Here’s your hat.

July 26th, 2017

Black Hat 2017 is just getting started.

There’s some overlap with DEFCON 25. For example, hacking wind farm control networks and the SHA-1 hash talk are on both schedules. But there are also a few things unique to the Black Hat 2017 schedule:

The same rules for the DEFCON post apply here: if you’re a presenter who wants some love, or if you want me to follow a specific talk, leave a comment.

DEFCON 25: 0 day notes.

July 25th, 2017

I’m not going again this year. Maybe next year, if things hold together. But if I were going, what on the schedule excites me? What would I go to if I were there?

Thursday: neither of the 10:00 panels really grab me. At 11:00, maybe “From Box to Backdoor: Using Old School Tools and Techniques to Discover Backdoors in Modern Devices” but I’m at best 50/50 on that. At 12:00, I feel like I have to hit the “Jailbreaking Apple Watch” talk. “Amateur Digital Archeology” at 13:00 sounds mildly interesting.

Not really exited by anything at 14:00. At 15:00, I suspect I would end up at “Real-time RFID Cloning in the Field” and “Exploiting 0ld Mag-stripe information with New technology“. And 16:00 is probably when I’d check out the dealer’s room again, or start getting ready for an earlyish dinner.

Friday: 10:00 is sort of a toss-up. THE Garry Kasparov is giving a talk on
The Brain’s Last Stand” and as you know, Bob, chess is one of my interests. On the other hand, there’s also two Mac specific talks, and Kasparov’s talk is probably going to be packed: I suspect I’d hit “macOS/iOS Kernel Debugging and Heap Feng Shui” followed by “Hacking travel routers like it’s 1999” (because I’m all about router hacking, babe). Nothing grabs me at 11:00, but I do want to see “Open Source Safe Cracking Robots – Combinations Under 1 Hour!” at 12:00:

By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, ‘set testing’ is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe.

13:00: “Controlling IoT devices with crafted radio signals“, and “Using GPS Spoofing to control time” at 14:00. (I do want to give a shout-out to the Elie Bursztein talk, “How we created the first SHA-1 collision and what it means for hash security“, though.)

Do I want to go to “Phone system testing and other fun tricks” at 15:00? Or do I want to take a break before “Radio Exploitation 101: Characterizing, Contextualizing, and Applying Wireless Attack Methods“:

As we introduce each new attack, we will draw parallels to similar wired network exploits, and highlight attack primitives that are unique to RF. To illustrate these concepts, we will show each attack in practice with a series of live demos built on software-defined and hardware radios.

And then at 17:00, “Cisco Catalyst Exploitation” is relevant to my interests. However, I don’t want to dismiss “The Internet Already Knows I’m Pregnant“:

…EFF and Journalist Kashmir Hill have taken a look at some of the privacy and security properties of over a dozen different fertility and pregnancy tracking apps. Through our research we have uncovered several privacy issues in many of the applications as well as some notable security flaws as well as a couple of interesting security features.

Saturday: Nothing at 10:00. At 10:30, maybe “Breaking Wind: Adventures in Hacking Wind Farm Control Networks” because why not?

I have to give another shout-out to “If You Give a Mouse a Microchip… It will execute a payload and cheat at your high-stakes video game tournament” but I’m personally more interested in “Secure Tokin’ and Doobiekeys: How to Roll Your Own Counterfeit Hardware Security Devices” at 11:00. (“All Your Things Are Belong To Us” sounds pretty cool, too, but I’d probably wait for the notes/repos/etc. to be released rather than attending in person.)

Oddly, there’s really nothing that grabs me between 12:00 and 15:00. At 15:00, “Tracking Spies in the Skies” mildly intrigues me (mostly for the ADS-B aspect), while at 16:00 I’m really excited by “CableTap: Wirelessly Tapping Your Home Network” (more home router hacking! Hurrah!)

At 17:00:

In this talk, we explore the security of one of the only smart guns available for sale in the world. Three vulnerabilities will be demonstrated. First, we will show how to make the weapon fire even when separated from its owner by a considerable distance. Second, we will show how to prevent the weapon from firing even when authorized by its owner. Third, we will show how to fire the weapon even when not authorized by its owner, with no prior contact with the specific weapon, and with no modifications to the weapon.

You have my attention.

(Related article from Wired. Presenter’s Twitter feed.)

Sunday: “I Know What You Are by the Smell of Your Wifi“, followed a little later by “Backdooring the Lottery and Other Security Tales in Gaming over the Past 25 Years“.

Weirdly, after that, there’s nothing that interests me until the closing ceremonies at 16:00. (Though I might go to “Man in the NFC” if I was there.)

This seems like a very low-key year, and I’m not sure why. I don’t see any Bluetooth related stuff, and very little lock related. Perhaps I should be glad I’m skipping this year.

Anyway, you guys know the drill: if you see a talk you’re interested in, leave a comment and I’ll try to run it down. If you’re a presenter who wants to promote your talk, leave a comment and I’ll try to give you some love.

Obit watch: July 25, 2017.

July 25th, 2017

Ralph Regula, former congressman from Ohio.

Mr. Regula represented Canton and northeastern Ohio for 36 years before retiring in 2008. At the time, he was dean of the state’s congressional delegation and the No. 3 Republican on the powerful Appropriations Committee.

Among his accomplishments: the creation of the Cuyahoga Valley National Park.

Throughout his career, Mr. Regula blocked attempts to change the name of Mount McKinley in Alaska to its original Native Alaskan name, Mount Denali, maintaining that it was important to honor President William McKinley, who was from Canton. For years he included a clause in the Interior Department’s appropriations bill barring the change.

You may also remember him from the National First Ladies Library and Historic Site, previously blogged here.


July 25th, 2017

DEFCON 25 is this week, and it snuck up on me. I was expecting it to start next week.

I guess this means I have to get the schedule analysis up in a hurry. I think I can get it done by Wednesday night; or at least get the Thursday/Friday parts of it up, and Saturday/Sunday up by Thursday night.

Is there anything that leaps out at me from a quick once-over? No “hippie, please!” panels that I noticed this year. Also no badge contest or mystery challenge.

(Also, I’m reorging the DEFCON tags. I think this should be transparent to everyone.)

Reptile cults. Why did it have to be reptile cults?

July 24th, 2017

Today’s headline of the day:

Police: Woman kills boyfriend after spat with reptilian cult


She said her boyfriend believed the cult’s leader to be a “reptilian” pretending to be a human, a police affidavit said.


Online postings associated with the cult detail a theory that a group of alien reptiles is subverting the human race through mind control.

Sounds like David Icke, but the linked article doesn’t specify. Are there other reptile-based conspiracy theorists out there?

Hello, Dali.

July 22nd, 2017

Headline of the day:

Exhumation of Dali's remains finds his mustache still intact

Programming note.

July 21st, 2017

By way of Lee Goldberg, I have just now learned that “Coronet Blue” is out on DVD.

This is usually the point at which my younger readers look at me like I have three heads, I say something snarky about getting off my lawn, and then I provide a (sometimes condescending) explanation. But since I’ve only heard about “Coronet Blue”, have never seen it, it ran in the summer for one season when I was two years old, and only 11 out of 13 episodes actually aired…

There’s a TV show template that sees a certain amount of use. Premise: person wakes up having been mysteriously left in the middle of nowhere. Person has no idea who they are, or any memory of their past: basically total amnesia. Person, however, has some sort of skill set (like instant recall of obscure facts) that makes them useful to “the authorities”. Person spends the rest of the series assisting “the authorities” in their inquires, while trying to recover their memory and identity. Generally, there’s some sort of massive conspiracy involved, too.

Examples of this template:

  • John Doe“, which I never watched an episode of because it sounded stupid, and Wikipedia confirms my bias. (“A by-product of transcending his body during a near-death experience, traveling to a spiritual plane where all the universe’s questions are answered.” Said questions apparently including “How many dimples are on a golf ball?”)
  • Kyle XY“, which played a little with the idea by making the protagonist a teen (though one with “enhanced physicality, senses and intellect”).
  • Blindspot“, still on as of this writing, even though to me it sounds every bit as dumb as “John Doe”. (I do like me some Marianne Jean-Baptiste, though: she was great in “Without a Trace”. And for the record, “Blindspot” also varies the premise a little, in that the (female) amnesiac was left in a bag in the middle of Times Square.)

Anyway, my point (and I do have one) is that “Coronet Blue” was patient zero for this television archetype. I’ve been wanting to see it, but never actually expected that it would show up on DVD. After all, it was a one-season show. (Turns out it was actually successful enough that CBS wanted more episodes: the problem was the series had been shot two years previously, for various reasons CBS delayed running it, and by the time it aired and was moderately successful, Frank Converse had a starring role in another show. Wikipedia entry.)

So, yeah, I’m delighted. And I’m also interested in “Decoy“: as everyone knows, I’m a sucker for cop shows. Plus: Beverly Garland!

And now that we’re wrapping up season one of “Elementary”, I figure I’ve got a better chance of talking Lawrence and RoadRich into watching these two series than I do of persuading them to sit through “Cop Rock“.


July 21st, 2017

Probably news, at least to some people: Texas A&M has a large science fiction archive.

Possibly news to more people: this includes George R.R. Martin’s stuff.

Probably not news, if you think about it: this includes a lot of “Game of Thrones” related stuff.

And there is plenty of other Martin stuff, including manuscripts for the Wild Card moasic novels he continues to edit and drafts of various “Max Headroom” scripts.

Quote that pushed me into posting this:

But also, there are swords.

(Much like, “And then the murders began“, “But also, there are swords” makes anything better.)

Hookers, no blow (yet) watch.

July 21st, 2017

Hugh Freeze, the football coach at Ole Miss, resigned “effective immediately” last night.

If he resigned, why am I spinning this as a firing? ESPN:

Ole Miss chancellor Jeffrey Vitter, in a Thursday night news conference announcing the move, said Freeze, 47, resigned after confirming to him and athletic director Ross Bjork “a pattern of personal conduct inconsistent with the standard of expectations for the leader of our football team.”


If Freeze didn’t resign, athletic director Ross Bjork said the university would have exercised the termination clause in his contract for “moral turpitude.”

“Moral turpitude” is another of those phrases that I love. But I digress: what happened here?

From what I’ve been able to put together reading the press coverage, Houston Nutt, the former Ole Miss coach, is suing the university. As part of the discovery in his lawsuit, his attorney was able to get six days worth of Freeze’s phone records from his university issued cellphone. Freeze was allowed to redact his personal calls from the records, but did not redact what’s being described as a “one minute” call to a 313 area code number “associated with websites that advertise a female escort business based in Tampa, Florida”.

Freeze’s initial explanation was that it was a wrong number call. That’s plausible to me, given how short the call was. But apparently the university dug deeper into Freeze’s phone records:

“In our analysis, we discovered a pattern of conduct that is not consistent with our expectations as the leader of our football program,” Bjork said. “As of yesterday, there appeared to be a concerning pattern.”

Freeze, who had about $2 million left on his contract for this year, $5 million next year and $5.15 million for the 2019 season, will not be paid going forward.

So that’s $12.15 million down the drain. Why? Because a highly paid football coach wasn’t smart enough to use a burner phone for his calls to escort services.

Obit watch: July 21, 2017.

July 21st, 2017

If you are outside of the United States, the TVTropes page linked on the sidebar has resources for other countries.

Obit watch: July 20, 2017.

July 20th, 2017

I’ve been going back and forth on this one for a few days, and finally decided it was worth noting here.

Jean-Jacques Susini passed away on July 3rd. To borrow the paper of record’s description of him, Mr. Susini was “a fiery leader of a right-wing terrorist group that opposed Algerian independence from France who was twice condemned to death in absentia for plots to assassinate President Charles de Gaulle of France”.


He was arrested and tried for helping to organize the so-called Week of the Barricades, which turned to bloody rioting. He fled to southern France during a court recess and later to Spain, where he joined the Secret Army Organization, an underground band of right-ring military and civilian extremists that used terrorism tactics to fight against Algerian independence.

Independence finally came to Algeria in 1962, but Mr. Susini was nonetheless involved in plotting to kill de Gaulle later that year and again in 1964. Details of the first attempt — in which de Gaulle’s Citroën was raked by machine gun fire outside Paris but he was unharmed — were used by the novelist Frederick Forsyth to open his 1971 thriller, “The Day of the Jackal.” The film adapted from the novel two years later opened the same way, with de Gaulle and his motorcade attacked by gunmen.

I know this is probably a sign of real geekdom, but I’m still fascinated by the struggle over Algerian independence and would love to find a good history. Wolves in the City: The Death of French Algeria sounds interesting, but it’s pricey.

James Byron Haakenson was killed sometime around August 5, 1976, though his death was not announced until yesterday.

Mr. Haakenson was one of John Wayne Gacy’s victims. His body was unidentified until DNA test results came back earlier this week.

There are six Gacy victims that still have not been identified.

More book stuff.

July 17th, 2017

I’m a sucker for those “collector’s” reprints of various firearms related books, like the stuff in the Palladium Press Firearms Classics Library. I’m not a total sucker: Half-Price Books gets these in every once in a while, and while I’m generally not willing to pay their marked price ($30-$35), if there’s a sale or a coupon, I’m there.

I know they generally don’t have a lot of value to book collectors, but that’s fine: I think they look nice on the shelves. Plus, to take one example, I think I paid $15 for Ordnance Went Up Front. Amazon has a Kindle edition for $9, but I’d rather pay the extra few dollars for a nice physical copy. And there’s a lot of that stuff that doesn’t have a Kindle edition.

This is a different publisher, and a little more expensive, but there’s a catch:

Capstick, Peter Hathaway. Death In a Lonely Land: More Hunting, Fishing, and Shooting on Five Continents. Derrydale Press, 1990.

Yes, it’s a reprint. A “limited” edition reprint of 2,500 numbered copies, which makes it almost certainly worthless to collectors and anybody who doesn’t have the word “sucker” stamped on their forehead.

(looks in mirror)

Well, I’ll be darned. Where did that come from?

But I digress.

I don’t remember exactly how I first came into possession of Death in the Long Grass: I want to say I was a teenager (or pre-teen?) visiting my maternal grandmother, we went by a bookstore on one of our rare ventures out of the house, either I talked her into buying it for her grandchild or I had some pocket money of my own, and…

…I was already kind of gun-crazy at the time, but that book was a revelation to me. It wasn’t just that the whole “let’s go hunting elephants in Africa” thing appealed to me as I was straining the bounds of my existence: it was also that the guy could write. The young me found him sometimes screamingly funny. The old me still does. I think sometimes I even try a little too hard to emulate Capstick’s prose style, the end result being something like if you left my prose next to a complete collection of Capstick books and a gallon of milk for a week in a non-working refrigerator outside in a Texas July.

Point being, I didn’t just want to hunt lions and tigers and buffalo like Capstick, I wanted to write like him as well. At least back in those days. These days, I’m working on developing my own style, but Capstick is still an influence.

This was $75, marked down by 50% because of the coupon. It was still a little more than I would usually have paid, but this book has one great advantage that my other Capstick books don’t:

Capstick died in 1996 of complications from, of all things, heart bypass surgery. I never met him – I don’t think he did a lot of book tours, and I don’t move in Safari Club circles – so this is the only signed Capstick in my library right now. It was worth it to me, and to that small boy inside me.