Search this site

Page 1 of 3  [next]





Defcon 16, this weekend.

Another year, another Defcon.

I'm heading up a day early for my bachelor party (woo!) and then it'll be the Con all weekend. If you're going, email me and let me know where you are.

I'm eager to watch Kaminsky talk about how awesome he is for [insert reason]. He's deliciously full of himself (not that he doesn't release interesting things). Lots of other talks look interesting, so it should be a good weekend full of booze and geeking.


Flew out to Rochester for the weekend to hang out with friends and partake in another BarCamp.

This barcamp was pretty different, in content, than previous ones. I'm reasonably certain it had a lot to do with the location: RIT. Being that the participants were mostly students and professors, the discussion content was much less web2.0-focused, which was immediately refreshing. Various topics ranged from ruby, to scapy, to amazon's web services.

This was my 5th barcamp. In every camp so far, I've lead talks on specific subjects: ssh tunneling, vim, etc. Focusing on one topic has never been a feature of my style, and I realized that this morning during the early sessions. At any given conference, I inevitably become involved in conversations which touch a project I've done, and I'm generally going to say "Hey, I have a tool that does that!" a few times.

So that's what I did my talk on today. I was planning on talking about grok for the entire session, but instead I talked about a pile of random projects I'd done in the past year or so. I picked a pretty wide set of projects hoping to keep people interested. Ones I covered were: keynav, liboverride, grok, sms traffic reports pam_captcha, xboxproxy, xdotool, firefox tabsearch, firefox url editor, and captive portal bypass.

I probably could've talked about a few other projects, but I think limiting it to about 10 was a good choice.

I gave a brief demo of all of the projects I could. I ended my talk with some comments about RIT's rollout of WPA, and pointing out that WPA in a wifi network as large (by users) as RIT's you aren't protecting yourself from anything: man-in-the-middle arp poisoning still works. I'm certain there are fixes that you can implement on the access points, but I doubt those fixes are enabled.

I went to a few talks, but forgot my notebook so I don't have notes. Oops. The night closed with a bunch of us rotating on Rock Band.

Shmoocon 2008 - next week!

Shmoocon starts next week. I'm helping run Hack or Halo again.

If you're at the conference, let me know!

Dublin and MashupCamp 2007 Europe

I spent slightly over a week in Ireland. The weekdays were spent with fellow Googlers at the office, and the weekend was spent at Mashup Camp.

The week was pretty great. I went on the viking splash tour of Dublin. The tour was anything other than informative, and despite that it was a really fun time. The guide mixed facts about historical Dublin with jokes about the shops, area, and Bono (of U2). The difference between the viking splash and other tours was that we wore viking hats, screamed at people on the street, and ended the tour with a ride through one of the canals. The canal ride was made possible because of the busses used in the tour, which were amphibious vehicles from WWII. The Google folks I've met here in Dublin are excellent.

The most recent weekend was Mashup Camp Europe, held in Dublin at the Guinness Store house. The format was a conference/unconference hybrid.

The first day, Saturday, was filled with many presentations about mashup-enabling tools. There was only one track due to the small size of the event.

I must admit I felt drowned in the IBM talks. There were 3 talks on IBM's fancy new mashup-enabling tool, all of which basically restated the same things in nearly the same way. Three hours of the same tool demo doesn't really make for much educational value. I absolutely appreciate IBM helping to sponsor the event, but seriously, there needs to be more content!

Someone from Microsoft Ireland gave a talk and demo about Popfly, which was pretty cool. Both the presentation of and product felt very UnMicrosoft - the inteface was very interactive, animated, and helpful; the presentation and presenter were somewhat modern and informative. I was expecting something with the burdens and weight of an Office product, but I was pleasantly surprised. The only thing I was left questioning was the target of Popfly, which seems to be nontechnical, end users who seem to be the expected target users of this system. I'm not wise to the marketing and demographic data, so I may be wrong in thinking targeting end users is a bad move. Let's hope not: if end users start mashing up content in new and wonderful ways, that'd be great!

I met up with Chad Dickerson from Yahoo!, who I'd met at Yahoo! Hack Day last year, in addition to meeting a dozen or so new folks. I'm a little surprised he remembered me, but I'm always happy to leave an impression upon people. One of the benefits of being at a technical event thousands of miles from home is that you tend to mingle with a set of people who are far outside the set of people who attend bay area tehnical events. Meeting new people is great :)

Half-way through Saturday, I found myself picking up parts of the Irish accent, which was a bit strange and I had to struggle not to lean towards the local accent and language. Lost cause, really.

After boozing with lots of fellow mashup campers at a few bars, I followed Chad and Tom (both of Yahoo!) around the Temple Bar district as they filmed locals asking questions such as "What is a mashup?" The drunk answers to these questions were fantastic.

I walked myself home after acquiring a map of the area.

I arrived on the second day of mashup camp around 11AM (local dublin time). Basically, this was just in time for lunch. I caught the end of a presentation by Serena, which unlike, drowning in IBMs presentations, did not make me nauseous. There was an 8-minute video-keynote recorded by Tim Berners Lee about his recent projects. I'd never seen Tim before and he reminded me much of Kevin Spacey. Then there was lunch, where a met a few more folks. Lunch concluded with a keynote by Chad (mentioned previously) about Yahoo! developer tools and a few other topics.

After Chad's talk was the start of the Mashup Camp open space sessions. I was the first to sign up for a session, which I intended on being a "look at this neat thing" session. I merged my slot with another camper who wanted to talk about scaling.

My talk basically covered Halo 3, Bungie's online player map, and graphing two-dimensional data over time. I played this video. The video was generated using perl, make, Image-Magick, and mencoder. The map images were downloaded with cron, every 15 minutes. I pointed out some interesting data discovered by watching the movie: Someone is playing in Sydney, Japan, New York, London, and a few other places with general coverage 100% of the time. I'll put up the scripts that generated the video soon.

Sunday night started at the Bankers' bar one street south of the Temple Bar district. Someone had volunteered to pay for the food and drinks; a native Irishman put it best, "This is like an Irishman's wet dream!" Free drinks are pretty sweet. I met more people there, too. After the open-bar closed, we wandered towards Temple Bar in search of somewhere with food. After finding many places weren't serving food anymore, we finally settled at some random pub with the kitchen still open. I ordered some chicken thing, but for an appetizer David (the organizer of Mashup Camp) and I split 'black and white pudding' which sounded pretty scary, even when a native described it. Turns out it was just sausages, and they were pretty good.

I leave for the airport in an hour, and I'm quite sad to leave. Thus far, Dublin has been far beyond my expectations. Then again, I've got a fiancee and a dog to come home to, so perhaps leaving isn't so bad after all ;)

BarCampBlock in review

After two days of meeting new friends, catching up with others, a blitz of demos, piles of sessions, food, and drink, I'm pretty beat. As Tara put it in closing session, "Tired, but content." If I had to pick one idea out of the entire conference, it would be that raw, published content is better than no published content. This is why I am scanning in my notes for the sake of having the data out there. Where there is data, knowledge and information can be gathered. This idea resonated throughout the conference. Open standards, interoperability, and even open source, all help to turn raw content/data into useful information.

Put the data out there, and someone else might take your idea/data/project and run with it. The community is a wonderful thing, and community is exactly what makes BarCamp.

This was my 4th BarCamp. Every camp I've been to has been organized and attended by a different group of people, and as a result have had a different experience at each camp. This camp had 600ish attendees - way beyond my expectations. The map I was given when I signed in was invaluable given the locations and walking involved. This map also had a good introduction to the barcamp idea, important websites, and the massive list of sponsors. Another great idea was on the badges; the badges were professionally printed and had URLs for the backchannel, wiki, and other webpages right on them.

I have 12 pages of notes on various experiences and sessions during this event. I spent much of tonight going over my notes and found myself wondering what the goal of my reporting should be: Should I summarize or just dump my notes online? I'd rather provide documentation than typical reporting. To that end, I'll be scanning my notes and posting them online. Most of the pages are covering sessions, so I won't duplicate that data here.

BarCamp as an organism is something quite spectacular. It may begin as an event being organized by a small group of people (an amazing feat by itself), but it becomes organic begins to evolve as soon as the event starts. The openness of the event means anything goes - small sessions, large sessions, discussions, presentations, product demos, theoretical, practical, etc. Information exchanges rapidly and freely.

It's not only an event for geeks. Non-technical topics such as legal, marketing, venture capital, social theory, and many others are pretty common from my experiences at these camps. This technical/non-technical diversity is actually a very nice attribute of BarCamp.

BarCamp is also one of the few "tech" events I attend where I rarely use my laptop because there's lots of incentive to stay offline to socialize and attend sessions.

BarCampBlock itself had some impressive diversity, too - women, men, ethnicities, geographics, and age groups. What properties of BarCamps attract so much diversity? Whatever it is, it's a good thing.

So, about the camp specifically in no particular order.

BarCamp Kids
How do you ensure all people can attend? Implement features that increase accessibility. BarCamp Kids was a daycare set up so parents could easily attend. Volunteers attended to the kids to make sure they were entertained and safe. Comments from the parents who took advantage of this indicated that both the parents and kids were very happy with this feature.
It was actually a block-wide event.
This map shows the venues involved. Huge thanks to all the companies who donated their workspaces, furniture, and other resources for we BarCampers.
Wifi worked!
Any event where network connectivity is a must has the simple opportunity for wifi to perform poorly, or not at all. While each venue typically had a different wireless configuration, I found that any time I needed to get online I had no trouble doing so. Great job!
Easy parking? In Palo Alto?! Yes!
Both days, I parked less than 50 feet from the SocialText offices (the main area). My experience with parking in Palo Alto is that it is an unpleasant experience. Turns out that, on weekends, the city is quite vacant and parking is plentiful. Awesome.
Plenty of food and drink
From what I saw, we never were lacking snacks and drinks. However, I did find myself having to search hard for diet drinks (I happen to like diet coke for taste). Another group (JS-Kit?) had brought 3 kegs of beer for consumption. The party, sponsored by and Facebook, eventually rolled into an open bar party because there were an excess of drink tickets.
DemoCamp was a 2-hour event consisting of many 5-minute lightning talks. The execution was pretty good, but the bar was a bit too loud. My feeling is that the location was good - good size and good projector/sound setup. The Blue Chalk bar was a great place to demo, because after a long day of barcamp sessions, people want to hang out and have a drink. Hang out, have a drink, and watch demos? Sounds cool to me. Turns out the reality was that there was more side chatter which made it hard to hear many of the demo presenters.
What didn't I like? The content of DemoCamp. Many of the demos during DemoCamp were confusing or just bad marketing, unfortunate for those groups presenting. I found that some of the presenters clearly had no idea what their product was and spoke only in abstract. One demo played a very confusing video showing people (programmers?) poking another person who had a "bug" sign on him. Others didn't effectively present the goals of their product. One group demoed something (a plugin? I really have no idea) related to iTunes, but all I saw was a demo of someone using iTunes showing standard features of iTunes. A lightning talk is a great opportunity to put out free marketing for your new product or startup, and it seems like perhaps that opportunity was wasted by many of the groups. Maybe I was in a minority who felt more confused than informed on most of the demos - but random polling showed that my confusion was a majority feeling.

Next DemoCamp could benefit from having a "DemoCamp dry run" where a small attendance could offer to review the demos and provide instant feedback about the presentation style and content so the real DemoCamp would give more benefit the participants, both demonstrators and viewers. If there's another DemoCamp in the bay area, I'll volunteer to prescreen. Bad demos don't help anyone.

For more information on the event, head on over to the BarCampBlock wiki to view the schedule of talks, event details, participant list, and session notes.

Before I close, I want to thank everyone who came. Attendees, volunteers, organizers, and sponsors - without any of which we would not have BarCamp.

Also, check out my BarCampBlock photos or perhaps all BarCampBlock photos.

BarCampBlock - This weekend!

This weekend is BarCampBlock over in Palo Alto. It looks like more of a party than a BarCamp, but a block party with BarCamp elements can be nothing but awesome.

I'm going. You should, too.

This will make my 4th barcamp (New York, San Francisco, and Stanford previously). If you're interested in my experiences at prior barcamps, feel free to look at my posts covering past barcamps.

Defcon 15 in review

This year's defcon was similar to last years. At the Riviera, black and white ball were split across two night, a few amazingly lame talks were given, some cool talks, and as always Dan Kaminsky's talk was entertaining.

I'm no Vegas expert, but the Riviera casino/hotel is the *worst* casino in town. I had many conversations with fellow attendees reminiscing about how much we missed the Alexis Park. Finding parties at the Alexis was cake - walk outside, follow the people and noise. Parties were everywhere. There were also 3 outdoor pool areas which collected people, booze, and music each night. The only downside to the Alexsis Park was that its conference areas were too small and too few. This downside was mitigated by three-channel closed-circuit TV channels broadcast live and viewable on any hotel room's tv. Watch the talks from your room? Awesome. For parties and community, the Alexis Park ruled. For more plentiful conference space, the Riviera is better. It's a shame we (Defcon) outgrew the Alexis Park.

The Riviera is a giant, old, dirty resort casino. The rooms are not great, the casino smells bad, and the food is horrible. Basically, I can't say much nice about the place other than it does have large quantities of conference space. The casino staff were generally nice folks, but I don't gamble so I didn't interact with them much. Their concierge desk is horrible. Every time I asked where I might find a particular place (pizza, sushi, flare bar, etc) that was not inside the Riviera, they had no answers.

I went to my usual (read: small) number of talks this year. I missed a few that were titled in such a way as to disinterest me that I later found out covered some cool material. Bruce Potter's talk was overflowing with people, so some of us had to leave - sad. If you have his talk on video, please send me a url :)

There were thousands of scene whores at defcon this year. We were drowning in them. So much so, perhaps, that some 0x90 folks made these shirts which showed up during the I/O Active party (which was awesome, btw).

I also found that there were so many super paranoid people at Defcon. Mostly scene whores who really have no idea what a computer is or what security is about. Too many evesdropped conversations where people said "I'm not turning on wireless! I have too much important stuff on my laptop that I can't allow to get out!" Are they that worried about being exploited? Probably. Do they really have shit worth protecting on their laptops? Probably not. One of these people was a student at UCSD and he talked shit about his friends' computer knowledge constantly while his friends were supposedly writing tetris for the defcon badges.

If you have a clue and have something on your laptop worth protecting so much so you physically turn off wifi, then you don't bring it to defcon. Clearly these people haven't got a clue and are just whoring up the scene. [*]

[*] One exception is reporters and other press types, who I won't require to have security or computer clue. Of the people I overheard freaking out about wireless, all of them were normal attendees, not press.

I flew into SFO on Monday morning. Wendy was due to land in a few hours, so I sat at the airport so we could go home together. After signing on for wireless, I remembered a project I've been meaning to do for a while - masquerade as a known-valid MAC and IP combination to bypass captive portals. It's easy to do, but I wanted it automated. Now I have a script. I'll post more on this later, but the typical configuration of "captive-portal authentication == your mac+ip is allowed through the firewall" is not a good way to run your pay-for wireless network.

One final notable event is that we took a limo ride to In-n-Out again this year.

I went to more than the talks listed below, but they weren't worth commenting on or I don't remember them.

    Mike Schrenk - "The Executable Image Exploit"
    Before going, I thought this talk was going to be on a new twist to recent image library exploits. It wasn't. His <sarcasm>amazing</sarcasm> content covered something known for years, that hot-linked images (wikipedia calls them deep links), could be used to track users or reveal information by tracking the referrer url or *gasp* setting a cookie!

    Mike also talked about using php to serve images and that you can set cookies using php, but myspace filters images ending with '.php' apparently. His workaround was to tell apache to process .jpg files as php, and he presented this as if he was breaking some kind of new ground and that this was the coolest thing ever: "You can fool apache into running php code on jpegs!" Clearly by "fool" we really mean "configure the same way you do with .php except you put .jpg". Who's fooling who? ;)

    Around this time I was realizing that by "executable image" he really meant that he was executing php code on his own server whenever someone requested an image, again, from his server. This would have been a good presentation for 1998, perhaps, not 2007.

    Zac Franken - Biometrics and Token access control systems
    This talk was great. My knowledge of rfid, biometrics, and other physical access token systems is limited and this talk gave me lots of good information. Furthermore, Zac gave a live demo that worked well. The tool he made, which he called "Gecko", was really neat. Practical and cheap.

    A short summary is that he was performing MITM on physical access systems. As it turned out, most centralized security systems (biometrics, rfid locks, etc) all talk the same protocol to the central authorization server. Gecko simply man-in-the-middles these transactions. MITM is not new, but this application was pretty neat and the small size of his prototype made this kind of physical hacking practical.

    He gave a live demo, which went smoothly, using a few RFID badges. Being minimalist, the interface to his Gecko tool once it was installed was via standard badges. He had made special "control" badges that the Gecko tool understood to be commands such as a replay command, which would replay a previously-intercepted, known-valid, badge read to the server.

    He also talked about future versions of Gecko which might include bluetooth or GSM, which would let you access the reader device from far away. Very neat.

    Dan Kaminsky - Design Reviewing the Web
    Oh Dan. I love you. I went to Dan's talk last year and saw the same attributes this year. His talk covered some interesting things, but he's so full of himself. Watching him talk makes it seem like he is the security industry. One person only, not the thousands of security professionals and underground hackers around the world. Just Dan.

    He did demo his hack of SLIRP over the web browser (flash+http) which was pretty neat, though. Tunneling traffic through the browser into your network. He also ported his dotplot thing from last year to winamp for fun and profit, which wasn't very impressive but made for a good screensaver.

    Jesse D'Aguanno - Arp Reloaded
    Jesse's description of this talk was that it would "build on the previous research in this field and introduce new, more reliable attacks against the ARP protocol which are much less identifiable and able to protect against."

    He lied.

    He covered exactly what is already known, and nothing more. Like Mike's talk above, this talk would belong in 1995, or earlier, not 2007. Who's reviewing these talk submissions?

    It is almost like Jesse lives in a black box. Not only did he cover decades-old exploits, he reinvented the wheel. There are many many tools that will let you easily craft packets and dump them on the network. Netwox, nemesis, and scapy are just 3 I can name off the top of my head. Ignoring the years of developing packet crafting tools, he wrote his own crappy tool to dump crafted arp packets onto the network which he calls "arpcraft" which does exactly the same thing as netwox, nemesis, and scapy, in more or less the same amount of typing. Weak sauce. I call shenanigans.

    This lame presentation is from the same person who made headlines about his blackberry hackery last year. Was this blackberry research really his own work, or is he just a front for someone elses work?

    He also demoed a remote shell tool using arp. Seems useless to me since arp only goes over layer 2 and won't leave the local layer 2 network. Wxs joked that you would better off beating the owner of your exploit target machine with a bat to wrest the password out of him than using a remote shell via arp, since layer 2 means your target almost guaranteed to be physically close.

    David Gustin - Hardware Hacking for Software Geeks
    The title of this talk grabbed me immediately. The content was great!

    Unfortunately, early in the talk, the speakers mentioned that was a great howto site. I spent the rest of the talk reading tutorials on that website. Oops.

CiscoGate and DefCon

The 'CiscoGate" talk just wrapped up.

I was at Defcon 13 when the Cisco/ISS fiasco was going on, but all I had heard was rumors and gossip about what was going on. The talk had some really good content and filled in lots of gaps in information for me. Interesting to see how insane the problem (dealing with Cisco/ISS/FBI/etc) was and that it took 5 months after the event until the problem was fully resolved (the data was finally cleaned up to Cisco's satisfaction).

I tried to attend Bruce Potter's talk but it seems his popularity is too much as a speaker, and we got booted out because there were too many people. Guess I'll have to wait for the video.

I've also been working on some new shared library overriding code that I'll get around to describing later.

Defcon 15, this weekend.

I'll be making my yearly trek to Vegas for Defcon 15. If you're going, and want to meet up, let me know :)

SuperHappyDevHouse 18 - review

This past shdh was my first. It wasn't what I expected; way more people showed up than I thought would show. Totally sweet.

There were 6 or so tables setup with chairs and power strips. Wifi. Someone setup a projector to display sniffed google/yahoo searches flying over the wireless. I was already doing my standard 'ssh -D8888 somewhere' and having firefox proxy over that.

The projector was displaying the decoded contents of search queries. My first work that day was on hacking the projected screen. The first one was hacking pushing search queries with wget(1) that had terminal control codes. After that, I figleted-things to the screen using figlet, awk, xargs, and wget. Some time later I got around to doing something way cooler. Basically, I had a script that would read every key stroke I typed, and send a search query consisting of a clear-screen sequence followed by the whole string I had typed. When I demoed it, I managed to convince some through assumption that I had owned the machine itself, and not that I was doing this all via search queries. Hehe, fun. Here's what I was using:

(stty raw; x=""; while true; do a="$(dd bs=1 count=1 2> /dev/null)"; if [ "$a" == "^H" ] ; then x=${x%?}; else x="${x}${a}"; fi; wget --read-timeout=.001 --tries=1 "^[[2J^[[0;0H$x"; done)

There was a large ruby-fan presence. Lots of people working on facebook apps, too.

If you didn't see the slurry of posts I made during shdh about code I was working on, here's a short list:

  • Got a prototype of jquerycmd working
  • Wrote a google maps direction scraper with jquerycmd
  • Wrote Makefiles for navmacro and xdotool that work without pkg-config
  • Started working on the urledit firefox extension
  • Implemented urledit with xdotool and a shellscript
Tons of code written. I had a good time, but next time I'm going to try for a more social approach instead of sitting in a corner coding like a fiend ;)