Posted on April 14, 2013 8:30 pm

TJX Hacker Gives Keynote At 'Offensive' Security Conference

from the you-put-me-right-off-my-fresh-fried-lobster dept.

Two hundred hackers from around the world gathered at a Miami Beach hotel Thursday and Friday for the Infiltrate Security conference, which focuses on systems hacking from the ‘offensive’ perspective (with slides). In a keynote address, Stephen Watt, who served two years in prison for writing the software used by his friend Alberto Gonzalez to steal millions of credit card numbers from TJX, Hannaford and other retailers, acknowledges he was a ‘black hat’ but denies that he was directly involved in TJX or any other specific job. Watt says his TCP sniffer logged critical data from a specified range of ports, which was then encrypted and uploaded to a remote server. Brad ‘RenderMan’ Haines gave a presentation on vulnerabilities of the Air Traffic Control system, including the FAA’s ‘NextGen’ system which apparently carries forward the same weakness of unencrypted, unauthenticated location data passed between airplanes and control towers. Regarding the recent potential exploits publicized by Spanish researcher Hugo Teso, Haines says he pointed out similar to the FAA and its Canadian counterpart a year ago, but received only perfunctory response.