Cyphercon 4.0 came to life in Milwaukee, Wisconsin on Thursday and the conference badge is a brilliant and engaging design. At first glance it looks like a fairly mundane rectangular badge. But a closer look reveals simplistic elegance wrapping around some clever mechanical design and the awesome interactive mechanism of being able to read paper tape.
That’s right, this badge can read the series of holes punched in the long paper strips you normally associate with old iron of 50 years ago.
3D Printers have been in the hands of hackers for well over ten years, but the dream is far from over and certainly not overslept. This year’s Midwest RepRap Festival is a testament to the still-growing excitement, and world where 3D printing is alive and kicking on the next level.
This past weekend, I took up my friend [Eric’s] advice to come down and participate firsthand, and I was simply blown away. Not only did we witness the largest number of attendees to date, MRRF 2019 spilled into not one but two conference halls at the Goshen Fairgrounds.
Dust off your rainbow tables and grab a burner laptop, this Thursday, April 11, Cyphercon 4.0 roars into Milwaukee, Wisconsin. It’s a security conference with all that entails, but there is a bit of emphasis on crypto. A founding principle of Cyphercon is to support a “free and open discussion on strong cryptography”.
You’ll find 10 community submitted puzzles to get warmed up for solving clever challenges. There’s a wireless capture-the-flag challenge to boost your wireless sniffing/spoofing skills using simple tools like Raspberry Pi and the YARD stick One (which we just saw doing keyless entry attacks). As you’d expect, a wide range of talks from well know security professionals has been planned.
Cyphercon 3.0 Badge
There’s a few talks I’m particularly interested in seeing. Vi Grey’s talk on NES ROM polyglots is a can’t miss for me even though I’ve I’ve read about his work at length. Oh, and you know all those 23andMe DNA tests? Michelle Meas has a talk about what happens when genome databases from companies like that get breached. Eric Escobar isn’t just running the wireless CTF, but giving a talk along with Matt Orme on hardware for remote wireless pen testing. And I’m a sucker for talks from legal experts so Amit Elazari Bar On’s presentation on legal issue with bug bounty programs is very high on my list.
But these are just the things that are formally planned at the conference. I missed out on last year’s Cyphercon and heard the badge hacking challenges were on-point. I’m looking forward to seeing what they can come up with this time around! I’ll report back on what I encounter… I’m hoping to run into you there!
At Hackaday, we are nothing without our community. We meet up at conferences, shows, and camps, but one of our favourite way to congregate is with the Unconference format. It’s an event where you can stand up and give an eight-minute talk about what is important to you, and what you are working on.
Thank you to the Cambridge Makespace for hosting our most recent a Mini Unconference. Let’s take a look at the excellent talks and demos that highlighted the day!
It wouldn’t be much of a stretch to assume that anyone reading Hackaday regularly has at least progressed to the point where they can connect an LED to a microcontroller and get it to blink without setting anything on fire. We won’t even chastise you for not doing it with a 555 timer. It’s also not a stretch to say if you can successfully put together the “Hello World” of modern electronics on a breadboard, you’re well on the way to adding a few more LEDs, some sensors, and a couple buttons to that microcontroller and producing something that might come dangerously close to a useful gadget. Hardware hacking sneaks up on you like that.
Here’s where it gets tricky: how many of us are still stuck at that point? Don’t be shy, there’s no shame in it. A large chunk of the “completed” projects that grace these pages are still on breadboards, and if we had to pass on every project that still had a full-on development board like the Arduino or Wemos D1 at its heart…well, let’s just say it wouldn’t be pretty.
Of course, if you’re just building something as a personal project, there’s often little advantage to having a PCB spun up or building a custom enclosure. But what happens when you want to build more than one? If you’ve got an idea worth putting into production, you’ve got to approach the problem with a bit more finesse. Especially if you’re looking to turn a profit on the venture.
At the recent WOPR Summit in Atlantic City, there were a pair of presentations which dealt specifically with taking your hardware designs to the next level. Russell Handorf and Mike Kershaw hosted an epic four hour workshop called Strategies for your Projects: Concept to Prototype and El Kentaro gave a fascinating talk about his design process called Being Q: Designing Hacking Gadgets which together tackled both the practical and somewhat more philosophical aspects of building hardware for an audience larger than just yourself.
As we’ve seen time and time again, the word “hacker” takes on a different meaning depending on who you’re talking to. If you ask the type of person who reads this fine digital publication, they’ll probably tell you that a hacker is somebody who likes to learn how things work and who has a penchant for finding creative solutions to problems. But if you ask the average passerby on the street to describe a hacker, they might imagine somebody wearing a balaclava and pounding away at their laptop in a dimly lit abandoned warehouse. Thanks, Hollywood.
The “Hollywood Hacker” Playset
Naturally, we don’t prescribe to the idea of hackers being digital villains hell-bent on stealing your identity, but we’ll admit that there’s something of rift between what we call hacking versus what happens in the information security realm. If you see mention of Red Teams and Blue Teams on Hackaday, it’s more likely to be in reference to somebody emulating Pokemon on the ESP32 than anything to do with penetration testing. We’re not entirely sure where this fragmentation of the hacking community came from, but it’s definitely pervasive.
In an attempt bridge the gap, the recent WOPR Summit brought together talks and presentations from all sections of the larger hacking world. The goal of the event was to show that the different facets of the community have far more in common than they might realize, and featured a number of talks that truly blurred the lines. The oscilloscope toting crew learned a bit about the covert applications of their gadgets, and the high-level security minded individuals got a good look at how the silicon sausage gets made.
Two of these talks which should particularly resonate with the Hackaday crowd were Charles Sgrillo’s An Introduction to IoT Penetration Testing and Ham Hacks: Breaking into Software Defined Radio by Kelly Albrink. These two presentations dealt with the security implications of many of the technologies we see here at Hackaday on what seems like a daily basis: Bluetooth Low Energy (BLE), Software Defined Radio (SDR), home automation, embedded Linux firmware, etc. Unfortunately, the talks were not recorded for the inaugural WOPR Summit, but both presenters were kind of enough to provide their slides for reference.
At the climax of 1983’s “WarGames”, the War Operation Plan Response (WOPR) computer famously opines “The only winning move is not to play” when presented with a barrage of no-win scenarios depicting global thermonuclear war. While the stakes aren’t quite as high when it comes to putting on a brand new hacker convention, there’s certainly enough pitfalls that most of us would take WOPR’s advice and never even try. But for those who attended the inaugural WOPR Summit in Atlantic City, it was clear that not only did the team behind it have the tenacity to play the game, but that they managed to prove their supercomputer namesake wrong.
That’s not to say there isn’t room for improvement going forward, but it was hard not to be impressed by such a strong initial showing. The WOPR Summit organizers not only had to contend with the myriad of things that could go wrong, but they had to deal with what actually did go wrong; such as a sizable storm hitting the New Jersey coast just as the event got rolling. Yet from the attendees perspective the weekend-long event went off without a hitch, and everyone I spoke to was excited for what the future holds for this brand-new East Coast event.
It’s never easy to capture 20+ hours worth of talks, workshops, and hands-on projects into a few articles, but we do our best for the good readers of Hackaday. Below you’ll find just a few of the highlights from the first-ever WOPR Summit, but it’s nothing quite like attending one of these events in person. This far out we don’t know when and where the next WOPR Summit will take place, but you can be sure that Hackaday will be there; and so should you.
