The Hacker Factor Blog

Tools, Techniques, and Tangents

 Home
Blog

Defcon 17 Review

Tuesday, August 4. 2009

I'm finally back from Defcon 17. This was my 7th year at the conference (I've attended DC 9, 10, 11, 12, 15, 16, and 17.) Much of the conference was similar to previous years: some talks rocked, some were meh, and a few sucked. However, there were also many differences.

The Crowd


Back at Defcon 9, the crowd was really divided evenly into three groups. One third were industry, academics, and other whitehat hackers who were there to learn. One third were true blackhat hackers (brilliant, but evil), grayhat hackers (doing good via evil methods), and general anarchists. And the final third were feds, trying to inventory the other two groups.

Over the years, the blackhat group has dwindled, while the fed and industry groups have increased. This year, I gut-estimate that the crowd was 60%-70% feds or people who work with feds, and the rest were industry (like me) or academics. There was only one person who I knew was a blackhat hacker, and no obvious anarchists. This was a relatively tame crowd.

And speaking of estimates... Jeff Moss (aka Dark Tangent -- he is the face behind Black Hat and Defcon) originally voiced that he expected the conference to be about 2000 people smaller (or 25% smaller) than last year, due to the economy. He was grossly mistaken. The conference sold out of the 8000 badges in less than a day. I'm gut-estimating that there was probably 2000 more people than last year. The economy may be hurting, but this conference was too important to miss.

As a comparison, the World Shoe Association holds their annual conference in Las Vegas at the same time as Defcon. As I understand it (from chatting with cab drivers), WSA was a bust. They had more vendors than visitors. Defcon actually had more attendees than WSA.

Other things I saw and heard at Defcon:
  • I saw at least a half-dozen fat men walking down the halls while eating salads. In all my years attending Defcon, I have never seen anything like it.
  • I overheard a guy on his cell phone saying "No, I'm not in Virginia right now." Fed! When I asked if I could spot him, he covered his phone and walked away.
  • There were way more goons (Defcon security) this year than ever before. And the hotel security were actually checking badges and acting friendly, instead of sleeping or being *ssholes.

The Talks


A few of the talks were informative, but not earth-shattering. For example, Roger Dingledine gave a good talk titled "Why Tor Is Slow, and What We're Doing About It". Why is it slow? Bandwidth and architecture. Increasing the number of nodes will not alleviate the problem. And they had to put in a number of limits in order to prevent abuse (abuse being anonymity breaches, and not the number of people who use Tor to download porn). Don't get me wrong -- the talk was well done, it just wasn't remarkable content.

Similarly, my friend Richard Thieme gave two excellent talks. One was on UFOlogy, continuing his coverage of UFO-related information. (While most UFO people are true-believers and nuts, Richard is definitely sane. And even Richard agrees that more than 95% of the stuff out there is fraudulent -- it's that remaining sliver that is really interesting.) His other talk was on Hacking and Biohacking -- new material and very cool stuff.

There was a special guest this year: Adam Savage from Mythbusters. (Thanks Marcus for getting me a great seat! 3rd row, aisle, within spitting distance -- not that I wanted to spit at Adam. I trained all of the people in the question line to kneel so the rest of us could see.) Adam's presentation was part speech and part Q&A, on the topic of "Failures". He doesn't trust people who have never failed; failure builds character and experience. And people who have never experienced a failure are likely failing constantly but not noticing due to all of the people saving the day behind the scenes. While the topic was related to hacking, it really wasn't a technical talk -- and he didn't blow anything up, even though there was a fire extinguisher on the edge of the stage. It was definitely worth attending, and he said he wouldn't mind presenting again next year.

Beyond the regular stuff, there were a few "WOW" presentations. The big ones that I attended:
  • "I am walking through a city made of glass and I have a bag full of rocks" by Jayson Street. This was truly an unexpected WOW. He discussed cyber warfare, and who is really doing what. He named names, and gave a clear story. Wow, Wow, Wow.
  • "Weaponizing the Web" by Shawn Moyer and Nathan Hamiel. Last year they attacked social networks. This year they attacked automated redirection systems and exposed serious weaknesses from Cross-Site Request Forgery attacks (CSRF). Imagine Site A (e.g., USAToday) attacking Site B (e.g., Wikipedia) who attacks Site C (e.g., CNN) who is attacking Site A (e.g., back to USAToday) -- all initiated with one specially crafted URL. This talk was informative, eye opening, and very entertaining; exactly what I'd expect from Shawn and Nathan.
  • "Advanced Video Application Attacks with Video Interception, Recording, and Replay" by Jason Ostrom and Arjun Sambamoorthy. They demonstrated the ability to intercept video and audio between two VOIP devices (like Cisco video phones), and how to inject or hijack content. The talk was good, but the demo sealed the deal as a Wow talk.
  • "Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data" by Chema Alonso and Jose "Palako" Palazon. Programs like exiftool and libextractor only find a little of the available meta data. Their tool, call FOCA, extracts so much more. It not only extracts meta data, it also cross-file correlates and does deep data mining. For example, they can extract email and IP addresses from DOC files and then correlate addresses between documents to determine who is creating what. Using it, they scared the hell out of their own government (Spain) and the CIA -- both of whom pulled all of their docs, cleaned the meta data, then re-released their documents. And I enjoyed their motto: Spanish is better.

The Stupidity


Every year, people do some really stupid things. But let's face it... if you put a bunch of geeks in one place then you are certain to hit a critical mass for stupidity.

Most of the conference was pretty tame, even compared to previous years. (That's what you get for having more than 50% feds in attendance.) However, there were four felony arrests. Three people got the bright idea to bungee jump off the roof of the Riviera Hotel and Casino. The fourth person picked the lock to the roof. Normally, these would be regular crimes... Except, they happened at a Casino. That makes them felonies. (And no, they didn't get to jump, but they did get to the roof.)

A swarm of killer bees (yes, really) attacked people lounging by the pool. When I saw the swarm, they were resting on the side of the building. Some other guy said that the swarm was about twice the size 30 minutes earlier. (Does anyone have pictures???)

And one guy broke his foot. He was a pervert who grabbed my friend's rump. Now, Page is not a petite woman, and she certainly was not dress provocatively. Yet some guy walked up behind her and did a two-handed grab. Page, being a rugby player, reacted instinctively -- she stomped backwards with her foot. As she put it "I felt a crack and he yelped". "You broke my foot", he exclaimed. "That's the idea", she replied. If anyone knows the identity of the guy who broke his foot at Defcon on Saturday (Aug 1), let me know and we'll devote a wall-of-shame to the pervert. (As an aside, Page's boyfriend -- my buddy Mike -- is a very big guy. The perv was lucky Mike wasn't around or a broken foot would have been the least of his problems.)

For any women debating on attending Defcon 18: In all my years at the conference, I have never heard of anything like this happening before. (And I know many women who attend the conference, and none have mentioned being molested.) This was an isolated incident and most likely, he was the same kind of perv who would grab stewardesses on airplanes and shoppers in grocery stores. Most male geeks have trouble talking to women who's names don't end in ".JPG", and they may act dorky, but they are very polite to women.

And to the pervert: we will find you, and we will make you public.

Next Up?


I always find something new when I go to conferences. In my next blog entry, I'll cover the looming death of Vegas.
Posted by Dr. Neal Krawetz in Security, Conferences at 07:56 | Comment (1) | Permlink

Comments
Display comments as (Linear | Threaded)

#1 Pat on 2009-08-27 19:23 (Reply)

Yeah man, like 6000 people on 8000 were feds...lol, think about it!! :-)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

Search

Calendar

« September '10
S M T W T F S
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Archives

September 2010
August 2010
July 2010
Recent...
Older...

Categories

Popular Posts

How Not to do Image Analysis Part I and Part II
As Alive As Elvis
Body By Victoria
Direct Deposit, Direct Withdrawl
Point-of-Sale Vulnerabilities

Recent Book

Feeds

Links

Security
Internet Storm Center
Security Focus
CyberSpeak
Happy as a Monkey
Cybercrime

Images
Photoshop Disasters
Food In Real Life
Worth1000
CG Society
Awkward Family Photos

Media
Stinky Journalism
Unnecessary "Quotes"
Oh No They Didn't
Obama Conspiracies
Barackryphal

Blogs
Fergie's Tech Blog
Xenon's Isotopia
James Carrion
Mark Shuttleworth