Announcement

Collapse
No announcement yet.

DEF CON 27 Receipt

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DEF CON 27 Receipt

    Where can I get the DEF CON 27 receipt?

  • #2
    https://media.defcon.org/DEF%20CON%2...%20receipt.pdf

    Comment


    • #3
      I appreciate the link. Work will be pleased.

      Not so much with my fist-full of alcohol receipts. Lol!

      Comment


      • #4
        Originally posted by badkobold View Post
        I appreciate the link. Work will be pleased.

        Not so much with my fist-full of alcohol receipts. Lol!
        hack all the things, drink all the booze

        Comment


        • #5
          Hey guys - tried the link https://media.defcon.org/DEF%20CON%2...%20receipt.pdf and i get a blank screen. Can someone please check the link or send me the .pdf?

          Thanks!

          Comment


          • #6
            Originally posted by El3ktra
            Hey guys - tried the link https://media.defcon.org/DEF%20CON%2...%20receipt.pdf and i get a blank screen. Can someone please check the link or send me the .pdf?

            Thanks!
            We have seen reports that chrome and/or chromium have/has problems with downloading the receipt to display in the browser, but choosing to "save link as" appears to download it fine and once downloaded, you can open with your PDF viewer of choice and print it. How to "save the link as a document varies from browser to browser. With some, right-click offers a choice. With others, tap and hold seems to offer options equivalent to save-as. Others may require pressing a key on the keyboard like control, or option, or "command" as you click the button on a mouse.

            Another alternative is to try another browser. it appears to work fine in Firefox. Please let us know which work-around works for you.

            It is best to download it from the media.defcon.org website. That is the official copy. There are more protections to ensure that document is not modified on the server or in transit (https, with DNSSEC secured TLSA/DANE, and if supported HPKP to help fortify weaknesses in CA system.)

            Getting a copy in email is more risky. The sender may modify it. The provider where the email is composed may send it as-is, or alter it before generating a DKIM sig. The receiving server may modify it after validating the DKIM sig. Anyone with access to the FS where your email is stored could alter it. Anyone with access to your email account could change it. You could rely on GPG/PGP, but then you still have to trust the sender, and have an established trust to the senders public key, or a sufficient path in the web of trust between your keys/certs and the senders.

            I'll try attaching the same PDF here, too; the forums should force "save link as" for a download to your device, instead of trying to show it in your browser.
            (See attachment below.)

            By using this attachment, you extend your trust to "me" and all admins and super-moderators on the forums, who can alter content in posts, or attachments.
            Good luck!

            Next rant? PDF are terrible concept where security is concerned. They *allow* for multiple documents being encoded within a single PDF, executable scripts run by clients, inclusion of requests for clients to visit a URL when they are opened (ping/beacon) so placed like GoDaddy can get confirmation you "read" (opened) the PDF sent to you, but abused so spammers can get confirmation that someone read a PDF they sent. The complexity of PDF make them really hard to fully and completely scan and identify all sub parts, with tools necessary to unpack each and every possible version of supported attachments, and recursive unpacking of all attachments within attachments. Those tools that claim to 100% clean PDF, usually do this by unpacking, and checking the parts they understand, then convert and re-pack only the parts the recognize and are able to validate as not-risky. Obviously, this breaks PGP/GPG sigs and possibly DKIM sigs in emails.

            Even if most PDF don''t have or use those features, the capacity for PDF to support them is a huge security problem.

            What to use instead of PDF? Simple plain-text document without images would work. RTF could also work. Maybe a throw-back to ASCII-ART? If images are required, then it could be just an image, or an HTML "page" with images inline-included, and maybe some CSS but no JavaScript. They are all easily auditable for executable scripts.
            Attached Files
            Last edited by number6; August 23rd, 2019, 16:58.
            6: "Who is Number1?"
            2: "You are number6"
            6: "I am not a number!..."

            Comment

            Working...
            X