ATTENDEES
at this year's DEFCON hacker convention in Las Vegas were more annoyed
at the long lines for speaker sessions than any appearance by "The Man"
(i.e. the Feds). The authority feared this time 'round was the local
Vegas fire marshal -- 6,000 or so people in attendance and not enough
seats to hold everyone in the conference sessions. People were left
standing in line and left out of first-day sessions. Since each DEFCON
attendee paid $75 in cash (U.S. currency only, no Visa, MasterCard or
Euros), The Hacker Street became annoyed.
For the mainstream media, DEFCON is all about visual shock candy. If it
is a choice between JesusHackers and the BondagePornoBabes*, it's an
easy guess which ones will make the evening news. Most of the security
news last week was nefariously linked to DEFCON, regardless of
relevance.
Whatever the case, the mostly male, mostly black T-shirt crowd got an
earful from a variety of speakers (assuming they could find a seat - no
standing, per fire code). Phil Zimmermann, creator of the PGP
encryption program, fessed up to wanting to ship the PGP program
overseas as a human rights tool, altho' his lawyers told him not to say
admit it while battling the U.S. government in court for three years.
Zimmermann
emphatically repeated "There is no backdoor in PGP" despite assertions
by TechTV and others. "Network Solutions wouldn't know how to put in a
back door... or a front door, for that matter," he said. He attributed
some of the paranoia surrounding PGP and the flood of annoying and
irrational fan mail he receives on a daily basis to "People who think
the X-Files are a documentary." He also stated he was mis-quoted by the
Washington Post in a post-9/11 interview.
Chris Hurley, founder of the World Wide WarDrive, took a chunk of his podium time to flog InfoWorld and The Wall Street Journal for
inaccurate and misleading stories about the effort to document the
number of wireless APs and the (ugly) number of them not running WEP
encryption. (One might say the Washington Post is in good
company for bad technology reporting). Less than a third of WiFi APs
world-wide are running WEP, a percentage Hurley hopes goes up due to
the annual and public and not-secret and not terrorist-linked WarDrive
campaign.
Did you know ISPs in the Netherlands get paid for every successful
government-ordered wiretap? Or that there's an EU standard for bugging
your IP traffic? Jaya Baloo revealed this and some other tasty tidbits
in her talk about Government IP Tapping. Baloo, a consultant in the
Netherlands, noted that ultimately there will be EU-wide agreements for
"borderless lawful intercepts" but both quantum crypto and wireless
LANs pose some interesting challenges to regulators.
Sunday's presentation on social engineering was saved from being stoned
by the appearance of Kevin Mitnick out of the audience to regale the
packed ballroom with his exploits of talking Motorola staff into
sending him a source code for their cell phone. His quest – two hours
of talking on the phone -- was nearly frustrated by a firewall
preventing outbound ftp until a Moto security guru thoughtfully
provided a way around it. Mitnick also won the 10th annual "Hackers
Jeopardy" contest, a two evening ordeal that has few rules other than
answering questions and drinking a lot. (Hmm, maybe Kevin could find a
job at the INQUIRER).
Among other contests, the WiFi shootout provided some interesting
results. Held 20 miles outside of Vegas, in the desert, contestants had
to set up and test their gear in the rain (yes, the rain) on the first
day of activities on top of a craggy heap of rock to get the best
distance. The winner, built by ASLRulz out of New York, was able to
send and receive data over 35 miles. Most disturbing/amusing, the huge
antenna was built out of a last minute design with $98 of parts bought
at Home Depot. µ
* CORRECTION Doug got overexcited. The folk were labelled as the
BondagePornoBabes when they should really be called HaXXXor or the
HaXXXor Girls, according to Aaron, creator of HaXXXor. Ed.
