This year’s RSA Conference Expo reminded me of the Linuxworld Expo in 2000… there were magic shows, tons of raffles, booth babes, and lots of SWAG. Now is this what an expo is supposed to be like!

I don’t remember what vendor this guy was with, but someone did ‘win’ a usb key from box number six when I was there.

This Borat-like guy was with Fortify Software, and he was very entertaining. Apparently, the Discover Hackistan website was launched last week.

Again, I can’t remember what they were here for, but the Don King guy was pretty funny. They even had people in full Rock Em Sock Em outfits.

Some vendors brought in the booth babes. I wish BitDefender was there, along with their booth babes. The Liquidmatrix Security Digest wrote about the ‘booth bunnies’ as well. Yes, that is a NSA bag, and we did try to talk to them. And by try, I mean we talked and they said ‘I can not talk about that’.

This year’s buzzword was NAC. If you didn’t have one already, there were hundreds of vendors ready to push their product to you. After realizing all the NAC vendors, I wanted to go back and take pictures of each booth and take a tally. But show floor was too big, and I still had lots of vendors to talk to. Anton Chuvakin said ‘Identity’ was greater than NAC, so who knows which one of us is right.

This was a somewhat funny shirt from EC-Council.

Defensics? Is that a word? And it’s trademarked!

CyberDefender had a real Mooninite sign (that the Boston Police thought was a bomb) which they bought from ebay for $1400. It was in perfect working order, and it was up for raffle at the end of the show. Ryan Russell states that it was the second best ad of the show.

I saw two drive destruction companies this year, and Japan Pulse Laboratories seemed to have the more interesting one. It punches two 10mm holes in the drive, which also warps the platters in under 18 seconds.

One vendor had a Wii setup, and we determined that Vince can’t bowl.

That’s about it for this photo review of the RSA Expo… now go hack yourself ;)

Kurt and I were at Jillians yesterday for the WASC meetup, and it was fun chatting with the forty or so people that showed up.

I usually take more pictures, but I there were so many interesting people to talk to. Anurag Agarwal and Jeremiah Grossman also covered the event.

Here is a list of the January updates for my bin toolkit:

Internet:

• Filezilla 2.2.30a – Version update to offical filezilla binaries, no longer using the PortableApps.com version.
• LockoutStatus 1.0.0.60 – Useful utility to check account lockout status accross all domain controllers.

Multimedia:

• WinSnap 1.1.9 – MWSnap doesn’t always work for me, so I will be trying this screenshot utility to see if it does any better.

Utils:

• CCleaner 1.36.430 – Portable version of CCleaner, the system optimization and privacy tool.
• CPU-Z 1.38 – Nice system information util.
• FileDate 1.1 – Easy util to change created/modified/accessed dates on files.

Utils / Sysinternals:

• AutoRuns 8.61
• DebugView 4.64
• ZoomIt 1.21

It would seem that the toolkit is pretty solid now, as half of this list were version upgrades, and I’m not nearly adding as many applications as I did when I first started the project.

The SF chapter of OWASP had the first meeting of the year today, and I had alot of fun. There were two presentations, one from Brad Hill of iSec Partners about XML digital signature and encryption, and one from Patrick Stach of Stach & Liu about cryptography. The talks were good, but the upcoming RSA conference seemed to be on everyone’s minds.

Speaking of the RSA conference, it seems like every vendor is throwing a party on wednesday night, and I am having trouble deciding which one to goto. There is also a security bloggers meetup that night, which should be interesting as well. iSec Partners got it right by having their party on thursday night.

Finjan had a press release yesterday stating that Google’s anti-phishing blacklist leaks passwords. It seems like Google has already cleaned up the problem, as I can’t find any passwords in the current blacklist found here. Arstechnica, TechCrunch, InfomationWeek, and many others had writeups of this problem.

But what is this blacklist and how did the data get there? The blacklist is a list of url’s that Google classified as a phishing site, which would help end users avoid fraud. So how does google determine this, and how is that data getting transfered? Nitesh Dhanjani has a pretty good writeup about this over at Oreilly. We know that information is getting transfered to google via the safe-browsing extension, but which version is vulnerable to this? The downloadable Google Toolbar has one version, the Firefox extension has another version, and Firefox 2 has a built in version. And as to how the data got there, that was due to poor design from the website(s). The username and password were in the url, and since the extension sends whole urls, that data ended up on Google’s blacklist. I didn’t even think people coded sites in this way anymore!

Michael Sutton also researched the blacklist and talks in detail about it here and here.

Did you know that Google’s Safe Browsing was built into Firefox 2 by default now? I was sure surprised to find out that it was. I noticed this while performing a web application penetration test, mainly from all the google.com requests every few seconds. Now, I do think its great that technology like this is helping consumers avoid fraud. However, I wish there was more notice that it was built in and enabled by default. The only way to disable this function is to go into about:config and set browser.safebrowsing.enabled to false. I think this feature should be opt-in (like the google toolbar) rather than opt-out, and that there should be an option in preferences to toggle it. In case you were wondering where it phoned home, my browser went here.