Slashdot Mirror

Spot the Fed

It's kind of fun to watch, but really screws up the talk schedule when someone announce they found a fed in the middle of a talk. This happened last year. They stop the talk, run to get a moderator and begin the interrogation.

If you are in Vegas this week, you can meet/get books signed by Johnny Long on July 28 at 12:30PM http://www.blackhat.com/html/bh-usa-05/bh-usa-05-s chedule.html Or, at DEFCON on July 30 at 8:00PM http://www.defcon.org/html/defcon-13/dc13-schedule .html

If this topic (or alcohol) interests you,
Johnny Long will be giving a talk about it at Defcon in Las Vegas this weekend. Go!
Google Hacking For Penetration Testers

This is accurate. Gotta love http://www.defcon.org/. I was there, man!
Fortunately for everyone, the oppressors in the US permitted Dmitry's employer's in russia to stand trial on his behalf. <3 EFF too.

When supporting the EFF in words, how about with funding? There is theSummit 2005, on Thursday July 28, 2005 in Las Vegas...

At the end of Black Hat and the beginning of DEFCON this year is theSummit 2005 - bringing together DEFCON & Black Hat speakers from past/present, as well as well known names in the computer security world. We all come together in a small, private venue for the evening summit to meet and discuss the important topics and socialize.

Note that there will be no more than 200 tickets sold (including featured guests), and all proceeds go to the Electronic Frontier Foundation [http://www.eff.org/ with the sponsor covering event overhead.

theSummit is our gathering of BlackHat / DefCon speakers and big thinkers in the Information Security realm. Anyone interested in supporting the EFF, are highly encouraged to attend; meet with fellow Information security professionals, and talk with big thinkers from the Information security world in a more private and informal setting. Too many times people want to ask questions, or have ideas that cannot make it to the big thinkers. This is either because of time conflicts or they are nervous to come up and talk. This event plans to pull out the stops, and allow the free form of conversation to flow.

The Electronic Frontier Foundation [http://www.eff.org/ is a nonprofit group of passionate people -- lawyers, technologists, volunteers, and visionaries -- working to protect our digital rights.

Where: Ice House Lounge, 650 S. Main Street, Las Vegas, Nevada
When: Thursday July 28, 2005, 9:00PM - 12:00AM
Tickets: $30 (pre-sale) $40 (at the door, if available) All Ages welcomed!

For more information, and to purchase tickets for the event:
http://www.dc702summit.org/home/

Event is sponsored by the Hackajar Foundation, and by the members of DEFCON 702.

We all hope to see you there!

(as posted in the Livejournal DEFCON community [http://www.livejournal.com/community/defcon_defco n/323.html ])

When supporting the EFF in words, how about with funding? There is theSummit 2005, on Thursday July 28, 2005 in Las Vegas...

At the end of Black Hat and the beginning of DEFCON this year is theSummit 2005 - bringing together DEFCON & Black Hat speakers from past/present, as well as well known names in the computer security world. We all come together in a small, private venue for the evening summit to meet and discuss the important topics and socialize.

Note that there will be no more than 200 tickets sold (including featured guests), and all proceeds go to the Electronic Frontier Foundation [http://www.eff.org/ with the sponsor covering event overhead.

theSummit is our gathering of BlackHat / DefCon speakers and big thinkers in the Information Security realm. Anyone interested in supporting the EFF, are highly encouraged to attend; meet with fellow Information security professionals, and talk with big thinkers from the Information security world in a more private and informal setting. Too many times people want to ask questions, or have ideas that cannot make it to the big thinkers. This is either because of time conflicts or they are nervous to come up and talk. This event plans to pull out the stops, and allow the free form of conversation to flow.

The Electronic Frontier Foundation [http://www.eff.org/ is a nonprofit group of passionate people -- lawyers, technologists, volunteers, and visionaries -- working to protect our digital rights.

Where: Ice House Lounge, 650 S. Main Street, Las Vegas, Nevada
When: Thursday July 28, 2005, 9:00PM - 12:00AM
Tickets: $30 (pre-sale) $40 (at the door, if available) All Ages welcomed!

For more information, and to purchase tickets for the event:
http://www.dc702summit.org/home/

Event is sponsored by the Hackajar Foundation, and by the members of DEFCON 702.

We all hope to see you there!

(as posted in the Livejournal DEFCON community [http://www.livejournal.com/community/defcon_defco n/323.html ])

Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/. We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)

Don't forget Defcon which will be occurring in Las Vegas, Nevada, July 29-31, 2005. http://www.defcon.org/html/defcon-13/dc13-index.ht ml

Defcon

Elonka did a presentation regarding Kryptos at DC12.

It can be found Here .

(The wired reporter was in the audience, incidently)

How long until the first beowulf cluster of ps3s?

Also can it run linux?

You can get in on the existing conversation about this paper Here

http://www.defcon.org/html/links/dc_press/archives /12/slashdot_darksideofwireless.htm

4-qbit q computers have already been built (as of 2002).
(They can factor a 4-bit number.)

Not very useful, but a great demonstration.

These claims were presented by a Physics prof at DefCon 10.
http://www.defcon.org/html/defcon-10/defcon-10-spe akers.html#walterdaugherity

And, According to /., IBM built a 5-qbit computer in 2000.

You could bum around the Republican National Convention, and every time an image is requested, replace it with a banner ad for Kerry...

This idea was shamelessly stolen from here.

Apparently many defcon users were not impressed

Apparently many defcon users were not impressed

Defcon.

"Anyway, Las Vegas won't be missing the biggest bunch of cheapskates to tie up tens of thousands of rooms every year."

My dad sells food to the casinos and when I told him he wasnt too happy, even 50,000 people eat a lot of food. At least Defcon is still around.

This really isn't all that new. The U.S. Naval Postgraduate School has been
sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as
this year's Interz0ne conference. In
fact, there was only one team (Anomaly - and they won ironically) that didn't
have government personnel or contractors on their team.

Also, Immunix, a DARPA funded hardened Linux version has also
been put under fire during CTF for the last couple year. (Their team placed a
solid second both times).

The Feds have learned over the last couple years that they
are behind the ball in terms of normal unclassified security training for their
personnel. These conferences have been really good at given them some real
world training that they normally don't get.

It's nice to see my tax dollars being put to a good use for
a change. Plus it makes the "Spot
the Fed" game MUCH easier.

This really isn't all that new. The U.S. Naval Postgraduate School has been
sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as
this year's Interz0ne conference. In
fact, there was only one team (Anomaly - and they won ironically) that didn't
have government personnel or contractors on their team.

Also, Immunix, a DARPA funded hardened Linux version has also
been put under fire during CTF for the last couple year. (Their team placed a
solid second both times).

The Feds have learned over the last couple years that they
are behind the ball in terms of normal unclassified security training for their
personnel. These conferences have been really good at given them some real
world training that they normally don't get.

It's nice to see my tax dollars being put to a good use for
a change. Plus it makes the "Spot
the Fed" game MUCH easier.

(before you decide to modbomb, check with the history of me to get a good deal of who you might be dealing with)

# not telling us any of their previous employers' secrets: if they'll break somebody else's NDA, I'm sure they'll break ours;

Obviously, you're a confused Ivy Leaguer. Mind where you're saying this one. This is Slashdot. Besides, I dont mind picking through things like national secrets *and* making your company think twice, no matter if you're SCO for OS NDA's, or General Dynamics if you're holding nice, juicy government secrets on the software for those tanks (Java was in the development process for some software for tanks at the very least from what I remember from seeing in source code(I'll put more if I can find it on my profile here, even if it amounts to simulation, well, I dont care about the concept of IP), and sending your people to Italy for conferences, is something you dont do, General Dynamics, especially on the government contract dollar. Do it with your own money not made on the backs of the contracts. Besides, I'd not mind if the adjustment in the economy means I can afford such kind of trips, versus settling for locations in the middle of the desert for such kinds of meetings.) (BTW, Novell Netware if you're wanting to deal with military storage of data - BAD - given the many known ways in, you should know about the failures of security by obscurity, and harassing me IRL, will slap you with a nice RICO lawsuit.)

As far as the rest of the stuff, mind that I do agree on the blatant dishonesty; The only thing more slippery down the slope for me is thinking that if you're some Ivy League/Fraternity/Orkut SOB who thinks he is a god (and is usually the one who would BS through), he shall be given the fast track. Well, they get it, but they'll wonder why they're out in the cold w/o an interview, and wonder why their money/power could only give me an excellent opportunity to (within the law) knock the wind out of their sails. Which means, you're going to have to work on your skill to get in.

It was covered last week.

Basically, to limit the spread of a worm on a network such as the internet, we can only diversify to make sure not all machines go down.

Here's a presentation (sorry I could only find a PowerPoint version) that was made by Jonathan Wignall at DefCon last year about this topic. Same conclusion, diversifying is the necessary to combat worms.

It was covered last week.

Basically, to limit the spread of a worm on a network such as the internet, we can only diversify to make sure not all machines go down.

Here's a presentation (sorry I could only find a PowerPoint version) that was made by Jonathan Wignall at DefCon last year about this topic. Same conclusion, diversifying is the necessary to combat worms.

To add to michael's point, Jonathan Wignall made an excellent presentation(sorry it's PPT) at DefCon 11 last year about how we could fight network worms.

He basically concluded that we could not launch counter worms (like ones that would patch vulnerable Windows systems). The best solution was to diversify the OS we have our servers running on. A worm can spread in a matter of minutes as the creator of the worm usually chooses a set of powerful vulnerable machines as his first hit.

Some OS like to keep things more open and easy to configure like Windows 2k server, which showed a whole in MS SQL server 2K in which the DB could be accessed over the net. As a network admin you just needed to keep your DB firewalled and things would have been ok. Other OS like Solaris are more of a pain to configure but usually leave less stuff open.

To add to michael's point, Jonathan Wignall made an excellent presentation(sorry it's PPT) at DefCon 11 last year about how we could fight network worms.

He basically concluded that we could not launch counter worms (like ones that would patch vulnerable Windows systems). The best solution was to diversify the OS we have our servers running on. A worm can spread in a matter of minutes as the creator of the worm usually chooses a set of powerful vulnerable machines as his first hit.

Some OS like to keep things more open and easy to configure like Windows 2k server, which showed a whole in MS SQL server 2K in which the DB could be accessed over the net. As a network admin you just needed to keep your DB firewalled and things would have been ok. Other OS like Solaris are more of a pain to configure but usually leave less stuff open.

Which leads to the fun game of Spot the Fed...

Do virus writers really go to virus conventions? I'd think you'd find people like Ms Gordon, undercover FBI, wannabe 133t teenagers, and maybe a couple former virus writers out of jail and trying to find admiration.

H/P/Disk?

And this idea was presented last year at DefCon 0A
see here
PPT here
RealVideo here

And this idea was presented last year at DefCon 0A
see here
PPT here
RealVideo here

@Stake absorbed l0pht, which had serious hacker cred just a couple years ago.

Google suggests, for more background: this and this.

They already exist, and have been observed gathering yearly for the overlord ritual, here

That's the site of someone pissed off at the Bates family (Prince Roy and Prince Michael) for offering and then withdrawing an offer to flag a pirate radio ship as a broadcast station off the US, from what I was told. I never really did get the straight story on that or some previous business dealings involving Sealand, though.

Really, if you're interested in this, you should come to my talk at Defcon 11, where all will be revealed (http://www.defcon.org/)

Actually, HavenCo is no longer a safe haven. Ryan Lackey will be doing a talk about the events that transpired in 2002 at DEFCON 11. Here's the text from the DEFCON Speakers Page:

HavenCo: What Really Happened

HavenCo, an attempt at creating an offshore data haven, was launched in 2000 by a small team of cypherpunks and pro-liberty idealists.

During 2002, the Sealand Government decided they were uncomfortable with their legal and PR exposure due to HavenCo, particularly in the post-DMCA and post-911 world, and regulated, then took over the remains of the business, forcing the remaining founders out. While HavenCo continues to serve a small number of customers, it no longer is a data haven, and has exposed the ultimate flaw in relying on a single physical location in one's quest for privacy.

Ryan Lackey was with HavenCo from inception until late 2002, and will tell exactly what happened (not the PR-friendly whitewashed version) from day one until the end, what lessons were learned, and how similar goals can be achieved in the future by motivated individuals and groups.

I'm an undergraduate student going towards a CS. After I graduate I plan to get a master's from an educational institution reccomended by the NSA. Keep in mind that some schools on this list have better programs than others. Georgia Tech has a highly technical program while Carnegie Mellon has a great organizational program. Both schools deal with all topics, just to different degrees. I have heard the argument that experience is better than education. In my opinion, both are important.
If you are looking for a less formal learning experience, you could check out DEFCON, which is an annual conference for hackers. There are also other more formal conferences which costs lots more. (ApacheCon, DallasCon etc.)
If you are looking for a thorough documentation, you could check the Open Source Security Testing Methodology Manual . Network and other computer security topics are extremely important and very important and interresting.

I'm an undergraduate student going towards a CS. After I graduate I plan to get a master's from an educational institution reccomended by the NSA. Keep in mind that some schools on this list have better programs than others. Georgia Tech has a highly technical program while Carnegie Mellon has a great organizational program. Both schools deal with all topics, just to different degrees. I have heard the argument that experience is better than education. In my opinion, both are important.
If you are looking for a less formal learning experience, you could check out DEFCON, which is an annual conference for hackers. There are also other more formal conferences which costs lots more. (ApacheCon, DallasCon etc.)
If you are looking for a thorough documentation, you could check the Open Source Security Testing Methodology Manual . Network and other computer security topics are extremely important and very important and interresting.

Ummmm... apparently you've never heard of DefCon? Not to rain on anybody's parade -- but I was there last year (@ Defcon 0a) and we had more than 5000 peoples I think. This year will be bigger. The Norwegians have NOTHING on us (DefCon is even in Vegas). Dan

I guess this place counts as a parallel universe?

Apple pulling out of MacWorld Comdex Having Record Low Numbers

I think in the next 5 years or so there will be no more trade shows just because of the lack of revenue. Dont get me wrong their will still be Convenentions like Defcon and Rubi-Con but I think the trade shows will be gone...so get your free schwag now!

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

I lead the security group at the laboratory, where I hold a faculty post as Reader in Security Engineering.

I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.

He is far from alone in his view on TCPA / Palladium. In fact, Bill Arbaugh, one of the inventors of TCPA (US patent 6,185,678 here), has second thoughts. His comment on Anderson begins:

We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns).

By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

Other resources with much information are:

• http://www.notcpa.org/
• http://cryptome.org/

I lead the security group at the laboratory, where I hold a faculty post as Reader in Security Engineering.

I don't think Andersson is, as you suggest, biased against TCPA / Palladium and certainly not "heavily biased" (see Bill Arbaugh's comment below). His analysis does however point out very serious consequences of the TCPA / Palladium infrastructure. The consequences are what they are, Anderson just made a very good job in formulating them.

He is far from alone in his view on TCPA / Palladium. In fact, Bill Arbaugh, one of the inventors of TCPA (US patent 6,185,678 here), has second thoughts. His comment on Anderson begins:

We are all aware of the criticisms that the TCPA has received. Ross Anderson did a good job of explaining the problems in an abstract fashion, but I felt that there were some things left out (Privacy concerns).

By the way, trustedcomputing.org does not allow the general public to view the member list anymore. You can however see one list of 170+ member companies in Lucky Green's presentation below (links from http://www.cypherpunks.to/:

The slides from Lucky Green's DEFCON X talk, Trusted Computing Platform Alliance: The mother(board) of all Big Brothers, are now available in the following formats:

• PowerPoint (309k)
• PDF (511k)

Other resources with much information are:

• http://www.notcpa.org/
• http://cryptome.org/

This meant that the "action" starts off hard and heavy. We saw people rooting and getting rooted right away.

To make things a little more interesting, we designed the scoreboard after the NASDAQ Big Board, and projected it on two walls. The teams' scores were displayed as stock prices. The scoreboard was also played over the Alexis Park television system. We had news updates on the status of the teams every so often.

Of course, we didn't broadcast the action as a cute little 'gibson' visualization. Nor were their live DJs (We used pre-set playlists). However, people still seemed to get a kick out of it. You could see the whole room go quiet and stare when a news update would come on...

Next year is going to be even better (Yes, this is a bit of shameless promotion).

R

I believe that these guys will be presenting at DefCon

As to comments regarding putting a laptop on an internal network, think about it. How much cheaper is a DreamCast than a laptop? If it's discovered, you might be out $50 ... compared to losing a laptop or a wireless access point, it's a cheaper solution.

Nifty hack, I'm looking forward to seeing their presentation this weekend.

Read this very similar AT&T warning about a 1998 DEF CON conference:

http://www.defcon.org/TEXT/6/att-dc-6-alert.txt

Unless AT&T has not changed its warnings in three years (unlikely) and such warnings have been leaked multiple times (more unlikely) this would seem to be a fake.

When our waitress showed up, her clothes reminded me of the place Jennifer Aniston's character worked. I asked her if she had to wear 15 pieces of flair.

She apparently had no idea what I was talking about. I was so disappointed. :-)

DefCon is run every year at the same time as Black Hat, by the same people, with half of the same speakers. It costs about $40 (or did in 1998).

A few things about Defcon... it's not at the same time as BlackHat, it's just following (which may be what you meant... just hard to tell). This year it's August 2-4. As someone else already mentioned, it's $75. It was going to be $100 but too many people complained or something (conjecture). The price increase was for two reasons: One, so speakers could be paid *iff* they have a good speach. Therefore, speakers who suck won't get paid. So, if they know they suck and won't get paid, they're not as likely to try speaking. Second, the price increase is an attempt to discourage script kiddies and other imbeciles (such as many on /. who are probably reading this now, though not all) from coming to the con and pissing people off.

More Information: The Defcon Page

Also, check out this year's speakers and this year's slogans.

Oh.... one other thing... DC, if you didn't already know, is held at the Alexis Park in Vegas.

DefCon is run every year at the same time as Black Hat, by the same people, with half of the same speakers. It costs about $40 (or did in 1998).

A few things about Defcon... it's not at the same time as BlackHat, it's just following (which may be what you meant... just hard to tell). This year it's August 2-4. As someone else already mentioned, it's $75. It was going to be $100 but too many people complained or something (conjecture). The price increase was for two reasons: One, so speakers could be paid *iff* they have a good speach. Therefore, speakers who suck won't get paid. So, if they know they suck and won't get paid, they're not as likely to try speaking. Second, the price increase is an attempt to discourage script kiddies and other imbeciles (such as many on /. who are probably reading this now, though not all) from coming to the con and pissing people off.

More Information: The Defcon Page

Also, check out this year's speakers and this year's slogans.

Oh.... one other thing... DC, if you didn't already know, is held at the Alexis Park in Vegas.