It is mid-January and that means its time for the winter issue of 2600 The Hacker Quarterly. I have been an avid fan of the magazine for years. In the editorial “From the Ashes” I was pleased to read how the staff behind the magazine have overcome last years challenges. The digital edition is doing well and UK subscriptions are up after a vendor threatened to pull the magazine. Furthermore, HOPE 2020 is still on. In fact, the hacker conference is set for July 31st to August 2nd at St. John’s University in Queens. That is just short subway ride from Manhattan. At the 2600 store there are still tickets available (I think) – just follow the link.
The articles I liked
This issue features a number of interesting articles. The first is called “Industrial control with Modbus” by Malvineous. It basically provides an overview of the usage of the RS-232 and RS-485 for serial communication. Modbus is a protocol that can be used for the latter, but as it is over 40 years old it has becomes dangerously obsolete. The author of the article goes into some detail about the weaknesses of Modbus and what you can do test those. Near the end the suggestion is made hackers attacking the Ukrainian power grid had no direct access to the system, but did the attack indirectly. The attack nearly succeeded if it weren’t for a recent configuration change.
Another article I really liked was by Terry Clark entitled “Maximizing Privacy in a Digital World“. It covers the basic of remaining private online. The use of non-tracking search engines such DuckDuckGo as well a VPN are pretty standard, but it is still good to see them described. I was intrigued by the use of password generators such as LastPass and KeePass. I have been thinking of using either for some time and now I no longer have an excuse not to.
There is also an article called “Reflections on Hackers” by Eugen Spierer in which he discusses some similarities he experienced in his own youth. Eugen has of course experienced situations that every loner / nerd has – I am no different. I thank him for being so forthright. A final article I want to mention is “Pass the Cookie and Pivot to the Clouds” by Johann Rehberger. It is one of few truly technical articles in this edition and it provides practical steps to tests session hijacking vulnerabilities.
Get a subscription to 2600!
If you are intrigued by 2600 The Hacker Quarterly then go pick up the magazine. In Europe it may be hard to find them on the shelves but I know the American Book Center in Amsterdam and The Hague carries it. Of course getting a subscription is even better. Overseas (from the US) it costs 41 dollars while individual digital editions retail for just 5 dollars. Also check out my Autumn 2019 review and Paged Out!.