The Speaker Schedule Has Arrived
The Fifth HOPE speaker schedule has been completed. We had more stuff
than ever this year, including three keynote speakers. But the keynotes
are just one part of the speaker program. We had nearly 70 talks,
panels, and workshops scheduled.
MP3 files are being created for our panels. Watch this website as new
files are made available every Friday. Click on "L" to download a local
copy to store on your machine, or click on "S" to stream the audio.
Video copies of all panels will also be available from our online store.
for speaker biographies.
Our list of scheduled talks is as follows. If you're interested in
having a printed copy, we also have a PDF version
AS/400: Lifting the Veil of Obscurity
The AS/400 system from IBM is a powerful system that is in widespread use. Despite that, it is difficult to find information on it or learn about it from any school. A general overview of its design and the architecture of the OS will be presented. This will then be tied into fundamental computing knowledge to show where "interesting" data can be found and where possible weaknesses are in the system.
This presentation provides an introduction to the electronic networks present on late model automobiles. These networks will be described loosely following the OSI model of networking. Common uses of these networks will be presented and the privacy implications of some uses will be questioned. The presentation will conclude with an introduction to OpenOtto, a free software and hardware project implementing the network protocols previously described.
Bloggers at the DNC
The Democratic National Convention has become a sclerotic, television-driven celebrity parade. This year bloggers - aka hacker journalists - are being invited onto the floor to shake things up. Can the Internet bring democracy back to the mother of all Democratic Party shindigs? The panel will talk about what is planned - from WiFi to video blogging - and how you can get involved, in Boston or remotely.
Building Hacker Spaces
Binary, Count Zero, Freqout, Gweeds, Javaman, Mangala, Shardy
This is a panel discussion on how to build and maintain a hacker space, hosted by representatives of the Philadelphia Walnut Factory, the Hasty Pastry (Cambridge), New Hack City (San Francisco), PUSCII (Utrecht), ASCII (Amsterdam), the L0pht (Boston), and the Hacker Halfway House (Brooklyn). Experiences and tales will be shared.
Building the Anti-Big Brother
This will be a talk on how databases can do useful work and serve society without storing any personal information. For the past several years, Peter has been exploring how banks, stores, and businesses everywhere can offer their customers personalized service without keeping personal data about them where it can be abused by nefarious insiders or malicious outsiders. Building these systems requires more of a change in attitude than a change in technology because all of the solutions use standard encryption tools as a foundation. Topics will include how to build these systems and when they can help make the world a safer, saner place.
Bypassing Corporate Restrictions from the Inside
Working for an organization can be annoyingly restrictive. As they feel they need to cater to the lowest common denominator, you are subjected to web content filters, outgoing port restrictions, and firewalls. This panel attempts to provide an understanding of how these restrictions are usually implemented and how techniques such as tunneling can be your saving grace. It will also address potential security implications and measures that should be considered whenever you compromise your own company's infrastructure.
Cheshire's Rant Session
When the Cheshire Catalyst spoke about problems at his Directory Assistance job at H2K2, corrections that nobody could get done in over three years were miraculously being made within two weeks after getting back to work following the convention. Could telephone company agents have infiltrated the convention and reported back? What other Large Corporate Problems aren't corporate executives listening to? Write out your rant and be sure you can deliver it in 45 seconds (isn't that what the stopwatch mode on your digital watch is for?). When it's all over, any hyperlinks mentioned by ranting attendees will be available on the web, allowing the Agents of Normality to not only find out what you're ranting about, but have your own references to work from when they report back to their executives.
Rop Gonggrijp, Barry Wels
Trying to keep government out of everyone's phone calls is a lost battle. What little legislation we had to protect us will be removed in the next few years and ignored until then. Storing the content of all phone calls forever is now affordable, even for smaller countries. Strong end-to-end cryptography on a massive scale is the only answer. But where are the phones? CryptoPhone makes a phone based on a commercially available PDA/phone that features an open protocol and published source code. And there's a free Windows client if you don't want to buy the phone! The talk will outline precisely how it works, what's next, and how you can help.
Cult of the Dead Cow Hactivism Panel
Eric Grimm, Sharon Hom, Dr. James Mulvenon, Oxblood Ruffin, Nart Villeneuve
Over 40 years ago Marshall McLuhan declared that the Third World War would be an information war in which civilians and the military wouldn't be particularly distinguished. That vision has become a reality. Governments from China to Zimbabwe have strangled access to information critical of their regimes, often with the aid of American companies. And as quickly, resistance has sprung up to challenge that repression. Areas of opportunity are beginning to emerge as hackers, human rights activists, and the academic community begin to join forces. This panel will explore the phenomenon of state-sponsored censorship and grassroots resistance from the political, legal, technological, and human rights perspectives.
Digital Rights Management
Digital Rights Management is quickly becoming pervasive in electronic devices of all sorts. This minimally-technical overview of DRM systems in use now and planned for the future will show you how and why your ability to make use of electronics is being reduced by corporate desires to increase profits and exercise control over their products. The emphasis here will be on DRM systems that have gotten little publicity. The DVD CSS system will be touched upon but most of the time will be spent describing systems for controlling television broadcasts, DRM built into CPUs and BIOS's, and other areas that haven't gotten nearly as much attention as CSS.
Distributed Password Cracking API
David "Bernz" Bernick
The low-cost of the modern PC, the proliferation of the Internet, and the speed of its underlying networks make parallel task-based computing very possible. We've seen massive networks like SETI demonstrate this. SETI is programmed for a simple task: Get a piece of data, process it at leisure, spit out results if any, get a new piece of data. This has been used already to do some brute-forcing of security tasks with systems like distributed.net. But that system is sophisticated and large and you can't make it do tasks like cracking crypt() passwords or websites or any variety of brute-forcing tasks. This talk is about an extensible framework and API for creating distributed password crackers. The framework is easy to use, easy to distribute, and easy to add different kinds of cracking to. The software will be released open-source during the conference.
Encryption Key Signing
It's a surprising fact that a large number of attendees at this very conference, even those who call themselves hackers and/or security professionals, probably don't use any sort of encryption - or don't use it properly. One reason may be because people think nobody else uses it. So until it has a stronger presence, it won't be as widespread as it really should be. In order to help fight this, Seth will be hosting a key signing session. There will be a rundown of why people should be using strong crypto, how the web of trust works, and moderation to public verification of identity and key fingerprints.
If you want in on this, send your public key to firstname.lastname@example.org so that he can
prepare a keyring ahead of time to make things more convenient —
or visit him in the NOC in area "4."
Everything You Ever Wanted to Know About Spying, 9-11, and Why We Continue to Screw Up
Two 30 minute PowerPoint slide shows will be presented, followed by as much discussion as desired. The first, "9-11, U.S. Intelligence, and the Real World," will discuss the specifics of how we failed and why we will continue to fail. The second, "The Failure of 20th Century Intelligence," will discuss the specifics of how American intelligence has blown it in collection, in processing, in analysis, in leadership, and in mindset. If desired, for those who last into the night, other briefs will be available, including "New Rules for the New Craft of Intelligence" and "The Literature of Intelligence: Why People Hate Us and Why We Don't Get It."
The Fifth HOPE Closing Ceremonies
Another one of our traditions is to gather everyone together in one room and bid farewell until next time while summarizing some of the highlights of the last three days. This is also where we give away various prizes to audience members. If you're one of those people who booked your return trip for Sunday afternoon, you'd best get on the phone and change those plans. The weekend ends Monday morning, after all!
Friday Keynote: Kevin Mitnick
Frustrating OS Fingerprinting with Morph
Sun Tzu once stated "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks. There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe and the packet timing analysis of RING, to today's suite of multiple techniques employed by nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response. Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and will frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them. There will be a live demo, and Morph v0.2 will be released with this talk.
This is a continuation of Jim's presentation at H2K2 on hacking nanotechnology. This year there will be more on developing simulation software, thinking of new ideas, and investigating current discoveries. All of these are theory and thought driven. There will be a demonstration of some experiments and a discussion on the realities of nano hacking and why it's an important area of exploration.
Hacker radio is a growing phenomenon throughout the world. Hackers are discussing the current issues faced in today's technological world over the airwaves and through the net. There are all sorts of hacker issues being discussed via hacker radio including the DMCA or software patents in the European Union that seriously limit innovation and allow for others to have too much control over something you purchased in your home. By having this discussion in a radio format, those outside the hacker community have the opportunity to hear it and learn. The evolution of hacker radio from the early days of spreading information via bulletin board systems, websites, forums, and mailing lists to today's online audio streams will be explored. There will also be a discussion of hardware and open source software methods for setting up your own show and getting your own opinions and ideas out there for all to hear. Current examples of hacker radio will be featured.
Hackers and the Law
Dr. D. Kall Loper, Ph.D., Annalee Newitz, Policy Analyst, Electronic Frontier Foundation, Wendy Seltzer, Staff Attorney, Electronic Frontier Foundation
This panel will cover current legal crises around privacy, free speech, and intellectual property, with a special focus on the concerns of hackers. Presenters will discuss the laws which protect (or don't protect) your right to anonymous free speech online, your right to reverse-engineer, and your ability to make fair use of your digital media. They will also discuss the USA-PATRIOT Act and the ways this sweeping set of laws changed the nature of investigation and the rules governing wiretapping online.
Hackers in Modern Imperialist America vs. Barbarians in the Holy Roman Empire
In the time the Roman Empire controlled most of western civilization, the barbarians were known as enemies to society - savages that lived in the frontiers of the empire that resisted control by the Romans. Today, as the United States moves forward with an imperialist foreign policy, a new enemy has emerged that is resisting the system from the outskirts of the socially accepted: the hackers.
Hacking CDMA PRLs
CDMA is the dominant mobile phone technology in North America and is operated by Alltel, Sprint, US Cellular, Verizon, and many other carriers. On CDMA handsets, roaming is controlled via a configuration file called the PRL. In this talk, you will learn how to unload PRLs from CDMA handsets, how to disassemble them, and how they can be hacked. This talk isn't about making free phone calls or doing anything illegal, but you will learn how to determine what you're really buying when your carrier promises "nationwide service."
Hacking More of the Invisible World
Bernie S., Barry "The Key" Wels
An update on the H2K2 panel focusing on HF, VHF, UHF, and microwave signals. You will learn what's out there and how to intercept it. There will also be a discussion on TSCM (Technical Surveillance Counter Measures), the art of evading electronic surveillance, and a presentation of selected intercepts and equipment demonstrations.
Hacking National Intelligence: Power to the People
Do you want to live in a nation where decision makers lie, cheat, and steal? Where national intelligence is so secret that you are not allowed to know a) the truth, b) that national intelligence (spies) are ignorant about the real world, and c) that what policy makers tell the people (e.g. about reasons to go to war in Iraq) has nothing to do with reality? Imagine instead an America in which public intelligence supersedes secret intelligence and elitist corruption is displaced by an informed democracy in which consensus conferences at every level assure that "We the People" all serve the public interest. That is "The OSINT Story." Come hear the story and discuss how we are going to run the world as we achieve open spectrum, open source software, and open source intelligence.
Hacking the Grid
Greg Newby, Porkchop
One of the biggest projects in computing for big science and enterprises these day is computational grids. Grid computing is at the heart of marketing plans from Oracle, IBM, Sun, and other big companies. For them, "grid" is mostly a buzzword that describes various ways of tying computers together. A more specific use of "grid" is found in big science, however. The national TeraGrid, based on the National Science Foundation's Middleware Initiative (NMI), uses the Globus toolkit and a variety of other packages to run some of the world's largest supercomputers. It's also used to tie many smaller computers and clusters together in the academic and business worlds. Can this "big iron" be hacked? This talk will examine real and potential weaknesses in Globus and other elements of NMI, as well as the promise and reality of end-to-end security for Grid-enabled computers.
Hardware Bus Security in Embedded Systems
Surprisingly, every individual comes into contact with over 100 embedded computer systems every day. A great many exist in our homes without our realizing it and many more operate the commonplace items in the world around us. An "embedded system" is a self contained miniaturized "computer system" (CPU, memory, I/O) that is dedicated to performing a single type of operation. They are now common in households through HVAC (Heat Ventilation and Air Conditioning), stoves, refrigerators, televisions, video players, set-top boxes, lawn sprinkler systems, and many other items. They are in the world around us controlling our street lighting, door openers, intruder alert systems, product theft security, speed cameras, and much more. The concept of security for these buses is traditionally very low because the designer has always been able to depend on physical security of an enclosed box. However, as more of the "boxes" are connected together more external buses and networks come into being and more opportunities for access and malfunction, whether through poor design, unforeseen circumstances, or foul play, become possible. This is a discussion of the progression of design from self-contained systems to more complex ones with internal buses and finally external standard buses. There will be an explanation of what an embedded system is and examples of complex embedded networks. Their security, and hence your security, is at risk in many cases, much of it due to "security through obscurity."
Homeland Security And You: Harry Potter Meets Reality
A study of how conference participants can use their expertise to assist private industry and government in assessing vulnerability. Marc will present his ideas for a National Security College to train young adults in many topics: crypto, lockpicking, encryption, etc. He will outline the technical subjects that would need to be taught so students could assist in protecting private sector and government from cyber and physical attack. Also, a look at some of the potential conflicts students might have in such an environment, including attitudes on intellectual property and its protection.
How the Great Firewall Works
China currently puts in the most effort to censor information on the Internet. Bill was first involved in freenet-china and started DynaWeb in 2002. He has developed a thorough understanding of China's Internet censorship technology ranging from IP blocking to DNS hijacking etc. Various techniques have been implemented to get around them. There will be an explanation of a censorship algorithm never before publicly released as well as a live demo on how it works. Time permitting, an analysis of how the Chinese government uses information control on its people will also be presented.
How The Net Worked
The Fifth HOPE network has been in the planning stages for many months. Did it hold together? How was it built? What worked and what didn't? An open discussion from members of the network crew on what it's like to do something on this scale, some of the hurdles that were faced, ways in which the technology has evolved, and how we can do things differently for future gatherings.
How To Break Anonymity Networks
Today's anonymous communication software (such as Mixmaster, Mixminion, Nymservers, JAP, Tor, Anonymizer, etc.) allows people to communicate while concealing their identities from each other and from external attackers. But no deployed system is strong enough to protect every pattern of user behavior against a sufficiently resourceful adversary, and many of them fall to far simpler attacks. In this talk, Nick will discuss working attacks against today's anonymity networks, drawing from past technical and social attacks on deployed networks and from recent academic research in traffic analysis, stylometry, and mix-net design. He will present defenses to these attacks when such defenses are known to exist.
How To Send Encrypted Email
One day you wake up and you have the sinking feeling that someone may be reading your e-mail correspondence. Your only recourse is to encrypt or hide your sensitive communications. This is a look at one web-based solution - CryptoMail - and how it deals with the problem of simplifying encrypted e-mail while maintaining a high level of confidentiality. A detailed analysis of the CryptoMail session establishment, message encryption, and data store model will be presented. Furthermore, a demonstration of the working system will be given and attendees may create accounts, ask questions, or comment on the system.
How to Talk to the Press
Whether you're an activist planning a campaign, a hacker caught in a legal squabble, or just a bystander buttonholed on the street, dealing with journalists can be an essential part of ensuring that your views are heard. IEEE Spectrum Magazine associate editor Stephen Cass talks about how you can improve your chances of getting a fair hearing. Topics include understanding what journalists want, interviewee tips, and how to get the attention of news organizations.
Incentive Structures: Mechanisms of Control
Where do incentive structures come from? How do political elites use incentives to make us die for them? How do market elites use incentives to control politicians and co-opt the media? How can we stop them from doing the same to computing and communications technology? Why does mankind have to be led through the desert for 40 years every time technology advances? How are cultural and religious values like computer code and the institutions they create analogous to programs? How are markets like the AIs in The Matrix? When mechanisms of control get out of control, we have to ask who really coded Agent Smith and how can we retain control of technology before it comes to that?
How are hundreds of independent journalists from around the country going to work together to cover the Democratic and Republican National Conventions? From networks to working groups, from distributed communications such as text message networks and leaflets, and from ftp video transfers to people hawking newspapers on street corners, this session will examine all the tools of organization and distribution that will make these large scale collaborations possible. Find out how IMCs everywhere have challenged the monopolies of mass media and how this summer in particular will be one of the most active ever for independent media.
An Introduction to Dissembler
A presentation of a tool called dissembler, which can be used to generate printable ASCII polymorphic bytecode from any existing piece of x86 bytecode. The technique used will be explained and the tool will be demonstrated to exploit various sample programs. Q&A session afterwards.
The Kismet Story
Hear the tale of how the widely acclaimed wireless network detector, sniffer, and intrusion detection system came to be from its creator. This talk will also focus on how Kismet's development has been shaped by other security tools and users, along with predictions on where it's likely to go in the future. Also included will be a look at the current state of open wireless drivers and the impact security tools are having on the use of wireless networks.
Matt Blaze, Marc Tobias, Barry "The Key" Wels
Lockpicking is becoming popular as a sport/hobby among hackers throughout the world. In a special two-hour session the joy of lockpicking will be explained and demonstrated, from basic techniques to the state of the art. A whole range of new tools and tricks will be covered. Many stories will be told including that of Matt discovering a vulnerability in MasterKey systems as well as the members of Toool (The Open Organization of Lockpickers - http://www.toool.nl) discovering a severe vulnerability in a European lock. This forced a major European lock manufacturer to shut down the factory for a few days and collect a lot of locks from shops.
In addition to this panel, a lockpicking workshop will be ongoing throughout the conference. And at the end of it all, a lockpicking championship will take place.
Making Use of the Subliminal Channel in DSA
This talk will focus on one reason why it's extremely important to verify the trustworthiness of your encryption programs. A number of papers about a subliminal channel in the Digital Signature Algorithm (DSA) used by the United States Digital Signature Standard were published more than ten years ago. This channel allows for undetectable communication via digital signatures. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in an undetectable way to anyone who knows what to look for. This presentation will show how this subliminal channel works and demonstrate - using a patched version of the GNU Privacy Guard - how to use it for both benign and malicious reasons: legitimate communication using the subliminal channel, and leaking secret keys with each signature.
Media Intervention via Social and Technical Hacking
Nathan Martin, Tyler Nordgren
The Carbon Defense League (CDL) and Conglomco are two tactical media arts collectives engaged in both technical and social hacking processes. Their first collaboration with each other was a website that facilitated barcode relabeling for "user defined pricing." The site was live at re-code.com before it was shut down by pressure from Wal-Mart, Kellogg's, Price Chopper, and the FBI. CDL and Conglomco will present details of their past and present projects (including peoplesjeans.com) and discuss alternative tactics for media intervention.
Mischief and Mayhem at the RNC
Back in 2000 at H2K, Bernie S. and ShapeShifter led a discussion on
secrets of the major political conventions in the United States. Not
long afterwards, ShapeShifter was arrested on the streets of
Philadelphia on suspicion of being a"ringleader" of dissent. In the end,
he won his case against the city and all charges were dismissed. Like
Bernie, his interests weren't squashed because of unjust prosecution.
That's why this panel will focus on the 2004 Republican National
Convention taking place across the street from the Hotel Pennsylvania in
late August. The panel will detail how cops spy on people, their methods
of surveillance, and how they often abuse authority. You will learn how
to infiltrate organizations like the RNC, how to look for and find
security holes, and how mischief and mayhem is achieved. There will also
be details on a unique scavenger hunt.
Technology is neutral. The patterns to which it is submitted are what determines if it can be used for betterment or detriment. This panel will go into that. As we all know, technology has greatly helped mankind. But what about technology that has been altered so that it can be used for non-lethal means? Imagine a bomb that can be dropped that won't kill anyone but will kill any technological related hardware. How about a blast from a sound wave, or a radio wave that can do physical damage to the body? These and other topics will be discussed, as will the technology behind it, and sinister applications.
"Off The Hook" Special Broadcast
As part of the 2600 20th anniversary and the HOPE tenth anniversary, we're putting on a special two hour edition of our weekly WBAI radio show live from the conference. We did a show like this once before at Beyond HOPE in 1997 and it was great fun. We'll have all kinds of special guests who will visit the stage and we'll have plenty of audience participation. The show will be transmitted over WBAI 99.5 FM in New York City throughout the entire tri-state region as well as throughout the Internet.
Packet Purgatory - Twist Your Packets Before You Set Them Free
Ever wondered what it would be like to have your own custom IP stack readily programmable? Ever wanted to be able to use stock clients connecting to stock servers, but still be able to tweak the underlying connection? Have you ever wished you could poke at individual packet bits within a real connection without having to patch your kernel? Packet Purgatory is a library that allows userland programs to do all of the above portably. This talk will highlight the development of Packet Purgatory, how to use it, and ideas for future tools. Also included in the talk will be a discussion of two example tools that have been constructed on Packet Purgatory: Stegtunnel, a tool to hide covert channels in TCP/IP connections and LSRTunnel, which spoofs connections using loose source routing.
Phreaking In The Early Days
Captain Crunch and his friend The Cheshire Catalyst will tell some "war stories" from the early days of phone phreaking. They'll explain what the Blue Box did, how it was used, and some of their "adventures" in using them. And kids, don't try this at home!
Phone Losers of America
The PLA was created in 1994 as a general hacker/phreaker group. They eventually started PLA Magazine which in its lifetime released 46 issues (the most recent being a few months ago). The PLA has done many things over the years, including pulling pranks, operating numerous voice bridges, running their own forums (http://cal.phonelosers.org), etc. This panel will involve a discussion of the history of the PLA, what they are up to now, and the future. There will also be some videos and sound files presented along with a few "how-to" presentations.
Pirate Radio: Running a Station and Staying on the Air
A guide to the setup and operation of a pirate radio station and how to stay on the air when the federal government wants you off. Monk, founder of KBFR and ongoing benevolent dictator of the group (now over 40 DJs broadcasting 24/7), will moderate this panel on how to beat the authorities at their own game. Discussion will include types of technologies used to stay a step ahead of the FCC (and some that have failed) as well as more general information on how to set up and run a successful pirate radio operation.
Preserving Digital History - A Quick and Dirty Guide
Knowledge doesn't move forward without history and while there have been many steps to capture the stories, lore, and data of different aspects of computer cultures, a lot of the same mistakes are made over and over. In a fast-paced talk, Jason Scott of textfiles.com busts out some ideas, tools, and mindsets towards halting the loss, bringing the stories back, and making something to build upon instead of throw away. Along the way, expect a few bucketloads of trivia and memories to sauce up the proceedings.
Privacy - Not What It Used To Be
Steve has been at every one of our conferences and each time he's outdone himself with tales and demonstrations on how much data is stored on each and every last one of us. We all hear the news reports about how government and industry want to expand their databases and share all kinds of information. We hear how people try to protect their privacy and how various organizations attempt to quash the legislation that would broaden these databases. But what we don't hear is how much of our info is already out there and how much of it is being shared between law enforcement, private industry, and many more. Steve will share some of his vast knowledge on the subject and leave you feeling terrified and helpless. And as a special treat, a selected "victim" will learn firsthand just how much personal data can be uncovered on them.
Prometheus Radio Project
Dharma Dailey, Josh Marcus, Hannah Sassaman, Pete Tridish
The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations. But over the years, Prometheus has sued the FCC to stop media consolidation, built stations in places like Guatemala and Colombia, and experimented with using off the shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands to do. This panel will help bring you up to date on the political debates in Washington about low power FM, reforming the spectrum for wireless broadband access, and the grassroots organizing that can be done to reshape the media. A picture show of community radio barn raisings and stations that Prometheus has worked on around the world will be included.
Propaganda in Art and Media
b9punk, Mike Castleman, Frederic Guimont, Lazlow
We see propaganda around us every day, some of it a lot more obvious than others. This panel will show you how to find it and how to make some of your own. Whether it's something like Frederic's comic book adaptation of George Orwell's 1984 or Mike's "Students For an Orwellian Society" website, you too can have fun with manipulation of the masses. Lazlow will reveal from the inside how mainstream media strives for control of the masses while b9punk will explain how much of her propaganda art creations came to be displayed at this conference.
Retaliation With Honeypots
Most of the time a honeypot is considered to be a security resource whose value lies in being probed, attacked, or compromised. The purpose of this talk is to explain how honeypots might be deployed not only to use passive defense technologies, but also active defense ones. As a specific example, think about what might happen the day honeypots are able to automatically strike back at an aggressor or a worm! Different technical possibilities offered to honeypots on the cyberwarfare field will be explored, such as playing with or even hacking back an usual aggressor (scanner, worm, exploit, client of a trojan, etc.), improving traceback capabilities to find the real source of an attack, etc. This will open up all kinds of legal implications which will also be discussed.
Richard Cheshire, Sam Nitzberg, Steve Wozniak
The focus of the Retrocomputing panel will be computing technologies from the 1980s and even earlier. Experiences involving the Altair 8800, the Apple II, and other great machines, their software, and operating systems will be discussed.
Saturday Keynote: Steve Wozniak
Secure Instant Messaging
A look at the evolution of secure instant messaging and how AOL tried to shake off open source and non-vanilla clients by altering the AIM (oscar) protocol. The open source community adapted and readapted until AOL finally gave up. Phar, who has written the first secure messaging clients for Unix and Windows (BLAIM and Impasse), will discuss other IM issues, such as the buyout of ICQ by AOL and the subsequent change (and deterioration) of its protocol.
Security, Liberties, and Trade-Offs in the War on Terrorism
Since 9/11, we have the Patriot Act, tighter screening at airports, a
proposed national ID card system, a color-coded national alert system,
irradiated mail, and a Department of Homeland Security. But do all of
these things really make usany less vulnerable to another terrorist
attack? Security expert Bruce Schneier evaluates the systems that we
have in place post-9/11, revealing which of them actually work and which
ones are simply "security theater." Learn why most security measures
don't work and never will, why bad security is worse than noneat all,
and why strong security means learning how to fail well. Most of all,
learn how you can take charge of your own security - personal, family,
corporate, and national.
Security Through Automated Binary Analysis
Dildog, Weld Pond
Automated binary analysis techniques have become sufficiently advanced so that having the source to software is no longer a prerequisite for finding security flaws. The binary is equivalent to the source. And a patch is equivalent to a detailed description of a security flaw. This talk will cover the implications of the latest binary analysis technology and give an overview of some of the technology available.
Security Through Diversity
Establishing a diversity of operating systems and software on the Internet is now being viewed as essential to global information security. This talk will explore how individual systems and large networks can improve their tolerance to massive attack through this principle. Copies of obscure OS's will be handed out for good questions. Interpretive dance may or may not be involved.
Slaying the Corporate Litigation Dragon: Emerging the Victor in an Intellectual Property Cybersuit
Have you ever wanted to tackle a corporate giant and live to tell about it? Meet web warrior Atom Smasher, whose lifelong fascination with law proved an invaluable commodity the day he found himself in the cross-hairs of some Fortune 500 big guns. In this lively discussion he'll recount his personal odyssey with the "men and women in black" whose federal lawsuit attempted to pull the plug on his whistle-blowing site. Learn how he responded to a cease and desist letter, what he did when served with a lawsuit, and how he triumphed in his legal battle.
Emmanuel Goldstein, Kevin Mitnick
This has always been one of the more popular panels since we started it at the first HOPE in 1994. And this year, for the very first time, Kevin will be at the conference to be part of the festivities. He authored a book on the science of social engineering entitled The Art of Deception which was an eye-opener to many in the corporate world. Emmanuel has been confusing people on the telephone for many years and derives great pleasure out of getting total strangers to give him information he has no right to possess. In addition to a discussion of methods and stories, be prepared for some live demonstrations over the phone. Suggestions for good targets are always welcome.
Sunday Keynote: Jello Biafra
Tactical Media and the New Paranoia
Mike Bananno, John Henry
The Institute for Applied Autonomy (IAA), The Yes Men, and the Critical Art Ensemble (CAE) are activist collectives that use unconventional means to deliver their message. The IAA is an anonymous collective of artists, hackers, and radical engineers who have produced projects such as high speed graffiti-writing robots and map-based websites that help people avoid surveillance cameras. The Yes Men have gained international notoriety for their use of extreme social engineering in order to impersonate World Trade Organization officials at conferences, on the web, and on television. A feature length film documenting their antics will be released by United Artists in August. The Critical Art Ensemble is a collective that explores the intersections between art, technology, radical politics and critical theory. Their books including Electronic Civil Disobedience and The Molecular Invasion have been translated into 18 languages and are used in universities the world over. Recently the FBI has accused the group of bio-terrorism. Due to the ongoing investigation, members of CAE are unable to speak publicly on these issues. However, members of IAA and The Yes Men will describe the events of the case and discuss it as it relates to investigations of hackers.
Technology in Romania
An overview of the ten year period in Romania from 1989 to 1999 and the challenges involving access to technology, the perception of IT in the formerly communist country, and issues of freedom of speech and information. Ninety percent of all access to the Internet is still done via timed dial-up connections which makes connectivity much harder for programmers, researchers, and the average citizen. Learn about the differences in technical cultures and what is being done to level the playing field.
Ten Years of Practical Anonymity
Strong anonymity systems have been available for public access on the Internet for the last decade. During this time the Internet landscape has changed considerably, while the body of knowledge in the field of anonymity research has deepened greatly. This talk will review the history of anonymity systems, describe the methods by which modern anonymity systems protect their users, explore the classes of attacks which exist against anonymity systems, and give examples of practical anonymity systems which can be freely and easily used by the public at large. Emphasis will be placed on e-mail anonymity and the long-lived anonymous e-mail software Mixmaster and the associated remailer network, though other forms of Internet access anonymization will be included for discussion.
Terrorism and Hackers
This presentation will put forth a full range of activities in which hackers can apply their skills to achieve goals related to "the systematic use of violence to create a general climate of fear in a population and thereby to bring about a particular political objective" (britannica.com). This range includes many specific ways for hackers to combat terrorism, methods to fight terrorist tendencies of your country, and how hackers might actually participate in terrorism. Despite being demonized by corporate media and the subject of many recent laws, most hackers, like most people of all types, are not terrorists. What can we do to protect against hackers being misperceived as threats and terrorists?
Today's Modern Network Killing Robot
Note: the recording of this panel is incomplete, though we've posted what we have. Please accept our apologies.
This is an overview of the new generation of DDoS tools. Back in the day, a couple of large pings could take down lots of machines. When those techniques stopped being effective means of taking down networks, people started writing DDoS programs. These programs required a little bit of manual work to install, but were effective at taking down large networks for a while. This generation of DDoS tools was made famous in the media for victimizing famous websites for hours at a time. Soon people learned to control the damage done by these tools, and so a new generation of DDoS tools was born: Ones that could infect thousands of machines automatically to create large botnets and hide their communications in order to evade detection better than their predecessors. These botnets are now the most effective DDoS tools in popular use today. This talk will go over the more popular botnets, such as gtbot and sdbot, and talk about how they work and some ways to spot them on your network. There will be a demonstration of an irc botnet in action.
Urban Exploring: Hacking the Physical World
John and Laura Leita
Urban exploring is the art of going places off limits to most and unseen by many. Explorers are brave souls who often dredge through great dangers for their art. Often they research and document historic abandoned places to accompany pictures and video taken on the locations of sites with enormous history. Otherwise they are simply in search of a beautiful view. John and Laura will talk about the different locations of interest to urban explorers, such as abandoned asylums, steam tunnels, rooftops, abandoned rail spurs, former used industrial sites, and deserted gold coast estates. From there they will go into how this art is best performed and various associated issues. Topics will include how to find urban exploration sites, how to go about exploring and documenting them, UE photography and video, computer assisted exploring, and research techniques to learn about a site. A Video CD presentation will be shown to illustrate urban exploring and show some cool places.
When Corporations Attack
Acidus, Virgil Griffith, Dan Morgan, Wendy Seltzer
We all know the wrath that major corporations are capable of unleashing when the actions of hackers and other individuals anger them. This panel will focus on two of these cases. Dan was the publisher of Satellite Watch News, a publication that focused on the technical workings of the satellite industry. DirecTV (owned by General Motors) managed to completely shut down the newsletter and take nearly all of his possessions. Acidus and Virgil did research into the Blackboard college ID card system (used at universities everywhere) and they uncovered all kinds of interesting facts. This was to be presented at the Interz0ne conference in Atlanta in 2003. Blackboard filed an injunction that not only kept that from happening but has prevented the two from discussing specifics about Blackboard to this day. In addition to these three panelists, a representative of the EFF will be on hand to talk about the legal aspects of these frightening cases.
Where'd All That Spam Come From?
A study of the mechanisms spammers use to flood your mailbox along with what some of the work and research of SpamCrunchers have uncovered. Topics of this talk will include spam bots, spam trojans, some of the sneaky methods spammers use, how they get around filters, why none of this stuff really works anyway, and what you can do to significantly cut down on spam.
Wireless and WiFi: The Good, the Bad, and the Ugly
Dragorn, IrishMASMS, Mike Lynn, Porkchop
A panel to discuss wireless networking: the basics of 802.11 and current products, along with stories of wardriving and a look at network security. Find out why you should care about your network's security even if you don't think anyone else would take an interest in your traffic. Questions and comments from the audience will be solicited.