DEFCON day 4

hello mccarran airport. you sure have a lot of “free wi-fi hotspots” now that DEFCON is done. let’s do the last of these talk things before I crash out.

tired of your automated website hacking tool dying out cause it can’t make sense of javascript and flash? some guy wrote one that runs on top of a full browser and then works by visual elements. unfortunately, the source is not release ready and kinda suffering from pre-beta syndrome, but it’s a cool start.

software radio scanning is going from “esoteric hardware hack” thing to “$20 USB dongle + gui” thing. the low end kits are $19 on amazon, have freeware Linux apps associated, and will do things like locate military aircraft by their signals, or listen to federal agents on radio. or hypothetically tap cellphones which you shouldn’t do cause it’d be illegal.

having said that, a separate talk was about using recording walkie-talkie frequencies used by federal agents, then checking how often they screw up and forget to use crypto. fun facts:

  • it’s very difficult to check if you successfully turned on crypto on must radios
  • most agencies change keys about once a week
  • most agencies get it wrong and send plaintext about 5% of the time
  • most plaintext conversations begin with “ok, I turned on encrypted mode, fill me in”
  • even encrypted, the radios send a header that lets you triangulate agents in the field (some military use this protocol too)
  • the only agency to never screw up was the postal service

(there literally are 3 cops blocking my gate at the airport right now. gonna try to get one of those blurry bigfoot photos of them and practice my daffy duck “i got my rights” routine)

bruce schneier did his annual TSA minute if hate and also would like you to know, again, that quantum computing will not be the end of all crypto as we know it, it will be the end of a few algorithms in public key crypto. he also thinks you should go eat at crappy casinos where you’ll get better deals on food (it subsidizes gambling there as they need customers)

(got a photo of the cops)

(cops against window, my gate to left of them. looks like they want to talk to someone arriving on the flight)

ok, basically done with this bitch other than wanting to see how it pans out with the cops. here’s some shout outs while i’m waiting:

  • shout out to the couple who would not shut the fuck up during dan kaminsky’s talk. people of scant social skills + alcohol is a dangerous mix
  • shout out to people putting the phrase “dan kaminsky” in their shout outs so that his google alert thing fires and he gets excited briefly
  • shout out to the apples given out by one vendor for being the only sort of healthy-ish thing within 2 miles of the rio
  • shout out to the arid heat, drying out eyeballs and whatnot
  • shout out to this being the first DEFCON where the wifi is safer than cell towers

(flight arrived. cops walked away with some dude who was saying “i was just worried that it might become a dangerous situation”, and are talking to a second dude. looks like they’re just having to act as playground monitors for these two. my life goes back to ennui and two grown men forced to stop fighting and play nice)

and that’s pretty much it. let’s see if i can post this before boarding real quick

oh! wait! one more thing I remembered from cory doctorow’s talk: to make sure he can securely compute from a public device, he wants a three-button secret key command installed in hardware in every machine that will give him a secret encrypted shell. that’s right, his secret method to maximize his freedom is to get a personal rootkit on every machine in the world. he didn’t explain why his own personal laptop shouldn’t have the same rootkit on it, but i’m sure he’s got a really clear and rational explanation.

DECON day 3

if you missed last night’s parties, it was large groups of guys standing around in expensive hotel suites, drinking from red cups, and telling each other how much money they have. i unfortunately couldn’t make it as i had to go play some pokémans in my hotel room and txt angelica.

anyways: the talks.

DEFCON decided to balance the NSA keynote with a “fuck the NSA” panel today. speakers were 2 ACLU lawyers, an NSA historian, and an NSA programmer (retired). during it we learned

  • that the NSA is absolutely keeping a dossier on every american
  • that the NSA does not intercept communications of citizens because the legal definition of interception requires a human to look at the data. if it’s just stored forever, that would be fine
  • that the new Utah facility for storing things stores ~200 exobytes of data (i hope i wrote that down right)
  • that cory doctorow felt the need to clearly say “hello, i am cory doctorow, the writer” when asking his question of the panel

speaking of, cory doctorow gave his talk. he managed to go 11 minutes before calling for civil war, for those competing in that pool.

let me for a moment here slow down the flow of text. i want you to really savor the meat of his talk. ok, shake your brain off, do some mental pickled ginger, clear your mind. ready? ok, the cory doctorow talk:

whereas we currently have a system in some countries that filters the internet, cory deduces that it’s just a matter of time until the US government places ear implants in americans that will prevent them from hearing anti-american voices.

let that sink in. simple A -> B there. ok, we’re continuing.

this means that there must be a trustable way to make sure you’re running the OS you think you’re running.

ok. so A -> B -> C now. iran filters internet -> american anti-dissident implants -> need for trustable computing.

he proposes solving this need with chips in the computer that can sign everything in a secure way, which, like Descartes’ proof of trustable senses arising from the seed of “i think therefore i am”, arises from the sees of the chip and leads to a perfectly trustable computer free from government and corporate intrusion.

now, the philosophy student might point out that Descartes proof actually fell apart midway and he had to bring in “Oh, and God exists and he would never create a world that would lead us wrong” to help himself out, and then later commits a trivial logical fallacy as he gets stuck even with a benevolent God at his side. however sadly i am not a philosophy student and didn’t point it out.

not to spend like half of this post just shitting on that stupid talk, but it really shows (besides the lunacy of trustable computing arising from a tamper proof chip, like somehow the “trusting trust” paper never happened) how a generation of libertarian coders cannot get past the notion that a computer is somehow a part of their body, vs a tool. a computer and general computing is not the end in it’s own right, it’s a step on the road to improving society in some way.

charmingly, the next talk was a showcase of the exact opposite. a hardware / bios hacker decided as an experiment to create a tool that might be used by China (his words) to completely transparently hijack a machine without the owner ever knowing. the scenario he proposes goes as follows

  • all hardware of a certain type, say a network card, is made in China
  • the hardware is flashed with his code by a government operative
  • the code is a rootkit that runs on device boot
  • flashes the bios of the motherboard
  • installs an alternative bios loader graphically disguised as your bios
  • then proceeds to operate invisibly on your machine completely hidden out of sight.

his proof of concept ran behind windows while stealing all HTTP traffic in first demo, then in second actually booted a remote image of windows with a chinese flag wallpaper in a second demo.

i’ll repeat that. a trojan’ed hardware card caused the computer, on boot, to load windows from a remote server and run it like it’s right there. pretty spiffy.

what else was up… some kid found that Las Vegas airport had all their private documents, including access passwords and hardware designs for the flight systems, available in a public CMS and indexed by google. if you heard the rumor that he was arrested, that’s just rumors fyi. he’s fine, talk went as normal.

tangent: this was a skybox talk so it wasn’t described other than the name of the talk.  i only attended it cause it was called “Grepping the Gropers” and thought it’d be about some new uses of grep. oh well.

and finally, the dan kaminsky show happened as well. 5 problems he tries to solve in his hour:
1 – timing attacks. just make everything ran a few microseconds slower to fix that. ok dan.
2 – virtual machines don’t have access to /dev/random because they lack hardware, and so fall back to /dev/urandom and create broken ssh keys. his solution is to create a new /dev/random that’s based on the virtual machine being allowed to poll different things in the parent computer that have clocks and then run the offset noise through a von neumann “transition finder”, then run that through a hash as it goes. he’s got sample code ready. not mathematically perfect, but in practice it would have saved a lot of ssh keys. pretty cool.
3 – php makes it way too hard to do structured queries. his solution is to have a library that replaces “SELECT * WHERE a=^^a” with a structured query that knows ^^a is $a. code ready, and probably going to be ignored by everyone unless php puts it into the default examples page. oh, he did have a zinger here: “An IDE is a tool that moves copy paste from the Edit menu to the File menu”. cute.
4 – how to check if your government is blocking a website? create a minesweeper javascript that pulls favicons remotely. ok dan.
5 – and last, how to make IP scanners run faster? create a stateless scanner that shits SYNs to everyone, then forgets about them until it gets an ACK back. does 80k IPs per second, and has a full SQLite backend. pretty cool. one bug is that google servers are custom and stateless as well, leading to the two applications having the server version of stoner talks with each other. “hello?” “dude what?” “who are you?” “i know” “what?”. etc.

tangent, i just checked my notes and loaded up the doctorow talk to double check if i got the details right, but apparently the only notes i took during that one was the word “huarglblargl”. i guess i’ll trust my memory.

oh. wait. just remembered one more thing that pissed me off in his talk: doctorow did a bit about how computerized leg replacements cost $525,000, and then explained that that will not create a divide between rich and poor because people would simply not own houses in order to buy the expensive legs. ok cory.

DEFCON day 2

not sure if it’s the 50 shades of grey effect or what, but man is there more chippendale’s ads than last year.

keynote was this morning and it was delivered by the head of the NSA / head of US cyberdefense. if you combine that with the talk given by the former assistant executive director of the FBI (i think i got that right), a former anti-hacker prosecutor, and the usual mix of recruiting talks by the standard 3 letter agencies, this might have been the single most government heavy DEFCON in history. more like FEDCON amirite?

NSA guy’s talk was in general “you guys are wonderful, we are all americans (even the ones of you who are not american) and should therefore help america. please do not sell exploits to anyone else, please work for the NSA 143 143”. only two notably points is that during the softball q/a session (all questions asked by DT) he said that NSA has no dossiers on any american unless it’s incidental to their conversation with other-nationals, and when asked if he’d prefer a safer but more limited internet to a less-safe but more creative, he admitted to preferring the first in order to protect IP.

fun fact i learned though: NSA is tasked with protecting .mil, FBI is tasked with protecting .gov, any other tld and you’re on your own. or in theory anyways, in practice if there’s enough millions on the line, the FBI can still run in and perform hardware seizure on your behalf to remove an attacker, especially if you happen to hire an ex-FBI security consultant with everyone in the bureau still on quick-dial HINT HINT

some rundown of other stuff from the con:

  • WEP cracking is considered not worthy of discussion anymore while WPA/WPA2 are best attacked with password bruteforcers, and in current keyspace given a single aggressing computer and strong signal, the average attack length for a perfectly configured WPA2 is 1.5 months.
  • if you’re using regex’s as your sole method of detecting SQL-insertions then you’re living in a state of sin, even more than before
  • drones are cheap and getting cheaper. everyone should have a dozen to monitor everyone around you. good drones make good neighbors
  • if you have vmware server running and it’s not patched to 4.1 then there’s a metasploit module out to hack you. if you are fully patched, there still might be a way to string together a mess of bugs involving windows permissions, vmware orchestrator, jetty web server, unicode escaping of strings, arp spoofing, and an MD5 hash break for good measure, that will take over your mini-cloud. the weird russian claimed this was a 0-day.

oh, and there’s a DEFCON documentary coming, from the guy who made Get Lamp and the BBS documentary. looks very Get Lamp-y, which is not bad.

good talk from a guy who used to test systems for US defense contractors to make sure they were secure enough for secret and top-secret documents. long story short: the guidelines are written by 15 defense contractors, you don’t have to do anything at all for 9 months or so, the new “partners in industry” program makes it next to impossible to fail, he’s not allowed to touch the computer during an inspection (the employee drives while he watches), and windows is the only system that has actual security guidelines for it. the linux guidelines, as of now, are limited to monitoring a few directories and seeing if a new file shows up. bonus factoid 1: in case the DoD learns that a contractor got hacked, the DoD has no right to tell the contractor who did it, how they did it, or how to fix it; they can only say “hey, you got hacked, sorry”. bonus factoid 2: in he found a print out of the locations of the current active US nuclear missile silos (clearance top secret) hanging out in a filing cabinet in a public hallway. upon moving it to secure storage on a nearby base (per guidelines), he got yelled at for interfering with the contractor’s work.

different good talk from a ACLU-NorCal guy pointing out that while SOPA/PIPA is definitely a worry, a second and very real danger is tiny encroachment by local law enforcement. it’s not the feds currently who are developing omnipresent license plate scanners, but local police departments under municipal law. if things like cell-phone privacy laws fall, it probably won’t be from federal guidelines, but from people not managing to successfully challenge their adoption by smaller law enforcement groups.

which leads me to the first entry into this year’s DEFCON “slippery slope of doom” talk, which was the “automated law enforcement will lead to killbots on our streets (maybe)” panel. decent talk, other than the alarmism, pointing out that we are in fact automating away a lot of the processes of societal safety, including traffic cameras, facial recognition of crowds, full biometrics in some places like India, license plate recognition, crowd sourcing of suspect identification (like websites for identifying looters), and that south korea did literally actually use actual literal killbots on their DMZ with north korea. american flying killbots not mentioned at this particular talk for some odd reason.

that was a strong contender for second place in the “slippery slope of doom” contest since first place will doubtlessly go to Cory Doctorow who will give his standard sales pitch on the death of general computing tomorrow, and it’s unlikely that he won’t at least call for the overthrow of government if not all out civil war.

so yeah, that’s day 2. i’m seriously missing the 7/11 that was within walking distance of the riviera, at least i could buy a banana there. i’m drinking naked juice’s from starbucks to try and keep away vitamin deficiency.

DEFCON Day 1

first thing in Las Vegas (7:30am, good morning) is matching billboards informing me that Paul Oakenfold and that one guy from Jersey Shore are resident DJs at the hard rock casino. must be a proud moment for oakie.

my taxi driver, upon hearing that i’m going to the Rio, asks me if i’m a hacker and if i can hack his car (a mid 90s crown vic). i tell him i can and he’s impressed. i suppose i could try and block his GPS signal if i had a spoofer or something, so it’s not 100% a lie.

line for badges is 2 hours. i was in front a 6’5″ dude from Colorado who couldn’t not talk to people. as soon as someone started ignoring him he’d pick a new audience for his particular brand of libertarian-tinged DEFCON history and philosophy. it was like being stuck in a 2 hour podcast of a turner diaries / windows certification classes crossover.

badge this year is a hybrid of the go-meet-people-solve-mystery one from last year, and the techy ones from previous years. it’s a microcontroller with usb, vga (requires soldering), and some other hidden features, but also part of an ARG game again. reminds me to look up what the ARG ‘solution’ was last year since i never check

btw, this microcontroller supports the Z80 instruction set, which means that it’s possible to play Jet Set Willy on a conference badge. not quite the singularity but it’s not bad.

thursday talks were tailored towards the workshops, with mini tutorials as talks. the wi-fi guys did a “here’s how to attack WPA2” one, the lockpick guys did “here’s how to bypass this generation of anti-lockpick devices”, etc

the defcon entertainment is maturing, for better or worse. sure, the perennial terribads Regenerator are still playing, but the headliners for the friday/saturday post-defcon parties are  MC Frontalot and Crystal Method, with Infected Mushroom doing a daytime set outside. not sure how ready crystal meth is for a hall with 4 guys ironically dancing and couple hundred people sit leaning against the walls tweeting about how much they love bacon, guns, and ayn rand.

btw, if i catch their set, this would be the third time i unintentionally see Crystal, with the first being some club i went to for a friend’s birthday, and second being burning man when someone told me that they were Chemical Brothers (i spent a good few minutes wondering Chem Bros would open a set with Trip Like I Do)

food eaten so far: 1 stupid large sandwich and a naked juice. i feel like a paleothic hunter who caught and ate an entire capybara, except the capybara is an overpriced philly cheese-steak, and i didn’t catch it but in a way you bought it for me with your state education fund tax dollars. so thank you.

if you’re not going out of your way…

if you’re not going out of your way to avoid ads, consider starting.

not only do you lose your present but long story short, advertising creates false memories, and in a very real way people are stealing your past from you and replacing it with a false one

there’s simply no need to be exposed to the vast majority of ads anymore either, in between adblockers and alternate ways to watch shows. no cure for billboards yet though

march second second march

new preteen is up: sherman’s second march

some thoughts:

  • came out more religious than we thought. that’s in a big way cause the popularization of the ‘weird’ that we like to look into. we had to dig a bit deeper than before, and the result was going into older sources. some stuff ages a bit worse, and there’s only so much communism we can put into a CD. religion is more timeless
  • the verses on Black Block are sampled from an a capella by Utah Phillips. google him
  • the beats date from between 2007 to 2011. the CD was assembled from separate piles of beats and samples, and into an album, mostly in the last week of February 2011
  • boyfriend is a cover
  • electrohead is not a cover
  • the sample on unapologia is real and not taken out of context. we actually considered recutting it to try and get him to make more sense, since he likes to change what his pronouns refer to mid-sentence, but figured that it’d be best left alone
  • this is our longest CD ever and savannah is our longest song ever
  • “message from our sponsor” is our second shortest album song ever and third shortest overall. “uncanny valley (radio edit)” is 4 seconds shorter, “uncanny valley (extended)” is 2 seconds shorter
  • “uncanny valley (radio edit)” is actually too short to go onto a CD
  • savannah is too long to fit on any CD format currently in use. it could fit on a DVD-A though
  • “flaming sanken seven stamp my tote” was the most renamed song on the album. most were different onomatopoeias for that first line
  • “message from our sponsor” made the cut to be on the CD by about 2 hours
  • “a prayer for the nation of africa” is not a complicated audio hack. the speaker really seemed to not have been clear on the difference between a continent and a country
  • despite being in almost every live show, this is the first time that Steve contributed audio to an album. he wrote some of the backing audio in “savannah” and “hate and rockets”
  • i think the only sampled statement in the history of the band that i genuinely can say “i agree with this entirely” is the opening alan moore line in “black block”: “Anarchy is, and always has been, a romance.”

where i make difficult to follow comparisons between things

So after seeing them live, Zoë Keating is the Paul Cézanne of classical cello, and Kaki King the Henri Rousseau of classical guitar.

Not perfect analogies, but the idea is there. Zoë understands classical music theory and that methodology, but rejects it in a conscious pursuit of what became called primitivism in painting (though i prefer Gauguin’s term ‘synthetism’). Her music is intentionally segmented, allowing for a greater tonal and stylistic contrast between the fragments, and these contrasts allow for the audio analogue to brighter colors than usually occurs in more traditional approaches. But it’s not a violent rejection, the classical is there in the background, but only as a launching board.

Kaki King on the other hand is to some degrees the outsider. She comes across as someone who is simply playing with toys, but who’s technical ability makes that playing a spectacle. She isn’t worried about showing the edges of her ability, and by exposing them they become a part of the performance, adding a more direct connection to the audience. Where Zoë is memorized, Kaki is always in part, if not wholly, improvised. It would be a disservice to call her music fauvist as it now implies almost an inability, but she isn’t afraid to step into harsher edges of tone and music when the performance takes her there.

Or at least that’s how a slight synaesthetic with slight apophenia sees it.

– –

must be a serious post, i used some capital letters.