DEFCON '03: Myth, Reality and Pictures

[InfoSec News <isn () c4i org>]

http://www.theinquirer.net/?article=10871

By Doug Mohney
05 August 2003

ATTENDEES at this year's DEFCON hacker convention in Las Vegas were
more annoyed at the long lines for speaker sessions than any
appearance by "The Man" (i.e. the Feds). The authority feared this
time 'round was the local Vegas fire marshal -- 6,000 or so people in
attendance and not enough seats to hold everyone in the conference
sessions. People were left standing in line and left out of first-day
sessions. Since each DEFCON attendee paid $75 in cash (U.S. currency
only, no Visa, MasterCard or Euros), The Hacker Street became annoyed.

For the mainstream media, DEFCON is all about visual shock candy. If
it is a choice between JesusHackers and the BondagePornoBabes, it's an
easy guess which ones will make the evening news. Most of the security
news last week was nefariously linked to DEFCON, regardless of
relevance.

Whatever the case, the mostly male, mostly black T-shirt crowd got an
earful from a variety of speakers (assuming they could find a seat -
no standing, per fire code). Phil Zimmermann, creator of the PGP
encryption program, fessed up to wanting to ship the PGP program
overseas as a human rights tool, altho' his lawyers told him not to
say admit it while battling the U.S. government in court for three
years.

Zimmermann emphatically repeated "There is no backdoor in PGP" despite
assertions by TechTV and others. "Network Solutions wouldn't know how
to put in a back door... or a front door, for that matter," he said.  
He attributed some of the paranoia surrounding PGP and the flood of
annoying and irrational fan mail he receives on a daily basis to
"People who think the X-Files are a documentary." He also stated he
was mis-quoted by the Washington Post in a post-9/11 interview.

Chris Hurley, founder of the World Wide WarDrive, took a chunk of his
podium time to flog InfoWorld and The Wall Street Journal for
inaccurate and misleading stories about the effort to document the
number of wireless APs and the (ugly) number of them not running WEP
encryption. (One might say the Washington Post is in good company for
bad technology reporting). Less than a third of WiFi APs world-wide
are running WEP, a percentage Hurley hopes goes up due to the annual
and public and not-secret and not terrorist-linked WarDrive campaign.

Did you know ISPs in the Netherlands get paid for every successful
government-ordered wiretap? Or that there's an EU standard for bugging
your IP traffic? Jaya Baloo revealed this and some other tasty tidbits
in her talk about Government IP Tapping. Baloo, a consultant in the
Netherlands, noted that ultimately there will be EU-wide agreements
for "borderless lawful intercepts" but both quantum crypto and
wireless LANs pose some interesting challenges to regulators.

Sunday's presentation on social engineering was saved from being
stoned by the appearance of Kevin Mitnick out of the audience to
regale the packed ballroom with his exploits of talking Motorola staff
into sending him a source code for their cell phone. His quest – two
hours of talking on the phone -- was nearly frustrated by a firewall
preventing outbound ftp until a Moto security guru thoughtfully
provided a way around it. Mitnick also won the 10th annual "Hackers
Jeopardy" contest, a two evening ordeal that has few rules other than
answering questions and drinking a lot. (Hmm, maybe Kevin could find a
job at the INQUIRER).

Among other contests, the WiFi shootout provided some interesting
results. Held 20 miles outside of Vegas, in the desert, contestants
had to set up and test their gear in the rain (yes, the rain) on the
first day of activities on top of a craggy heap of rock to get the
best distance. The winner, built by ASLRulz out of New York, was able
to send and receive data over 35 miles. Most disturbing/amusing, the
huge antenna was built out of a last minute design with $98 of parts
bought at Home Depot.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.