Our thirty-eighth technical meeting was held October 28th, 2009, from 7pm to 9pm, in a meeting room at Mangia. Mangia is located at 8012 Mesa Dr, Austin, Texas (map).

Food and drinks are permissible at the meeting, provided you purchase said food and drink from Mangia.

Speaker Notes

TCP Portals: The 'Shake is a LIE!

(todb)

The code for PacketFu is up and available at Google Code. PacketFu was written over a year ago, so maybe some people haven't seen it yet. An example script that sets up the 3-way handshake is available in trunk, under examples. Play around with that to generate a similar condition as was demonstrated at the meeting.

About the Meeting Demo: I would prefer to keep it kind of low-key until next month, if it's all the same to you. I'd like to have more than a couple hours to fully explore the practical effects of the odd behavior demonstrated at the meeting. So, press embargo until next AHA!, mkay? (This is my Dan Kaminsky impression.)

Also, note that PacketFu is getting rewritten at dangerous speeds. I'm getting rid of BinData. Trunk should be unaffected, so it's still usable, but there may be some fallout on the methods and how they're used.

ATM Cheat Sheet

(malloc(i))

First it was Tranax, then Triton, now Hyosung. When will the information leakage stop? Another example of default passwords on mini-atm compiled in a nice list ;) [ ATM-Cheat Sheet | PDF's ]

Anonymous Remote Arbitrary Code Execution in Alien Arena

(Jason Geffner)

This presentation discusses how an anonymous remote attacker can execute arbitrary code on the computers of Alien Arena’s networked players. [ Advisory PDF | Presentation given at AHA ]