Yes. Free T-shirts. Free stickers. At Defcon 15. (No virtual begging.) We’ll have skybox 206 on sunday, but we’re only planning to be set up around noon for an hour or so. Come get em.
The swag is free, but we’d like it if you’d toss us a buck or two to donate to the EFF.
I made it over to pre-registration earlier and scored my badge. It’s a pretty interesting piece of work by [kingpin]. It’s got 95 SMD leds forming a matrix display. The top and bottom icons on the badge are touch sensitive buttons. It’s got selectable modes, programmable text scrolling, a pre-set POV mode and adjustable scrolling speed.
Update: I started digging through the CD they’re handing out at registration and found the schematics, BOM, layout, everything. I’ll have it posted as soon as it finishes uploading over my evdo connection. The board has provisions for wireless, 3 axis accelerometer, serial interface and it’s using a Freescale QF16 processor. (I tried looking up the chip number earlier, but utterly failed)
Update 2: I’m putting interesting defcon files up here. All the badge info I have is online. I noticed a confidentiality notice on one of the files, I’m assuming that it’s ok to distribute since they’re distributing this freely on the conference CD. If I hear otherwise, I’ll have to pull it.
Luis Miras presented “Other Wireless: New ways of being Pwned”. Instead of common con topics like Bluetooth or WiFi, this dealt with the cheap radios used in wireless keyboards, mice, and things like the wireless remote pictured above. These RX/TX pairs are found in 27MHz, 900MHz, and 2.4GHz versions. The devices all use the same main components: a microcontroller, an EEPROM for storing the serial number, and the transmitter. The dongle is nearly the same only with a receiver.
Billy Hoffman and Bryan Sullivan from SPI Dynamics gave one of the more entertaining talks today. The title is an allusion to peoples willingness to apply new technology before they fully understand it. Instead of laughing at silly web 2.0 developers they decided to build their own AJAXified website by consulting the resources that any programmer would: AJAX books, blogs, and forums. What they ended up with was hackervactations.com… a security hole riddled gem built on good intentions.
[J0hnny]’s at Blackhat and Defcon this year with his talk on “No-Tech Hacking”. It’s a fun talk that boils down to this: loads of information can be gathered using low tech methods. A small digital (or film) camera is ideal for shoulder surfing, identifying weaknesses, and assessing strengths.
The talk is pretty amusing – the commentary on the example shots is priceless. The concept has gone over so well at the cons that [J0hnny] has contributed a chapter to a book on risk management. You can grab a sample chapter here. It looks like he’ll be running his talk at 8pm on Friday at Defcon. From the sample chapter, I’d say that the book should be pretty good. It looks like a good introduction to social engineering and using your wits to defeat obstacles (like corporate security).
Just stoking up a bit for Defcon 15 later this week. [Eliot] and I’ll both be there.
My personal coffee stash is down to a single selection of Ethiopian Yirg, so I probably won’t enter the coffee wars. (But I might stop by and add some Hack-A-Day swag to the pot for the winner.)
The final speaker schedule looks really good. It’ll be difficult to decide which talks to visit. The DefconBots event should be interesting. I’m hoping to see some original hardware creations.
Looks like wireless cracking is still one of the most popular topics. Hack-A-Day friend [Aaron] of Midnight Research will be presenting the latest on wicrawl.
Oh, and just prior to Defcon, the Pwnie Awards will take place at Black Hat.
See you in Vegas!
Now that the CCC is over, we finally dug ourselves out of a ginormous pile of cables (Kabelsalat ist gesund!) to bring you this round up post about the best stuff from the last two days of the con.
First up on day 10 was I See Airplanes!, Eric Blossom’s excellent speech on creating hardware for making homebrew radars and software using the GnuRadio project. He uses bistatic passive receivers in the 100 MHz range doing object detection using other peoples’ transmitters. The project has a lot yet to accomplish including the use of helical filters (if there are any antenna freaks reading this, contact Eric, he’s looking for a bit of help).
Next on the third day we attended Ilja van Sprundel‘s huge fuzzing extravaganza. Fuzzers generate bad data that is designed to look like good data and will hopefully break something in an interesting way. Our fav part? When the list of irc clients broken by his ircfuzz tool was so long he had to use 10pt font to get it all on one slide (see slide 53)! His paper can be found here and the slides here.
We then wandered to Harald Welte‘s talk on hacking the Motorola EZX series phones (which we’ve reported on here before). In case you forgot, the EZX series has a linux kernel. Incidentally the phone runs lots of stuff it really doesn’t need (like glibc, 6 threads for just sound processes, and even inetd). He presented the project for the first time in an official context since we saw him at 0Sec in October. Apparently lots of kinks have been worked out and there’s an official code source tree here.
The clincher for day 11 was FX and FtR of Phenoelit‘s semi-controversial talk on Blackberry security (covering both handheld devices and server based RIM products). This talk was a bit of a wake up call for RIM and thus the slides are still not available online so keep a sharp eye out for the video when it’s released by the CCC.
Also available from the CCC are the full proceedings in a downloadable pdf (also available in paper format for you physical-space-doodle-in-the-margin freaks).
