl meh, considering how it's been the last 5 years, I'd say it's a step up

@edgeeffect Ай бұрын

It'd be hard enough giving a talk when there's another one going on on the other side of the room... but when the other talk starts blasting out over-amplified noise it must be so difficult to not yell "shut the ____ up!" across the room to them.

@EvilGPT Ай бұрын

I hope they paid the researchers a fat bounty on this one!

@youreabigguy Ай бұрын

That's what I was thinking 😂😂 Especially for so many exploits that's crazy

@harrytsang1501 Ай бұрын

By the forth cve we need yo stop being surprised...... until he just chmod -x the executable

@WeLoveWave Ай бұрын

Love how it's specifically a Ford pickup that is used in ram-raid attacks. hahah

@Croissinate Ай бұрын

Love this talk. But what I really wanna know is where tf he got a copy of every single version of VSS

@daviddunkelheit9952 Ай бұрын

WindowsRM or Powershell exploit would provide volume shadow copies…

@PeteBrubaker Ай бұрын

What the hell, where are the slides?

@eyezikandexploits Ай бұрын

Loved this talk

@MCasterAnd 18 сағат бұрын

It's crazy that a conference this big has this shit technical quality

@justanotherguy6359 Ай бұрын

I feel like explosive attacks are seen less in the US due to access to explosives capable of doing the job more than the money being paper. Explosives generally shouldn't cause fire to the contents of the safe if the person using them knew what they were doing at all.

@Bastard_Operator_From_Hell Ай бұрын

In Europe they use gas and oxygen from welding gas bottles with hoses they push inside the ATM. Then ignite the gas mix and boom goes the ATM. Often this is done in Germany and the Netherlands by organized gangs.

@daviddunkelheit9952 Ай бұрын

Proper tamping of charges helps…

@uyscuti5118 Ай бұрын

So sick!!!

@Koutsie Ай бұрын

16:00 i wonder what that was lmao

@WrknOnLvnTheLvn Ай бұрын

Legit scared me

@WrknOnLvnTheLvn Ай бұрын

Thabk you for the talk. Very interesting.

@unicodefox Ай бұрын

Someone please tell this company about Linux UKIs... Also, the part I don't understand is, they're runing windows right? How? He says it just reboots into Windows, but how does Windows get the encryption key, and how does it prevent an attacker from getting the key during the rebootv

@emiliachan Ай бұрын

windows doesnt get the key, it is decrypted inside the linux os when the windows partition is being mounted

@Croissinate Ай бұрын

The entire Windows partition is encrypted. The ATM first boots into a lightweight Linux distro (which is on a partition that is not encrypted) and that Linux distro runs a command that decrypts the Windows partition. Then with the newly decrypted Windows partition it simply reboots into Windows.

@unicodefox Ай бұрын

@@emiliachan ...so they're just leaving the HDD partition unencrypted and hoping the reboot isn't interrupted?

@AaronDedeystere Ай бұрын

Common this gold!

@gunnargu 21 күн бұрын

How are they not seeing their current way of doing things is not working?

@davel202 Ай бұрын

Hot and smart AND knows diebold

@szaszm_ 23 күн бұрын

No slides in the first 9:15 minutes 😭

@ABeautifulHeartBeat 28 күн бұрын

Dontcha Know

@CCMiniBucks Ай бұрын

Its disappointing when you know the only people clapping are the flogs from the financial network security sector displaying their gratitude for someone else doing their job for them. We all know they are told, over and over again, but their gratitude only extends to the bonus giver, not the KPI extender who just made their life harder. White hatting aside, maybe we should just make life hard for them, and say that illicit money from ATMs via system penetration is never insurable, therefore prompting some sort of assurance from the sector providers to do their fucking jobs properly. Tell me im wrong 🤷‍♂️

@bumbaloe Ай бұрын

The echo in this audio is giving me a headache

@moretzsohn7701 Ай бұрын

no jackpot?

@StarsManny Ай бұрын

7:51 "AKA..."? What does that mean?

@iainwade Ай бұрын

Also known as

@TheCzarsoham Ай бұрын

Implying an alternate name. Example: Marshall Mathers aka Eminem

@shmo9943 23 күн бұрын

😂😂

@andrewdunbar828 Ай бұрын

several simularities

@swampdaddy4014 Ай бұрын

We get it.... windows sucks

@Eysvar Ай бұрын

Uhhh, that's not what the talk was about at all. All of the flaws were found in the security software's handling of the Linux partition that was doing validation before booting into Windows

@coolm98 Ай бұрын

This does not invalidate his statement, total extinction of the windows user landscape is still the only way out @@Eysvar

@omarjimenezromero3463 Ай бұрын

we know that since dos creation, even microsoft know it, why the surprised comment?

@Irongrip62 Ай бұрын

Absolute scrubs

@MiddlePath007 Ай бұрын

The way the audience just doesn't want to clap as the talk goes on, it really shows how little people want to hear about past versions and the patches that stopped the speaker. Can ya do anything now? No? Ok leave

@muuraaja-e5k Ай бұрын

Should have used it to bring down dollar.

@mrhassell Ай бұрын

Strongswan & Luks2 - Isn’t that difficult…

@materialoperator Ай бұрын

Any binary we want wooo!! Accept for its been fixed. Nice

@sunny_disposition Ай бұрын

huh, what, were you expecting him to show us a secret handshake and then we each race back from the conference hall to the casino and we get money too0ol!!!! hacking, free money, clout, smarter than the whole world, .... fucking criiiiiiinge

@EvilGPT Ай бұрын

Lol