DEFCON day 4

hello mccarran airport. you sure have a lot of “free wi-fi hotspots” now that DEFCON is done. let’s do the last of these talk things before I crash out.

tired of your automated website hacking tool dying out cause it can’t make sense of javascript and flash? some guy wrote one that runs on top of a full browser and then works by visual elements. unfortunately, the source is not release ready and kinda suffering from pre-beta syndrome, but it’s a cool start.

software radio scanning is going from “esoteric hardware hack” thing to “$20 USB dongle + gui” thing. the low end kits are $19 on amazon, have freeware Linux apps associated, and will do things like locate military aircraft by their signals, or listen to federal agents on radio. or hypothetically tap cellphones which you shouldn’t do cause it’d be illegal.

having said that, a separate talk was about using recording walkie-talkie frequencies used by federal agents, then checking how often they screw up and forget to use crypto. fun facts:

  • it’s very difficult to check if you successfully turned on crypto on must radios
  • most agencies change keys about once a week
  • most agencies get it wrong and send plaintext about 5% of the time
  • most plaintext conversations begin with “ok, I turned on encrypted mode, fill me in”
  • even encrypted, the radios send a header that lets you triangulate agents in the field (some military use this protocol too)
  • the only agency to never screw up was the postal service

(there literally are 3 cops blocking my gate at the airport right now. gonna try to get one of those blurry bigfoot photos of them and practice my daffy duck “i got my rights” routine)

bruce schneier did his annual TSA minute if hate and also would like you to know, again, that quantum computing will not be the end of all crypto as we know it, it will be the end of a few algorithms in public key crypto. he also thinks you should go eat at crappy casinos where you’ll get better deals on food (it subsidizes gambling there as they need customers)

(got a photo of the cops)

(cops against window, my gate to left of them. looks like they want to talk to someone arriving on the flight)

ok, basically done with this bitch other than wanting to see how it pans out with the cops. here’s some shout outs while i’m waiting:

  • shout out to the couple who would not shut the fuck up during dan kaminsky’s talk. people of scant social skills + alcohol is a dangerous mix
  • shout out to people putting the phrase “dan kaminsky” in their shout outs so that his google alert thing fires and he gets excited briefly
  • shout out to the apples given out by one vendor for being the only sort of healthy-ish thing within 2 miles of the rio
  • shout out to the arid heat, drying out eyeballs and whatnot
  • shout out to this being the first DEFCON where the wifi is safer than cell towers

(flight arrived. cops walked away with some dude who was saying “i was just worried that it might become a dangerous situation”, and are talking to a second dude. looks like they’re just having to act as playground monitors for these two. my life goes back to ennui and two grown men forced to stop fighting and play nice)

and that’s pretty much it. let’s see if i can post this before boarding real quick

oh! wait! one more thing I remembered from cory doctorow’s talk: to make sure he can securely compute from a public device, he wants a three-button secret key command installed in hardware in every machine that will give him a secret encrypted shell. that’s right, his secret method to maximize his freedom is to get a personal rootkit on every machine in the world. he didn’t explain why his own personal laptop shouldn’t have the same rootkit on it, but i’m sure he’s got a really clear and rational explanation.