Archive for August, 2014

Newer Entries »

DEFCON 22 updates: August 8, 2014.

Friday, August 8th, 2014

Wired has an article based on the “Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog” presentation which will take place on Sunday. I didn’t write about this yesterday because (and with all due respect to the presenter) it just didn’t strike me as being very interesting. You attached a WiFi scanner to a cat and let it roam around the neighborhood? Not sure I see anything novel there, except maybe if you made the WiFi rig very small. (You could have done the same thing with Kismet on a Nokia N810 years ago. You still can, if you can find a Nokia N810, which isn’t that hard, and if you can figure out a way to secure it to your pet.)

In other news, here are the presentation links I’ve been able to find so far. I’ll try to update this post during the day. If you are a presenter who would like your talk listed (even if it wasn’t on my list) or if there’s a talk you’d like for me to find, please feel free to leave comments or send email to stainles [at] sportsfirings.com.

That’s everything I’ve been able to find from yesterday. We’re only about 30 minutes into today’s sessions. And while looking for links, I ran across this tidbit: DEFCON ordered 14,000 badges this year. They were gone by 6 PM yesterday.

Posted in DEFCON 22, Geek, Nokia, Radio | Comments Closed

DEFCON 22: 0 day notes (part 2)

Thursday, August 7th, 2014

So what’s happening on Friday?

Domain Name Problems and Solutions” intrigues me the most in the first block, since a) it looks like this is going to involve DNS based attacks on spam, and II) Paul Vixie is one of the key figures in the development of DNS.

USB for all!” sounds like an interesting talk: “We will demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.”

I would have to go to “From root to SPECIAL: Pwning IBM Mainframes” just because I have a close friend (and former IBM-er) who speaks IBM mainframe. Plus, I’m curious. But “ShareEnum: We Wrapped Samba So You Don’t Have To” would be a good second choice: “ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.” And “Stolen Data Markets An Economic and Organizational Assessment” could be interesting as well. I’d probably still hit the IBM talk and seek out the slides for the other two.

More than likely I’d take a break at 13:00 and look at the slides for “Bypass firewalls, application white lists, secure remote desktops under 20 seconds” and “Investigating PowerShell Attacks” later. At 14:00, “What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil)“: “…we decode the previously undocumented mesh protocol enough to (1) “tune in” to live feeds from the various cameras positioned across the city, just like we were in police headquarters, and (2) inject arbitrary video into these streams.”

Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance” sounds like the best talk at 15:00. And after that, there’s nothing that really intrigues me on Friday.

Hack All The Things: 20 Devices in 45 Minutes” seems like the best opening panel on Saturday: if you don’t like what you’re seeing, just wait and something else will be along shortly. Plus free hardware!

There’s nothing that leaps out at me until “Secure Random by Default” at 13:00. Because Dan Kaminsky. “PropLANE: Kind of keeping the NSA from watching you pee” would be a good fallback if Kaminsky is too crowded: “…we’ve combined two things every good hacker should have, a Propeller powered DEF CON badge (DC XX in our case) and a somewhat sober brain to turn the DC badge (with some modifications) into an inline network encryption device.” (And hey: I have a DC 20 badge!)

“Secure Random” runs until 15:00, but if I couldn’t get into that, “NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It” would be my second choice in the 14:00 block.

A Survey of Remote Automotive Attack Surfaces” is at 15:00. This is another Charlie Miller and Chris Valasek talk, and is already getting some press: I kind of want to see this, but, again, there’s a conflict with two other talks I’d also like to see: “VoIP Wars: Attack of the Cisco Phones” and “Detecting Bluetooth Surveillance Systems“. This is another case where I’d apologize profusely to Mr. Miller and Mr. Valasek, download a copy of their presentation, and hit one of the other two sessions.

Manna from Heaven: Improving the state of wireless rogue AP attacks” sounds interesting, especially with the promise of “a new rogue access point toolkit”. But I just can’t pass up the promise of “Learn how to control every room at a luxury hotel remotely“.

Attacking the Internet of Things using Time“, which is really about timing attacks, sounds more interesting than the title implies. And “Old Skewl Hacking: Porn Free!” sounds like a great way to wrap up the day.

I don’t know that there’s anything I care that much about Sunday morning, though “Burner Phone DDOS 2 dollars a day : 70 Calls a Minute” and “Optical Surgery; Implanting a DropCam” could be interesting if I was up at that time. “NSA Playset : GSM Sniffing” sounds a bit more interesting: “Introducing TWILIGHTVEGETABLE, our attempt to pull together the past decade of GSM attacks into a single, coherent toolset, and finally make real, practical, GSM sniffing to the masses.”

There’s a gap in stuff I want to see from 13:00 to 15:00. At 15:00, we have “Elevator Hacking – From the Pit to the Penthouse“. I confess to a great deal of curiosity about elevators and how they work. Plus: Deviant Ollam! And that takes us to the closing ceremonies at 16:30.

Tomorrow, I’ll start trying to put up links.

Posted in DEFCON 22, Geek | Comments Closed

Classic Austin cliches.

Thursday, August 7th, 2014

Anyone who’s spent time in Austin is familiar with the complaint that too many Austin residents like to sit around and talk about how things were so much better when the Armadillo World Headquarters was in business, and how they saw Shiva’s Headband there, and rent was only $25 a month, and there was no traffic and abundant dope and and and…

The official name was Armadillo World Headquarters. But anyone who enjoyed live music just called it the ‘Dillo.

Yep. That’s your Statesman.

Posted in Clippings, History, Media, Music | Comments Closed

DEFCON 22: 0 day notes (part 1)

Thursday, August 7th, 2014

DEFCON 22 sort of fires up today, though the real action doesn’t begin until Friday.

I’m not in Vegas again this year, for boring (money) reasons. Frankly, I’m also feeling a little burnt out. I miss Vegas (well, mostly, I miss Lotus of Siam) but I’m not sure I really miss dealing with that many people crammed into that small a space. I’m also not so sure that what happens at the conference makes that much of a difference any more. It seems like, to borrow the words of another better writer, “Nothing works and nobody cares”.

Or maybe that’s the depression talking. And the fact that my current employer made all of the videos from last year’s DEFCON available internally within a week of the conference.

So. If I was at DEFCON, what would I be attending?

As I said earlier, Thursday is usually kind of slow. I suspect I’d go to the “Data Protection 101 – Successes, Fails, and Fixes” talk; it sounds kind of basic to me, but you never know what you might learn. “Practical Foxhunting 101” also intrigues me. I went transmitter hunting with a friend of mine many many years ago, and I maintain a somewhat more than academic interest in the subject.

Paging SDR… Why should the NSA have all the fun?” sounds like fun. Basically, this appears to be “how to decode pager traffic with cheap hardware so you can pretend to be Lester Freamon for fun and profit”. On the other hand, this conflicts with “RF Penetration Testing, Your Air Stinks“, a how-to talk for radio frequency penetration testers. I suspect I’d go to this one, and grab the slides from the pager talk later.

I know SCADA and the cloud are hot topics, but I’m not sure I’d go to either “AWS for Hackers” or “Protecting SCADA From the Ground Up“, simply because neither topic interests me that much. Nothing personal, presenters; they just don’t turn my crank.

I like the idea behind “Anatomy of a Pentest; Poppin’ Boxes like a Pro” and would be more likely to hit that than “One Man Shop: Building an effective security program all by yourself“. If I was working in a small organization, though, I’d probably go to “One Man Shop” instead.

Neither “Standing Up an Effective Penetration Testing Team” nor “In the forest of knowledge with 1o57” interests me that much, so I’d take another break here.

I’m slightly more interested in “Reverse Engineering Mac Malware” than I am in the Honeynets talk. And “RFIDler: SDR.RFID.FTW” sounds exciting: “We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination.”

This is shaping up to be longer than I expected, so I’m going to break it into two parts. I will try to get a second part up tonight and at least cover the Friday and Saturday talks I’m interested in, if not all the way through to Sunday.

The full schedule is here, if anyone wants to look at it and make requests. I welcome comments from presenters and other people who are at DEFCON. And I will be trying to monitor twitter feeds and posting presentation links as I find them.

Posted in DEFCON 22, Geek, Radio | Comments Closed

You will know them by the company they keep.

Thursday, August 7th, 2014

Austin mayor Lee Leffingwell (who is also a member of Criminal Mayors Conspiring to Infringe Your Rights) has declared today in Austin “Edwin Edwards Day”.

Yes, that Edwin Edwards, who for some reason came to Austin as part of his campaign for a Louisiana congressional seat. You may also remember him as the former governor of Louisiana who spent eight years in federal prison after being convicted of taking bribes.

What next? I would suggest Albert DeSalvo Day, but the Texas Legislature has been there and done that. Maybe Mayor Leffingwell would go for Lynette Fromme Day.

Posted in Austin, Clippings, Guns, Politics | Comments Closed

When seconds count…

Tuesday, August 5th, 2014

the police are only minutes away the phone company will send your 911 call to an answering machine.

Posted in Clippings, Cops, Guns, Law | Comments Closed

Art, damn it, art! watch. (#46 in a series)

Tuesday, August 5th, 2014

This one’s for Lawrence.

The House Committee on Natural Resources has called the proposed Eisenhower Memorial “a five-star folly”. That’s actually the title of their report, which is subtitled (just in case you didn’t get the point), “An Investigation into the Cost Increases, Construction Delays, and Design Problems That Have Been a Disservice to the Effort to Memorialize Dwight D. Eisenhower”.

This has been going on since 1999. So far, according to the report, “Approximately $41 million has been spent or obligated so far, including almost $16.4 million for the designer and more than $13.3 million to the multiple parties responsible for managing the design process and providing administrative support.” And there’s basically nothing to show for it.

Except for the design itself, which lots of people don’t like. Including the Eisenhower family.

Congress subsequently withheld construction funds for the memorial two years in a row, and this month, the House released a draft budget that also zeros out operating funds and calls for a new design competition. In April, the National Capital Planning Commission voted 7 to 3 to oppose the design. The House committees on oversight and appropriations are also investigating the memorial.

The designer? Lawrence’s favorite living architect, Frank Gehry. To be fair to Mr. Gehry (who I actually kind of like), this wouldn’t be the first time a controversial memorial design in DC has turned out okay. And I’m not clear on what exactly the objections are:

Mr. Gehry’s original concept to honor the World War II military leader and 34th president called for a four-acre site partly enclosed by transparent woven metal tapestries displaying images of the Kansas plains, where Eisenhower grew up. The most contentious element initially was a statue of the young Eisenhower sitting on a low stone wall, a characterization inspired by a photograph of him at that age and by a homecoming speech he made after the war in which he recalled his days as a “barefoot boy.”

That doesn’t sound too awful or disrespectful to me.

In response to objections that this was insufficiently respectful, Mr. Gehry replaced the child with Eisenhower as a 20-year-old West Point cadet and changed his depictions of two famous photographs into statues instead of bas-reliefs. But family members still expressed concerns that the design was costly, undignified and would require too much maintenance.

Yeah, I don’t get the “undignified” thing, either. But I haven’t seen anything other than the photo in the NYT. I do find it interesting that, according to the congressional report, the initial jury thought all of the submitted designs were “mediocre” and wanted a second round of submissions. Whoever was in charge overruled the jury and picked Gehry’s design.

And there’s other boondoggles, too. Sole source contracts, paying $1.4 million to fundraising firms (which have managed to raise about $500,000), questions about ongoing maintenance costs, etc. etc. etc.

I like Ike. But I have serious questions about our need for an Eisenhower Memorial outside of the Eisenhower Presidential Center and about the design process for this one.

Posted in Art, Clippings, Gehry | Comments Closed

Vandalism is wrong, m’kay? Don’t do it.

Friday, August 1st, 2014

A day after former Bell Mayor Oscar Hernandez was sentenced to a year in county jail for his role in a public corruption case that nearly left the town bankrupt, the mugshot of Robert Rizzo — the man at the heart of the scandal — was tagged on the walls of his grocery store.

Seriously. Bad tagger. No biscuit.

Posted in California Über Alles, Clippings, Law | Comments Closed

Obit (sort of) watch: August 1, 2014.

Friday, August 1st, 2014

There’s a nice story in today’s NYT. And I wonder why I’m reading it there, rather than in the Statesman.

Background: Gary Lavergne wrote what is widely considered the definitive book on Charles Whitman, A Sniper in the Tower: The Charles Whitman Murders.

Claire Wilson was one of Whitman’s victims. She was walking with her boyfriend, Thomas Eckman, when Whitman shot her in the belly. He then shot and killed Eckman. Ms. Wilson survived, but she was eight months pregnant; Whitman’s bullet killed the baby.

Ms. Wilson (now Ms. Jones) got in touch with Mr. Lavergne after the book was published (he was unable to find her previously) and they became friends. Sometime later, Mr. Lavergne began researching a question, and found the answer last year.

In November 2013, he was preparing the materials from his most recent work, “Before Brown,” a history of Heman Marion Sweatt’s efforts to integrate the university beginning in the 1940s. Mr. Lavergne revisited a database of nearly 23,000 graves at Austin Memorial Park Cemetery, where Theophilus S. Painter, the university president of that era, is buried.

The end result is that Ms. Jones now knows where her baby was buried. And the grave has a headstone, paid for by Mr. Lavergne.

Pretty much everyone has acknowledged this, but: Dick Smith. A/V Club.

Posted in Clippings, History, Movies, Obits | Comments Closed

Flames, hyena, etc. (#17 in a series)

Friday, August 1st, 2014

Last man down.

Victor Bello, former city council member for the notoriously corrupt California city of Bell, was sentenced today for his role in the corruption scandal.

One year in jail, five years probation, 500 hours of community service, and $177,000 in restitution.

The prosecution was asking for the standard four years. Bello is sort of an exception, though:

Bello’s case was unique among the former council members because he alone had approached district attorney’s investigators about financial irregularities in the small city months before The Times exposed the size of the paychecks the town’s leaders were drawing.
Bello had written a letter on May 6, 2009, to the Los Angeles County district attorney with allegations of misconduct in Bell but was not interviewed until 10 1/2 months later.

So it’s at least kind of arguable that he was the rat in the case, and may deserve a light sentence more than the other guys…

Posted in California Über Alles, Clippings, Law | Comments Closed

Newer Entries »