Slashdot Mirror
Blackhat/Defcon Report
Joe Barr writes "NewsForge [ed. note: part of OSTG along with Slashdot] is running its concluding piece on the week-long Blackhat/DEFCON hackerfest in Las Vegas. Want to know how little our police/intelligence agencies seem to have learned from their failures prior to 9/11? Or how a very large goon known only as Priest prevented outright political violence at a DEFCON presentation on Civil Disobedience? Or which of the two conferences is right for you? It's all here in the Blackhat/Defcon: Final report." Reader M. Curphey writes "The Web Application Security Consortium (WASC) announced at Blackhat the release of a 'Threat Classifications' document. This document attempts to clarify web security terminology such as Cross Site Scripting, Session Fixation, Cookie poisoning, and HTTP response splitting (to name a few)."
Looks like the 503 Errors with Firefox are really slowing down discussions.
The article mentioned that the new number range search feature in Google could be particularly dangerous. Maybe I'm a little naive... why is it so dangerous?
--- There are two kinds of people, those who accept dogmas and know it, and those who accept dogmas and don't know it
I've attended the past 7 defcons, and I'm starting to feel like it's losing its magic. The first defcon I went to (defcon 3) had a crowd that was much more focused on doing meaningful hacking (some ethical, some otherwise) in the field...it seems like now it's a bunch of 20 year olds who think they're hackers because they know how to reprogram their mac address on their linux labtop.
Maybe I'm just getting old, but it feels like the good old days are passing me by.
Who is fighting to save slashdot?
-
Want to know how little our police/intelligence agencies seem to have learned from their failures prior to 9/11?
I'm afraid we don't need Black Hat/Defcon to tell us this. Just yesterday we had major terrorism alerts about specific targets and today we find out the information was all years old. Does that mean the buildings weren't targets still? Well seeing as some of the info went back prior to 9/11 it would make it seem a fairly safe bet that the seriousness of the threat was vastly overstated.So we know what they haven't learned quite well and many of us keep hoping they'll stop crying wolf without good reason. It's only so long till most Americans start ignoring the terror alerts as things now stand, something that would be very bad.
I'm sure there were plenty of more interesting things at Black Hat/Defcon though. :)
Questions were asked about what "going over the line" meant. Assclowns like Crimethinc are exactly what you'd want to point at and say "that's what I'm talking about." Disagreeing with the government (or even just Republicans) is one thing, but going around encouraging people to vandalize websites/etc is something else.
Jesus. No wonder he looked like he was expecting to be arrested.
To paraphase Gene Spafford when he talked about the idea of hiring hackers as security experts, an arsonist isn't necessarily well-qualified to be on a fire department.
from the article:
Christy had mentioned that one of the things they were doing at Defcon was recruiting. He went on to tell the crowd that if they were interested, and "had not gone over the line," to talk to him afterwards. The "had not gone over the line" comment became one of the hottest topics during the Q&A.
It appears that the lessons the intelligence community has learned from 9/11 have not yet trickled all the way down through the federal bureaucracy -- particularly that bit about the failure of our intelligence pre-9/11 being primarily because of our loss of vital HUMINT owing to both budget and moral directives. When the CIA was told it could only use politically correct HUMINT operatives, it lost its most vital flow of intelligence.
Actually, I think the remark in question -- "had not gone over the line" -- meant no the criminal record, stable finances, etc. required of regular government employees who need clearances, like programmers and sys admins. IOW, they were looking for technical staffers for work at HQ.
The PC'ness at the CIA regarding HUMINT referred to who they could and couldn't hire as intelligence sources. E.g. (hypothetical examples here), several years ago, the CIA could hire a mid-level Iraqi military paper-pusher to smuggle out documents about what Saddam was up to, but at the same time couldn't hire a low-level al Qaeda operative to do the same because he's gone through terror training involving weapon experiments on animals. Even if the operative could give excrutiating details about the next terror strike (such as time/place/MO), he had done those evil experiments on animals, which somehow made him ineligible for the CIA payroll. (How such rules came into effect I dont know)
Whether or not US intelligence has changed this since 9/11 I dont know the answer. I do know that one such scenario I described above was something discussed at length by news orgs immediately after 9/11 as speculation for why the US intelligence failed. (IMO, there shouldn't be such silly restrictions on who the CIA can hire as sources. If the source gives good info, pay him for it to encourage more. If he don't, or the stuff he gives is turns out to be unreliable, stop paying him.)
But as for "going over the line" - for what the guy was looking for in personnel, he means things like ability to pee in a cup cleanly, unlike Ricky Williams, and not having a rap sheet.
You've never heard of militias, have you? Listen to some of the right-wing crud that they spew and you'll see how wrong your comment is.
Southern Michigan Regional Militia
Militia of Montana
Those are just two to get you started but feel free to do your own research.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
http://sourceforge.net/tracker/index.php?func=deta il&aid=1002056&group_id=4421&atid=1044 21