This made me laugh so hard my cow orkers asked me what was so funny.
And the first response is just the icing on the cake.
This made me laugh so hard my cow orkers asked me what was so funny.
And the first response is just the icing on the cake.
Wired has an article based on the “Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog” presentation which will take place on Sunday. I didn’t write about this yesterday because (and with all due respect to the presenter) it just didn’t strike me as being very interesting. You attached a WiFi scanner to a cat and let it roam around the neighborhood? Not sure I see anything novel there, except maybe if you made the WiFi rig very small. (You could have done the same thing with Kismet on a Nokia N810 years ago. You still can, if you can find a Nokia N810, which isn’t that hard, and if you can figure out a way to secure it to your pet.)
In other news, here are the presentation links I’ve been able to find so far. I’ll try to update this post during the day. If you are a presenter who would like your talk listed (even if it wasn’t on my list) or if there’s a talk you’d like for me to find, please feel free to leave comments or send email to stainles [at] sportsfirings.com.
That’s everything I’ve been able to find from yesterday. We’re only about 30 minutes into today’s sessions. And while looking for links, I ran across this tidbit: DEFCON ordered 14,000 badges this year. They were gone by 6 PM yesterday.
So what’s happening on Friday?
“Domain Name Problems and Solutions” intrigues me the most in the first block, since a) it looks like this is going to involve DNS based attacks on spam, and II) Paul Vixie is one of the key figures in the development of DNS.
“USB for all!” sounds like an interesting talk: “We will demonstrate different tools and methods that can be used to monitor and abuse USB for malicious purposes.”
I would have to go to “From root to SPECIAL: Pwning IBM Mainframes” just because I have a close friend (and former IBM-er) who speaks IBM mainframe. Plus, I’m curious. But “ShareEnum: We Wrapped Samba So You Don’t Have To” would be a good second choice: “ShareEnum uses the underlying Samba client libraries to list shares, permissions, and even recurse down file trees gathering information including what is stored in each directory.” And “Stolen Data Markets An Economic and Organizational Assessment” could be interesting as well. I’d probably still hit the IBM talk and seek out the slides for the other two.
More than likely I’d take a break at 13:00 and look at the slides for “Bypass firewalls, application white lists, secure remote desktops under 20 seconds” and “Investigating PowerShell Attacks” later. At 14:00, “What the Watchers See: Eavesdropping on Municipal Mesh Cameras for Giggles (or Pure Evil)“: “…we decode the previously undocumented mesh protocol enough to (1) “tune in” to live feeds from the various cameras positioned across the city, just like we were in police headquarters, and (2) inject arbitrary video into these streams.”
“Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance” sounds like the best talk at 15:00. And after that, there’s nothing that really intrigues me on Friday.
“Hack All The Things: 20 Devices in 45 Minutes” seems like the best opening panel on Saturday: if you don’t like what you’re seeing, just wait and something else will be along shortly. Plus free hardware!
There’s nothing that leaps out at me until “Secure Random by Default” at 13:00. Because Dan Kaminsky. “PropLANE: Kind of keeping the NSA from watching you pee” would be a good fallback if Kaminsky is too crowded: “…we’ve combined two things every good hacker should have, a Propeller powered DEF CON badge (DC XX in our case) and a somewhat sober brain to turn the DC badge (with some modifications) into an inline network encryption device.” (And hey: I have a DC 20 badge!)
“Secure Random” runs until 15:00, but if I couldn’t get into that, “NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It” would be my second choice in the 14:00 block.
“A Survey of Remote Automotive Attack Surfaces” is at 15:00. This is another Charlie Miller and Chris Valasek talk, and is already getting some press: I kind of want to see this, but, again, there’s a conflict with two other talks I’d also like to see: “VoIP Wars: Attack of the Cisco Phones” and “Detecting Bluetooth Surveillance Systems“. This is another case where I’d apologize profusely to Mr. Miller and Mr. Valasek, download a copy of their presentation, and hit one of the other two sessions.
“Manna from Heaven: Improving the state of wireless rogue AP attacks” sounds interesting, especially with the promise of “a new rogue access point toolkit”. But I just can’t pass up the promise of “Learn how to control every room at a luxury hotel remotely“.
“Attacking the Internet of Things using Time“, which is really about timing attacks, sounds more interesting than the title implies. And “Old Skewl Hacking: Porn Free!” sounds like a great way to wrap up the day.
I don’t know that there’s anything I care that much about Sunday morning, though “Burner Phone DDOS 2 dollars a day : 70 Calls a Minute” and “Optical Surgery; Implanting a DropCam” could be interesting if I was up at that time. “NSA Playset : GSM Sniffing” sounds a bit more interesting: “Introducing TWILIGHTVEGETABLE, our attempt to pull together the past decade of GSM attacks into a single, coherent toolset, and finally make real, practical, GSM sniffing to the masses.”
There’s a gap in stuff I want to see from 13:00 to 15:00. At 15:00, we have “Elevator Hacking – From the Pit to the Penthouse“. I confess to a great deal of curiosity about elevators and how they work. Plus: Deviant Ollam! And that takes us to the closing ceremonies at 16:30.
Tomorrow, I’ll start trying to put up links.
DEFCON 22 sort of fires up today, though the real action doesn’t begin until Friday.
I’m not in Vegas again this year, for boring (money) reasons. Frankly, I’m also feeling a little burnt out. I miss Vegas (well, mostly, I miss Lotus of Siam) but I’m not sure I really miss dealing with that many people crammed into that small a space. I’m also not so sure that what happens at the conference makes that much of a difference any more. It seems like, to borrow the words of another better writer, “Nothing works and nobody cares”.
Or maybe that’s the depression talking. And the fact that my current employer made all of the videos from last year’s DEFCON available internally within a week of the conference.
So. If I was at DEFCON, what would I be attending?
As I said earlier, Thursday is usually kind of slow. I suspect I’d go to the “Data Protection 101 – Successes, Fails, and Fixes” talk; it sounds kind of basic to me, but you never know what you might learn. “Practical Foxhunting 101” also intrigues me. I went transmitter hunting with a friend of mine many many years ago, and I maintain a somewhat more than academic interest in the subject.
“Paging SDR… Why should the NSA have all the fun?” sounds like fun. Basically, this appears to be “how to decode pager traffic with cheap hardware so you can pretend to be Lester Freamon for fun and profit”. On the other hand, this conflicts with “RF Penetration Testing, Your Air Stinks“, a how-to talk for radio frequency penetration testers. I suspect I’d go to this one, and grab the slides from the pager talk later.
I know SCADA and the cloud are hot topics, but I’m not sure I’d go to either “AWS for Hackers” or “Protecting SCADA From the Ground Up“, simply because neither topic interests me that much. Nothing personal, presenters; they just don’t turn my crank.
I like the idea behind “Anatomy of a Pentest; Poppin’ Boxes like a Pro” and would be more likely to hit that than “One Man Shop: Building an effective security program all by yourself“. If I was working in a small organization, though, I’d probably go to “One Man Shop” instead.
I’m slightly more interested in “Reverse Engineering Mac Malware” than I am in the Honeynets talk. And “RFIDler: SDR.RFID.FTW” sounds exciting: “We have created a small, open source, cheap to build platform that allows any suitably powerful microprocessor access to the raw data created by the over-the-air conversation between tag and reader coil. The device can also act as a standalone ‘hacking’ platform for RFID manipulation/examination.”
This is shaping up to be longer than I expected, so I’m going to break it into two parts. I will try to get a second part up tonight and at least cover the Friday and Saturday talks I’m interested in, if not all the way through to Sunday.
The full schedule is here, if anyone wants to look at it and make requests. I welcome comments from presenters and other people who are at DEFCON. And I will be trying to monitor twitter feeds and posting presentation links as I find them.
Box Sized DIE is a public installation in a London banking district by Portuguese artist João Onofre. It’s a soundproofed, airtight black box. Inside, UK band Unfathomable Ruination will be playing death metal until they run out of oxygen, every day for most of July, starting on Sunday. The installation is part of the Sculpture In The City public art program by City of London.
My first thought: what do they mean by “run out of oxygen”? Does the band play until they pass out? If so, how will anyone know, given that the box is soundproofed and opaque? Do they just play until a certain CO2 level is reached? Do they have sensors and an alarm in the box?
My second thought: how long will the band actually play? Or, to phrase the question in another way, how long does it take to use up all the oxygen in the box? Apparently, this isn’t the first time a death metal band has played in the box (though it is the first time this has been done in London). Surely there must be some stats on this, like average length of time spent in the box.
My third thought:
My fourth thought:
Art F City argues that this is one of London’s “worst public art projects,” because “Passersby can’t hear them play, so what’s the point of choosing death metal over anyone else?” But there are many things we can’t see or hear directly from a sculpture. Onofre is charging the invisible core of the object with the specific force and drive of death metal. It’s black. It’s claustrophobic. It’s all angst. Of course it had to be black metal! Unlike most conceptual public sculptures, we know exactly what’s “inside.” Maybe it’s not the most subtle form of compacting tension and placing it into a public space, but I’m biased, so… \m/
Sounds like pretentious bullshit to me.
From the NYPost:
(Previously. Please note that my linking this is more for my own amusement, and should not be taken as an endorsement of the article; while I think it makes a good point or two, I also think it comes close to suffocating itself in the usual entitled whining that seems to characterize far too many (but not all) New Yorkers.)
One of my cow orkers sent me this link. As far as I know, it isn’t proprietary.
Warning note: this site seems to be optimized for Chrome.
Together with tableside tablets that allow customers to order desserts and alcoholic drinks as well as pay their bills and play games without the help of a waiter, new technology has helped Chili’s address one of its customers’ biggest complaints — slow service — and add higher-margin items to its menu.
Mr. Roberts of Chili’s said about a fourth of the customers answered a survey about their experience, providing feedback. The system is so sophisticated that it can ask different questions to customers based on their orders, soliciting opinions on a new special or dessert item. A customer who has a coupon can opt to switch on a camera that will read it, or use the camera to upload a photo to Facebook or Pinterest.
Chili’s pays Ziosk a monthly service fee, but if enough customers opt to pay to play games on the system — trivia is the most popular game at Chili’s — it can make that money back under a revenue-sharing agreement.
The new system has helped the Braintree [Panera Bread - DB] location reduce errors in orders, which could run as high as six out of every 10, in that way increasing profitability, said Chris Hogan, its manager. It has allowed Mr. Hogan to put fewer workers at the cash register and more in the kitchen.
Our table at the banquet was only about halfway occupied, and some of my fellow diners were trying to scam additional deserts from the server. (“No, really, they just stepped outside for a couple of minutes. They’ll be right back!”)
The server brought over some extras, with the good-humored comment that “I’m not the Cheesecake Police.”
Which got me thinking:
Why, yes, I am in a weird mood. Why do you ask?
Dr. Clyde Snow, legendary forensic anthropologist.
In Argentina in 1985, Dr. Snow and students he had trained excavated a mass grave where military death squads had buried some of the 13,000 to 30,000 civilians who vanished in a seven-year “dirty war” against dissidents. They found 500 skeletons, many with bullet holes in the skulls, fractured arms and fingers, and abundant signs of torture and murder.
In 1979, Dr. Snow helped identify many of the 33 boys and young men killed by Mr. Gacy, most of them buried in a crawl space under his suburban Chicago home. That year he also helped identify many of the 273 people killed when an American Airlines flight crashed and burned on takeoff from O’Hare Airport in Chicago, then the nation’s worst air disaster.
Witnesses from the Grave: The Stories Bones Tell (which is briefly mentioned in the obit) is the book that sparked my interest in forensic anthropology. It appears to be out-of-print, but readily available: I commend it to your attention.
Also among the dead: Watergate figure Jeb Magruder.
Oh dear god, they have half-lives for the unstable elements.
–one of my cow orkers, in reference to this.
By way of the Y Combinator Twitter, I found this rather interesting Fast Company article about “Better Place”.
Better Place was born to be revolutionary, the epitome of the kind of world-changing ambition that routinely gets celebrated. Founder Shai Agassi, a serial entrepreneur turned rising star at German software giant SAP, conceived Better Place “on a Davos afternoon” in 2005 when he asked himself, “How would you run a whole country without oil?” Four years later, onstage at the TED conference, Agassi, a proud Israeli with a bit of a Steve Jobs complex, wore a black turtleneck and promised, with the confidence of a man who has known the future for some time but has only recently decided to share his findings, that he would sell millions of electric vehicles in his home country and around the world. He implied that converting to electric cars was the moral equivalent of the abolition of human slavery and that it would usher in a new Industrial Revolution.
Shai Agassi was on FC‘s “2009 Most Creative People in Business” list. He was on the cover of Wired. Better Place raised almost a billion dollars.
And if being on the cover of Wired wasn’t a dead giveaway for you, they collapsed.
Agassi had assumed that the car would cost roughly half the price of a typical gasoline car and would have a range of at least 100 miles. Instead, batteries were delivered with a range of closer to 80 miles, and the terms with Renault meant he was selling an unsexy family car for about the same price as a nice sedan like the Mazda3 or the Toyota Corolla. (Not to mention that customers were asked to spend an additional $3,000 or so a year to rent the battery and pay for the use of charging and swap stations.)
I have been, and continue to be, somewhat critical of Tesla. But I think one thing they’re doing right is positioning their vehicles as a premium product that’s worth the asking price.