Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

DEFCON 12 - After the Hangover 135

DECula writes "Humphrey Cheung has written an excellent article for Tomshardware about what WAS Defcon 12. The combination of talks about a BlueSniper antenna and BlueSnarfing was a good match."
This discussion has been archived. No new comments can be posted.

DEFCON 12 - After the Hangover

Comments Filter:
  • Hangover? (Score:5, Funny)

    by Kenja ( 541830 ) on Thursday August 05, 2004 @04:00PM (#9892872)
    Its not a real convention hangover unless your first words after getting up are "oh yea, I married that chick last night". Which is not likely given the male/female ratio at Defcon.
    • by mgoodman ( 250332 ) *
      correction: its not a *real* hangover unless the your first words after getting up are "oh yea, I married that *dude* last night"

      That is much more likely given the ratio and complete inability for male nerds to get along with members of the opposite sex...
    • That would be *really* fun to read about.

      =D
    • Its not a real convention hangover unless your first words after getting up are "oh yea, I married that chick last night". Which is not likely given the male/female ratio at Defcon.

      Perhaps this might help explain the opposition towards legalizing same-sex marriages...

  • Man (Score:3, Funny)

    by Em Emalb ( 452530 ) * <ememalb@@@gmail...com> on Thursday August 05, 2004 @04:01PM (#9892881) Homepage Journal
    Is there another field that has as many useless acronyms and busswords as the IT industry?

    I mean, hell, you can't even describe it without USING A DAMNED ACRONYM.

    Sheesh.
  • by darth_MALL ( 657218 ) on Thursday August 05, 2004 @04:02PM (#9892897)
    I need one of those where I work. Each time you appear on the list, you get docked $50 from your pay :) Now to get it past the management.
    • I'd start a Wall of Black Sheep list. I'd leak a password in the clear or lightly encrypted, then list everyone who tried it. Maybe they could have a Penalty Box at the con for people who got caught?
    • What a moron... This reporter can't even read. It's the wall of "Shame". I remember when it was just a sheet of paper posted on an actual wall and the passwords weren't truncated to protect the stupid. Then again, I've been going to Defcon for over 10 years.
      • Re:Wall of Sheep (Score:5, Informative)

        by not5150 ( 732114 ) on Thursday August 05, 2004 @05:37PM (#9893893)
        Negative... It started as the Wall of Shame and then was changed to the Wall of Sheep.

        The reason was there was a guy walking around with a "I F*** Sheep" Shirt. The guys thought that the people who sent cleartext passwords were like a herd of sheep. And the name stuck...

        Humphrey Cheung
        Editor - www.tomshardware.com
        Webmaster - www.not5150.com (300+ Extreme Videos)
        • Then why does it clearly say "Wall of Shame" in the image in the article and the video? The bottom of the screen says "More than XXX Digital Sheep and Counting" but the title is what it is and has been for many years.

          I suggest you hook up with some con veterans and not hang out with noobs.
          • Re:Wall of Sheep (Score:1, Informative)

            by Anonymous Coward
            Um, hello, if you were actually there, you'd know that "Shame" was crossed through with a red slash, with the word sheep above it to the left.

            Anyone who was a supposed "Veteran" would know that, I sat about 5 feet from that projector.
        • Re:Wall of Sheep (Score:2, Informative)

          by not5150 ( 732114 )
          I think 1. You need to get your eyes checked... or 2. You actually didn't go.

          Here is a screenshot from the projecting laptop.
          http://www.not5150.com/wallofsheep.png

          Also if you RFTA'ed, You would see that I interviewed the guy who made and coded the wall.

          Humphrey Cheung
          Editor - www.tomshardware.com
          Webmaster - www.not5150.com (300+ Extreme Videos)

          • Ok, "Wall of Shame^H^H^H^H^HSheep". Very funny, whatever.

            I guess if you code the app. then you can call it whatever you want and insert your own personal jokes. That's the way it goes (and rightly so). For many of us it will continue to be the "Wall of Shame" whether it is a slick app. projected via laptop or scraps of paper pinned to the wall.

            I'm wrong. You're right. U R 2 31337 4 M3.

            Why no, I'm not old an bitter. Why do you ask?
  • by xenostar ( 746407 ) on Thursday August 05, 2004 @04:07PM (#9892970)
    Omg! There's a suicidegirls password on that board!
  • by cephyn ( 461066 ) on Thursday August 05, 2004 @04:11PM (#9893013) Homepage
    Where are the obligatory 100 pictures of weirded out booth babes?

    What? It's not that kind of convention?

    Crap. That's not much of a convention at all then...
  • by AndroidCat ( 229562 ) on Thursday August 05, 2004 @04:11PM (#9893014) Homepage
    The feds that are "caught" take everything in stride and everyone has a good laugh. [an error occurred while processing this directive]
    Obviously this breaks some sort of natural law.
  • Is this site slashdotted or do I not know how to click with my left mouse button?
    • depends : my left or your left ?
    • Yup, slashdotted. Here's what I've been able to read so far.

      The 12th annual Defcon hacker convention was held at the Alexis Park Hotel in Las Vegas Nevada. For three days, hackers exchanged ideas, presented new and sometimes scary information and partied hard. More than a hundred speakers gave dozens of talks on computer security, hacking and privacy issues.

      For a mere $80 attendees received access to the talks, contests and the after-hours parties. In this article we will cover some of the more interesti
      • continued from here [slashdot.org] Bluetooth Vulnerabilities Hackers have found many flaws with Bluetooth devices. As these devices gain in popularity, the public needs to be made aware of vulnerability issues with the various Bluetooth devices such as phones, PDAs and wireless headsets. Three of the most interesting attacks were Bluesnarfing, Bluetracking and Bluebugging. Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS m
      • continued from here [slashdot.org]

        Bluetooth Vulnerabilities

        Hackers have found many flaws with Bluetooth devices. As these devices gain in popularity, the public needs to be made aware of vulnerability issues with the various Bluetooth devices such as phones, PDAs and wireless headsets.

        Three of the most interesting attacks were Bluesnarfing, Bluetracking and Bluebugging. Bluesnarfing is attacking the Bluetooth device, usually a phone, to rip out information. Hackers can obtain phonebooks, calendars and stored SMS me
  • pictures (Score:5, Interesting)

    by SKPhoton ( 683703 ) on Thursday August 05, 2004 @04:20PM (#9893094) Homepage
    Defcon was great. plenty of pictures [defconpics.org] are up for your post-Defcon viewing enjoyment.
    • ...unless someone posts the photos on the Internet the next day.
    • OMFG, I have never EVER in my life seen so many fat chicks in one place. EVER.
      Serious, You folks in states are doomed, those babes, they are not simply fat, they are not even ms.PEGGY fat, they are FAAAAAAAT HOGGY style. Fat all over the place, liquid belly, 3 chins and all :(
      Russian porno sites dont even come close to that one, they got 3-5 fat chicks at max, and now it looks like they imported them from states. I have no idea what are you waiting for ? BAN mc.Donald at once. Or move to europe.
  • or do all of these pictures from Defcon look like they were taken at a giant IRC meet?
  • Fight! (Score:1, Interesting)

    by Anonymous Coward
    Anyone know what happened in that fight they mentioned in the tomshardware article? I read this earlier and I was curious.
    • Re:Fight! (Score:5, Informative)

      by cexshun ( 770970 ) on Thursday August 05, 2004 @05:48PM (#9894020) Homepage

      The fight was crazy. Basically the kid told the crowd to go to the Republican Convention and "Fuck up their shit" via any means possible. He told everyone to hack the website, use DDoS attacks, etc. He must be a fucking moron to start talking politics at a hacker convention.

      Basically, the crowd got pissed at his anti-free speech talk and started giving him shit. Security cut the talk short, and the crowd mobbed the stage to start firing questions at this punk. Eventually, 1 guy got nose to nose with the speaker, which is when he was wisked away by security.

  • by TheKingOfTorts ( 793076 ) on Thursday August 05, 2004 @04:29PM (#9893202)
    defcon stands for DEFinitely CONned out of a social life.
  • Team Tsunami (Score:5, Insightful)

    by blackrobe28 ( 800788 ) on Thursday August 05, 2004 @04:30PM (#9893206) Homepage
    One of the pic sites has several photos of team Tsunami locked into an epic FPS netgame, complete with multicolored LAN cables and cans of soda, right before showcasing the team learning how to use REAL firearms at one of Nevada's many target ranges.....

    One might doubt the wisdom of issuing sniper rifles and live ammunition to Counter Strike junkies.

  • by inerte ( 452992 ) on Thursday August 05, 2004 @04:35PM (#9893252) Homepage Journal
    I only disagreed with a few points raised on it. For example, where it [an error occurred while processing this directive], it was kinda dumb.

    On the next page, the analisys [an error occurred while processing this directive], again, very dumb.

    Overall, a good article. But in the next time, I think we could see [an error occurred while processing this directive]
  • Spot the Fed... (Score:5, Interesting)

    by hot_Karls_bad_cavern ( 759797 ) on Thursday August 05, 2004 @04:38PM (#9893294) Journal
    ...hehe, i gotta love a tradition such as this: both parties being good sports and enjoying the moment. You know the agents consider being "assigned" to Defcon to be treat - it's fun. New stuff, new tech, new ideas, new kids breaking the system, just good ol' fun as i see it.

    Oh lord, the oh-no-it's-not-fun-it's-against-the-law crowd will come out on this one. Seriously though, know thine enemy, what good fortune that you can enjoy the company of said "enemy". Hell, the Defcon kids enjoy knowing the "Feds" are there and will be watching. This is the cat and mouse that i admire and enjoy.

    i'm serious, good to see this tradition is still going strong. May both parties always be present, enjoy and learn....and i mean that, both parties. Happy hunting :)
  • Rifles (Score:4, Informative)

    by gclef ( 96311 ) on Thursday August 05, 2004 @04:39PM (#9893301)
    Odd that they'd mention the BlueTooth rifle, but not mentioning the Shmoo 802.11 rifle..same idea, much sexier design, dangerous power levels...like, 13 Watts. They claimed that it was dangerous to stand in front of or behind it while it was on.
    • Re:Rifles (Score:4, Informative)

      by carbolic ( 616993 ) on Thursday August 05, 2004 @04:56PM (#9893500)
      These two rifles are very similar - it's what's hooked up to them that matters. The Shmoo group used a Wi-Fi system with a 27 dB amplifier, while the Flexilis group used a Class 1 Bluetooth USB adapter modded with a cable and bluedriving software. (Note: I put together the wireless hardware used on the the Bluesniper rifle.)

      --
      Carbolic
      www.bluedriving.com [bluedriving.com]

    • I did not go to the Shmoo talk... therefore no mention of it in the article.

      Humphrey Cheung
      Editor - www.tomshardware.com
      Webmaster - www.not5150.com (300+ Extreme Videos)
  • So, does anyone know what the "Electronic Civil Disobedience and the Republican National Convention" talk covered, and what the speaker might have said to get someone riled enough that he was attacked ??

    Anyone? Details, please!!

    • The video/audio may not be released... so your guess is as good as mine. I didn't get to go to the talk but a bunch of other press guys did. Apparently the talk went downhill after he started advocating violent acts.
    • Looks like this putz [thehacktivist.com] wants to get some attention by getting stupid followers with minimal script-kiddie skillz to attack RNC web sites.

      IHMO, it's the stupidest idea since the republicans decided to exise the word "french" from capitol hill menus.

      -jcr
      • by javaxman ( 705658 ) on Thursday August 05, 2004 @05:17PM (#9893703) Journal
        Although I can see the argument that some sort of electronic attack on the RNC cold be a valid form of civil disobedience, I definitely have to agreee with you that this guy is just lame lame lame, for the following reasons :

        1) The best you can propose is a DDOS attack? I mean, come on! That's just stupid, and causes collateral network slowdowns as well... how about something useful, like getting into the servers, redirecting to other [georgewbush.org] websites or plain ol-fashioned defacing of main pages? A DDOS attack... it's just so lame...

        2) The guy can't even write a decent call-to-arms. "undemocratic will of the people" ? Did someone proofread this crap?? ;-)

        And no, I am not advocating that anyone should hack into any computer system, anywhere, because that would be wrong and illegal. No, really...

        Besides, individual bodies actually showing up in person all at once would be much more convincing and newsworthy than a website being down for a few minutes. If you want to disrupt the convention, I'm guessing a whole bunch of protesters showing up in person would be more effective than shutting down a website.

        • Although I can see the argument that some sort of electronic attack on the RNC cold be a valid form of civil disobedience

          No, it's not. If the clown doesn't like what the RNC has to say, his right is to comment on it, and try to draw attention to his counter-argument. Trying to shut someone else up by flooding out their web sites is just wrong.

          individual bodies actually showing up in person all at once would be much more convincing and newsworthy than a website being down for a few minutes.

          Only troub
        • Forgive my use of the "royal you" in the following rant. Rant not directed at the parent poster, but at the idea in general.

          Although I can see the argument that some sort of electronic attack on the RNC cold be a valid form of civil disobedience


          It's a valid form of stupidity. We all know that the feds are worried about something going down during the conventions. That's why the DNC had so much security. Electronic attacks are (like it or not) considered a form of terrorism. You're pissed at the c
  • VoIP Speech (Score:4, Funny)

    by Anonymous Coward on Thursday August 05, 2004 @04:45PM (#9893372)
    I liked it when the guy figured out the phone number that they were using in the voip speech. He called up and yelled "owned" on the phone that was attached to the PA system, I fell out of my chair
  • AirPwn (Score:5, Informative)

    by Twid ( 67847 ) on Thursday August 05, 2004 @04:47PM (#9893391) Homepage
    Read all about AirPwn, the best wireless remote goatse display app ever used at a Defcon, here:

    http://www.evilscheme.org/defcon/ [evilscheme.org]

    At Defcon 12 this year my cow-orkers and I brought along a little piece of code called "airpwn." Airpwn is a platform for injection of application layer data on an 802.11b network. Although the potential for evil is very high with this tool, we decided to demonstrate it (and give it its first real field trial) on something nasty, but harmless (compared to say, wiping your hard-drive)

    airpwn requires two 802.11b interfaces, one for listening, and another for injecting. It uses a config file with multiple config sections to respond to specific data packets with arbitrary content. For example, in the HTML goatse example, we look for any TCP data packets starting with "GET" or "POST" and respond with a valid server response including a reference to the canonical goatse image.


    (Hugs toast!)

    • As a fallback defence at the con, drop "goax.cx 127.0.0.1" into hosts. Then have a local web server that has a cute kitty picture as /hello.jpg. (Either that or a "gotcha sucker!" graphic for when they swing in to take a picture. But don't expect to catch them with that twice.)
      • As someone that watched idiots try that, i laugh at you.

        The tool injects the data in a way that isn't possible to block unless you drop packets from the server. Tunnel your traffic if you care.

        (Hugs toast!)
      • That's precisely why we have goatse image mode.. In that case, any request for an image file will return valid image data for display. No hosts entry will save you there.. :) Unless you have an IPS to block nasty pics entering your laptop, there is nothing to do but use lynx..
        • Which is why I wouldn't expect it to work for very long. :^) Do modern browsers have a switch to turn off graphics? (I'm sure the copy of Mosaic I keep for testing does.) If I wanted to be a smart- .. person, I'd slip in a proxy that turned all incoming pictures into cute kitty pix. Pretty silly, but better than a face-full of ass!
  • Humphrey is totally in the field with his Tom's Hardware write-ups. Remember when he was the pilot Warflying [slashdot.org] over LA?

    Later that day, I talked to the fed who got nabbed in that spot the fed video [tomshardware.com]. He was running Kismet when he got called up. Others around him whispered "He can't be a fed, he's running Kismet". Don't be fooled. I think some of these fed types dig technology as much as any hacker.

    The Bluesniper rifle by the guys at Flexilis is so cool - I built the bluetooth gear for them from the kits on

  • Miners strike (Score:2, Informative)

    by totierne ( 56891 )
    There is a story about the miners strike in England 1983-84, that the [fascist] state tried to have automated tape recorders to record any miners strike conversations, but everyone was talking about it then, and so the tapes ran out.

    From the Article:

    'The volume of information being seized for forensic analysis has mushroomed. It is not uncommon to see multiple terabytes of storage being examined. Agents said that some cases are approaching the petabyte range. Usually is because of emails and email attachm
    • The [winnetmag.com]
      Challenge of Managing Petabytes of Storage

      The great sucking noise of the expense of many Petabyte cases has got to be visible somewhere outside classified media.

      Like I care, I pay taxes in more of a bananna republic, well I do care a little, just want to persuade someone else to do the spade work, while it is not part of my job, at which point I will become a lacky like everyone else, probability of selling out 99.9 percent and rising.

      That does mean I have not crossed the line and it makes me 0.1% qu
      • details of how it is done [ucar.edu]

        60 IBM 3390 Model 3 disks.
        Disks [ibm.com]

        five StorageTek Powderhorn Automated Cartridge Systems. containing 6,000 tape cartridges.
        tape library [storagetek.com]

        And the problem is still not N complete, the more data there is the harder it is going to get, not being able to get wiretaps made the problem almost manageable. The right to silence was their luxury. At petabytes of data that is oh lots for every person on the planet.Lets all get with the careless talk.

        I am being lazy the numbers are stagger
        • They probably have the storage but probably blog analysis software is catching up on their analysis tools.

          I remember reading that people are using blog analysis to track language development, presumably including cross blog information spread, so doing that with emails if you have everybodies might be an interesting academic exercise and it would be nice to know what the state of the art is, classifies and unclassified, and nicer to know what is hard and will be hard for the next 20 years.

          At what point th
  • by Eightlines ( 536572 ) <brent@eightlines.com> on Thursday August 05, 2004 @05:37PM (#9893887) Homepage
    For those curious about the Electronic Civil Disobedience hubub, the Inquirer [theinquirer.net] has a couple paragraphs on what happened.
  • Speaking of BlueJacking et al, here's a nifty little Bluetooth utility that runs on cell/PDA and can fulfill your, errr, communication needs :-)

    If you are able to get past the horrible English, that is.

    http://www.net-cell.com/mp/index.html [net-cell.com]
  • by el stevo ( 580437 ) <.moc.oohay. .ta. .cytsalpelbide.> on Thursday August 05, 2004 @05:59PM (#9894141)
    where nerds don't have to drink alone with their imaginary friends!
  • Bluejacking (Score:2, Informative)

    You'all might not want to skip this site: bluejackQ.com [bluejackq.com]
  • The KR1PT0 Car. (Score:3, Informative)

    by a.out ( 31606 ) * on Thursday August 05, 2004 @06:59PM (#9894632)
    Seeing theKR1PT0 Car [www.xyu.ca] parked out back of the hotel was pretty cool.

    The bumper stickers are the best part.
  • SSH Attacks (Score:3, Interesting)

    by Nishi-no-wan ( 146508 ) on Friday August 06, 2004 @12:22AM (#9896717) Homepage Journal
    Was this conference the reason behind a large increase in SSH attack attemps over the past two weeks? The past few months had been relatively quiet in regard to SSH attacks (I was wondering if I'd been cracked and they weren't being reported any more), but I've been getting multiple attempts pretty much daily for the past two weeks. What's up?
  • The most technical competitions at the CON were the Rootfu, Robotics, and the TCP/IP device competitons.
    The Lockpicking contest was raw skill as well.

    LosT

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_

Working...