Cactus Pryor, humorist and long-time Austin radio and television personality.
Archive for August, 2011
Obit watch: August 30, 2011.
Tuesday, August 30th, 2011TMQ watch: August 30, 2011.
Tuesday, August 30th, 2011We are still a little worn out from the weekend, and can’t come up with anything clever to say. So let’s just jump right into this week’s TMQ after the jump…
Interlude.
Tuesday, August 30th, 2011The TMQ Watch for this week will probably be up early this evening.
In the meantime, we bring you something we picked up from the Onion A/V Club. No, it isn’t curable with penicillin.
Wire Inspire. Motivational posters based on “The Wire”.
Since we found this over the weekend, we find ourselves asking this question:
Civic corruption update.
Tuesday, August 30th, 2011A while back, I read Ian Flemming’s book Thrilling Cities
First up: the state Senate has rejected a bill that would have disincorporated the notoriously corrupt city of Vernon. This isn’t the end of the line: the city has agreed to some reforms, and is currently under investigation by the IRS. But it is a major setback for those of us who were hoping for a good disincorporation.
Meanwhile, back in Bell, former fiefdom of Robert “Ratso” Rizzo, it seems that the city issued $50 million in bonds a few years back. (I can’t tell if it was 2003 or 2004 from the LAT article.) The bonds were intended to pay for
Anyone want to take a guess on what’s happened?
Here’s the punchline: even though nothing was built, the money’s gone, and the city’s broke, the new city government still has to go through with the tax increases that were put into place to pay off the bonds.
Of course, the tax increase money is going to the bond holders, not into the general city government fund. And the city residents are upset that their taxes are being increased. But what’s the alternative, guys? Defaulting on the bonds, even if they were issued by a bunch of crooks, is just going to hurt you in the long run. Bell’s best bet at this point seems to be to return the unspent funds (about $20 million, per the LAT), and try to squeeze whatever they can out of Robert “Ratso” Rizzo and his cronies.
I have an odd sense of humor.
Monday, August 29th, 2011Sorry for the radio silence the past few days. Two reasons:
- There just hasn’t been that much to report. I understand there was an earthquake somewhere, and a hurricane in some other place? Other than that, I got nothing (well, except it hit 110 in Austin over the weekend).
- I’ve been running around Armadillocon 33 all weekend.
Content will, perhaps, resume soonish. In the meantime, here’s a picture I took Sunday morning, just because I happened to have the book with me at breakfast (I was expecting to be eating alone) and the juxtaposition amused me.
The book is Murder Behind the Badge: True Stories of Cops Who Kill
Barbecue update.
Wednesday, August 24th, 2011Per the Statesman, Sam’s BBQ in East Austin has reopened. You may (or may not) recall that Sam’s was one of the three places involved in the meat sting back in July.
The owner is quoted as saying he was able to get his health permit back because “the kind of meat involved in the sting isn’t what’s sold on his menu”. To which we say: ?!
TMQ watch: August 23, 2011.
Tuesday, August 23rd, 2011This week: TMQ’s AFC preview, and this is the last time we’ll ever have to read about “Friday Night Lights”. After the jump…
For the record…
Tuesday, August 23rd, 2011I have given up on the Cubs winning the World Series and paid Lawrence his $5.
However, I feel like I’ve gotten more than $5 out of entertainment out of our bet, so overall, I’m a winner.
More SDC updates.
Monday, August 22nd, 2011Added February and March 2011, did some small updates to May 2011.
Proud. Happy.
Monday, August 22nd, 2011So that this isn’t a total waste, I’ll throw in a bonus link by way of Borepatch: The Children’s Illustrated Clausewitz.
You know something?
Sunday, August 21st, 2011I didn’t have to use my AK. All in all, I’d have to say, it was a good day weekend.
I got up bright and early (by Saturday standards) and staggered down to the Saxet Gun Show, where I met up with the legendary Borepatch and some other folks. (I am leaving their names out because I want to protect their privacy. Yeah, yeah, that’s the ticket. It has nothing to do with me being a bad and evil person and forgetting their names. It is all about privacy protection. Just ask my wife, Morgan Fairchild.)
I don’t have much to add to Borepatch’s report. I only found one gun I really liked at the show (a Savage model 24, .22 LR over 20 gauge) and the owner was asking just $250, but I didn’t have that much cash on me, didn’t want to leave and find a bank, and…well, if it is there next month, maybe. This would be a good survival gun for the car.
Also, Borepatch is right about the number of approving comments that Sean Sorrentino’s Gunwalker t-shirt received. Borepatch and I discussed the idea of trying to sell them at gun shows, which is a very tempting idea indeed.
(While I was there, I met another gentleman who recognized me from my statement in Borepatch’s comments that I’d be wearing that shirt. It turns out he’s a regular reader of Borepatch’s blog, my blog, and the Saturday Dining Conspiracy pages. Personally, I thought reading both my blog and the SDC pages was an approved method of “enhanced interrogation” for prisoners at Gitmo, but hey, whatever gets you through the night. I was going to introduce him around, but I was on my way to see a man about a racehorse at the time, and when I came back, he was gone. Feel free to leave a comment, Mr. I’m Not Identifying You Here For “Privacy” Reasons.)
(I also saw one of the H&K .22 rimfire MP5 clones. It was going for around $600, as I predicted.)
After the gun show, I went down and paid off my layway at Tex-Guns, official purveyors of fine weapons to WCD. I now have a very nice Marlin 336 lever gun in .30-30: once I get some logistics worked out, and September 1st rolls around, this is going to sit in my car as my equivalent of a “patrol rifle”.
And then I went and had dinner with my mother and some friends at the Vivo on 620 at Lake Creek Parkway. The current chef, Paul Petersen, ran a place called the Little Texas Bistro in Buda; we ate there once, and it was one of the best meals I’ve ever had. Then he moved out to Marathon and worked at the Gage Hotel there for a while. Now he’s working at that Vivo, and hasn’t lost his touch. I had the”surf and turf”: one crabmeat enchilada and one brisket enchilada. It was one of the best meals I’ve had this year, and very reasonably priced.
(I did have some problems with Vivo, but none of them were with the cooking. They all stem from the current management’s decision to encourage an active singles/pick-up scene at Vivo. We were in a semi-private room, and towards the end of the meal, the music was loud enough that some of our party had to leave. Also, I’m not a prude, but when you’re taking your mother someplace, and there’s paintings of topless women everywhere, and a photo collage on the wall of the semi-private room featuring butts and other body parts, that’s a bit disconcerting.)
Today, of course, was the long threatened trip to the Snake Farm. I’m happy to say that everyone who went also came back, they all enjoyed themselves (from what I hear), and everyone who wanted one got a t-shirt. Or, as we like to say around here…
And much progress has been made on getting the Saturday Dining Conspiracy logs up to date. Which is comforting.
And Lawrence has put up some good photos from Worldcon, including a few of friends of mine I haven’t seen in a long time.
So, yeah, it has been a good weekend. How was yours?
(For those of you who don’t understand the “didn’t have to use my AK” reference, which is probably 99+% of my audience because you’re not fans, I suggest you go to your refrigerator and look at some Ice Cubes. (Warning! Adult subject matter!) Actually, I’m not a huge fan, either, but “It Was a Good Day” tickles my funny bone for some odd reason.)
Linky love.
Sunday, August 21st, 2011The Gun Blog Black List, an idea covered in awesome sauce and served with a side of fried awesome.
Saturday Dining Conspiracy updates.
Sunday, August 21st, 2011Added May, June, and July 2011.
There’s only been one SDC in August, and I need to get some information before I post that. Also, I need to back fill some information for one of the May conspiracies, and add Lawrence’s comments when he gets them to me. (This isn’t badmouthing him; he’s tied up and will get them to me as soon as he can.)
I’m thinking about converting the SDC to a more standard blog format, but I haven’t made up my mind if and how I’m going to do that yet.
That ivy-coverd burial ground.
Friday, August 19th, 2011Chicago Cubs general manager Jim Hendry out.
Does anyone know if the Cubs are, officially, mathematically eliminated yet? I want to make sure my bet with Lawrence is properly settled.
(Subject line hat tip: come on, if you don’t know the words of the national anthem, what’s wrong with you? Okay, it isn’t the national anthem, but it should be. Either that, or Dave Van Ronk’s “Last Call”.)
TMQ watch: August 16, 2011.
Wednesday, August 17th, 2011Tuesday! Tuesday! Tuesday! Nitro-burning Tuesday Morning Quarterback after the jump!
Staplerfahrer Klaus, call your office, please.
Wednesday, August 17th, 2011The gentleman is charged with stealing the forklift (duh), drinking while driving (and that should be pretty easy to prove, since he’s also charged with throwing beer bottles at traffic), evading police, and…aggravated assault. Aggravated assault? Does that mean that he…tried to kill someone with a forklift?
Also, it is apparently not a good idea to follow a police chase and film it with your iPhone. Important safety tip there, guys.
TMQ watch watch.
Wednesday, August 17th, 2011Yes, TMQ is back. WCD is a bit tied up, but we hope to have the first TMQ Watch of the new season up tomorrow later today. We would have sworn we’d posted this last night…
Surrender, surrender, but don’t give yourself away….
Tuesday, August 16th, 2011I am a shy and private person.
Whenever someone does the “go around the room and introduce yourself” thing, I cringe. When my turn comes up, I give the minimum amount of information I can get away with: basically name, rank, and serial number.
(As a side note, there’s a story in Chuck Hustmyre’s book, Killer with a Badge
Tycho’s promotion of Google-, “the social network for narcissists”, has a certain emotional resonance for me. (Though I don’t consider myself to be a narcissist; just, as I said earlier, almost pathologically retiring.)
My resistance was never about privacy. I don’t trust Facebook, Google, or any other large corporation (as I’ve said before, anyone who trusts a large corporation, outside of the bounds of a legally enforceable fiduciary duty, should have their sanity checked), but I believe I’m smart enough to manage the privacy issues.
There was a strong element of drama avoidance going on. I didn’t (and don’t) want to water people’s Farmville crops or get caught up in all the other various interpersonal dramas that seemed to play themselves out on Facebook. Not having a Facebook account gives me what the Nixon administration called “plausible deniability”.
So “Why did ‘mr. anti-social networking’ decide g+ was worthwhile?” to quote an email I received this morning?
Two reasons:
- It isn’t Facebook.
- A very close, very dear friend asked me to join. When I say “very close, very dear”, I mean if they came to me and said “I’m storming the gates of hell. Want to ride shotgun?” I wouldn’t even stop to pack a sack lunch.
So, yeah, I’m on Google+ now. I’ll probably add a link to the contact information. I’m following Lawrence’s policy; I only add people to my “Friends” circle if they can pick me out of a police lineup. However, the nice thing about Google+ is that I can have another circle for people who don’t meet that criterion. Indeed, I can have many circles; one for fellow bloggers, another for people I like but who would fail the police lineup test, another for family, and even another for the mothers of my illegitimate children. (Just kidding, Mom. I don’t have any. That I know about.)
The fun never stops here at WCD. Watch this space for more random G+ thoughts as they come to me.
(And thank you, again, to my friend, who shall remain anonymous to protect his/her privacy.)
Viva, viva…er, something or other.
Tuesday, August 16th, 2011Today’s LAT brings word that MGM Resorts International wants to stage another building implosion in Vegas.
The target in this case is unusual: the Harmon tower, part of MGM’s City Center project.
More:
I know I drove past the Harmon (because I remember seeing the Cosmopolitan) but it doesn’t stand out in my mind.
(To be fair, though, I didn’t drive the Strip as much as I did on previous trips; I was staying at the Rio, which is off-Strip, and given traffic on the Strip, I found it easier to drive Paradise or Koval to Flamingo, then go up Flamingo to the Rio.)
(Speaking of Vegas, there’s a Gilley’s in front of Treasure Island now? What the heck?)
(How common are “strong earthquakes” in Las Vegas, anyway? I don’t recall Nevada being a seismically active zone.)
Important safety tip (#5 in a series).
Friday, August 12th, 2011If you’re going to sell “lobster salad” in your store, it is a very good idea to make sure that your “lobster salad” contains actual lobster.
No, I’m not convinced by the argument that crawfish is close enough to lobster for it to count.
DEFCON 19 update #1.
Wednesday, August 10th, 2011Added links to the following presentations:
- “Seven Ways to Hang Yourself with Google Android” (day 3).
- “SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas” (day 3).
- “Battery Firmware Hacking” (day 2). I missed this talk, but wanted to include a link to it.
DEFCON 19 notes: day 3.
Tuesday, August 9th, 2011“Earth vs. The Giant Spider”: This was described as a collection of weird, bizarre, freaky, and unusual hacks compiled by the presenters during penetration tests. I figured this would probably be a high energy, lots of fun, lots of laughs panel. I ended up kind of disappointed. Maybe high energy is too much to expect at 10 AM on DEFCON Sunday, but the presenters seemed curiously subdued. (This may have had something to do with non-functional equipment that resulted in them having to drop the live penetration test portion of the presentation.)
As for the hacks…well, okay, owning an entire country’s credit card processing (bypassing the firewall by sending packets from source port 0) is kind of cool. Getting cheap food from a restaurant chain by hacking a Javascript that communicates with a 3rd party server, and doesn’t validate data being sent from the restaurant’s website to the server? Meh. The story about cloning the support mailbox on an old ROLM PBX (default field service user ID/password) which ended up with the penetration testers doing Checkpoint support for one of the corporate users? Mildly funny. The other hacks (doing a HTTPS man in the middle attack with a self-signed certificate, and using information gathered that way to hijack a session to an external VPN by cloning cookies; high-def IP cameras with undocumented default accounts located right over keyboards, Oracle session hijacking), well, maybe you just have to have been there.
As for the “Caucasian-American love hack” (in which they were able to guess an admin’s password from his profile on an Asian-American dating site), I felt more pity for the poor admin, who was probably just looking for love (and not even in all the wrong places) rather than admiration for the penetration testers. Sorry, guys: I know your intentions were good, but this didn’t click with me. It may just have been a personal thing: YMMV.
“Seven Ways to Hang Yourself with Google Android”: An excellent presentation by Yekaterina Tsipenyuk O’Neil (Fortify) and Erika Chin (UC-Berkeley) about the major mistakes programmers making developing Android applications. Specifically:
- “Intent spoofing”. Basically, “intents” are a type of message Android uses for inter-application communications, intra-application communications, and system event messages. Android intents can be either “explicit”, where the intent is directed to a specific destination or “implicit”, where the destination isn’t specified and Android decides where the intent should be delivered. The issue is that many developers just use implicit intents, which makes it possible for someone to write a malicious application that creates intents requesting some sort of change in state, and send those intents to other applications that use implicit intents.
- SQL query string injection. Yes, you can build a malicious app that queries Android’s SQLite database and (possibly) returns data the app otherwise wouldn’t be able to see.
- “Unauthorized intent receipt”. Very similar to #1, except instead of requesting a change in state, the malicious app harvests information from public intents intended for other non-malicious applications.
- “Persistent messages: sticky broadcasts”. Android has the capability to send broadcast intents to applications (more specifically, to components of applications that are set up to receive broadcast intents). There are some issues with this. The first issue is that any application registered to receive broadcast intents will get all broadcast intents; there’s no way to restrict broadcast intents to specific receivers. It is also possible to create “sticky” intents, which hang around after they are delivered, and are even rebroadcast to new receivers that are enabled in the future. And with the proper permissions, a malicious application can also remove “sticky” intents, possibly before they are received by the intended recipients.
- Insecure storage. Files on the SD card can be read by the entire world. Files created by an application (which might contain things like, oh, I don’t know, passwords?) persist even after the application is deleted, and can be accessed by other, possibly malicious, applications.
- Insecure communications. Basically, developers need to get into the habit of acting like their mobile applications are web applications, and use similar best practices; don’t send passwords in cleartext, for example.
- Overprivileged applications. Developers have a tendency to request more permissions than their app really needs. For example, an application that just displays images doesn’t need the “camera” permission; only an application that actually uses the camera to collect images needs that permission. One of the interesting facts that came out of this portion of the presentation was how Android’s developer documentation handles explaining permissions and what they represent. Quoting the presenters: “Android 2.2 documents permission requirements for only 78 out of 1207 API calls. 6 out of 78 are incorrect. 1 of the documented permissions does not exist.”
(Edited to add 8/10/2011: I’ve added a link to the final version of this presentation.)
“Build your own Synthetic Aperture Radar”: So this wasn’t as dangerous as I expected (the radar is low-power) and it wasn’t quite as awesome as I expected. But this was a decent presentation on radar technology, starting with an overview of basics and proceeding onwards to discussion of a homebrew radar system.
One minor problem with this presentation was that the presenter (Michael Scarito) had converted his system to use a custom-built data acquisition board (previous versions used a sound card and MATLAB) and didn’t have build documentation for that board prepared yet. However, much of Mr. Scarito’s work is based on other work done at MIT. The slides for the talk are not currently online, as far as I know, but here’s a link to a MIT Open Courseware presentation that gives exact, step-by-step detail, parts lists, and other resources for a very similar project (cited by Mr. Scarito in his presentation).
“Wireless Aerial Surveillance Platform”: UAVs are fun. UAVs that have onboard computing power to crack WEP encryption are more fun. UAVs that add the ability to spoof cellular base stations are even more fun. UAVs that have the ability to communicate with a remote server and offload heavier computational tasks (like attacking WPA) are perhaps the most fun of all. Note: the link above doesn’t go to slides, but to the build blog maintained by the two presenters (Mike Tassey and Rich Perkins). The build blog provides a lot more detail than the presentation, and includes resource links. Very well done, gentlemen.
“SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas”: Borepatch posted a few days ago about a presentation at Black Hat on SCADA vulnerabilities. You could consider this the other shoe dropping.
Summary: many prisons and jails depend on programmable logic controllers (PLCs) to do things like unlock and unlock cell doors. Usually, these PLCs are all controlled from a central control center, so all you have to do, once you find a PLC vulnerability to exploit, is to get your exploit code into the central control center.
“But they aren’t connected to the Internet, right?” Sometimes they are: the systems need to get updates, or send information to other systems, or communicate with other people (food service vendors, for example). Sometimes the systems aren’t connected to the Internet, but other systems they connect to are. (The presenters cited one example where someone was able to upload arbitrary files to the wireless system on a patrol car, and from their to a central jail control system.) Someone could carry an exploit in on a USB drive.
“But the people who run these systems don’t go out to arbitrary sites, right?” The presenters cited examples, from their personal experience, of correctional institution employees watching videos on the Internet, checking GMail accounts, etc. Friend the right correctional institution employee on Facebook…
“But they couldn’t do anything bad, right? I mean, if they open the cell door, the control panel shows it, and won’t the guards catch them?” As for the guards catching them, I remember a story from Pete Earley’s book The Hot House: Life Inside Leavenworth Prison
(“Christ, what an imagination I’ve got.” Spot the reference, win a cheese.)
(Edited to add 8/10/2011: I’ve added a link to a white paper by the presenters that pretty well summarizes their presentation and findings.)
That concludes my DEFCON 19 roundup. As more of the presentations get online, I’ll be adding links to them, and there will probably be one or two update posts. If you attended a panel I missed at DEFCON 19, and think it is worth linking to, please feel free to mention it in the comments. Responses from presenters are also welcome, especially if I mis-represented or misunderstood a point.
DEFCON 19 notes: day 3 coming soon.
Monday, August 8th, 2011Closing ceremonies ran a little long last night, and I went to bed pretty much immediately after they ended. I seem to be coming down with a cold or allergies or some sort of creeping DEFCON crud.
Please bear with me; I’m about to check out and leave for the airport, but I’ll have the notes for the last day up as soon as I possibly can.
DEFCON 19 notes: day 2.
Sunday, August 7th, 2011What the well-dressed gun blogger is wearing at DEFCON 19:
“Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes“: Confession time. I didn’t just watch this panel, I actually volunteered for part of it. I don’t think that compromised my objectivity, but better to be up front about it.
Deviant Ollam’s presentation concentrated on the smaller handgun safes, specifically the GunVault Microvault MV500, the BioBox, and the LokSAF PBS-001. Summarizing:
- All of these safes have some sort of keypad or biometric locking system, with a keyed tubular lock as an override.
- The Microvault and BioBox tubular locks were easy to pick with a tubular picking tool; the Microvault was a little more difficult to pick, while the BioBox basically flew open instantly. The LokSAF tubular lock was much more difficult to pick; Ollam himself hadn’t been able to pick it, but an audience volunteer managed to pick the LokSAF lock during the presentation. (Nobody had tried the Bic pen exploit on these locks.)
- Using a long thin object, like a straightened paper clip or a lock pick, it is possible to compromise the BioBox from outside without unlocking it; basically, you can fool the BioBox sensors into thinking the device is open, which puts it into a mode that allows you to reprogram the BioBox sensor and open the safe.
- Ollam and company were able to fool the fingerprint reader on the LokSAF, but it took some work. The basic method is to take an impression of the finger using dental alginate, then use a rubber molding compound (readily available at hobby shops) to take a cast of the impression. That cast can be substituted for a finger and used to open the LokSAF. Part of the panel was going to be a live demonstration of this using fingerprints from audience volunteers (of which your obedient servant was one); however, it took much longer than expected for the molding compound to set up, and that demo was pushed out until much later. Ollam did have video of this exploit working, though. There are some obvious questions, such as: how practical is this if you have to get a finger impression in dental alginate first? Answer: it may be possible to extend this exploit to use just a standard fingerprint, and watch for that presentation next year.
“DIY Non-Destructive Entry“: I missed this and “Battery Firmware Hacking” because I was still caught up in stuff from the gun safes panel. Sorry.
“Smile for the Grenade! ‘Camera Go Bang!’“: Nice guys, good presenters, total failure. The basic idea was to build a clone of military throwable/launchable video camera systems, using off-the-shelf parts (including the perfectly legal and not a destructive device at all 37mm grenade launcher) at a fraction of the cost. This looks like it could be a promising project, but the presenters only started working on it three months before the con, and only did their first test run the weekend before DEFCON. It didn’t go well; the powder they used to load their grenades was apparently defective, and they got no video. While it is interesting to see how small (and cheap!) wireless video cameras have gotten ($20 for the cameras they used, and $80 for the receiver), this is a presentation that should have been shelved for a future DEFCON.
“This is REALLY not the droid you’re looking for…”: From those wonderful folks who brought you Android rootkits, yet another Android exploit. Summary: because of Android’s design, and Google’s lack of strict enforcement of their user interface guidelines, it is possible to build an app that:
- runs in the background as an Android service.
- uses APIs from other applications to display login screens from those apps.
- captures credentials the user enters into those login screens.
- forwards the captured information to…say, a server in China.
- override the normal behavior of the “back” button, so the user doesn’t suspect there is a problem.
- and, because Android doesn’t have a standard “switching apps” visual animation, the user further doesn’t suspect there’s a problem.
This is a very high level summary; the authors went into much more detail about how to build this kind of application in their talk. And it’s not really easy to fix the problems that enable an application of this sort without changing both the Android OS and the way Google/the Android Market does things.
DEFCON 19 notes: day 1.
Saturday, August 6th, 2011“Welcome and the Making of the DEF CON 19 Badge”: didn’t bother going. I don’t care much about the making of this year’s badge.
“WTF Happened to the Constitution?”: perfectly fine talk. Except for some of the case law theprez98 referenced, pretty much everything he covered was already familiar to me from “The Agitator” and “Hit and Run”. That’s not his fault, though, and I’m sure a lot of what he covered was new to the rest of the audience. I was also previously unaware of The Assault on Privacy, and will have to add that to my blogroll.
“From Printer To Pwnd”: This was a fun little talk, covering multi-function printers and the vulnerabilities they introduce into networks. Basically, people get sloppy with these devices and fail to do things like change default passwords; also, many of these devices have bugs in the embedded firmware. The presenter, Deral Heiland, demonstrated some interesting attack vectors: “malformed” URLs which allow you to bypass authentication on certain devices, “information leakage” attacks which allow you to get useful information (like passwords) out of the web admin pages, “forced browsing” attacks which allow you to grab device address books (which may also contain passwords), and “passback attacks” which trick the device into communicating with an attacker (for example, using LDAP configuration script testing). All of this culminated in the release of Praeda, an automated toolkit for attacking multi-function devices. The latest version can be found here: I don’t have a link to the slides, but will add one when I do.
“Black Ops of TCP/IP 2011“: You know how people talk about wanting the old funny Woody Allen back? This was the old funny Dan Kaminsky back; the guy who does deep arcane magic with TCP/IP packets and DNS.
His talk broke down roughly into three parts:
- Bitcoin. Short summary: Bitcoin is remarkably secure (“there are entire classes of bugs that are missing”) but it isn’t anonymous, and doesn’t scale well. Kaminsky found a way to basically build a file system on top of BitCoin (BitCoinFS) and also outlines ways of breaking BitCoin anonymity. In the process, Kaminsky also outlined a serious flaw with the Universal Plug and Play (UPNP) protocol used by many wireless routers.
- IP spoofing. Kaminsky was running a little behind (it took a while to fill the Penn and Teller theater) and was speeding through this portion of his talk. Rather than attempting to give detailed summaries of how all this stuff works at the low TCP/IP level, I’ll suggest you check out the slides.
- Net neutrality. Kaminsky’s developed two tools: N00ter and Roto-N00ter, designed to detect ISPs playing silly buggers with packets (for example, giving preference to packets destined for Bing over packets destined for Google).
“And That’s How I Lost My Eye“: the funniest panel I went to today. Deviant Ollam, Bruce Potter, and Shane Lawson wanted to see if it was possible to destroy a hard drive in less than 60 seconds such that the data was unrecoverable, without setting off alarms or damaging any nearby humans, and without spending a lot of money on something like the SEMShred.
Ollam took the explosives/incendiary part of the equation. His results can be summarized as: it might be possible to use explosives, especially the popular “boomerite” type explosives used in exploding targets, to destroy a hard drive. But playing around with explosives, especially when you’re activating them electronically, is a good way to attract the attention of unpleasant people with badges. Apparently, those same people have no problems with explosives triggered by a rifle bullet, so if you want to affix an M1A above your server with a ton of “boomerite” below, go ahead…
Chemical methods didn’t work out very well either. Cobalt isn’t highly reactive, and the type of acids that can quickly dissolve a hard drive platter aren’t easily available at Home Depot and don’t play well with people and other living things. There were a lot of slides of vats of acid doing nothing to hard drive platters.
It’s also hard to destroy a drive physically. Hole saws, spade bits, and grinders did nothing.
The presenters did discover that a combination of a salt solution and electricity could strip the plating off of ceramic platter drives. But that didn’t work on aluminum platter drives.
What finally did work was fire. Propane and MAPP gas (which you can’t get in the US any more) will melt aluminum, but it’s hard to apply those to a spinning drive and have it melt; the spinning drive tends to dissipate heat. The presenters were working on an automated solution involving a glow plug, propane, and an Arduno, but ran out of time before they could finish that project.
However, you don’t have to melt a drive to render it unreadable; you only have to heat it to the Curie point. That’s not quite as spectacular as a spinning drive throwing off chunks of molten aluminum, but it will work. (However, if I understand Wikipedia right, the Curie point of colbalt is 1100 degrees C, and the melting point of aluminum is 660 degrees C. So I’m not sure what that buys you.) I wonder:
- Could you come up with some sort of inductive heating method for hard drives?
- I also wonder, thinking about Deviant Ollam’s approach, what would happen if you fired a nail gun loaded with the right kind of nails into a spinning hard drive at close range? I wonder if Snoop ever tried that. (I also wonder if a nail gun at close range would trigger “boomerite”.)
“Key Impressioning“: I can’t give this panel a fair evaluation. In brief, impressioning consists of sticking a blank key into a lock, moving the blank up and down, removing it, noting where the lock pins hit the key, filing down the contact points, and repeating the process until all the pins reach the proper depth and you have a working key. The presenter gave a live demo of this process, and was impressively quick at it.
The problems I had with this panel were:
- the camera that was set up for the demo did a poor job of showing the actual process.
- the sound was off for over half the panel. Combined with tbe presenter’s accent, that left me able to make out about one out of every four words he said. I’m sure he’s an okay guy; I just couldn’t see what he was doing, or hear much of what he said.