Archive for August, 2011

Newer Entries »

DEFCON 19 notes: day 1.

Saturday, August 6th, 2011

“Welcome and the Making of the DEF CON 19 Badge”: didn’t bother going. I don’t care much about the making of this year’s badge.

“WTF Happened to the Constitution?”: perfectly fine talk. Except for some of the case law theprez98 referenced, pretty much everything he covered was already familiar to me from “The Agitator” and “Hit and Run”. That’s not his fault, though, and I’m sure a lot of what he covered was new to the rest of the audience. I was also previously unaware of The Assault on Privacy, and will have to add that to my blogroll.

“From Printer To Pwnd”: This was a fun little talk, covering multi-function printers and the vulnerabilities they introduce into networks. Basically, people get sloppy with these devices and fail to do things like change default passwords; also, many of these devices have bugs in the embedded firmware. The presenter, Deral Heiland, demonstrated some interesting attack vectors: “malformed” URLs which allow you to bypass authentication on certain devices, “information leakage” attacks which allow you to get useful information (like passwords) out of the web admin pages, “forced browsing” attacks which allow you to grab device address books (which may also contain passwords), and “passback attacks” which trick the device into communicating with an attacker (for example, using LDAP configuration script testing). All of this culminated in the release of Praeda, an automated toolkit for attacking multi-function devices. The latest version can be found here: I don’t have a link to the slides, but will add one when I do.

“Black Ops of TCP/IP 2011“: You know how people talk about wanting the old funny Woody Allen back? This was the old funny Dan Kaminsky back; the guy who does deep arcane magic with TCP/IP packets and DNS.

His talk broke down roughly into three parts:

  1. Bitcoin. Short summary: Bitcoin is remarkably secure (“there are entire classes of bugs that are missing”) but it isn’t anonymous, and doesn’t scale well. Kaminsky found a way to basically build a file system on top of BitCoin (BitCoinFS) and also outlines ways of breaking BitCoin anonymity. In the process, Kaminsky also outlined a serious flaw with the Universal Plug and Play (UPNP) protocol used by many wireless routers.
  2. IP spoofing. Kaminsky was running a little behind (it took a while to fill the Penn and Teller theater) and was speeding through this portion of his talk. Rather than attempting to give detailed summaries of how all this stuff works at the low TCP/IP level, I’ll suggest you check out the slides.
  3. Net neutrality. Kaminsky’s developed two tools: N00ter and Roto-N00ter, designed to detect ISPs playing silly buggers with packets (for example, giving preference to packets destined for Bing over packets destined for Google).

“And That’s How I Lost My Eye“: the funniest panel I went to today. Deviant Ollam, Bruce Potter, and Shane Lawson wanted to see if it was possible to destroy a hard drive in less than 60 seconds such that the data was unrecoverable, without setting off alarms or damaging any nearby humans, and without spending a lot of money on something like the SEMShred.

Ollam took the explosives/incendiary part of the equation. His results can be summarized as: it might be possible to use explosives, especially the popular “boomerite” type explosives used in exploding targets, to destroy a hard drive. But playing around with explosives, especially when you’re activating them electronically, is a good way to attract the attention of unpleasant people with badges. Apparently, those same people have no problems with explosives triggered by a rifle bullet, so if you want to affix an M1A above your server with a ton of “boomerite” below, go ahead…

Chemical methods didn’t work out very well either. Cobalt isn’t highly reactive, and the type of acids that can quickly dissolve a hard drive platter aren’t easily available at Home Depot and don’t play well with people and other living things. There were a lot of slides of vats of acid doing nothing to hard drive platters.

It’s also hard to destroy a drive physically. Hole saws, spade bits, and grinders did nothing.

The presenters did discover that a combination of a salt solution and electricity could strip the plating off of ceramic platter drives. But that didn’t work on aluminum platter drives.

What finally did work was fire. Propane and MAPP gas (which you can’t get in the US any more) will melt aluminum, but it’s hard to apply those to a spinning drive and have it melt; the spinning drive tends to dissipate heat. The presenters were working on an automated solution involving a glow plug, propane, and an Arduno, but ran out of time before they could finish that project.

However, you don’t have to melt a drive to render it unreadable; you only have to heat it to the Curie point. That’s not quite as spectacular as a spinning drive throwing off chunks of molten aluminum, but it will work. (However, if I understand Wikipedia right, the Curie point of colbalt is 1100 degrees C, and the melting point of aluminum is 660 degrees C. So I’m not sure what that buys you.) I wonder:

  • Could you come up with some sort of inductive heating method for hard drives?
  • I also wonder, thinking about Deviant Ollam’s approach, what would happen if you fired a nail gun loaded with the right kind of nails into a spinning hard drive at close range? I wonder if Snoop ever tried that. (I also wonder if a nail gun at close range would trigger “boomerite”.)

“Key Impressioning“: I can’t give this panel a fair evaluation. In brief, impressioning consists of sticking a blank key into a lock, moving the blank up and down, removing it, noting where the lock pins hit the key, filing down the contact points, and repeating the process until all the pins reach the proper depth and you have a working key. The presenter gave a live demo of this process, and was impressively quick at it.

The problems I had with this panel were:

  • the camera that was set up for the demo did a poor job of showing the actual process.
  • the sound was off for over half the panel. Combined with tbe presenter’s accent, that left me able to make out about one out of every four words he said. I’m sure he’s an okay guy; I just couldn’t see what he was doing, or hear much of what he said.

Posted in DEFCON 19, Explosives, Geek, Guns, Law, Locks | 6 Comments »

0 day DEFCON 19 (and related random) notes

Thursday, August 4th, 2011

So far, things have been relatively smooth. Just a few minor problems; I left a couple of things behind in Austin, but nothing that I can’t make do without.

There have been a couple of slightly unpleasant surprises. I discovered yesterday that one of my other favorite restaurants in Las Vegas, the Tillerman, abruptly closed in February. Google turned up this account of events from the Las Vegas Weekly: there’s a lot I disagree with in it (the neighborhood doesn’t strike me as being particularly sketchy, for example) but it is the best account I’ve been able to find.

I do have a badge, and I only had to wait in line two hours to get it. The other slightly unpleasant surprise, though, was that DEFCON decided that electronic badges are “passé”: this year’s badges are inert hunks of titanium, tied in with some sort of “puzzle based reality game”. (Joe Grand’s big enough to take care of himself, but the reference to “gameboy on a string” in the DEFCON program seems to me to be a nasty, though perhaps unintended, slap.)

Last night, I decided to try a place I’ve been driving past and thinking of trying since…oh, about 2000 or so. Yes, I know they’re a chain, but have you ever been to a Lawry’s The Prime Rib? Did you even know Lawry’s had restaurants, or were you just familiar with their seasoning salt? (There’s four Prime Ribs in the US: Vegas, Chicago, Beverly Hills, and Dallas.)

Having finally crossed that off my list, I have to say I’m glad I went. The Prime Rib’s an interesting place; the decor (at least in Vegas) reminds me of photos I’ve seen of Chasen’s and other old star hangouts in Los Angeles. And the whole experience has a certain…theatricality to it that’s missing from pretty every restaurant in existence today. Your waiter preps your salad in a spinning salad bowl at the table. When you’re ready for your meal, a carver comes by with a massive polished steel cart and cuts your prime rib off of what must be at least half a cow right in front of you. Plus there’s mashed potatoes and honest-to-Ghu Yorkshire pudding served with it. I think my late stepfather would have loved this place. He was a big prime rib fan, but I think he also would have gotten a kick out of the whole sort of…vintage experience, is the best way I can think of to describe it.

I’ve never really thought of Las Vegas as a bookish town, but Lawrence tipped me off to two vintage bookstores that I visited today. I heartily endorse both of them, and strongly recommend that you visit both. Doing so is pretty easy, as they’re basically right across the street from each other.

I’m sorry I didn’t catch the name of the gentleman who runs Greyhound’s Books, but he came across to me as someone who’s very much worth knowing. I wouldn’t describe him as “kind”, as I so often describe others; he seems intolerant of the rude, the willfully ignorant who wish to remain so, and others who would waste his time. (While I was there, he literally chased one person out of the store for using a cell phone.) But for the serious and polite book shopper, this store is a delight. He seems to be very strong on mystery, military history, and history in general. His food and cooking selection also seemed strong to me; he had the only copy of Cross Creek Cookery I’ve seen in probably five years of searching. (The owner also writes, along with other folks, at Books of Worth, an entertaining site I was previously unaware of.)

I didn’t want to press for details (I’m not sure it is any of my damn business) but Amber Unicorn Books appears to be related in some way to Greyhound’s Books. I didn’t have as much interaction with the owners there as I did with the Greyhound’s Books owner, but they certainly seemed like very nice folks. Amber Unicorn appears to be stronger in paperbacks, especially genre paperbacks, but also has a good stock of history, mystery, and law/true crime.

One thing that really struck me about both stores; the folks at both knocked 10% off the total of my purchases for no apparent reason, other than (I guess) I was reasonably polite and didn’t use my cellphone or urinate on their rugs. They didn’t have to do that, and it was very much appreciated.

(And it helped, especially at Amber Unicorn. They had a copy of Skeeter Skelton’s Good Friends, Good Guns, Good Whisky, a book I didn’t even know existed until today. I’ve written before about the gun writers I read growing up; I remember Skelton’s stories with great fondness. Especially the one reprinted in this volume about Dobe Grant and his crate full of Colt Single Action Army parts. When I read that for the first time, man, I wanted a vintage Single Action Army. Still do, come to think of it. I don’t want to say what I paid for that book; let’s just say “Nostalgia is a moron” and leave it at that.)

If you’re a serious book person, you have to visit both of these stores if you’re ever in Las Vegas.

Posted in Beef, Books, DEFCON 19, Endorsements, Food, Geek, Guns, Hoplobibilophilia, Travel | Comments Closed

No blog for you.

Wednesday, August 3rd, 2011

Me get up early and travel most of day.

Me spend much of rest of day driving around getting me Vegas legs back.

Me tired.

Me talk like Thag from “Far Side” due to travel and being tired.

Me sincerely hope Gary Larson having a wonderful life wherever he may be.

You come back tomorrow. Maybe some blog for you than.

Posted in Admin, Travel | Comments Closed

Public service announcement.

Tuesday, August 2nd, 2011

The Texas Department of Transportation is closing the ramp from northbound 183 to southbound Loop 1 this coming weekend. The closure is supposed to start at 9 PM Friday, and run until 5 AM Monday.

TXDOT does have a pretty good reason for the closure; they’re repairing a section of the highway damaged in a horrible tanker truck accident/explosion last fall.

Posted in Bridges, Clippings, Roads | Comments Closed

-2 Day DEFCON notes

Tuesday, August 2nd, 2011

Lawrence pointed out that I hadn’t trolled the crowd for panel suggestions yet, and the schedule is up. Here’s the stuff I’m tentatively planning to see.

I’m open to requests, but I won’t make promises.

Posted in Android, DEFCON 19, Guns | Comments Closed

Let’s have a party.

Tuesday, August 2nd, 2011

I’ll bring the cheese. His Gruberness has already brought the whine.

That’s right, Amazon gave away 101,491 copies of our app! At this point, we had a few seconds of excitement as well, had we mis-read the email and really earned $54,800 in one day? We would have done if our public agreement was in place, but we can now confirm that thanks to Amazon’s secret back-door deals, we made $0 on that day. That’s right, over 100,000 apps given away, $0 made.

There’s two funny things about this. The first one: if you read the entire article, the Shifty Jelly people were fully aware going in that they weren’t going to make any money off of being the “free app of the day”, and had a chance to reject the offer…

In the end we agreed that we had entered the world of Android development as an experiment, and it would seem silly not to add more data to the experiment we were conducting.

And now you’re complaining?

Here’s the other funny thing. I’m one of those 101,491 people who downloaded Pocket Casts when it was free. I’m glad I did; if I had paid $2.70 for that app, I would have been very unhappy. Pocket Casts “works”, in the sense that it manages my podcast subscriptions and lets me play back podcasts.

But it’s buggy. For example, when I first start Pocket Casts, it frequently tells me there’s no podcasts playing. Sometimes that’s true; other times, I quit out of Pocket Casts during a podcast, so I’d expect it to show me the last podcast I was playing. Even better, when I select a podcast from the ones I’ve downloaded, Pocket Casts just displays the same “no podcasts playing” message. Repeatedly. No matter how many times I select a podcast; any podcast, I get the same “no podcasts playing” message. The only way I’ve found around this problem is to actually quit and relaunch the Pocket Casts application.

Good luck, guys. Don’t let the door hit you where God split you.

Posted in Android, Clippings, Geek | Comments Closed

“You’re going down in flames, you tax-fattened hyena!”

Tuesday, August 2nd, 2011

I really wish I could find that original Bloom County strip, but I digress.

The plan to build a new stadium for the New York Islanders failed. Overwhelmingly.

(Newsday has a pay wall set up, but the first two paragraphs are really the relevant part. ETA: here’s the NYT coverage.)

Yes, Michele Catalano has another “I”, “I”, “I” post up already.

The voters of Nassau County made it clear. Their partisan politics got in the way of facts and figures and reality and the majority of residents – at least those who bothered to come out and vote – gave the New York Islanders the finger while they cast those votes. They don’t want hockey here. They don’t want the Coliseum. They don’t want to better their community. There’s no other conclusion I can draw for this.

We’re all Islanders. Don’t we all want what’s best for our communities? Perhaps not.

Because reasonable disagreement about whether subsidizing a professional sports team is a good idea equates to not “wanting what’s best for our community”.

Edited to add: I didn’t pick up on this right away.

In about two years, I’ll probably be moving from Long Island to Northern California (so, how are those Sharks looking?). I was going to say goodbye to the Islanders and the Coliseum anyway, but on my own terms.

So all along, you’ve been agitating for other people to pay the bills for your hockey team, Catalano, knowing full well that you’d be moving away and not having to deal with the tax burden you wanted to impose on other people in Nassau County? This explains much.

Posted in Clippings, Sports | 2 Comments »

As a small side note…

Monday, August 1st, 2011

…to the previous post:

American McCarver: absolutely no mention of Hideki Irabu. Mike Monterio did find time to reblog an old article about Andre the Giant from Modern Drunkard.

Grantland, the heavily hyped Bill Simmons led ESPN spinoff: absolutely no mention of Hideki Irabu. Wright Thompson did find time to write about the death of William Faulkner’s niece, and Jay Caspian Kang found time to write about Amy Winehouse. (Edited to add: to be fair, Kang’s piece was published before Irabu’s death.)

Right Field, the National Review Online spin-off sports blog: absolutely no mention of Hideki Irabu.

You would think someone would acknowledge, even if just in passing, the suicide of a starting pitcher for the New York Yankees at the relatively young age of 42.

Posted in Media, Sports | Comments Closed

“I want…”

Monday, August 1st, 2011

I want to see another Stanley Cup parade on Long Island. I want to drive past the Nassau Coliseum every day on my way to work, look at it with pride and say “That’s where my team plays.” I want to continue going to games, cheering for my team, wearing the jersey with Long Island on it.

Yeah, Michele Catalano is at it again, trying to convince people they should vote for a new stadium for the New York Islanders. (Previously on WCD.) It is a curious article, full of “I want” and “I won’t” and “I”, “I”, “I”. It is as if Catalano thinks Long Island and Nassau County revolve around Catalano and her wants; as if everyone should just give in and let her have her beloved Islanders, because…

…I don’t know how I’ll deal with no hockey. I don’t know how I’ll spend the next three seasons watching a rising, hopeful team knowing they’re going to leave in 2015.

The idea that other people have wants, too, and those wants include things like wanting to keep the money they’ve earned (instead of putting it into the pockets of team owners so people like Catalano can “…get in my car fifteen minutes before game time and be in my seat with a pretzel and Coke before the puck drops”) seems never to have crossed Catalano’s mind.

Meanwhile, the indispensable Field of Schemes links to an interesting Montreal Gazette article about the deal. The Islanders are projecting $229 million a year in revenue if the referendum passes and a new stadium is built.

Consider these numbers: If the Islanders, who had the lowest attendance in the league last season at 11,059 per game, sell out all 41 games in a 17,500-seat arena with an average ticket price of $65 – which would be among the highest in the NHL – and every fan spent another $50 a game on beer, hotdogs and souvenirs, the total revenue would be a mere $82 million. It would take a lot of concerts and other events to make up the difference in the Islanders’ projections.

Posted in Politics, Sports | Comments Closed

Today’s municipal bankruptcy…

Monday, August 1st, 2011

…is brought to you by Central Falls, RI.

Receiver Robert G. Flanders announced the step at City Hall Monday.

(Simpsons mode ON)

Stupid Flanders.

(Simpsons mode OFF)

I used to spend a fair amount of time in Rhode Island. (There’s a reason this blog has a “Rhode Island” tag. Actually, two reasons, but Buddy Cianci’s been quiet recently.) I don’t recall ever going through Central Falls; looking on Google Maps, it appears to be to the north of my old stomping grounds, closer to Pawtucket than Providence.

Posted in Clippings, Rhode Island | Comments Closed

The Trail of Gears.

Monday, August 1st, 2011

We previously noted the troubled Loop 1/US 290 flyover project.

Today’s City of Austin project that’s falling apart at the seams is a 3.2 mile long bike trail in North Austin.

The city got $1.9 million in stimulus grant money back in 2009 for the bike trail, claiming the project was “shovel ready”. So far, according to the Statesman, about 20 feet of trail have been cleared. The architects (Larson, Burns and Smith, who have been paid $764,055.91 to date) and the construction firm (Westar Construction, paid $329,000 to date) have been fired, and oversight of the project has been moved from the Parks and Recreation Department to the Public Works Department.

(Larson, Burns and Smith apparently have nothing to say, at least to the Statesman. Westar basically says that Larson, Burns, and Smith screwed up the plans, and there were issues with the city that prevented them from doing more work on the trail.)

I do agree with one of the Statesman commenters: that is a pretty nice sign.

Posted in Clippings, Politics | Comments Closed

Police professionalism watch.

Monday, August 1st, 2011

Anthony Magsam worked for the Philadelphia Police Department in the Firearms Identification Unit. In that position, Officer Magsam had the opportunity to handle a lot of nifty guns. Officer Magsam was something of a gun buff as well:

Magsam was known by colleagues in the FIU as a gun collector, and he spoke often about knowing how to convert semiautomatic weapons into automatic weapons, according to more than a half-dozen police sources…

Unfortunately, Officer Magsam let his gun buffery get the better of him. Allegedly, he removed the trigger group from what’s described as an AR-15 with three-round burst capability, and replaced it with a semi-auto AR trigger group. He also allegedly took parts out of an M2 carbine:

“The bolt had been removed and replaced with nonautomatic parts that had been ground down and colored with a marker, so that nobody would notice,” the source said. “That started a snowball effect.”

So this is bad, m’kay? Officer Magsam was fired and criminally prosecuted, right? That’s what would happen if you or I were in illegal possession of full-auto parts, right?

Bzzzzt! Wrong! Thanks for playing! Officer Magsam was allowed by the commanding officer of the FIU to transfer out of FIU into another unit, and the theft was not reported.

When a handful of FIU members complained to [Lt. Vincent] Testa [the unit’s commanding officer – DB] that Magsam had broken the law, that the incident should have been reported, the sources said he told them: “That’s what’s going to be done. I gave an order. If you don’t like it, that’s tough s—.”

If I understand the Daily News article correctly, Internal Affairs is investigating. But IA had been investigating for over a year when the Daily News reported the story; it seems the investigation was “stalled”.

By the way, the guy who was overseeing the IA investigation used to work with Lt. Testa in the FIU. And Officer Magsam’s mother…

…Barbara Feeney, a longtime police sergeant, is married to retired police Chief Inspector Michael Feeney.

Posted in Cops, Guns, Law | Comments Closed

Newer Entries »