Get Smart about Business Spending
Defcon ends with researchers muzzled, viruses written
LAS VEGAS -- The Defcon hacker conference ended its 16th year on Sunday, sending about 8,000 attendees home from a weekend of virus writing, discussion of Internet attacks, and general debauchery.
The highlight was most definitely the restraining order which prevented three MIT students from presenting their research on how to hack the Boston subway system. The students attended the event and even gave a news conference after the order came down on Saturday, but did not present their highly anticipated talk.
Instead, journalist and security expert Brenno de Winter took their empty spot and discussed how the cards used in transit system in The Netherlands and London can be hacked just like the ones used in Boston. Both systems, and many around the world, use the Mifare Classic chip technology, whose cryptography was cracked by researchers last year.
Defcon founder Jeff Moss, alias "Dark Tangent"
(Credit: Elinor Mills/CNET News)"I was advised by several lawyers not to go into details of the Mifare Classic, but anybody who has access to Google...," de Winter said.
Breaking the rules is always a theme at Defcon, but while irreverence for established corporate and government protocols is condoned if not exactly encouraged, breaking Defcon rules definitely has its consequences. Defcon officials said they were considering banning film crews from future events after ejecting a team from the G4 cable network on Saturday for allegedly videotaping a crowd. Photographers and videographers are required to get permission to shoot anyone, even from behind, and are forbidden from shooting crowds.
There was a report that police were called in to investigate a Windows-based kiosk that was hacked to display pornographic images in the lobby. And the usual rowdiness and late-night drinking were a nightly, if not daily, activity. However, things did not seem to reach the level of tomfoolery they did in in the early and mid-1990s when elevators were hacked and cement was poured down toilets. Of course, many of the script kiddies from that era are now married with children.
There were, of course, a range of sessions, including ones on evaluating the risks of "good viruses," hijacking outdoor billboard networks, and compromising Windows-based Internet kiosks.
Members of SecureState, a company that does penetration testing of corporate networks, gave a live demo in one session of an automated attack on Microsoft SQL Server-based computer that left the machine vulnerable to attackers installing viruses and other malware. The team used new tools they are offering for download, SA Exploiter and Fast-Track.
One of the more controversial events at the event was a "Race to Zero," in which teams modified samples of viruses and tested them against antivirus software. Four teams managed to complete all the levels and get through the antivirus software.
There were less technical contests as well. "Mike" from Chicago won $3,000 for spending 30 straight hours listening to pitches and marketing buzz from security company Configuresoft and correctly answering questions on periodic quizzes on the presentations. After the announcement, he jumped out of his seat with his arms in the air. Asked how he felt, Mike, who declined to give a last name, said he "felt smelly."
The contest, called "Buzzword Survivor," was not without scandal. Several contestants claimed--and submitted a cell phone photo as evidence to organizers--that one of the contestants had fallen asleep at one point. However, he was allowed to remain in the contest and made it to the very end with all the others, winning $200. The second prize was $1,000.
Gartner analyst Paul Proctor came up with the idea on a whim. It was originally intended to have 10 contestants competing for 36 hours for a $10,000 prize, but the prize was reduced when only one sponsor stepped up.
The contestants had 10 minute breaks every hour, but otherwise were in their seats listening to detailed talks about the company, its products, and the industry.
"We've submitted them to pain," Andrew Bird, a Configuresoft vice president, who served as MC at the end of contest, said mischievously. "We played recorded Webinars at 4 a.m."
Note: In the video below, Defcon founder Jeff Moss, alias "Dark Tangent," discusses the ethics of hacking and disclosure issues that provoke debate, and often lawsuits, at the event.
(Credit: Elinor Mills/CNET News)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Btw I wrote about it too just a bit different:
http://www.livecrunch.com/2008/08/11/mit-students-found-the-way-to-hack-boston-subway/
I see you do not understand security what a surprise that a redneck is ignorant.
These "clowns" have made computing and the Internet orders of magnitude safer.
Maybe not, you could possibly be one of those rednecks who can't wait to join the queue for every email hoax that comes down the pike. Yeah, I mean those fwd's with a hundred names in the To: field.
You may not like pranks but I'll wager the NSA was reading your ill-informed comment and laughing at you. Do think on this: these Defcon hackers find the vulnerabilities that the Serious People and companies inadvertently leave in their code, then the bugs can be fixed.
- by as901 August 12, 2008 6:15 AM PDT
- I hate to use the word "hacker". Many years back, a "hacker" was a person such as myself , who was a self taught programmer who never learned to type. We started using computers at a time when there were no store bought programs. You wrote them yourself and early computer magazines contained code to help write programs.
- Reply to this comment
-
(10 Comments)The people who call themselves "hackers" today are mostly spoiled upper middle class brats with too much time on their hands. They believe that copying some code and mailing it to do harm is :"bucking the system" and" shoving it to the man"!
These spoiled brats do not harm the "man". They harm mothers and grandparents who cannot afford to hire an IT expert each time their computer crashes!
Mark Heinemann