Category: Defcon

  • Defon14 was great!

     

    There was a lot of great stuff at Defcon 14.  

    defcon 14 bus

    The last Defcon that I went to was Defcon11 in 2003.  Defcon 14 has grown quite a bit since then.  According to DarkTangent it was about 7000 geeks/hackers/security pros/phreaks strong.  The great thing about this particular Defcon was the change of venue.  Defcon 11 was at Alexis Park.  This one was at the Riviera hotel. 

    Many of the rooms at Alexis Park had no A/C.  The worst thing was that many of the rooms would get packed and have to turn people away.  At times it seemed that this might cause a riot!

    As far as I know, only one room got too packed this time it was “Googling: I’m Feeling (un)Lucky” by Greg Conti. 

    I have a lot of favorites but what stands out for me was “Beyond Social Engineering: Tools for Reinventing Yourself” by Theime Richard.  He had interesting ideas about the importance of integrating spirituality into your life to balance the difference personality profiles and life changes that happen more and more in a world of fast moving technology.  He discussed modifying your persona with reference to your “meta-self”, or hacking yourself.  Very interesting and insightful.

    I loved all the breifings on privacy and the legal battles against the government and AT&T.  I will definitely be getting involved. 

    Others that stand out are The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights, by atlas.  I thought it was a great introduction to REAL hacking, which is pretty damn hardcore.  Atlas and his team 1stPlace actually won Capture the Flag, the main event at Defcon.

    There was S. Korean team their that got honorable mention, since the flew all the way around the world just to play the game.

     

     

  • Defon14 was great!

    There was a lot of great stuff at Defcon 14.  

    The last Defcon that I went to was Defcon11 in 2003.  Defcon 14 has grown quite a bit since then.  According to DarkTangent it was about 7000 strong.  The great thing was the venue.  Defcon 11 was at Alexis Park.  This one was at the Riviera hotel. 

    Many of the rooms at Alexis Park had no A/C.  The worst thing was that many of the rooms would get packed and have to turn people away.  At times it seemed that this might cause a riot!

    As far as I know, only one room got too packed this time it was “Googling: I’m Feeling (un)Lucky” by Greg Conti. 

    I have a lot of favorites but what stands out for me was “Beyond Social Engineering: Tools for Reinventing Yourself” by Theime Richard.  He had interesting ideas about the importance of integrating spirituality into your life to balance the difference personality profiles and life changes that happen more and more in a world of fast moving technology.  He discussed modifying your persona with reference to your “meta-self”, or hacking yourself.  Very interesting and insightful.

    I loved all the breifings on privacy and the legal battles against the government and AT&T.  I will definitely be getting involved. 

    Others that stand out are The Making of atlas: Kiddie to Hacker in 5 Sleepless Nights, by atlas.  I thought it was a great introduction to REAL hacking, which is pretty damn hardcore.  Atlas and his team 1stPlace actually won Capture the Flag, the main event at Defcon.

    There was S. Korean team their that got honorable mention, since the flew all the way around the world just to play the game.

     

     

  • Cisco to be under scrutiny again at Black Hat

    “Cisco Systems Inc.’s products will again come under scrutiny at this year’s Black Hat USA 2006 conference, which kicks off later this month in Las Vegas. Conference organizers say that 15 new exploits will be discussed at this year’s event and that two of them target NAC (Network Admission Control).”

    Now if Cisco had any understanding of the importants of transparency with the technical community in this age of free information, they would break this news themselves and have solutions and mitigations to fix it. Instead they are too worried about the bottom line (the shareholders) which will take a hit anyway once the media gets a hold of it.

    Mr. John Chambers, despite the security issues you’ve got great products, but get a clue about how to deal with these problems.

    read more | digg story

  • The Dark Tangent Says we are all DOOMED!!!

    The Dark Tangent (Jeff Moss) president of the DEF CON hacker conventions is interviewed on CyberSpeak podcast and talks about the change in venue from Alexis Park to the Riviera Hotel and Casino. In response to the question, “who will protect our privacy from big business?”, he responds, “we are all doomed!”. Great interview!

    read more | digg story

  • Want to outwit hackers? Hire an ethical one

    Some of my colleagues in the information security profession think that hacking is evil.  They strongly rebuke any information security professionals for condoning hacking. 

    I think that is a ridiculous position to take.  How can we be any good at our job (particulary the more technical information security professionals) if we ignore the skills that malicious hackers use to exploit the very systems we protect?  Why would we bind our own hands from finding vulnerabilities before our enemys? 

    Not knowing the darker side of security is like a Drug Enforcement Agent who can't recognize drugs because he or she has never had any exposure to controlled substances.  It is not my position that cops should rob a bank or abuse crack to REALLY know the criminal mind.  I'm just saying that security is not just about implementing secuirty practice, it is about knowing the exploits, vulnerabilities and threats and knowing them well.

    Hacking is cool.  It is not all evil or criminal.  Sometimes I have to hack my system after locking myself out.  I've attempted to hack my own network to find vulnerabilities. 

    I think hacking is about mastering systems, finding easier ways to do things in life, being clever.  The dangerous thing about hacking is that sometimes individuals are smarter than the systems that they interface with (or control them).  It is the mutant strain that changes everything, the revolution that forces change, the rebel refuses to submit and any of those can be very good or very bad.

    Unfortunately, it is easier to destroy than to create, so some weak, ignorant, sociopaths give in to the darkside.  This is true of any method, skill, talent, profession ect.  It is a part of human nature to have users and abusers in our ranks.  You may even have some in your family!  It is my personal belief that what you reap is what you sow (karma); those who do bad will get theirs.  I choose to hack ethically lest I incur the wrath of the universe.

    The first ethical-hacking course was started six years ago. Today, there are some half-dozen organizations offering similar instruction around the world

    read more | digg story

  • The Road to Defcon 14 Paved in Blood

    I hope Defcon does not suck.  When I go, I will definitely take pictures and report the cool stuff I see.

    I went to Defcon 11 in 2003 and it was great even though the lines were ridiculous and some of the better events could only allow a certain number of people.  The ideas and talent I was exposed to put me into a whole different way of thinking.  I met up with a guy who claimed to work for the maphia! He wasn't happy about it and he said that his employer's didn't come out and say they were maphia, but he had very strong feelings that they were. 

    Being the only brotha at the defcon willing to drink a (highly, highly overpriced) beer with him, he'd singled me out.  What is funny is this guy look A LOT like DMX.  We hung out and met some GS (civilian government) employees that claimed to be too old to party.    I could have crashed at his hotel (which was right in the center of it all) but I knew my wife would lose her flippin' mind if I didn't go back home (in laws house) and sleep with her.  

    I was there strictly for the briefings so I really didn't party too much.  I do recall that some kid ODed, there was a very cool Hacker Jeapordy that was completely Hedonistic (i.e. naked women and Kevin Mitnick).  It was out of control.  

    Before Defcon I saw all hacking as borderline or full blown criminal.  But now I know that all “hacking” is not criminal (although most people believe different).   

    My love for technology and security were what drove me to check it out.  I went on my own.  Three years later with a degree and a high level of respect from my employers, I still can't get them to pay my way to Defcon.  (what is funny is that it would probably be easier to get them to send me to Black Hat, which is like $2000 as opposed to $100 for the Defcon.  Maybe I'll work that angle next year when they have more money).

    I'm excited about going but I sincerely hope that it doesn't suck.  It would be much more fun if I could participate in an event.  But my skills are not even close to good enough.