Zero Day posted a list of tools and applications that were released at Defcon 16. The applications run the gamut, from Beholder, an open source wireless IDS tool, to CollabREate, a reverse-engineering plugin that allows multiple people to share a single project. The list covers a lot of ground, and there’s a lot for hackers to play around with and explore. It’s nice to see someone bothering to maintain a list since the majority of conference tools just get lost in the shuffle and are never seen again.
cons1386 Articles
Blip Festival: Reformat The Planet
Pitchfork.tv is showing the documentary Blip Festival: Reformat the Planet for one week only. The Blip Festival is an annual chiptune event in New York City featuring musicians who use video game consoles as part of their production. The documentary has a ton of artist interviews and music from all across the spectrum. Most of the initial featured artists are using the Game Boy LSDJ tracker cartridge. [Nullsleep] has put together a tutorial for the device. You’ll see a lot of other old hardware and hear discussions of coveted mods like adding backlights as well. [Mark Denardo] is shown using a PSP as part of his performance. Other people are using software like Fruity Loops to build tracks with Nintendo samples. Honestly, our favorite part was a clip of the loud objects doing a live soldering circuit bending performance on top of an overhead projector at the Bent Festival. Although not musical, Element Labs’ Versa TILE makes a fairly mesmerizing backdrop throughout the film too. You can find links to all the featured artists on last year’s festival page.
Blip Festival 2008 happens December 4-6 in Brooklyn, NY.
[via Waxy]
[photo: ziggy fresh]
Upcoming Events
It looks like it’s time to update our event list. Here are some hacking related events happening through the rest of the year.
- ToorCon September 26-28 San Diego, CA – In its tenth year, ToorCon has always been one of our favorites. The conference is fairly small, but features great content like last year’s fuzzing talk.
- Arse Elektronika (NSFW) September 25-28 San Francisco, CA – Happening the same time as ToorCon, this conference covers the sexual side of human and machine interaction. The device list has gems like The Seismic Dildo, which only turns on if there is seismic activity in the world.
- Maker Faire October 18-19 Austin, TX – It’s Maker Faire! In Texas!
- Roboexotica December 4-7 Vienna, Austria – The premier festival for cocktail robotics is also back for the tenth time. They’re always looking for more exhibitors. Check out our Hackit for ideas.
- 25C3 December 27-30 Berlin, Germany I think we pretty much covered all the bases on this incredible conference yesterday.
Did we miss anything?
25C3: Nothing To Hide Announced
Germany’s Chaos Computer Club has announced the theme for their annual Chaos Communication Congress: “Nothing to hide“. Like last year’s “Full steam ahead!“, it’s open to many interpretations. People striking down privacy laws often say citizens shouldn’t mind since they have “Nothing to hide”. The phrase is also connected to the inability to hide data, as the CCC demonstrated this year by publishing the German Home Secretary’s fingerprint. On a more positive side, “Nothing to hide” is also about the free exchange of information that happens at hacker conventions. The Congress is in its 25th year and promises to be as good as ever. At last year’s 24C3, we saw great talks like [Drew Endy]’s biohacking talk and the original MiFare crypto presentation. 25C3 will be held in Berlin December 27th to 30th. The wiki is already up and they’ve published a call for participation, if you’re interested.
Black Hat 2008: NIC Based Rootkit
While Black Hat and Defcon have both concluded, we’re going to post a few more talks that we think deserve attention. [Sherri Sparks] and [Shawn Embleton] from Clear Hat presented Deeper Door, exploiting the NIC chipset. Windows machines use NDIS, the Network Driver Interface Specification, to communicate between the OS and the actual NIC. NDIS is an API that lets programmers talk to network hardware in a general fashion. Most firewalls and intrusion detection systems monitor packets at the NDIS level. The team took a novel approach to bypassing machine security by hooking directly to the network card, below the NDIS level.
The team targeted the Intel 8255x chipset because of its open documentation and availability of compatible cards like the Intel PRO/100B. They found that sending data was very easy: Write a UDP packet to a specific memory address, check to make sure the card is idle, and then tell it to send. The receive side was slightly more difficult, because you have to intercept all inbound traffic and filter out the replies you want from the legitimate packets. Even though they were writing low level chipset specific code, they said it was much easier to implement than writing an NDIS driver. While a certainly a clever way to implement a covert channel, it will only bypass an IDS or firewall on the same host and not one on the network.
[photo: Big Fat Rat]
Defcon 16: Glimpses Of The Network Operations Center
Wired’s Threat Level takes us on a photo tour of the Defcon Network Operations Center, giving a unique behind-the-scenes perspective of one of the largest computer security conventions. The Defcon Network Operations Center is run by a volunteer group named the “Goons”. They keep operations running smoothly and securely with both high and low-tech resources, like a Cisco fiber switch and an armed guard, to protect the router and firewall.
Defcon 16: Covert Warballooning Flight
Since last month, when the Defcon warballooning event was announced, [Rick Hill] finished building his rig and even got FAA approval for the flight. Just when everything seemed set, the Riviera Hotel management decided not to allow the takeoff from their property. So, naturally, [Rick] and his team rented a moving truck and covertly inflated the balloon inside. They launched it in an abandoned parking lot and drove through the Vegas strip. They were surprised to find that about one third of the 370 wireless networks they scanned were unencrypted.
[photo: JoergHL]
[via /.]
