DEFCON 14: [Video] Speeches from the hacker conventions

Panel

Broward Horne is a software developer with a diverse background, including several years as an electronic technician at Litton and Teradyne and as a sysadmin at a major University. Broward also has a business background, doing contract work for the United States Department of Transportation on experimental pen-based systems, early wireless LANs and two-dimension barcoding. Since 1999, he has been in java software development, mostly for sales and ordering systems in large corporations. Prior to 1991, he hacked internal networks at two major electronics companies out of curiosity, but never intentionally damaged or sabotaged any system or network. For the past thirteen years, Broward has done business intelligence and analysis against various internet data sources, including the usenet newsgroups, Dice.com, Monster.com, Google and other search engines. This analysis kept him gainfully employed throughout the Dotcom Crash. More at http://www.realmeme.com

Abstract: This presentation looks at several scenarios of aggressive self defense. It applies the law to each of the participants in various schemes—to the aggressor and to the defender. We see where simple self defense options could actually result in prosecution to the aggressor; prosecution of the defender; prosecution of both; or, be faulted for screwing up an investigation rendering a prosecution impossible. Many of the legal rationales for aggressive self defense will be discussed from the typical discussion of self defense to the law of nuisance and self help. This presentation seeks to simplify the aspects of aggressive and non-aggressive self defense. Bio: Major Robert Clark is the Command Judge Advocate for the Army? 1st Information Operations Command. As the sole legal advisor, his primary duty is to advise the Army?s Computer Network Operations Division on all aspect of computer operations and security. This role has him consulting with the DoD Office of General Counsel, NSA, and DoJ Computer Crime and Intellectual Property Section. He lectures at the Army?s Intelligence Law Conference and at the DoD?s Cybercrimes Conference.

The Dark Tangent acknowledges those who made Defcon 14 possible, contest winners and the techniques that were used to win. As well as Plans and a Q&A for next year at the Riviera.

Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world.

Bio: Joe Grand is an electrical engineer and prolific inventor with four pending patents and 19 commercially-available products. Involved in computers and electronics since the age of 7, Joe has had the fortune of being a former member of the legendary Boston-based hacker collective L0pht Heavy Industries, testifying before the United States Senate Governmental Affairs Committee under his nom de hack, Kingpin, and being praised as a "modern day Paul Revere" by the Senators for his research and warnings of computer security weaknesses. Recognized for his unconventional approaches to product development and licensing, Joe is also a well-known hardware hacker and industrial artist, the author of two books, contributor to four others, and is on the technical advisory board of MAKE Magazine.

Abstract: As one of the pioneers of partnerships for the FBI, Thomas X. Grasso, Jr. of the FBI's Cyber Division will outline how the FBI has taken this concept from rhetoric to reality over the past 5 years. This presentation will explore how the mantra "make it personal" has aided the FBI in forging exceptional alliances with key stake holders from industry, academia and ln a enforcement both domestically and abroad. This presentation will also outline how such collaborations have helped to proactively advance the fight against an increasingly international and organized, cyber crime threat. Bio: Tom Grasso began working with computers in 1993 as a network administrator. In 1998 Mr. Grasso received an appointment to the position of Special Agent with the Federal Bureau of Investigation (FBI). After attending new agents training at the FBI Academy in Quantico, Virginia, Mr. Grasso was transferred to the FBI's Chicago Field Office where he was assigned to the Regional Computer Crime Squad. In the fall of 2000, Mr. Grasso was transferred to the FBI's Pittsburgh Field Office and assigned to the High Technology Crimes Task Force where he served as the FBI Liaison to the Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie Mellon University. Mr. Grasso is now part of the FBI?s Cyber Division and is assigned to the National Cyber-Forensics and Training Alliance (NCFTA) in Pittsburgh, a joint partnership between law enforcement, academia, and industry. Mr. Grasso is a 1991 graduate of the State University of New York at Buffalo, where he majored in Geological Sciences and minored in Music.

Abstract: atlas was just a kiddie when asked to write his first exploit in order to qualify for dc13's capture-the-flag. After conquering his sense of inadaquacy, he went on to win the individual competitiion and finish third even among the teams. This presentation will introduce you to atlas, to hacking, and to the pivotal "Stage 3 Binary" which turned the man's life upside down. The talk will be an entertaining walk through his efforts to understand and write a network exploit, some of his lessons learned, and some tools which made hacking a bit easier. The talk will include use of GNU Debugger (gdb), objdump output, ReadElf, Ktrace, and the @ Utility Belt toolkit (newly released). People who will find this talk of interest include: * N00b hackers with an interest in writing exploits * Anyone interested in the defcon CTF drama * Friends of atlas who wish to heckle and otherwise find amusement at his expense Bio: atlas, a disciple of the illustrious Skodo, has a history in programming, systems support, telecom, security, and reverse engineering. His introduction to the hard-core hacking world was through dc13's CTF Qualifiers. atlas went on to win the individual contest and place third overall. atlas has written the WEP-cracking tool bssid-flatten and the @ Utility Belt toolkit.

Abstract: Birth, School, Work, Death. Imagine every web search you've ever done placed on a timeline of your life. Is there anything on that list you wouldn't want your mother (or employer) to know about? How about the aggregate web searches of your entire company? What if they fell into the hands of a competitor? Recent trends indicate that we can no longer rely on the privacy policies of individual web companies to keep this information private. In this talk, we'll examine the many ways we disclose information in return for free web services as well as how effective you think your privacy countermeasures are. This session won't be a monolog, but an active discussion on the problem of web-based information disclosure. As part of the talk, I'm releasing a program that will extract web searches from your Firefox browser's cache to show you what you've been disclosing. Bio: Greg Conti is an Assistant Professor of Computer Science at the United States Military Academy. He holds a PhD in Computer Science from Georgia Tech and a Bachelor of Science in Computer Science from the United States Military Academy. His areas of expertise include network security, information visualization and information warfare. His work can be found at http://www.rumint.org/gregconti/index.html. The Evolving Art of Fuzzing

Abstract In the first half of this session, Paul Simmonds will present on behalf of the Jericho Forum taking participants through the initial problem statement and what people need to go away and start implementing. Topics will include: 1. De-perimeterization - the business imperative 2. From protocols to accessing the web - the technical issues 3. What should be implemented today - current and near term solutions 4. Planning for tomorrow - future solutions and roadmap The second half on this session will focus on the Jericho Challenge, the format, the rules, the judging format and the prizes followed by a Q&A. The aim with the Jericho Form Challenge is to develop a ?technology demonstrator? with a full year from start to finish. The competition is based on a typical business environment with at least one business application, one legacy application, typical business usage (Web, E-mail and Word Processing) using at least one ?office? PC and one laptop. The finals and judging will occur in 2007 at DEFCON.

Abstract: Binary disassembling and manual analysis to find exploitable vulnerabilities is a cool topic. What's cooler? Saving yourself hours of time and brain rot by letting a program do the hard parts for you! In this talk, we will dissect a well-known exploitable vulnerability as well as an open source tool for automatically detecting that vulnerability. By the end of the talk, you will understand the basics of static code analysis, exploitable bugs in Windows, x86 assembly, and the structure of the open source project. Interested attendees can join a pair programming session after the talk to start work on enhancements. Bio: Matt Hargett last spoke at Defcon about using open source tools to test Firewalls and IDSes, and has spoken and written articles in a variety of venues and leading publications on the topics of security, testing, and programming techniques. After successfully creating and launching the commercial static analysis tool, BugScan, as the initial sole developer, he took time off and now works in a very different and unrelated field. He lives in Mountain View, California with his husband, Geoff, and their dog, Baxter. Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms. and Network Associates. He released the first public polymorphic shellcode at Defcon 8 and has also spoken at Toorcon 7 as well as the CCC Congress (17c3) in Berlin. In the past he has worked in digital design, and embedded programming.

Abstract: The Church of Wifi (reformed) has been busy coming up with new and wonderful wireless shenanigans. At Shmoocon we sped up WPA cracking 3 fold, at Layerone we made it even faster, now we take it even further, to places and sizes not dared before: WPA2! When we are'nt breaking WPA or cavorting with Evil Bastards, we are thinking about the future. With so many networking devices running embedded OSS software, they are almost whole PC's unto themselves. Well, what happens when hardware goes viral? The Church raises the question, "How do you trust your hardware?" So bring your open minds and external hard drives, Church shouldn't ever be this fun. Bios: Frank ("Thorn") Thornton Thorn runs his own technology-consulting firm, Blackthorn Systems, which specializes in wireless networks and security. An interest in Amateur Radio has also helped him bridge the gap between computers and wireless networks. Thorn's experience with computers goes back to the 1970's when he started programming mainframes. Over the last thirty years, he has used dozens of different Operating Systems and programming languages. In addition to his computer and wireless interests, Thorn was a Law Enforcement Officer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard ANSI/NIST-CSL 1-1993 "Data Format for the Interchange of Fingerprint Information." Thorn is a co-author of "WarDriving: Drive, Detect, Defend", "Game Console Hacking", "RFID Security" and contributor to "IT Ethics" all by Syngress Publishing. He resides in Vermont with his wife. RenderMan RenderMan has been a fixture in the wardriving community for many years. He never seems to be out of crazy projects and ideas, never very far from wardriving news, often causing it himself. He also co-authored "RFID Security" for Syngress publishing. He spends his time working on things like the 'stumbler ethic', Worldwide wardrive, 'the warpack' and the Church of Wifi. When not working to make wardriving an acceptable hobby, he can usually be found taking something apart, creating an army of cybernetic fluffins, trying to win the Defcon wardriving contest, or more likely, at the hotel bar. David "H1kari" Hulton David Hulton has been in the security field for the past 7 years and currently specializes in FPGA Logic Design, 802.11b Wireless Security, Smart Card, and GSM development specifically to exploit its various inherent strengths and weaknesses. David has spoken at numerous international conferences on Wireless Security, has published multiple whitepapers, and is regularly interviewed by the media on computer security subjects. David Hulton is one of the founding members of Pico Computing, Inc., a manufacturer of compact embedded FPGA computers and dedicated to developing revolutionary open source applications for FPGA systems. He is also one of the founding members of Dachb0den Research Labs, a non-profit security research think-tank, is currently the Chairman of the ToorCon Information Security Conference and has helped start many of the security and unix oriented meetings in San Diego, CA.

Abstract: Managing multiple modular identities is not a trivial task. But that's what the technologies and politics of Now demand. These tools will enable you to create personas at a deep level, then link them into a seamless life. Bio: Richard Thieme is a business consultant, writer, and professional speaker focused on "life on the edge," in particular the human dimension of technology and work. He is a contributing editor for Information Security Magazine. Speaking/consulting clients include: GE Medical Systems; Los Alamos National Laboratory; Apache Con; Microsoft; Network Flight Recorder; System Planning Corporation (SPC); InfraGard; Firstar Bank; Financial Services - Information Sharing and Analysis Center (FS-ISAC); Psynapse/Center for the Advancement of Intelligent Systems; Cypress Systems; Assn. for Investment Management and Research (AIMR); Alliant Energy; Wisconsin Electric; UOP; Ajilon; OmniTech; Strong Capital Management; MAPICS; Influent Technology Group; FBI; US Department of the Treasury; the Attorney General of the State of Wisconsin; and the Technology, Literacy and Culture Distinguished Speakers Series of the University of Texas.

Abstract: In this panel session we will begin with a short introductory presentation from Gadi Evron on the latest technologies and operations by the Bad Guys and the Good Guys. What's going on with Internet operations, global routing, botnets, extortion, phishing and the annual revenue the mafia is getting from it. The panel session itself will be hosted by mudge. The members will accept questions on any subject related to the topic at hand, and discuss it openly in regard to what's being done and what we can expect in the future?both from the Bad Guys and the Good Guys.

WarRocketing: Network Stumbling 50 sq. miles in