Our friend [Alex] was a little late getting to our t-shirt free-for-all today, but I just found out why: He was writing a great wrap-up of the many Defcon talks he attended. It’s well worth your time and will give you an idea of the broad slice of info that’s covered at the convention. That picture is him repruhzenting for Hack-A-Day in Fast Company magazine.
Update: I’m finally getting caught up on my RSS feeds; check out Richard Bejtlich’s equally good summary of Black Hat: part 1 and part 2.
I’m guessing this was pretty widely reported, but an NBC undercover reporter fled after being outed in the opening session. NBC Dateline associate producer Michelle Madigan refused press credentials on four separate occasions, choosing instead to pose as a normal attendee in order to covertly film other attendees. Defcon has a long running tradition of playing”spot the fed”, where attendees out people they think are federal agents. The feds play along and it’s all good fun. This was entirely different though: the game “spot the undercover reporter” was announced and she fled immediately, only to be filmed “To catch a predator” style.
I may just be a blogger, but I’m wearing my press pass proudly.
Luis Miras presented “Other Wireless: New ways of being Pwned”. Instead of common con topics like Bluetooth or WiFi, this dealt with the cheap radios used in wireless keyboards, mice, and things like the wireless remote pictured above. These RX/TX pairs are found in 27MHz, 900MHz, and 2.4GHz versions. The devices all use the same main components: a microcontroller, an EEPROM for storing the serial number, and the transmitter. The dongle is nearly the same only with a receiver.
Billy Hoffman and Bryan Sullivan from SPI Dynamics gave one of the more entertaining talks today. The title is an allusion to peoples willingness to apply new technology before they fully understand it. Instead of laughing at silly web 2.0 developers they decided to build their own AJAXified website by consulting the resources that any programmer would: AJAX books, blogs, and forums. What they ended up with was hackervactations.com… a security hole riddled gem built on good intentions.
We’ve been waiting with bated breath for our favorite hacker con, ToorCon, to post this year’s site. In the mean time, they’ve posted all of last years videos to Google Video. We had published a few of our own, but now you get to see the whole conference. After the break I’ve embedded one of my favorite talks from last year: Matt Fisher’s Everything About SQL Injection. It covers everything from the basics to some very clever attacks.
Reader [Brien Schultz] didn’t like his laptop suspending every time he closed the lid to move around the house or to a different work area, so he turned that feature off. Of course that just led to him forgetting to put the thing to sleep when he really needed to, like when he was walking around all day with it in his backpack. To solve his self inflicted problem (common cause of many hacks) he wrote a .NET program to monitor the laptop’s accelerometer. The accelerometer is usually used to park the hard drive heads in case the laptop is falling (it’s also used for hilarity). If BedTime detects that the laptop is in motion, but is not being used it starts a countdown and eventually puts the laptop to sleep. Brien isn’t using the “sleep after X minutes” option because it would put the machine to sleep while it was open and he was just distracted for a few moments. Demo video after the break.
[Niklas Roy] sent in probably one of the largest line following robots ever built. The Gallerydrive project is used to move visitors around an art gallery. It can follow either a black or white line. It also has a touchscreen display for displaying information about the art which is read from RFID tags. Niklas has a full diary of the build on his site with everything you need to build your own.
