Information Security News: Hacker Court 2008 Post Mortem

[InfoSec News <alerts () infosecnews org>]

http://blog.tenablesecurity.com/2008/08/hacker-court-20.html

By Carole Fennelly 
August 21, 2008

Another Black Hat conference for the record books! It.s traditional for 
me to have a panic attack on the eve of Black Hat, trying to pull the 
Hacker Court team together to work on our presentation ("Hack MyFace") 
and swearing I'm never doing this again. This year was even worse: the 
defendant, Simple Nomad, and the judge, Richard Salgado, both had to 
cancel at the last minute. We still had to work out evidence details (as 
Simple Nomad once pointed out, it would be easier to actually hack into 
a system than generate fake evidence) and now had to find replacement 
players. Richard Salgado noted that "anyone can be a judge", but who 
could fill Simple Nomad's stylish boots?

Fortunately, fellow NMRC member and Hacker Court veteran, Weasel, came 
to the rescue to play "Simpl Gnomad", complete with bathrobe, and 
sunglasses. Hacker Court co-founder, Jonathan Klein, stepped in as a 
very intimidating Judge.

This case hinged on the fact that the defendant , responding to a 
journalist's inquiry, used a zero-day exploit to hack into a presumed 
social networking site, "MyFace" with the encouragement of the site's 
owner, Mudge, who was really a Secret Service Agent investigating social 
networking exploits. The site was actually a Virtual Machine (VM) on a 
server that housed other case VMs (agency budget cut-backs). The 
defendant not only compromised the security of the "MyFace" site but 
also broke out of "MyFace" and obtained information about sensitive 
on-going investigations. 

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/