DEF CON 00 was July 28th - 30th, 2000, in Las Vegas, Nevada USA
|Current Speaking Schedule|
|Current Events Schedule|
|9-20-00 Added Ian Vitek's presentation.||9-25-00 Added Garph's CTF logs.|
|9-23-00 Lots of media links added.||9-26-00 Added lots of picture archives.|
|10-05-00 Lots of pictures added, Coffee Wars results.||10-10-00 Added Mythrander's presentation on hacking B1 systems.|
|10-12-00 Coffee Wars link nad pictures added.||05-27-01 Speeches added in audio and video|
|Tim Lawless, |
Saint Jude: Modeling, Detecting and Responding to Unauthorized Root Transitions.
The recent surge of interest in Security has been a boon for those developing IDS systems. Unfortunately,, the IDS advancements have been disproportional in the realm of Network IDS -- with Host-based IDS lagging behind, only able to detect breaches after the incident.
This state of affairs offers administrators, faced with the looming threat of intruders gaining access to their systems via legitimate channels, little protection beyond hardening and continually patching their systems. An intruder need only find one hole, the administrator -- all of them.
During this session, the Stain Jude project will be presented. Named after the patron saint of hopeless cases, the Saint Jude project is an IDS project that hopes to deliver a model and implementation able to stop a root compromise dead in its tracks, irregardless of the exploits method.
Tim Lawless is a Systems Administer with the University of Souther Mississippi on the Stennis Space Center Campus. After having spent many a night sleeping in the machine room after a security breach, he became REALLY interested in the topics of Computer Security and Information Warfare. He is also a member of the ACPO (formerly ACPM), working to remove child pornography from the Internet.
|Robert Graham, CTO Network Ice. |
Evading network-based intrusion detection systems.
You've just spent $10,000 on network IDS from a trustworthy company (obviously trustworthy because the vendor spends beaucoup $$$ on marketing). You are satisfied with the purchase because you're catching all these script-kiddies who think they are putting one over on you with their "stealth" scans. But then something bad happens: your servers get hacked through your firewall, and that expensive IDS never utters a peep. How did this happen? The root of the problem is that most commercial IDSs are little more than anti-script-kiddy tools and cannot detect ueberhackers. This talk will show how to evade these IDSs using popular tools like whisker and fragrouter. It will also reveal for the first time additional secret techniques used by ueberhackers.
Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats. He is the author of several pending patents in the IDS field. He is the author of well-regarded security-related documents (http://www.robertgraham.com/pubs) and is a frequent speaker at conferences. IRL, he is the co-founder, CTO, and chief-architect at Network ICE.
|Ian Vitek, penetration tester at Infosec. |
IP-spoofing and source routing connections with Linux 2.0.X
The speech will discuss hacking firewalls and filtering routers by spoofing IP and MAC-addresses. Two different spoofing techniques will be presented. Ian will first talk about what to eavesdrop (with siphon, dsniff and tcpdump) and what kind of information one will need for these examples to work. Secondly Ian will show how to set up a working source route (full connection) with netcat through a filtering router. Then Ian will show how to set up the network on a Linux to be able to IP-spoof (with full connection) through a firewall if you sit on a untrusted network, U, between a trusted network, A, and the server, S. Both examples will be explained step by step.
Ian Vitek works as a full time penetration tester at Infosec, Sweden (The page is in swedish). He is right now researching within Media Access level security and LDAP security (which is a big unexplored hole). He also thinks that modems are underestimated hacker tools.
|Bennett Haselton, peacefire.org |
A protocol that uses steganography to circumvent network level censorship.
Many trivial techniques are already available for circumventing firewalls and proxy servers that monitor or censor network traffic -- for example, if your firewall blocks CNN, someone could set up an unblocked site outside the firewall where you can type "http://www.cnn.com/" into a form and retrieve the page contents. The problem with these "protocols" is that they make it easy to get caught, if the censors know what to look for -- for example, a GET or POST form field containing "http://" is trivially easy to detect. Even an encrypted protocol would still be easy for censors to detect, without breaking the encryption -- just the fact that you're *using* a tool for circumventing the censors would often be enough to get you in trouble.
What we have designed is a protocol that uses steganography to circumvent network-level censorship, so that the protocol is undetectable to censors. We explain why some naive solutions to the problem -- such as hiding information in a long, dynamically-generated URL which is sent to an outside "friendly" site, or hiding information in cookies -- are not steganographically secure. Our protocol hides information in "innocent-looking" text queries that pass through the censoring proxy undetected. The page contents are encrypted and embedded in more "innocent-looking" content that is sent back to the browser.
This sounds simple, but the mathematics of using steganography to make a protocol *undetectable* turn out to be infuriatingly complicated. Much of the talk will be devoted to attacks against the system that we didn't consider the first time around, and why more naive solutions may fall to these attacks.
Bennett Haselton has been the coordinator of Peacefire.org since its inception in 1996. Peacefire opposes censorship that targets Internet users under 18, and maintains that profanity and smut on the Internet are not, in fact, "dangerous" to anybody, as most lawmakers and blocking software companies have made them out to be. Peacefire publishes research into different Internet censorship programs and technologies, their shortcomings, possible misrepresentations by the companies selling them, and (most popular) how to get around them.
|Greg Hoglund - Rootkit.com |
Advanced Buffer Overflow Techniques.
This is a technical talk aimed at people who have already been exposed to buffer overflows and want to learn more. The talk assumes the audience has at least some knowledge of CPU's and Processes. For those of you who already understand buffer overflows, this talk will be a refreshing discourse on technique. We will show how the injection method can be decoupled from the payload. We then explore the details and challenges of injecting code into a remote process. We will also explore the payload, the encoding methods, and how to dynamically load new functions. Lastly, we discuss the possible effects of a payload, including network worms, virus, and rootkits.
|Phil King, |
8-Bit Redux: Microcontroller Hacking.
In days gone by, microprocessors dealt in units of 8-bits at a time, and names such as Commodore, Atari, and Apple (as in "Apple ][") ruled the land. Intrepid hackers of amazing skill and talent worked their magic with limited resources, producing code that was a thing of beauty. The days of the widespread 8-bit desktop computer are past, but the 8-bit processor itself is not gone. It has gotten faster, added some peripherals and picked up some of the architectural features of it's larger later siblings, largely lost it's external memory, and gone into hiding as the ubiquitous microcontroller at the heart of embedded systems too numerous to count. Microcontrollers offer an excellent opportunity to recapture that spirit of the late 70's when 1K of code was a lot, while working with modern day technology. In this one hour talk, Phil King will describe how to set up a microcontroller development environment on a hacker budget and use it to learn and develop nifty 8-bit embedded system toys. The talk will be framed by descriptions of building an embedded keyboard sniffer with an Atmel AVR family microcontroller.
Phil King is a hardware design engineer with 8 years of experience in various Silicon Valley hardware and software jobs. He received his BSEE from Stanford University in 1992, and an MSEE with an emphasis in computer networking (also from Stanford) in 1998. He is currently preparing to teach EE-281, the Embedded System Design class, at Stanford University this fall.
Penetrating B1 Trusted Operating Systems.
If you have attended the Newbie B1 talk, or have previous experience with B1 systems then you will find this talk enlightening. Typically, B1 systems can only be penetrated due to misconfigurations. We will take a whirlwind tour of all of the areas to check for security misconfigurations and develop a methodology for attacking B1 Trusted Operating Systems. You are going to find B1 Trusted Operating Systems in increasing use, and you owe it to yourself to understand how to penetrate these systems and how to lock them down.
|Adam Bresson, |
Palm OS Security
My talk will focus on protection of info and device via encryption/decryption, Palm OS / hardware architecture, and the structure of a Palm application. Techniques for implementing security for information, accessing Palm system modes and understanding code will be covered.
My Background: I'm a three year veteran of the Palm scene affiliated with PDAZone, PalmWarez and PalmOlive. I am dedicated to understanding the system and operational functions of the world's first usable PDA. I believe a Palm can do a whole lot more than just store numbers and appointments. My discussion will share my deep knowledge of this device.
Dot-Com Smashing: Buffer Overflows on the SPARC
The talk/demonstration is intended for audiences familiar with assembly language and/or stack-based buffer overflows on other architectures (most probably Intel).
The topics aren't really anything new, I would just like to present them with the focus on a different processor/paradigm than Intel to better define the concepts in use. I will be covering SPARC assembly language on a fairly low level.
- Introduction to SPARC assembly
- Using GDB (Gnu Debugger) and ADB (Absolute Debugger), Disassembling compiled code, assembling instructions to hexadecimal (faster than by hand), Patching executables, Examining the stack of a running process, Altering the stack/return address
- Hand-crafting shellcode, Basics, Basic shellcode, Intermediate shellcode, Advanced shellcode
ghandi is a a Computer Science student beginning work on distributed, interactive environments (ala FreeNet or Stephenson's Metaverse) for an departmental honors project. I also work as a System Administrator at a web startup managing Sun clusters, FreeBSD servers, and Linux workstations.
|syke, New Hack City. |
opensource utilities and how to use them to test IDSes and firewalls.
This talk showcases free/opensource utilities and how to use them to test IDSes and firewalls. There have been a few talks on the common weaknesses of both kinds of products, but no practical means by which to test for said weaknesses. The point of the talk is to enable people to test vendor's claims (or their own products) themselves. This talkwould be of interest to developers, security admins, product reviewers, and white/blackhat hackers. Knowledge of TCP/IP and programming are recommended.
I. What are firewalls/IDSes supposed to do? (expectations)
II. Common failings
III. How do you test for this?
IV. Demonstration a. IDS: against libNIDS, IDS test cases above
syke is a member of New Hack City, a hacker collective based in San Francisco. He has 2 years of experience testing firewall and IDS products at a major vendor of security software.
|Kent Radek, |
Puzzlenet.net - Designing an anonymous network.
Mr. Radek began life as a satellite communications engineer, decided that sucked, and went to work on a computer science degree. After a few years (better not discussed), he began life over as a software engineer with a defense contractor. It took him five years to discover that also sucked, but in the meantime, he designed a pretty cool encryption system for military communications. Recently, he began his third incarnation as a Linux developer, who, in his spare time, decided to combine the best features of Gnutella, Freenet, and Publius in order to make the world a better place for people who enjoy privacy and free speech. His interest s(which are none of your business) include photography, running, cycling, SETI, penguins, and (unfortunately) DVDs. Sites to see: www.puzzlenet.net, www.radek.org, and www.grasshoppertakeover.com.
|Chris Goggans, Security Design International |
Kevin McPeake, Trust Factory
Wouter Aukema, Trust Factory
Lotus Notes/Domino Security
This session will cover security vulnerabilties and common misconfigurations in Lotus Notes and Domino servers. The presentation will contain exploit demonstrations and discuss work-arounds for the problems. This session will also announce the results of research into new vulnerabilties.
|John S Flowers, Chief Scientist, Hiverworld, Inc. |
Network IDS - Do not bend, fold, spindle or mutilate.
All modern Network Intrusion Detection Systems (NIDS) are succeptable to not only Ptacek and Newsham style attacks, but a variety of other problems that have not yet been addressed. This talk is meant to shed some light on why many NIDS today are referred to as "Network False-positive Recorders" and why current IDS technology cannot handle monitoring high speed network traffic. This discussion is meant to be a direct and straightforward analysis of why the current generation of NIDS will ultimately fail and how we can start taking proactive, not reactive steps in creating the future of intrusion detection technology. This discussion will also include examples of bypassing current intrusion detection systems and how the creation of a high speed, hybrid IDS will address many of the problems outlined in this talk.
Mr. Flowers is the founder of Hiverworld and leads the Core R&D team in creating the Ansible, Swarm and upcoming IDS product. Prior to Hiverworld, Mr. Flowers was the chief architect of Inquisit's individualized news filtering service. He has also held positions as the chief security and Internet Architect at Utilicorp, chief architect of Neurosoft (later became Moviefone); and architect of the interactive voice response system that was the prototype of Wildfire. In the early 1990's he worked as an engineer for Microsoft. John was also on the first team to ever win Capture the Flag at Defcon.
Notes: This is an original presentation unrelated to the paper being presented in Berkeley. That paper was Freenet 101 + Why We're Anonymous. This presentation is Freenet 101 + Various Attacks on Freenet + Spiffy Animations I Made with Crayons and Photoshop.
|jeru, New Hack City. |
Advanced evasion of IDS buffer overflow detection
This is a technical talk which assumes the audience understands x86 or SPARC assembly, and buffer overflow methodologies. It presents various stealth coding techniques that can be applied to preventing detection by most current generation IDSs.
The talk also includes a live demonstration of exploits written to evade IDS detection, source code of the examples included. A paper documenting the techniques, and sample code will be available from http://www.newhackcity.net after the presentation.
jeru is a member of New Hack City, a hacker collective based in San Francisco. He has worked in digital design, and embedded programming. He currently spends his time as part of an IDS development team, providing application level security assessment, and pickin' his fro.
|Subterrain Security Group (SSG) |
The Impact of Passive Network Mapping in Distributed Environments.
This new approach to information gathering is the latest in stealth target aquisition technology. This lecture will discuss dynamic routing protocol internals, network mapping methodology, vulnerability analysis techniques, and OS identification procedures. Come prepared for an in-depth compare / contrast session between active and passive network information gathering heuristics. We make informed target aquisition notoriously fun and difficult to detect. The portable tool to do this will be released on Sunday afternoon.
Subterrain Security Group releases solid, portable, and freely available open source tools for performing computer and network security related tasks.
|Gregory B. White, Ph.D. |
The USAFA Cadet Hacking Case: What both sides should learn about computer forensics
Basically I'll discuss the case that went to trial in the spring of 99. I was the Deputy Head of the Computer Science Department at the USAF Academy at the time and was asked by the cadet accused of "hacking" to help with his defense. I testified at the trial as an expert witness for the Defense. I sat at the Defense table throughout the trial serving as their "computer expert". Basically the trial was a comedy of errors by the prosecution. law enforcement, and the cadet's attorneys alike. The cadet was involved in IRC but the law enforcement types and prosecution became convinced that he was the "hacker" (afterall, everybody KNOWS that IRC is nothing more than a place for hackers to trade information on how to break into computers -- the actual sentiment expressed by the investigators). I had up to that point spent the majority of my time in the Air Force trying to protect systems and to catch those who broke into AF systems. This case really shook me as I saw the LE types latch onto the smallest of indicators and blow them into a full blown felony case (the cadet faced 15 years in Leavenworth had he been convicted of all counts). What I will cover in the talk is:
1) Background of the case 2) The "evidence" the prosecution thought they had 3) The many possible areas where clues might have been found had either side known where to look (or asked anybody who knew anything about it) 4) What lessons can be learned from this case. Those from the government and industry need to know where to look if they want to catch folks (and if they want to make sure they don't make fools of themselves) and those who might find themselves accused someday need to know how to help their attorneys find clues that could exonerate them.
Gregory B. White, Ph.D. - Vice President, Professional Services. Gregory White joined SecureLogix in March 1999 as the Chief Technology Officer. Before joining SecureLogix, he was the Deputy Head of the Computer Science Department and an Associate Professor of Computer Science at the United States Air Force Academy in Colorado Springs, Colorado. While at the Academy, Dr. White was instrumental in the development of two courses on computer security and information warfare and in ensuring that security was taught throughout the computer science curriculum. During his two tours at the Academy, he authored a number of papers on security and information warfare and is a co-author for two textbooks on computer security.
Between his Air Force Academy assignments, Dr. White spent three years at Texas A&M University working on his Ph.D. in computer science. His dissertation topic was in the area of host- and network-based intrusion detection. Prior to his Academy assignments, Dr. White was a student at the Air Force’s Advanced Communications-Computer Systems Staff Officer Course in Biloxi, Mississippi. He was awarded both the AFCEA and Webb awards for student leadership and academic excellence and was a Distinguished Graduate of the course. Before attending the course in Biloxi, Dr. White served as the Branch Chief of the Network Security Branch at the Cryptologic Support Center in San Antonio, Texas. His first assignment in the Air Force was as a systems analyst at the Strategic Air Command Headquarters in Omaha, Nebraska. Dr. White obtained his Ph.D. in Computer Science from Texas A&M University in 1995. He received his Masters in Computer Engineering from the Air Force Institute of Technology in 1986 and his Bachelors in Computer Science from Brigham Young University in 1980. He separated from the Air Force in 1999 and is currently serving in the Air Force Reserves at the Defense Information Systems Agency.
|Ron Moritz, Senior Vice President and Chief Technical Officer at Symantec Corporation. |
Proactive Defense Against Malicious Code
Anti-virus software is an important part of a well-devised security policy, but reactive virus detection is not versatile enough for the demands that will be made on businesses engaged in e-commerce. The year 1999 began with the birth of the Happy 99 virus - a harbinger of things to come. Happy 99, plus Melissa, PrettyPark and the Explore.zip worm are all examples of third generation of malicious replicating code, designed to exploit the Internet for their rapid proliferation. A variant of Explore.zip, called MiniZip, managed to hide itself from antiviral utilities and spread at an amazing rate around the Internet at the end of 1999. Such programs, which launch new malicious code attacks, create "first strikes" against systems and networks. Allowing untrusted code to execute on the corporate network may not be suitable for your organization. But corporate security policies that block network executables adversely affect the evolution of the Internet, extranet, and intranet. While no security implementation is absolute, functionality is not achieved by disconnecting users from the network and preventing access to programs. Therefore, proactive defense against first-strike attacks is required today.
Almost all web sites today contain mobile code. Many of the powerful business (ecommerce) applications you need and use are written with mobile code. Consequently, net-enabled malicious software is likely to increase in prevalence and successful utilization. The factors accounting for such a prediction are the ease by which users are duped into double-clicking on malicious e-mail attachments and, the ease by which the sources of those e-mails are automatically spoofed to seem to come from a boss or from an e-mail or instant message friend. Traditional pattern matching approaches are incomplete, out-of-date, and ineffective and were never designed in preventing a series of new generation attacks based on malicious mobile code and Trojan executables.
Ron Moritz is the Senior Vice President and Chief Technical Officer at Symantec Corporation where he serves as primary technology visionary. As a key member of the senior management team interfacing between sales, marketing, product management, and product development, Ron helps establish and maintain the company's technological standards and preserve the company's leadership role as a developer of advanced Internet security solutions. Ron was instrumental in the organization of Finjan's Java Security Alliance and established and chairs Finjan's Technical Advisory Board. He is currently chairing the Common Content Inspection API industry standards initiative. Ron is one of a select group of Certified Information Systems Security Professionals. He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University in Cleveland, Ohio.
|Dan Danknick, Team Delta Engineering. |
If you saw the BattleBots pay-per-view show on R/C fighting robots, you heard Dan giving technical commentary during the fights. He was hired to do this as a builder of six robots himself in the past five years, as well as having written for numerous magazines on this topic. To further broaden his claws into this sport he designs and sells electronic radio interfaces to the international market as well as the SFX industry in Hollywood.
Dan will bring a few working robots and explain their designs and how that fits into the various fighting styles developing within the sport. Time and interest permitting he would also like to discuss the developing security implications for popularized R/C robots and how they are shadowing the military construction of pocket-sized war machines. Lastly a giant box of parts and raw materials will be available for the audience to inspect and examine following the session.
|David J. DiCenso, JD |
The Citizen Hacker: Patriot or War Criminal?
When might international computer hacking become an Act of War? Some within the hacker community have felt that international hacking wasn't being done right by the DoD - it could be done much more effectively and efficiently if left to the experts - civilian hackers. This position is interesting, but is it appropriate? What ARE the international implications of electronic network information operations which target foreign actors or states? How far can an operator go before his acts become an "act of war"? What type of retaliation by a target country is permitted under international law and custom? What are the rules? Whose rules apply? In a world where hacker groups are so bold as to declare war upon a nuclear-capable major world power, and countries take military action against non-state actors geographically located in a non-hostile state, these thorny issues attain paramount importance. This presentation explores these issues in an effort to help shed light upon this "dark secret" of international relations.
David J. DiCenso, JD - Director, Training Services at SecureLogix Corporation. Before coming to SecureLogix, Mr DiCenso was an Associate Professor of Law at the United States Air Force Academy in Colorado Springs, Colorado. While at the Air Force Academy, Mr. DiCenso taught CyberLaw, Computer Law and Policy, as well as traditional general law topics. He was also an occasional guest speaker in the Acadmey's Information Warfare course. Mr. DiCenso's article on information warfare has been published in the Airpower Journal, and he has submitted an article on Information Operations for publication in another profesional journal this Fall. Mr. DiCenso became an attorney in 1988, and served as a JAG in the USAF for over a decade. He joined SecureLogix Corporation in the Summer of 1999.
|Jason Scott, |
TEXTFILES.COM: ONE YEAR LATER
Jason Scott gave you an overview of the many amazing things that happened in the BBS world of the 1980's at the last DEFCON. This time, he talks both about some pieces of history that he forgot to mention, and a wide selection of the most interesting events to happen to textfiles.com in the last year.
Hear about the legal threats, the newspaper articles, the links to the Trenchcoat Mafia(!), just how many times textfiles.com has come close to being declared illegal, and why history is so important and yet hated by hackers.
Jason will also pull out some nuggets of history about The Works BBS, which was at one point the largest textfiles-only BBS in his bedroom. Specifically, the truth will finally be revealed about the once-dreaded "L00ZER-B-G0NE" button.
A quarter million visitors and going strong, textfiles.com has expanded into not only a historical collection but a group of essays about all manner of cultural aspects about BBSes, and where they've brought people today. There is also a new companion site, scene.textfiles.com, run by one "mogel", which covers the newest of the new of the textfiles "scene", which is still as active as ever.
|Ian Goldberg, Zero-Knowledge Systems |
"Using the Internet Pseudonymously III: It's Alive!"
The Freedom Network from Zero-Knowledge Systems allows users to maintain their privacy while on the Internet (WWW, email, IRC, etc.) by giving them cryptographically-protected pseudonyms (``nyms''). Not even Zero-Knowledge knows the identities behind the nyms (hence the name).
Freedom has been up, running, and available for download since December. In this session, I will talk about the privacy-enhancing technology behind Freedom, what we've learned in deploying it to the world, and how various
Ian Goldberg is Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, a Canadian company producing Internet privacy software for consumers. He is simultaneously completing his PhD from UC Berkeley in the field of Computer Security and Privacy. Ian has in the past been known to find security holes in Netscape's SSL implementation, to break cryptographic algorithms used in GSM cell phones, and to throw a lot of parties.
|Ender of the GhettoHackers |
Demonstration and presentation of the Autonomous Nodes that Batz and Caezar presented in concept at BlackHat Singapore.
I am working in conjunction with them on this project and plan on a lengthy on site demonstration of the nodes' functions and AI. It's purpose mainly to demostrate that the theory of these nodes is highly functional in both network research, for exploitation and protection.
To give you a quick surmise. A small LAN will be setup. NodeH (node hacker) will be inserted and printed documents of the timing and actions that NodeH will take, will be passed out to the crowd. The node will perform actions and an oversight of it's AI will be presented to the crowd describing the reasons and purposes behind it's decisions.
Automated exploitation with an attack tree backbone (Bruce Shniers idea from DR Dobb's Journal) are some of the main features. I have currently a 13 page overview which I am working on with Caezar. I have already begun development, the first run being MS compatible, with a Linux port possibly before DefCon.
Ender is an embedded system software coder and tester for 4+ years. He has coded in solutions engineering group for customers world wide, he specializes in C and x86 assembly. Interests include Prime Number Theory, Cryptonalysis, DSPs, Music, and Ruling the World. Motto: Be good, be bad, just be good at it.
|Phillip J. Loranger, GS-14, Director of Army Biometrics |
See It! Real Media (surestream video file) Hear it! Real Audio (28k-isdn surestream)
|Simple Nomad, NMRC|
Anonymous Remailers: The importance of widely-available anonymity in an age of Big Brother.
From the golden days of the Penet pseudononymous remailer, to Janet Reno's call to squelch Internet anonymity, anonymous remailers have played a vital and oft-hated role in making the 'Net safe from Big Brother.
People regularly use anonymous remailers to avoid spam, to speak their minds without fear (of peers, family, employers, or governments), and to stay out of search engine indices. Like nearly any other technology, anonymous remailers can also be used by "criminals" to do "criminal" things. Under this guise, the government wishes to outlaw or severely restrict access to anonymous remailers.
Remailers are not difficult to use. They're not prohibitively difficult to run, either.
"The only way the public remailer network will survive, is if more people start setting up remailers. Even if all the current remailers never get shutdown by the Powers That Be [TM], people do tend to move, change lifestyles, pass on, lose their jobs or lose the time to run a remailer. Remailers go away. Change is
History, current status, and known attacks on Type I/II remailers will be the focus of the talk.
noise holds a BS in CS from some university and will be attending her second year of law school this fall. she runs the noisebox anonymous remailer, helps the Electronic Frontier Foundation, and delights in holding heated debates with bureaucrats. noise thinks the world would be a better place (tm) if it had more cypherpunk lawyers.
|Bruce Schneier, |
See It! Real Media (surestream video file) Hear it! Real Audio (28k-isdn surestream)
|John Q. Newman, Author. |
Fake id by mail and modem.
I will cover topics such as the legal rules regarding fake id, when and where it can be safely used, how to determine if an internet seller of fake id is a scammer or legit, and finally the federal governments new interest in fake id. The id shop, the place I recommended last year, was raided by the secret service 3 months ago, and I will also talk about this case. If you remember, the owner was at last years convention making and seling id.
My second talk will be called"10 steps you can take to protect your privacy". This will be the dry run for a presentation I will take on the lecture circuit when my big new book from random house comes out on privacy. This talk will give straightforward steps everyone can take to drop out and stay out of big brother's databases.
|Richard Thieme, |
Social Engineering at Def Con: Games Hackers Play
DefCon has changed dramatically from Def Con 1 - when sixty real hackers met in face-time for the first time to Def Con 8 when thousands crowd into a hotel for a hacking "event scene." Richard Thieme has been called a "shrewd observer of hacker attitudes and behaviors" and sometimes he is. You be the judge. In this talk he reviews *very subjectively* the way truth is invented, perception managed, and media manipulated in the many rings of Def Con. It's all here - the familiar icons of good and evil, enemies of the people, Feds in disguise, happy and unhappy hackers, and his take on the truths, half-truths and outright lies that we exchange as currency in this looking-glass world.
Thieme's predictions at DefCon IV in "Hacking as Practice for TransPlanetary Life in the 21st Century" have all come to pass. But what's next? Hear how to position yourself for the Next Big Thing, depending on your hacking generation and the degree of real larceny in your heart.
Richard Thieme is a writer and professional speaker focused on "life on the edge," in particular the human dimensions of technology and work.
He is "a father figure for online culture," according to the (London) Sunday Telegraph and "one of the most creative minds of the digital generation" according to the editors of CTHEORY.
He has spoken for OmniTech; Strong Capital Management; System Planning Corporation (SPC); UOP; Alliant Energy; Firstar Bank; MAPICS; Influent Technology Group; Navy Federal Credit Union; Arthur Andersen; the Conference of State Legislatures; the Society for Technical Communication; Association for Information Management and Research; the FBI; the Black Hat Briefings, Def Cons IV, V, and VI; PumpCon, Xmas Con, RootFest and RubiCon. He writes for Information Security, Village Voice, Forbes Digital, Wired, South Africa Computer Magazine, CTHEORY, and LAN Magazine.
|Eric Sinrod, partner, Duane, Morris & Heckscher LLP. |
Federal Computer Fraud and Abuse Act .
We are going to discuss the Federal Computer Fraud and Abuse Act and look at how various hacking, virus and denial of service attacks trigger different sections of the Act. We will also discuss how intent and status affect levels of criminal liability. We will further discuss recent Congressional proposals to the amend the Computer Fraud and Abuse Act. Finally, we will look at international efforts to harmonize cyber-crimes laws.
Bill Reilly is a law student at the University of San Francisco, who has a focus in E-commerce legal issues. Prior to law school, Mr. Reilly spent 8 years in Denmark and Sweden working with different Danish and American Internet-related firms, where he was recently acknowledged as a "Dot Com Pioneer of Denmark" by a Danish newspaper. Mr. Reilly also has a Master's degree in International Management with a specialization in International Finance and a Journalism degree from the University of Southern California. Mr. Reilly was a co-author of a recently published article in the Santa Clara Computer and High Technology Law Journal entitled Cyber-crimes: A Practical Approach to the Application of Federal Computer Crime Laws. Also, Mr. Reilly is a co-author for the upcoming release of Intellectual Property and Unfair Competition in Cyberspace a comprehensive Internet Law Treatise to be published by Commercial Clearinghouse (CCH) in 2000. Mr. Reilly has recently written an article entitled "Hacking to Hard Time: Federal Anti-Hacking Laws and the Hacker soon to be published in the Journal of Internet Law and contributed to a legal e-commerce text book International E-commerce Law and Application. Mr. Reilly is a senior staff member of the U.S.F. Law Review, board member of the USF Intellectual Property Law Association, research assistant to Prof. J. Thomas McCarthy, and web master for several law school and other commercial web sites.
Eric J. Sinrod is a partner in the San Francisco office of Duane, Morris & Heckscher LLP. Mr. Sinrod¢s practice has covered a number of important Internet, technology, intellectual property, information, communications, commercial and insurance coverage issues. He has represented domestic and international clients in major class actions and where hundreds of millions of dollars have been at stake. He also has handled numerous matters for smaller companies and individuals. Mr. Sinrod has had significant trial and appellate experience, including cases before the United States Supreme Court. Mr. Sinrod has been quoted or his work has been profiled in Time Magazine, the National Law Journal, Cyber Esq. Magazine, Business Insurance Magazine, the ABA Journal, the California Lawyer and a number of other publications.
Mr. Sinrod is an adjunct professor of law and has published many law review and other journal articles. He is a frequent speaker on Internet, information and communications issues. He is an advisor to the Cyberspace Law Seminar at Hastings College of the Law and teaches an Information Law Seminar at Golden Gate University School of Law. Mr. Sinrod is on the Editorial Board of the Journal of Internet Law, is a member of the ABA Internet Industry Committee, and is a member of the Executive Committee of the Law Practice Management & Technology Section of the State Bar of California. He is the author of a treatise entitled *Intellectual Property and Unfair Competition in Cyberspace,* to be published soon by CCH, Inc. He writes a weekly Cyberlaw column for the online version of Upside Magazine, entitled *Upside Counsel,* and he is a regular guest speaker covering Internet legal issues for Live Online News.
|Sarah Gordon, |
Virus Writers: The End of The Innocence.
Earlier research has empirically demonstrated the cyclic nature of virus writing activity: As virus writers age out, new virus writers take their places; enhanced connectivity amplifies the existing problem and various technical factors result in new types of virus writers surfacing and the cycles repeat. However, a new variable has recently been introduced into the cycle: legal intervention. The virus writing community now has experienced visits by concerned law enforcement; there have been arrests and sentencings. New laws are being enacted, and acted upon. Thus, the virus writing scene is no longer a casual game of kids on local BBS.
What has been the impact (perceptually and operationally) of these visits, arrests, and most importantly, the (yet to be imposed) sentencing of David Smith. In other words, as the virus problem gets more and more attention, where are we actually going in terms of shaping acceptable behavior in our virtual communities and what, if any, impact are these legal interventions having on the impact of viruses impacting users ?
In order to produce a scientifically meaningful answer to this question, this pre and post-test study examines pre-sentencing opinions of the impact of the visits/arrests/sentencing and compares these findings with those from post-sentencing opinions. Opinions are interesting and must be considered, as we know the opinions of today shape how people behave in the future.
However, we are also concerned with immediate impact. To this end, impact will be examined in terms of viruses found both ItW and on the WWW, as a function of time with parameters being pre/post sentencing. In particular, we are interested in any discontinuity noted in the graph of viruses both ItW and on the WWW, and in online references to legal concerns.
The conclusions will obviously depend on the actual results, but there appear to be essentially one of two scenarios:
i. The pre and post tests studies will demonstrate significant differences. Thus, proponents of tough police follow-up of virus writers will have some hard evidence that this actually has a financial value, as well as a societal impact.
ii. The pre and post test studies will demonstrate no appreciable difference. This means that we need to re-evaluate the worth of pursuing virus writers as a useful way of curbing the problem and evaluate the wisdom of spending large amounts of public funding to pursue this avenue of defense.
|Lee Johnston, Senior System Analysis with Computer & Network Associates (CNA) |
Demonstration of software that allows the construction of an enterprise network (complete with servers) inside a single computer.
Based on RedHat Linux, users can accurately simulate an enterprise network populated with real servers and workstations on a SINGLE COMPUTER (the system literally runs several real networked operating systems simultaneously inside one computer). It also runs multiple firewalls, gateways, routers, VPNs, or any other network device. Security experts (or hackers) can create a virtual network, populate it with Windows systems and then attack them with the latest exploits. In addition, all packet traffic can be (sniffed) sent to a file or displayed in real time. This provides security experts with detailed information about the nuts and bolts exchanges between networked computers. Thus, software-programming flaws can be identified and exploited. In addition, the system is a outstanding platform to create and test the most twisted of viruses. The kicker is you can build a virus, instantly infect a networked os, and then rapidly see the results. If it doesn't work correctly, within seconds you can restore the infected windows os to a virgin state, modify the virus, and try it again.
A California native, Lee Johnston is a Senior System Analysis with Computer & Network Associates (CNA). He holds a bachelor's degree in Management Information Systems from the State University of New York. He has over 12 years of experience in computer security. Prior to his move to CNA Lee was a System Administrator for the Air Force in Biloxi, Mississippi. On behalf of the Air Force, he authored several articles and textbooks on military networks and security. Currently, he leads the CNA's network security development team.
|Aaron Grothe, |
Tunneling and Firewalls
A Firewall is the first line of defense for almost every LAN connected to the Internet. Using a Firewall many System Administrators restrict privileges to services they do not want to allow access to such as telnet and ftp. Using tunneling software, people can re-enable those services by establishing virtual data paths through allowed protocols such as http.
The talk will provide an overview of how tunneling may be used, how to combat it, and when to use it. There will be a demonstration of how tunneling works using the httptunnel http://www.nocrew.org/software/httptunnel.html software.
|The Cult of the Dead Cow - |
See It! Real Media (surestream video file) Hear it! Real Audio (28k-isdn surestream)
|V1ru5 and *Hobbit* - |
See It! Real Media (surestream video file) Hear it! Real Audio (28k-isdn surestream)
|V1ru5, ConXion, Network Security Administrator. |
Virus talk: This will be an introduction to computer viruses. Covering Boot sector, File infector, Multi-Parti, Polymorphic, Macro, Trojan, and Script viruses. We will talk about how they infect, types of damage, and repairing.
Lock picking Talk: This talk will cover different kinds of locks, and hand cuffs. And how there opened!
Robert Lupo aka "V1RU5" has several certifications in the security field, including CCSA, CCSE. He Currently works as a Network Security Administrator. He is known for his lock picking, Virus, and Social Engineering skills. MCSE, CCSA, CCSE and SeaGate NerveCenter Certified
|Mr. Nasty, |
Using tools to obtain recon on NT networks.
I have worked in the field of Computer Security for the past 7 years. I test systems throughout the US for various vulnerabilities and report to management how these vulnerabilities can be lessened. No one listens!
|Jennifer Granick |
The law and hacking.
4th & 5th ammendment, laws that relate to hacking. A criminal and civil attorney talk, debate and answer questions. While in some situation there my be no law against something that does not mean you can be sued in civil court or charged on "related" charges.
|Mike Scher, Anthropologist, Attorney, Policy Analyst. |
What is DNS and alt roots? What are alternate roots and why does Internet suck.
Recently, the overlaping space among DNS, the design of browsers and search engines, international, national, and local trademark interests andlaw, have come to a head. A sprawling organization dubbed ICANN has taken over what used to be a task that sat squarely on one man's shoulders. The tensions are largely the result of ignorant (and purposeful) confusions of the purposes and functions of the various Internet name and resource locating systems. In this talk, we will discuss what a DNS root fundamentally IS, and the factors that keep a unified name service root in place despite many pressures to decentralize DNS root services. We'll then look at the ways in which decentralized or alternate roots could be (and have been) implemented, and their implications for trademark and software politics and design.
Mike Scher is an attorney and network security consultant working on both the policy and technology fronts. He has designed private DNS roots and TLD systems for international Fortune 500 companies, and worked with public alternative DNS root projects. Most recently, Mr. Scher has become infrastructure technology and policy manager for a fast-growing startupcompany in Chiago.
|Freaky, staticusers.net and Freaks Mackintosh Archives |
Security and hacking of the MacOS and details of OSX
Freaky will be presenting his second speech this year. Last year he covered the basics of macintosh security and answered questions. This year he will be going over security / hacking of the MacOS and details of OSX and the security it offers. Macintosh Security is a topic not well known, so he is willing to take questions early to cover in the topic.
|Pyr0, Network Administrator The r00t Cellar.com |
FAQ the Kiddies
Every year the attendance at Defcon grows. It was apparent this last year that many of the Kiddies (W@r3z d00d5, Script Kiddies, and lamers) had come with the intention of learning something. Problem is upon arrival these groups think that the only way they will be able to benefit from Defcon is if they "PROVE THEMSELF" to everybody they come across. By the end of Day 1 they have successfully burned any bridge they had the chance of building. This speech will give newbies some of the info needed to get on "the right track".
Dangers of being a script kiddie
System Profiling: Target Analysis or How Crackers Find You.
This presentation will walk through profiling and target selection from an attack point of view. I will demonstrate techniques, commands and tools used to remotely identify systems, services and possible vulnerabilities for exploit. The presentation should teach newbie hackers how to identify potential targets while explaining to system administrators how their systems are targeted for attack.
|Natasha Gregori, President ACPO. |
Hacktivits to Activists - Making the Transition
In 1999 The ACPM was formed with the goal of removing child pornography on the Internet via any means possible. After an initial announcement on HNN, and recruitment at DefCon 7, we began the daunting task of shutting down Child Porn Sites.
Initially successfully, we found that the sites we took down would come back up after a few days or weeks. Not only would they return, but it became increasingly more difficult to take them down. We were not effectively removing sites, just making them stronger. A Change in tactics was necessary, and so the transformation to ACPO began.
The transformation into a "legit" activist group from our beginnings in the H/P/A community did not occur without its own pains. Some felt we were becoming "soft" on child pornography and left. Others joined, not deterred by our history. We have come to form strong bonds with law enforcement internationally, and have had success at identifying both those that
Recent articles in apbnews.com, cbsnews.com, and wired.com have focused on ethical "hacker" groups fighting child porn have featured ACPO and Condemned.org, who is currently in the process of "going legit".
In my Talk I (and possibly Rloxy of condemned.org) will present the problems which convinced us that hacktivism was not the appropriate path, the transition process into an activist group, and the benefits the transition has has brought us.
|Jim McCoy, |
Majo Nation: Building a next generation distributed data service.
Jim McCoy is a long-time cypherpunk and who decided long ago that cypherpunks may talk about writing code but it takes Evil Geniuses to really get the job done. After helping Steve Jackson build Illuminati Online using the money from the secret service raid he was convinced that the best way to bootstrap a start-up was to antagonize the government, since then he has learned that there are easier ways...
|Arthur L. Money, Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD (C3I)) |
Meet the FED Panel
Arthur L. Money was sworn in as Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD (C3I)) on October 5, 1999. Mr. Money served as the Senior Civilian Official, Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) and Chief Information Officer of the Department of Defense from February 20, 1998 to October 4, 1999.
He served as Assistant Secretary of the Air Force for Acquisition from January 1996 to May 1999.
Mr. Money has more than 35 years of management and engineering experience with the defense electronics and intelligence industry in the design and development of intelligence collection analysis capabilities and airborne tactical reconnaissance systems.
|Legal Panel - |
See It! Real Media (surestream video file) Hear it! Real Audio (28k-isdn surestream)
The Fifth Annual Black and White Ball:
DJs spin music, and people dress up all spiffy. This is the third official year of this, which started all by itself back at DEF CON 3, when for some reason people started dressing up for no reason before going out on the town. A tradition is born! This year we'll take some pictures and have a voting booth for most crazy outfit, most swank, etc.
|Hacker Jeopardy: |
Winn Schwartau is back with Hacker Jeopardy!! The Sixth year in the running! With his sexy sidekick, Vinal Vana, and the ever present judge The Dark Tangent, get ready for a wild ride through hacker trivia, social and science questions. One year there was even a question about a bird! (If you want to check out some questions, look at last years) This is how it works.. We supply the beer for the contestants, you supply the answers. The first round starts at 11pm on Friday and lasts until it is done. The second and secret rounds will happen Saturday at midnight and go through final jeopardy. If the host botches a question, he drinks. If contestants are cheating or sneaky, they drink. 6 teams will be picked at random and compete for the final round. There can be only one! [More rule clairifications soon]
|Spot the Fed Contest: |
7th ANNUAL SPOT THE FED CONTEST: The ever popular paranoia builder. Who IS that person next to you?
"Like a paranoid version of pin the tail on the donkey, the favorite sport at this gathering of computer hackers and phone phreaks seems to be hunting down real and imagined telephone security and Federal and local law enforcement authorities who the attendees are certain are tracking their every move.. .. Of course, they may be right."
Basically the contest goes like this: If you see some shady MIB (Men in Black) earphone penny loafer sunglass wearing Clint Eastwood to live and die in LA type lurking about, point him out. Just get my attention and claim out loud you think you have spotted a fed. The people around at the time will then (I bet) start to discuss the possibility of whether or not a real fed has been spotted. Once enough people have decided that a fed has been spotted, and the Identified Fed (I.F.) has had a say, and informal vote takes place, and if enough people think it's a true fed, or fed wanna-be, or other nefarious style character, you win a "I spotted the fed!" shirt, and the I.F. gets an "I am the fed!" shirt.
NOTE TO THE FEDS: This is all in good fun, and if you survive unmolested and undetected, but would still secretly like an "I am the fed!" shirt to wear around the office or when booting in doors, please contact me when no one is looking and I will take your order(s). Just think of all the looks of awe you'll generate at work wearing this shirt while you file away all the paperwork you'll have to produce over this convention. I won't turn in any feds who contact me, they have to be spotted by others.
DOUBLE SECRET NOTE TO FEDS: This year I am printing up extra "I am the Fed!" shirts, and will be trading them for coffee mugs, shirts or baseball hats from your favorite TLA. If you want to swap bring along some goodies and we can trade. Be stealth about it if you don't want people to spot you. Agents from foreign governments are welcome to trade too, but I gotta work on my mug collection and this is the fastest way.
|Capture the Flag (CTF) contest: |
Capture the Flag (CTF) contest - Time to dust off those sniffers and shine those 'sploits, because CTF is back with a vengeance. This year many of the rules and goals have changed to refocus participants on the fun involved, as well as make the event more relevant to a real world hacking situation. So pay attention to the changes, this will be on the final exam.
1) The Bastard Operators from HELL (BOFH) - The people who want to be on the BOFH side have to either set up a bastion host, or a firewall with an unhardened host behind it. The hosts have to be running useful services and have user accounts. If you set up a host you should be able to point to it and say "that's a mail host" or "warez site" or a Shoutcast server, etcetera.
Registration of Servers will be required to obtain an IP address. Be prepared to provide the Judges a hard copy of the configuration of the machine. (Box, OS, Patches, Services running & bound ports.) Persons found to be connecting unregistered servers will not be allowed to join the competition. Please remember to to label your box with your name and contact info, as this will speed things up considerably.
Judging will be based on the number and type of services and whether the host is compromised. So the more services the better, just make sure you lock 'em down.
2) The (L)USERS - Anybody who wants to should be able to walk up to an admin and ask them for an account on their host. What the admin gives you depends on the type of server they set up. The account should be enough to actually get mail from the mail server, play quake on the quake server, etc. Lusers can't win; they just get to use the servers.
3) The Hackers - Hackers win by putting their team name or handle in a file in the root directory of any host on the network. To count, the file has to stay there long enough for a designated Judge to verify it. Whatever hacker or team racks up the greatest number of hosts wins. Additional points will be awarded for speed and efficiency. Hack fast, Hack well.
1) Everyone must register as a participant in order to obtain an IP address. If you're wondering if this means you, then it does.
The preceding information is liable to change. Upon set-up of CTF, please request a current hard copy of the rules from Ghent or any member of the NOC staff. Enjoy!
|Streaming Audio and Video: |
DEF CON and Pirate Radio UK will be streaming the conference both live and post processed. This will depend on how many cameras are set up. Feeds will be available using Real Player, and MP3 (audio only). Links to the content will be off the main www.defcon.org page. If you have a Real Server with a splitter licence, or an Icecast or Shoutcast server and would like to contribute bandwidth for the event, contact Major Malfunction.
|Live Band action: |
We have enough space that an area just for live bands is being set up. Email noid at defcon d0t org if you want to DJ or have your band perform. Currently the following acts are booked. Now, this is only the list of booked DJs/Bands..this IS NOT the set list, so don't get yer panties in a bind. This year there will be more lights, more sound, and no interruptions!
For more complete information and current acts, check out the band planning page.
|The 4th Official DEFCON Shoot: |
The DC Shoot (4rd Annual!) is happening again. As soon as we get a word where the page is we will let you know! It's slated for Saturday morning at 8AM round up to go off to the shooting site. Please visit the web site linked above for complete information on safety requirements, responsibilities, and what to bring. Be awake!
|The DEF CON network: The network this year will be in several segments. |
Internet Connection: The line is still TBD, however, we will have a high bandwidth line (T1 or DSL) with a class-C of IP space (staticly assigned by DefCon Staff).
Network Structure: We'll wire the general con space & hallways for 10/100 ethernet. You will need to bring your own NIC cards; if you forget ethernet cable, the NOC will have cable available (inexpensively :)
Wireless: We will be providing IEEE-802.11 public access to the Network. You will need to bring your own wireless network cards to connect to the network. (DefCon NOC staff will NOT provide 802.11 PC-Cards or PCI cards). We're going to try to get the pool, bar, and lobby areas within network range (nothing like hacking wirelessly by the pool with a beer!). The 802.11 network will be DSSS, not FH. Freq. Hopping (FH) is old & slow (1-2Mb). DSSS allows 11Mb+. We'll be using equipment implementing the 11Mb DSSS 802.11b standard.
|Iron Feather Journal Presents: The best of the commodore 64 cracker screens. |
A 90 minute video with audio featuring the top computer graphix of the crackers intro screens put on warez from the 1980's in the commodore scene. Produced by Towne Club.
|DefCon is pleased to announce "DefCon goes to the Movies". |
In our first annual presentation, we will be screening the popular 1998 action-thriller movie "Enemy of the State", written by our guest host, David Marconi and starring Will Smith and Gene Hackman among others. The audience is invited to discuss the movie and some of the scenes with the writer.
Enemy of the State
David Marconi is a Hollywood writer and Director. He has worked the film scene in TV as well as movies since the early 80's. His credits include Enemy of the State, The Harvest, Rumble Fish, and The Sky's No Limit. He has worked with major studios like 20th Century Fox, Disney, Warner Brothers, Dreamworks, Paramount, and Columbia TriStar.
Mr. Marconi has written and been involved with over 10 screen scripts including Mission Impossible II, WWIII.com, and an untitled Chris Rock thriller coming out next year.
|The First Annual Coffee Wars: |
Seeing how Java is a good Thingtm, the attendees of DEF CON have come up with Coffee Wars. The idea is to bring your favorie roast beans, and we'll grind 'em up Friday morning and have a good start to the Con, and a chance to compare yours to many other types of coffee. I can tell you right now, Uban and Sanka will loose the war. So will Maxwell House.
In the interest of fairness, staff entrants were excluded from the 'official' results, and were categorized by themselves.
|The Shmoo Group monitored the CTF competition, and has complete network packet archives located at their archive. |
Don't forget Caesar's Challenge V party. Much leetness and booze, and notes from the past challenges and parties. Check it out.