Announcement

Collapse
No announcement yet.

PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

    Several new forums added today, many of which I have no description:


    Ninja Networks Badge and Events
    "Forum for threads about the badge and the party. (site) (twitter)"
    https://forum.defcon.org/forumdisplay.php?f=675
    http://www.ninjas.org/
    http://twitter.com/ninjanetworks


    Phreaking in the XXIth
    "Description TBA"
    https://forum.defcon.org/forumdisplay.php?f=668


    Hack Fortress
    "Hackers and gamers team up in the coolest gaming tournament at Defcon. Combining a hacking contest with a TF2 tourney, the teams must work together as actions in one environment impact the other. (twitter), (site)"
    https://forum.defcon.org/forumdisplay.php?f=669
    https://twitter.com/#!/tf2shmoo
    http://www.shmoocon.org/hack_fortress


    The Shinobi 'Pop the Boxes' Challenge
    "Description TBA"
    https://forum.defcon.org/forumdisplay.php?f=670


    Mohawk-Con!
    "Get your head buzzed at DC 20 to support the EFF! (twitter) ()"
    https://forum.defcon.org/forumdisplay.php?f=671
    https://twitter.com/mohawkcon


    Defcon Exploit Hackathon
    "Accept challenge to code a new exploitation utility for release
    during Defcon. (Description may change.)"
    https://forum.defcon.org/forumdisplay.php?f=672
    User Chosen1 is a goon that has been added as forum leader/organizer to this forum for this event.


    REBOOT ARG
    "Description TBA"
    https://forum.defcon.org/forumdisplay.php?f=672


    Homebrew Antenna
    "Description TBA"
    https://forum.defcon.org/forumdisplay.php?f=674

    Comment


    • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

      Scheduled maintenance starting tonight at around 9pm for forums, pics, and testforums.

      Many GB of data need to be moved. I am guessing 1 hour of down-time will be needed.

      Comment


      • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

        Originally posted by TheCotMan View Post
        Scheduled maintenance starting tonight at around 9pm for forums, pics, and testforums.

        Many GB of data need to be moved. I am guessing 1 hour of down-time will be needed.
        Maintenance completed for pics, forums, and test forums. Work on Tamperevidentwiki will begin at around 10pm pacific time.

        Comment


        • Firewall Upgrade complete

          I've completed the firewall upgrade and a move to new hardware, there turned out to be some lingering email issues that took some time to debug. If sendmail acts strange it always seems to be related to DNS.

          Sorry for any strangeness with email, or partial pages loading. Please post here if you see activity that doesn't seem normal. Thanks.

          Dark Tangent
          PGP Key: https://defcon.org/html/links/dtangent.html

          Comment


          • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

            I just fixed an issue preventing https://pics.defcon.org/ from working properly.

            Sorry for all the down time. Please head on over there and upload good pictures from the con!
            PGP Key: https://defcon.org/html/links/dtangent.html

            Comment


            • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

              DT Asked for a [forum=682]Defcon 21 planning forum[/forum]. It has been created.

              So as to not confuse things, the older [forum=615]Defcon 20 Planning[/forum] forum has been moved to the archived forum space, and set to "read only" no longer allowing new posts.

              The Defcon 21 recovery forum will likely be closed soon. If there are any threads that should be copied to the DC21 planning forum, please remind me. :-)


              Thanks!

              -Cot

              Comment


              • BUG REPORT: Yahoo Javascript

                Chromium complained about non-secure content this morning (odd, because full-on Chrome at home didn't complain earlier). Traced it to the following URL (purposefully broken).

                http ://yui.yahooapis. com/combo?2.9.0/build/ yuiloader-dom-event/yuiloader-dom-event.js &2.9.0/build/connection/connection-min.js
                I check my sanity with a wristwatch. What do you check yours with, a dipstick?

                Comment


                • Re: BUG REPORT: Yahoo Javascript

                  Originally posted by bluknight View Post
                  Chromium complained about non-secure content this morning (odd, because full-on Chrome at home didn't complain earlier). Traced it to the following URL (purposefully broken).

                  http ://yui.yahooapis. com/combo?2.9.0/build/ yuiloader-dom-event/yuiloader-dom-event.js &2.9.0/build/connection/connection-min.js
                  It is/was a known issue and security risk with the current code-base installed with the forums, if served from the forums. Presently, the only work-around until upgraded is to reference the yahoo version of this javascript.

                  I previously notified Jeff of this, and once I get the latest version of the forum software, I can revert settings back to be served by the forums instead of yahooapis.com.

                  Sadly, there was a CVE issued for it, but no public details were included with risks and exposure, just a comment about it being "critical." The work-around is to no longer serve the problematic javascript from the forum software base, but instead serve with a directive for clients to download the fixed version from yahooapis.com until we get the new version installed.

                  If you want, you can continue to block yahooapis.com and the javascript it serves when the forums suggests your browser download from it; I think the only things that will be impacted will be the upload of avatars, and that is a very rare event, only happening 2 or 3 times in the last 2 or 3 months. Blocking it should not harm your ability to post, or read posts. Please let us know if otherwise, and which browser you experience this trouble.

                  I did notify the mods about this last week, and the work-around applied, but did not publish here since the fix required zero down-time to the forums. (This has been the case with other seucrity issues which do not require down-time.) Once I have the new software, another round of down-time will be scheduled with software maintenance to upgrade them.

                  Thanks for letting us know about this. :-)

                  We definitely want to and like to hear about any strange results or observed bugs on the forums.

                  Thanks for the report!
                  -Cot

                  Comment


                  • BUG REPORT: SSL under Chromium

                    This isn't a fix request more than a "I'm noticing this behavior" issue...

                    Under Chromium (Ubuntu amd64 package), if I've had the window open for a duration of time, I get an SSL certificate invalid error when I try to load the website. I haven't been able to determine why, and the certificate info that chromium reports (and firefox matches), as well as a check with OpenSSL, rules out a MITM attack. I'm at a bit of a loss to figure it out. However, a restart of chromium seems to clear the issue.
                    I check my sanity with a wristwatch. What do you check yours with, a dipstick?

                    Comment


                    • Re: BUG REPORT: SSL under Chromium

                      Originally posted by bluknight View Post
                      This isn't a fix request more than a "I'm noticing this behavior" issue...

                      Under Chromium (Ubuntu amd64 package), if I've had the window open for a duration of time, I get an SSL certificate invalid error when I try to load the website. I haven't been able to determine why, and the certificate info that chromium reports (and firefox matches), as well as a check with OpenSSL, rules out a MITM attack. I'm at a bit of a loss to figure it out. However, a restart of chromium seems to clear the issue.
                      Are you using tor, a privacy proxy or some other proxy (socks, squid, transparent)?

                      As part of the diagnostics, could you disable javascript for yahoo and google sites from forums if javascript code is requested from those sites?

                      Are you running this from a VM? If so, are you also running with NTP in the VM?

                      Is this only when logged-in, or when browsing as a guest?

                      Thanks!
                      -Cot

                      Comment


                      • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

                        Heads up:

                        Looks like the eMule software we were using to distribute past DEF CON speeches and materials sucked.

                        I assumed no one was on eMule anymore and that is why there was so little traffic compared to our bit torrent server.

                        Well turns out I tried different eMules software, AMule, and what do you know all sorts of connections start up.

                        So if in the past you tried using an eMule / KAD client to find DEF CON stuff and had no luck please try again, I think the new software should make things better.

                        In the future we will be adding another eMule / Bit Torrent box on our higher speed media server connection mid January and you should see a major speed jump. A side benefit of this upgrade is we will have much more storage capacity and will be able to host more files. More about how to have DEF CON mirror your files onces the server is in place!
                        PGP Key: https://defcon.org/html/links/dtangent.html

                        Comment


                        • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

                          If you do not use twitter, facebook, or other social media, you may have missed yesterday's announcement of a preview of Jason Scott's "Defcon Doumentary" being available for viewing:

                          http://vimeo.com/56234900

                          If you run with no-script in FireFox, then you will need to enable javascript for vimeo.com to see the video. (That is the only site I had to enable with javascript in order to see the video, and then click on the very large image to tell flashblock that was ok to "run".)

                          For more updates on the Defcon Documentary, you can follow them on twitter:
                          https://twitter.com/defcondoc


                          Forum updates:

                          All Defcon 20 forums are now closed, and archived.
                          https://forum.defcon.org/forumdisplay.php?f=683

                          The Defcon 21 planning forum opened up a month or so back:
                          https://forum.defcon.org/forumdisplay.php?f=682

                          I started a thread asking people that have run contests, events and social gatherings to let us know of their intention to return, so that I can make a forum for their returning thing long before Pyr0 starts his RFI (Request For Info.) This thread can be found here:
                          https://forum.defcon.org/showthread.php?t=13163

                          From that thread, I have read about organizers' intentions to bring back each of their respective contests, events, or social gatherings. New forums have been created for each. Below here are URL and information about forums created for each contest, event or social gathering:

                          Scavenger Hunt:
                          Forum: https://forum.defcon.org/showthread.php?t=13163
                          Facebook: http://www.facebook.com/pages/DefCon...51406414877779
                          Twitter: https://twitter.com/DefConScavHunt
                          Description: "Discussions for The DefCon Scavenger Hunt. Send suggestions for the scavenger hunt list to scavlist (and here is where the at symbol can be placed) gmail (and of course you need a dot here) com, (facebook), (twitter)"
                          NOTE: This year, Siviak, Eris, Vandal and other people that have run the Defcon Scavenger Hunt have handed over control to a new group of people to run it, which include Salem and Dualdflipflop.
                          This hand-over was announced in public here: https://forum.defcon.org/showthread....137#post127137


                          The Schemaverse DEFCON Tournament (When Space elephants attack):
                          Forum: https://forum.defcon.org/forumdisplay.php?f=690
                          Twitter: https://twitter.com/Schemaverse and run by: https://twitter.com/Abstr_ct
                          Site: http://defcon.schemaverse.com/
                          Description: "The Schemaverse is a space-based strategy game implemented entirely within a PostgreSQL database where you compete against other players using raw SQL commands. Use your SQL skills to interactively command your fleets to glory during this weekend-long tournament for the database geeks. Or, if your PL/pgSQL-foo is strong, wield it to write AI and have your fleet command itself while you enjoy the con! (site), (twitter)"


                          Network Forensics Puzzle Contest:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=691
                          Twitter: https://twitter.com/trisk3t
                          Site: http://forensicscontest.com/
                          Description: "The Network Forensics Puzzle Contest is a challenging mystery requiring contestants to forensically analyze packet captures (and more!) to uncover an evil plot. (site), (twitter)"


                          Spot the Fed:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=692
                          Description: "The one and only Defcon "Spot the Fed" Contest"
                          NOTE: "This is always a go." I stopped asking Priest about this a long time ago. But just you watch. This year, he'll says, "Oh, yeah, we cancelled it this year, so now you are a liar. Why are you lying to us?" There is very little discussion in this contest, as it is very mature, and very little changes from year to year, but the forum is there for comments if anyone ever has any.


                          Defcon Shoot:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=693
                          Site: http://www.deviating.net/firearms/defcon_shoot
                          Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
                          Description: "Las Vegas, targets, people, weapons, fun. (site)"


                          Lockpicking Village:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=694
                          Description: The Lock-Picking Village has many demonstrations and some contests. This is a run by mny volunteers such as Deviant and TOOOL-USA. This may include contests such as: Points Competition, Lock Field Stripping, Speed Picking Competition, and more!


                          Black Bag:
                          Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
                          Forum: https://forum.defcon.org/forumdisplay.php?f=695
                          Description: "Contest run by Deviant, Black Bag is to replace Gringo Warrior."


                          Beverage Cooling Contraption Contest:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=696
                          Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
                          Site: http://forensicscontest.com/
                          Description: "This contest was first held at Defcon 13. What is being planned for this year? More inside. (site)"


                          Goon Band -- Recognize:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=697
                          Description: "Back again, the Defcon Goon Band, Recognize, to play in the SECRET LOCATION at Defcon 21! (Where "Secret Location" is TBA.)"


                          Project 2:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=698
                          Site: http://generalstatics.com/
                          Description: "A drop-in puzzle contest for novice to advanced individuals or teams who don't want to commit to doing a contest for the whole con. (site)"


                          Skytalks:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=699
                          Facebook: https://www.facebook.com/pages/Skytalks/193792913989520
                          Twitter: https://twitter.com/dcskytalks
                          Site: http://skytalks.info/
                          Description: "Back for a fifth blowout year, Skytalks are presentations (55-110 min) that are designed to overclock your brain with cutting edge information about sensitive topics that you might not be able to freely discuss or research from the privacy of your own home, workplace, or favorite con. (facebook) , (twitter) , (site)"


                          Defcon Short Story Contest:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=700
                          Description: "RTFR inside and submit to us a short story. The topic may be of your choosing so long as it meets the guidelines in the rules. Read threads inside for more information"
                          NOTE: This year, Nikita is handing over management of this to Eris, and she is planning to retain judges from previous years.


                          Wireless Village:
                          Forum: https://forum.defcon.org/forumdisplay.php?f=701
                          Description: "Everything you always wanted to know about wireless (802.11, bluetooth, RFID) and Amateur Radio all in one place. The Defcon 21 Wireless Village is the place you will want to be. Stop by, listen, learn and have fun."
                          Last edited by TheCotMan; December 30, 2012, 01:55.

                          Comment


                          • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

                            Originally posted by TheCotMan View Post
                            Wireless Village:
                            Forum: https://forum.defcon.org/forumdisplay.php?f=701
                            Description: "Everything you always wanted to know about wireless (802.11, bluetooth, RFID) and Amateur Radio all in one place. The Defcon 20 Wireless Village is the place you will want to be. Stop by, listen, learn and have fun."
                            Uh -- again it's Defcon 21 for 2013 ;-)
                            DaKahuna
                            ___________________
                            Will Hack for Bandwidth

                            Comment


                            • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

                              Originally posted by DaKahuna View Post
                              Uh -- again it's Defcon 21 for 2013 ;-)
                              Thanks!
                              The forums have the correct description as a result of your email about that, but I forgot to revisit this announcement and edit it too. Fixed. Sorry about that!

                              -Cot

                              Comment


                              • Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

                                More updates about Defcon 21

                                First, to clear things up: my previous update mentioned Wireless Village
                                and included text that said it was returning for Defcon 20. This was my
                                fault for copying text from last year and not updating it. DaKahuna found
                                my mistake, notified me of it here and on the forums, and I've since changed
                                the three references to "Defcon 20" to read "Defcon 21."
                                This is editorial comment to let you all know about my mistake and correction.
                                Sorry about that DaKahuna!

                                Next, new business:

                                I received word from HighWiz that he plans to bring back "DC101" to Defcon 21

                                DC101:
                                Forum: https://forum.defcon.org/forumdisplay.php?f=703
                                Site: http://defcon.stotan.org/dc101/
                                Twitter: https://twitter.com/#!/defcon101
                                Description: "DC101 is the Alpha to the closing ceremonies' Omega. It's the
                                place to go to learn about the many facets of Con and to begin your Defconian
                                Adventure. Whether you're a n00b or a long time attendee, DC101 can start
                                you on the path toward maximizing your DefCon Experiences. (site), (twitter)"


                                I received word on twitter from MyCurial that he plans to bring back
                                "10,000¢ Hacker Pyramid" to Defcon 21:
                                URL1=https://twitter.com/myrcurial/status/283787439112351744
                                URL1 wrote:
                                > @myrcurial (James Arlen)
                                > @TCMBC @_defcon_ You know that @HackerPyramid is coming back…
                                > with a special surprise replacement for 10,000 pennies!!!

                                10,000¢ Hacker Pyramid
                                Forum: https://forum.defcon.org/forumdisplay.php?f=702
                                Site: http://hackerpyramid.com/
                                Twitter: https://twitter.com/HackerPyramid
                                Description: "Back for DEFCON 21 - The 10,000¢ Hacker Pyramid!!!
                                Come and be a lucky audience member who will participate with a
                                DEFCON Celebrity in a fast paced game of Pyramid! It may be the
                                last Dick Clark property to be Seacrested... so we're bringing it to
                                you FIRST! Every contestant has a chance at the FABULOUS PRIZES -
                                all the way up to the GRAND PRIZE of 10,000¢!!!!!!! (site),(twitter.)"
                                (Description is subject to change, especially about the prizes:)

                                A later tweet on a possible replacement of the 10,000 Canadian Pennies:

                                URL2=https://twitter.com/HackerPyramid/status/285165214448627712
                                URL2 wrote:
                                > @HackerPyramid (HackerPyramid)
                                > What say ye - The Quadrillion Dollar Hacker Pyramid?
                                > (10 100 Trillion Zimbabwean Dollar bills)

                                This means the title and description are likely to change. When I get
                                an update, I'll pass it on.

                                Comment

                                Working...
                                X