DEFCON 12 - After the Hangover

DECula writes "Humphrey Cheung has written an excellent article for Tomshardware about what WAS Defcon 12. The combination of talks about a BlueSniper antenna and BlueSnarfing was a good match."

Hangover?

[Kenja]

Its not a real convention hangover unless your first words after getting up are "oh yea, I married that chick last night". Which is not likely given the male/female ratio at Defcon.

Re:Hangover?

[mgoodman]

correction: its not a *real* hangover unless the your first words after getting up are "oh yea, I married that *dude* last night"

That is much more likely given the ratio and complete inability for male nerds to get along with members of the opposite sex...

Re:Hangover?

[Afrosheen]

Considering that in Nevada, prostitution is legal, and that Las Vegas is full of on-call whores, it's very possible. You've got a ton of guys with expendable incomes, drinks, boredom and lonliness in a whore-filled city.

I bet at least one guy accidentally married a hooker.

Re:Hangover?

[Frizzle Fry]

Prostitution is illegal in Las Vegas.

Re:Hangover?

[Frizzle Fry]

Prostitution is definitely legal in Reno. No, that's not from personal experience.

Re:Hangover?

[gnarled]

In some back-holes of Earth, that's not legally possible.

Like Missouri?

no gay marriage

[Zilfondel2]

That would be *really* fun to read about.

=D

Re:Hangover?

[slashdot_commentator]

Its not a real convention hangover unless your first words after getting up are "oh yea, I married that chick last night". Which is not likely given the male/female ratio at Defcon.

Perhaps this might help explain the opposition towards legalizing same-sex marriages...

Man

[Em Emalb]

Is there another field that has as many useless acronyms and busswords as the IT industry?

I mean, hell, you can't even describe it without USING A DAMNED ACRONYM.

Sheesh.

Re:Man

[savagedome]

IT industry?
without USING A DAMNED ACRONYM

See the irony in the post?

Re:Man

[Em Emalb]

Isn't it obvious?

Re:Man

[severoon]

Actually, no. It's not obvious. Click on my sig and read up on what irony is.

What he said isn't ironic...it's just funny.

Re:Man

[severoon]

Ok, apparently my post uses too many big words for you to handle it. Fine, then, don't read it...check the word over at dictionary.com, feel humiliated when you realize you're wrong, and then I'll accept your apology. :p

You probably already know you're wrong, though...I notice you posted AC.

Re:Man

[david.given]

IT industry? without USING A DAMNED ACRONYM

See the irony in the post?

ACRONYM: A Contrived Reduction Of Nomenclature, Yielding Mnemonics.

Re:Man

[doombob]

So you're saying you can't describe IT without UADA?

Re:Man

[krgallagher]

" Is there another field that has as many useless acronyms and busswords as the IT industry?"

Yes! Telecom [carrieraccessbilling.com] which is a superset of the networking acronyms from IT.

Re:Man

[WD_40]

People Can't Memorize Computer Industry Acronyms.

Re:Man

[Keebler71]

try the military IT community...

Re:what does...

[natron 2.0]

DEFense CONference

Re:what does...

[5m477m4n]

DEFCON stand for anyways?

In the Government it stands for: DEFense CONdition or DEFense readiness CONditions

Wall of Sheep

[darth_MALL]

I need one of those where I work. Each time you appear on the list, you get docked $50 from your pay :) Now to get it past the management.

Re:Wall of Sheep

[AndroidCat]

I'd start a Wall of Black Sheep list. I'd leak a password in the clear or lightly encrypted, then list everyone who tried it. Maybe they could have a Penalty Box at the con for people who got caught?

Re:Wall of Sheep

[gurneyh]

What a moron... This reporter can't even read. It's the wall of "Shame". I remember when it was just a sheet of paper posted on an actual wall and the passwords weren't truncated to protect the stupid. Then again, I've been going to Defcon for over 10 years.

Re:Wall of Sheep

[not5150]

Negative... It started as the Wall of Shame and then was changed to the Wall of Sheep.

The reason was there was a guy walking around with a "I F*** Sheep" Shirt. The guys thought that the people who sent cleartext passwords were like a herd of sheep. And the name stuck...

Humphrey Cheung
Editor - www.tomshardware.com
Webmaster - www.not5150.com (300+ Extreme Videos)

Re:Wall of Sheep

[gurneyh]

Then why does it clearly say "Wall of Shame" in the image in the article and the video? The bottom of the screen says "More than XXX Digital Sheep and Counting" but the title is what it is and has been for many years.

I suggest you hook up with some con veterans and not hang out with noobs.

Re:Wall of Sheep

[Anonymous Coward]

Um, hello, if you were actually there, you'd know that "Shame" was crossed through with a red slash, with the word sheep above it to the left.

Anyone who was a supposed "Veteran" would know that, I sat about 5 feet from that projector.

Re:Wall of Sheep

[not5150]

I think 1. You need to get your eyes checked... or 2. You actually didn't go.

Here is a screenshot from the projecting laptop.
http://www.not5150.com/wallofsheep.png

Also if you RFTA'ed, You would see that I interviewed the guy who made and coded the wall.

Humphrey Cheung
Editor - www.tomshardware.com
Webmaster - www.not5150.com (300+ Extreme Videos)

Re:Wall of Sheep

[gurneyh]

Ok, "Wall of Shame^H^H^H^H^HSheep". Very funny, whatever.

I guess if you code the app. then you can call it whatever you want and insert your own personal jokes. That's the way it goes (and rightly so). For many of us it will continue to be the "Wall of Shame" whether it is a slick app. projected via laptop or scraps of paper pinned to the wall.

I'm wrong. You're right. U R 2 31337 4 M3.

Why no, I'm not old an bitter. Why do you ask?

SuicideGirls

[xenostar]

Omg! There's a suicidegirls password on that board!

Re:SuicideGirls

[SKPhoton]

Yeah, but the image on Tom's Hardware kinda stinks. There's a better one on page 2 of this gallery [skphoton.com].

Re:SuicideGirls

[Lord_Dweomer]

You won't even tell us what the password is? You insensitive clod.

They're better in person

[Zilfondel2]

I should know...I just went to see them a couple weekends ago in Portland. But they also have a book out - check out Powells.com

Wait...where are....

[cephyn]

Where are the obligatory 100 pictures of weirded out booth babes?

What? It's not that kind of convention?

Crap. That's not much of a convention at all then...

Spot the Fed error

[AndroidCat]

The feds that are "caught" take everything in stride and everyone has a good laugh. [an error occurred while processing this directive]

Obviously this breaks some sort of natural law.

slashdotted already?

[Al Dimond]

Is this site slashdotted or do I not know how to click with my left mouse button?

Re:slashdotted already?

[mailtomomo]

depends : my left or your left ?

Re:slashdotted already?

[Al Dimond]

So it's you that's behind my computer screen watching my every action!

Is there something stuck in my teeth?

Mirror

[ikegami]

Yup, slashdotted. Here's what I've been able to read so far.

The 12th annual Defcon hacker convention was held at the Alexis Park Hotel in Las Vegas Nevada. For three days, hackers exchanged ideas, presented new and sometimes scary information and partied hard. More than a hundred speakers gave dozens of talks on computer security, hacking and privacy issues.

For a mere $80 attendees received access to the talks, contests and the after-hours parties. In this article we will cover some of the more interesti

Re:Mirror

[ikegami]

continued from here [slashdot.org] Bluetooth Vulnerabilities Hackers have found many flaws with Bluetooth devices. As these devices gain in popularity, the public needs to be made aware of vulnerability issues with the various Bluetooth devices such as phones, PDAs and wireless headsets. Three of the most interesting attacks were Bluesnarfing, Bluetracking and Bluebugging. Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS m

Re:Mirror (continued)

[ikegami]

continued from here [slashdot.org]

Bluetooth Vulnerabilities

Hackers have found many flaws with Bluetooth devices. As these devices gain in popularity, the public needs to be made aware of vulnerability issues with the various Bluetooth devices such as phones, PDAs and wireless headsets.

Three of the most interesting attacks were Bluesnarfing, Bluetracking and Bluebugging. Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS me

pictures

[SKPhoton]

Defcon was great. plenty of pictures [defconpics.org] are up for your post-Defcon viewing enjoyment.

What happens in Vegas, stays in Vegas....

[mblase]

...unless someone posts the photos on the Internet the next day.

Re:pictures

[rasz]

OMFG, I have never EVER in my life seen so many fat chicks in one place. EVER.
Serious, You folks in states are doomed, those babes, they are not simply fat, they are not even ms.PEGGY fat, they are FAAAAAAAT HOGGY style. Fat all over the place, liquid belly, 3 chins and all :(
Russian porno sites dont even come close to that one, they got 3-5 fat chicks at max, and now it looks like they imported them from states. I have no idea what are you waiting for ? BAN mc.Donald at once. Or move to europe.

Is it just me..

[MinusBlindfold]

or do all of these pictures from Defcon look like they were taken at a giant IRC meet?

Fight!

[Anonymous Coward]

Anyone know what happened in that fight they mentioned in the tomshardware article? I read this earlier and I was curious.

Re:Fight!

[cexshun]

The fight was crazy. Basically the kid told the crowd to go to the Republican Convention and "Fuck up their shit" via any means possible. He told everyone to hack the website, use DDoS attacks, etc. He must be a fucking moron to start talking politics at a hacker convention.

Basically, the crowd got pissed at his anti-free speech talk and started giving him shit. Security cut the talk short, and the crowd mobbed the stage to start firing questions at this punk. Eventually, 1 guy got nose to nose with the speaker, which is when he was wisked away by security.

Re:Fight!

[Bryan Gividen]

Don't you mean rimmed glasses to rimmed glasses with the guy?

*shrug* Eh, can't help but troll to get modded funny....

Did you know...?

[TheKingOfTorts]

defcon stands for DEFinitely CONned out of a social life.

Team Tsunami

[blackrobe28]

One of the pic sites has several photos of team Tsunami locked into an epic FPS netgame, complete with multicolored LAN cables and cans of soda, right before showcasing the team learning how to use REAL firearms at one of Nevada's many target ranges.....

One might doubt the wisdom of issuing sniper rifles and live ammunition to Counter Strike junkies.

Re:Team Tsunami

[Anonymous Coward]

Yes, the survivors might breed. Good point.

Good article

[inerte]

I only disagreed with a few points raised on it. For example, where it [an error occurred while processing this directive], it was kinda dumb.

On the next page, the analisys [an error occurred while processing this directive], again, very dumb.

Overall, a good article. But in the next time, I think we could see [an error occurred while processing this directive]

Spot the Fed...

[hot_Karls_bad_cavern]

...hehe, i gotta love a tradition such as this: both parties being good sports and enjoying the moment. You know the agents consider being "assigned" to Defcon to be treat - it's fun. New stuff, new tech, new ideas, new kids breaking the system, just good ol' fun as i see it.

Oh lord, the oh-no-it's-not-fun-it's-against-the-law crowd will come out on this one. Seriously though, know thine enemy, what good fortune that you can enjoy the company of said "enemy". Hell, the Defcon kids enjoy knowing the "Feds" are there and will be watching. This is the cat and mouse that i admire and enjoy.

i'm serious, good to see this tradition is still going strong. May both parties always be present, enjoy and learn....and i mean that, both parties. Happy hunting :)

Re:Spot the Fed...

[AndroidCat]

I wonder if the feds really know who all the feds are? Share the paranoia! ;^)

Re:Spot the Fed...

[not5150]

Well last year for Defcon 11... One fed on stage actually fingered another fed. Humphrey Cheung Editor - www.tomshardware.com Webmaster - www.not5150.com (300+ Extreme Videos)

Re:Spot the Fed...

[AndroidCat]

Perhaps not quite what I was wondering. It would be no trick to finger another fed if you knew who they all were. How many people are mistakenly spotted as feds?

Rifles

[gclef]

Odd that they'd mention the BlueTooth rifle, but not mentioning the Shmoo 802.11 rifle..same idea, much sexier design, dangerous power levels...like, 13 Watts. They claimed that it was dangerous to stand in front of or behind it while it was on.

Re:Rifles

[carbolic]

These two rifles are very similar - it's what's hooked up to them that matters. The Shmoo group used a Wi-Fi system with a 27 dB amplifier, while the Flexilis group used a Class 1 Bluetooth USB adapter modded with a cable and bluedriving software. (Note: I put together the wireless hardware used on the the Bluesniper rifle.)

--
Carbolic
www.bluedriving.com [bluedriving.com]

Re:Rifles

[not5150]

I did not go to the Shmoo talk... therefore no mention of it in the article.

Humphrey Cheung
Editor - www.tomshardware.com
Webmaster - www.not5150.com (300+ Extreme Videos)

Re:Rifles

[Frizzle Fry]

I did not go to the Shmoo talk

Neither did I, since I was stuck in that endless line to get in. Fucking ridiculous.

Electronic Civil Disobedience speaker said WHAT???

[javaxman]

So, does anyone know what the "Electronic Civil Disobedience and the Republican National Convention" talk covered, and what the speaker might have said to get someone riled enough that he was attacked ??

Anyone? Details, please!!

Re:Electronic Civil Disobedience speaker said WHAT

[not5150]

The video/audio may not be released... so your guess is as good as mine. I didn't get to go to the talk but a bunch of other press guys did. Apparently the talk went downhill after he started advocating violent acts.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Electronic Civil Disobedience speaker said WHAT

[javaxman]

Although I can see the argument that some sort of electronic attack on the RNC cold be a valid form of civil disobedience, I definitely have to agreee with you that this guy is just lame lame lame, for the following reasons :

1) The best you can propose is a DDOS attack? I mean, come on! That's just stupid, and causes collateral network slowdowns as well... how about something useful, like getting into the servers, redirecting to other [georgewbush.org] websites or plain ol-fashioned defacing of main pages? A DDOS attack... it's just so lame...

2) The guy can't even write a decent call-to-arms. "undemocratic will of the people" ? Did someone proofread this crap?? ;-)

And no, I am not advocating that anyone should hack into any computer system, anywhere, because that would be wrong and illegal. No, really...

Besides, individual bodies actually showing up in person all at once would be much more convincing and newsworthy than a website being down for a few minutes. If you want to disrupt the convention, I'm guessing a whole bunch of protesters showing up in person would be more effective than shutting down a website.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Electronic Civil Disobedience speaker said WHAT

[DeputySpade]

Forgive my use of the "royal you" in the following rant. Rant not directed at the parent poster, but at the idea in general.

Although I can see the argument that some sort of electronic attack on the RNC cold be a valid form of civil disobedience


It's a valid form of stupidity. We all know that the feds are worried about something going down during the conventions. That's why the DNC had so much security. Electronic attacks are (like it or not) considered a form of terrorism. You're pissed at the c

VoIP Speech

[Anonymous Coward]

I liked it when the guy figured out the phone number that they were using in the voip speech. He called up and yelled "owned" on the phone that was attached to the PA system, I fell out of my chair

Re:VoIP Speech

[borcharc]

That was me, 0wn3d!!!!!!! lucky225 must phear :)

licutis

AirPwn

[Twid]

Read all about AirPwn, the best wireless remote goatse display app ever used at a Defcon, here:

http://www.evilscheme.org/defcon/ [evilscheme.org]

At Defcon 12 this year my cow-orkers and I brought along a little piece of code called "airpwn." Airpwn is a platform for injection of application layer data on an 802.11b network. Although the potential for evil is very high with this tool, we decided to demonstrate it (and give it its first real field trial) on something nasty, but harmless (compared to say, wiping your hard-drive)

airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content. For example, in the HTML goatse example, we look for any TCP data packets starting with "GET" or "POST" and respond with a valid server response including a reference to the canonical goatse image.

(Hugs toast!)

Re:AirPwn

[AndroidCat]

As a fallback defence at the con, drop "goax.cx 127.0.0.1" into hosts. Then have a local web server that has a cute kitty picture as /hello.jpg. (Either that or a "gotcha sucker!" graphic for when they swing in to take a picture. But don't expect to catch them with that twice.)

Re:AirPwn

[ConsumedByTV]

As someone that watched idiots try that, i laugh at you.

The tool injects the data in a way that isn't possible to block unless you drop packets from the server. Tunnel your traffic if you care.

(Hugs toast!)

Re:AirPwn

[Toast]

That's precisely why we have goatse image mode.. In that case, any request for an image file will return valid image data for display. No hosts entry will save you there.. :) Unless you have an IPS to block nasty pics entering your laptop, there is nothing to do but use lynx..

Re:AirPwn

[AndroidCat]

Which is why I wouldn't expect it to work for very long. :^) Do modern browsers have a switch to turn off graphics? (I'm sure the copy of Mosaic I keep for testing does.) If I wanted to be a smart- .. person, I'd slip in a proxy that turned all incoming pictures into cute kitty pix. Pretty silly, but better than a face-full of ass!

Re:AirPwn

[arkane1234]

I swear I saw more Windows systems than Linux/BSD/Mac at DEFCON...
Especially by the Wall of Sheep.... that place was a virtual microsoft-haven.
I'm surprised no one did an all out Windows hack there and turn everyone into zombie systems controlled from a central point. That's the first thing that popped into my head when I saw so many ppl using Windows.

Re:AirPwn

[AndroidCat]

Lynx? No thankie, easier to scribble up something that understands fonts. As for Windows, walking around DEFCON displaying signs of hot bright insanity would fun. (After talking precautions, like scrubbing a laptop clean before and after the convention.)

If I was going to play games with people's wifi, I would have used a lighter touch: Only replace DoubleClick pix requests (if anyone doesn't have them blocked), only hit a particular browser program at a time, or just replace the Slashdot logo. :^) (Sugges

Knows what he's talking about

[carbolic]

Humphrey is totally in the field with his Tom's Hardware write-ups. Remember when he was the pilot Warflying [slashdot.org] over LA?

Later that day, I talked to the fed who got nabbed in that spot the fed video [tomshardware.com]. He was running Kismet when he got called up. Others around him whispered "He can't be a fed, he's running Kismet". Don't be fooled. I think some of these fed types dig technology as much as any hacker.

The Bluesniper rifle by the guys at Flexilis is so cool - I built the bluetooth gear for them from the kits on

Miners strike

[totierne]

There is a story about the miners strike in England 1983-84, that the [fascist] state tried to have automated tape recorders to record any miners strike conversations, but everyone was talking about it then, and so the tapes ran out.

From the Article:

'The volume of information being seized for forensic analysis has mushroomed. It is not uncommon to see multiple terabytes of storage being examined. Agents said that some cases are approaching the petabyte range. Usually is because of emails and email attachm

The Challenge of Managing Petabytes of Storage

[totierne]

The [winnetmag.com]
Challenge of Managing Petabytes of Storage

The great sucking noise of the expense of many Petabyte cases has got to be visible somewhere outside classified media.

Like I care, I pay taxes in more of a bananna republic, well I do care a little, just want to persuade someone else to do the spade work, while it is not part of my job, at which point I will become a lacky like everyone else, probability of selling out 99.9 percent and rising.

That does mean I have not crossed the line and it makes me 0.1% qu

Re:The Challenge of Managing Petabytes of Storage

[totierne]

details of how it is done [ucar.edu]

60 IBM 3390 Model 3 disks.
Disks [ibm.com]

five StorageTek Powderhorn Automated Cartridge Systems. containing 6,000 tape cartridges.
tape library [storagetek.com]

And the problem is still not N complete, the more data there is the harder it is going to get, not being able to get wiretaps made the problem almost manageable. The right to silence was their luxury. At petabytes of data that is oh lots for every person on the planet.Lets all get with the careless talk.

I am being lazy the numbers are stagger

Dual Use Technologies

[totierne]

They probably have the storage but probably blog analysis software is catching up on their analysis tools.

I remember reading that people are using blog analysis to track language development, presumably including cross blog information spread, so doing that with emails if you have everybodies might be an interesting academic exercise and it would be nice to know what the state of the art is, classifies and unclassified, and nicer to know what is hard and will be hard for the next 20 years.

At what point th

Electronic Civil Disobedience

[Eightlines]

For those curious about the Electronic Civil Disobedience hubub, the Inquirer [theinquirer.net] has a couple paragraphs on what happened.

Re:Electronic Civil Disobedience

[totierne]

The Agenda of the nasty un right wing person [ist-backup.de]

From a quick seach on google groups

BlueJacking...

[kword]

Speaking of BlueJacking et al, here's a nifty little Bluetooth utility that runs on cell/PDA and can fulfill your, errr, communication needs :-)

If you are able to get past the horrible English, that is.

http://www.net-cell.com/mp/index.html [net-cell.com]

defcon is the only place

[el stevo]

where nerds don't have to drink alone with their imaginary friends!

Bluejacking

[Alwin Henseler]

You'all might not want to skip this site: bluejackQ.com [bluejackq.com]

The KR1PT0 Car.

[a.out]

Seeing theKR1PT0 Car [www.xyu.ca] parked out back of the hotel was pretty cool.

The bumper stickers are the best part.

SSH Attacks

[Nishi-no-wan]

Was this conference the reason behind a large increase in SSH attack attemps over the past two weeks? The past few months had been relatively quiet in regard to SSH attacks (I was wondering if I'd been cracked and they weren't being reported any more), but I've been getting multiple attempts pretty much daily for the past two weeks. What's up?

New competiton at DefCON 12 TCP/IP embedded device

[L0stb0Y]

The most technical competitions at the CON were the Rootfu, Robotics, and the TCP/IP device competitons.
The Lockpicking contest was raw skill as well.

LosT

Re:Where da white wimmen at?

[natron 2.0]

good ones here from DEFCON 12...

http://www.timekiller.org/gallery/SomeChick

Re:Where da white wimmen at?

[saderax]

not safe for work.

Re:Where da white wimmen at?

[arkane1234]

Not safe at all :P

Re:Where da white wimmen at?

[Bloodlent]

She's fucking hideous, man. Ugly as fuck.

Re:Where da white wimmen at?

[duncanbojangles]

How desperate am I? I just looked at third-rate pr0n. Shouldn't my GIGABYTES of illegally-gotten pornogrophy be enough? I guess this is what /. and DefCon will drive a person to. And by the way, what nerd's sister was that?