Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Several new forums added today, many of which I have no description:


Ninja Networks Badge and Events
"Forum for threads about the badge and the party. (site) (twitter)"
https://forum.defcon.org/forumdisplay.php?f=675
http://www.ninjas.org/
http://twitter.com/ninjanetworks


Phreaking in the XXIth
"Description TBA"
https://forum.defcon.org/forumdisplay.php?f=668


Hack Fortress
"Hackers and gamers team up in the coolest gaming tournament at Defcon. Combining a hacking contest with a TF2 tourney, the teams must work together as actions in one environment impact the other. (twitter), (site)"
https://forum.defcon.org/forumdisplay.php?f=669
https://twitter.com/#!/tf2shmoo
http://www.shmoocon.org/hack_fortress


The Shinobi 'Pop the Boxes' Challenge
"Description TBA"
https://forum.defcon.org/forumdisplay.php?f=670


Mohawk-Con!
"Get your head buzzed at DC 20 to support the EFF! (twitter) ()"
https://forum.defcon.org/forumdisplay.php?f=671
https://twitter.com/mohawkcon


Defcon Exploit Hackathon
"Accept challenge to code a new exploitation utility for release
during Defcon. (Description may change.)"
https://forum.defcon.org/forumdisplay.php?f=672
User Chosen1 is a goon that has been added as forum leader/organizer to this forum for this event.


REBOOT ARG
"Description TBA"
https://forum.defcon.org/forumdisplay.php?f=672


Homebrew Antenna
"Description TBA"
https://forum.defcon.org/forumdisplay.php?f=674

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Scheduled maintenance starting tonight at around 9pm for forums, pics, and testforums.

Many GB of data need to be moved. I am guessing 1 hour of down-time will be needed.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Maintenance completed for pics, forums, and test forums. Work on Tamperevidentwiki will begin at around 10pm pacific time.

Firewall Upgrade complete

I've completed the firewall upgrade and a move to new hardware, there turned out to be some lingering email issues that took some time to debug. If sendmail acts strange it always seems to be related to DNS.

Sorry for any strangeness with email, or partial pages loading. Please post here if you see activity that doesn't seem normal. Thanks.

Dark Tangent

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I just fixed an issue preventing https://pics.defcon.org/ from working properly.

Sorry for all the down time. Please head on over there and upload good pictures from the con!

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

DT Asked for a [forum=682]Defcon 21 planning forum[/forum]. It has been created.

So as to not confuse things, the older [forum=615]Defcon 20 Planning[/forum] forum has been moved to the archived forum space, and set to "read only" no longer allowing new posts.

The Defcon 21 recovery forum will likely be closed soon. If there are any threads that should be copied to the DC21 planning forum, please remind me. :-)


Thanks!

-Cot

BUG REPORT: Yahoo Javascript

Chromium complained about non-secure content this morning (odd, because full-on Chrome at home didn't complain earlier). Traced it to the following URL (purposefully broken).

http ://yui.yahooapis. com/combo?2.9.0/build/ yuiloader-dom-event/yuiloader-dom-event.js &2.9.0/build/connection/connection-min.js

Re: BUG REPORT: Yahoo Javascript

It is/was a known issue and security risk with the current code-base installed with the forums, if served from the forums. Presently, the only work-around until upgraded is to reference the yahoo version of this javascript.

I previously notified Jeff of this, and once I get the latest version of the forum software, I can revert settings back to be served by the forums instead of yahooapis.com.

Sadly, there was a CVE issued for it, but no public details were included with risks and exposure, just a comment about it being "critical." The work-around is to no longer serve the problematic javascript from the forum software base, but instead serve with a directive for clients to download the fixed version from yahooapis.com until we get the new version installed.

If you want, you can continue to block yahooapis.com and the javascript it serves when the forums suggests your browser download from it; I think the only things that will be impacted will be the upload of avatars, and that is a very rare event, only happening 2 or 3 times in the last 2 or 3 months. Blocking it should not harm your ability to post, or read posts. Please let us know if otherwise, and which browser you experience this trouble.

I did notify the mods about this last week, and the work-around applied, but did not publish here since the fix required zero down-time to the forums. (This has been the case with other seucrity issues which do not require down-time.) Once I have the new software, another round of down-time will be scheduled with software maintenance to upgrade them.

Thanks for letting us know about this. :-)

We definitely want to and like to hear about any strange results or observed bugs on the forums.

Thanks for the report!
-Cot

BUG REPORT: SSL under Chromium

This isn't a fix request more than a "I'm noticing this behavior" issue...

Under Chromium (Ubuntu amd64 package), if I've had the window open for a duration of time, I get an SSL certificate invalid error when I try to load the website. I haven't been able to determine why, and the certificate info that chromium reports (and firefox matches), as well as a check with OpenSSL, rules out a MITM attack. I'm at a bit of a loss to figure it out. However, a restart of chromium seems to clear the issue.

Re: BUG REPORT: SSL under Chromium

Are you using tor, a privacy proxy or some other proxy (socks, squid, transparent)?

As part of the diagnostics, could you disable javascript for yahoo and google sites from forums if javascript code is requested from those sites?

Are you running this from a VM? If so, are you also running with NTP in the VM?

Is this only when logged-in, or when browsing as a guest?

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Heads up:

Looks like the eMule software we were using to distribute past DEF CON speeches and materials sucked.

I assumed no one was on eMule anymore and that is why there was so little traffic compared to our bit torrent server.

Well turns out I tried different eMules software, AMule, and what do you know all sorts of connections start up.

So if in the past you tried using an eMule / KAD client to find DEF CON stuff and had no luck please try again, I think the new software should make things better.

In the future we will be adding another eMule / Bit Torrent box on our higher speed media server connection mid January and you should see a major speed jump. A side benefit of this upgrade is we will have much more storage capacity and will be able to host more files. More about how to have DEF CON mirror your files onces the server is in place!

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

If you do not use twitter, facebook, or other social media, you may have missed yesterday's announcement of a preview of Jason Scott's "Defcon Doumentary" being available for viewing:

http://vimeo.com/56234900

If you run with no-script in FireFox, then you will need to enable javascript for vimeo.com to see the video. (That is the only site I had to enable with javascript in order to see the video, and then click on the very large image to tell flashblock that was ok to "run".)

For more updates on the Defcon Documentary, you can follow them on twitter:
https://twitter.com/defcondoc


Forum updates:

All Defcon 20 forums are now closed, and archived.
https://forum.defcon.org/forumdisplay.php?f=683

The Defcon 21 planning forum opened up a month or so back:
https://forum.defcon.org/forumdisplay.php?f=682

I started a thread asking people that have run contests, events and social gatherings to let us know of their intention to return, so that I can make a forum for their returning thing long before Pyr0 starts his RFI (Request For Info.) This thread can be found here:
https://forum.defcon.org/showthread.php?t=13163

From that thread, I have read about organizers' intentions to bring back each of their respective contests, events, or social gatherings. New forums have been created for each. Below here are URL and information about forums created for each contest, event or social gathering:

Scavenger Hunt:
Forum: https://forum.defcon.org/showthread.php?t=13163
Facebook: http://www.facebook.com/pages/DefCon...51406414877779
Twitter: https://twitter.com/DefConScavHunt
Description: "Discussions for The DefCon Scavenger Hunt. Send suggestions for the scavenger hunt list to scavlist (and here is where the at symbol can be placed) gmail (and of course you need a dot here) com, (facebook), (twitter)"
NOTE: This year, Siviak, Eris, Vandal and other people that have run the Defcon Scavenger Hunt have handed over control to a new group of people to run it, which include Salem and Dualdflipflop.
This hand-over was announced in public here: https://forum.defcon.org/showthread....137#post127137


The Schemaverse DEFCON Tournament (When Space elephants attack):
Forum: https://forum.defcon.org/forumdisplay.php?f=690
Twitter: https://twitter.com/Schemaverse and run by: https://twitter.com/Abstr_ct
Site: http://defcon.schemaverse.com/
Description: "The Schemaverse is a space-based strategy game implemented entirely within a PostgreSQL database where you compete against other players using raw SQL commands. Use your SQL skills to interactively command your fleets to glory during this weekend-long tournament for the database geeks. Or, if your PL/pgSQL-foo is strong, wield it to write AI and have your fleet command itself while you enjoy the con! (site), (twitter)"


Network Forensics Puzzle Contest:
Forum: https://forum.defcon.org/forumdisplay.php?f=691
Twitter: https://twitter.com/trisk3t
Site: http://forensicscontest.com/
Description: "The Network Forensics Puzzle Contest is a challenging mystery requiring contestants to forensically analyze packet captures (and more!) to uncover an evil plot. (site), (twitter)"


Spot the Fed:
Forum: https://forum.defcon.org/forumdisplay.php?f=692
Description: "The one and only Defcon "Spot the Fed" Contest"
NOTE: "This is always a go." I stopped asking Priest about this a long time ago. But just you watch. This year, he'll says, "Oh, yeah, we cancelled it this year, so now you are a liar. Why are you lying to us?" There is very little discussion in this contest, as it is very mature, and very little changes from year to year, but the forum is there for comments if anyone ever has any.


Defcon Shoot:
Forum: https://forum.defcon.org/forumdisplay.php?f=693
Site: http://www.deviating.net/firearms/defcon_shoot
Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
Description: "Las Vegas, targets, people, weapons, fun. (site)"


Lockpicking Village:
Forum: https://forum.defcon.org/forumdisplay.php?f=694
Description: The Lock-Picking Village has many demonstrations and some contests. This is a run by mny volunteers such as Deviant and TOOOL-USA. This may include contests such as: Points Competition, Lock Field Stripping, Speed Picking Competition, and more!


Black Bag:
Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
Forum: https://forum.defcon.org/forumdisplay.php?f=695
Description: "Contest run by Deviant, Black Bag is to replace Gringo Warrior."


Beverage Cooling Contraption Contest:
Forum: https://forum.defcon.org/forumdisplay.php?f=696
Twitter: nothing official, but this even is run by: https://twitter.com/deviantollam
Site: http://forensicscontest.com/
Description: "This contest was first held at Defcon 13. What is being planned for this year? More inside. (site)"


Goon Band -- Recognize:
Forum: https://forum.defcon.org/forumdisplay.php?f=697
Description: "Back again, the Defcon Goon Band, Recognize, to play in the SECRET LOCATION at Defcon 21! (Where "Secret Location" is TBA.)"


Project 2:
Forum: https://forum.defcon.org/forumdisplay.php?f=698
Site: http://generalstatics.com/
Description: "A drop-in puzzle contest for novice to advanced individuals or teams who don't want to commit to doing a contest for the whole con. (site)"


Skytalks:
Forum: https://forum.defcon.org/forumdisplay.php?f=699
Facebook: https://www.facebook.com/pages/Skytalks/193792913989520
Twitter: https://twitter.com/dcskytalks
Site: http://skytalks.info/
Description: "Back for a fifth blowout year, Skytalks are presentations (55-110 min) that are designed to overclock your brain with cutting edge information about sensitive topics that you might not be able to freely discuss or research from the privacy of your own home, workplace, or favorite con. (facebook) , (twitter) , (site)"


Defcon Short Story Contest:
Forum: https://forum.defcon.org/forumdisplay.php?f=700
Description: "RTFR inside and submit to us a short story. The topic may be of your choosing so long as it meets the guidelines in the rules. Read threads inside for more information"
NOTE: This year, Nikita is handing over management of this to Eris, and she is planning to retain judges from previous years.


Wireless Village:
Forum: https://forum.defcon.org/forumdisplay.php?f=701
Description: "Everything you always wanted to know about wireless (802.11, bluetooth, RFID) and Amateur Radio all in one place. The Defcon 21 Wireless Village is the place you will want to be. Stop by, listen, learn and have fun."

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Uh -- again it's Defcon 21 for 2013 ;-)

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Thanks!
The forums have the correct description as a result of your email about that, but I forgot to revisit this announcement and edit it too. Fixed. Sorry about that!

-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

More updates about Defcon 21

First, to clear things up: my previous update mentioned Wireless Village
and included text that said it was returning for Defcon 20. This was my
fault for copying text from last year and not updating it. DaKahuna found
my mistake, notified me of it here and on the forums, and I've since changed
the three references to "Defcon 20" to read "Defcon 21."
This is editorial comment to let you all know about my mistake and correction.
Sorry about that DaKahuna!

Next, new business:

I received word from HighWiz that he plans to bring back "DC101" to Defcon 21

DC101:
Forum: https://forum.defcon.org/forumdisplay.php?f=703
Site: http://defcon.stotan.org/dc101/
Twitter: https://twitter.com/#!/defcon101
Description: "DC101 is the Alpha to the closing ceremonies' Omega. It's the
place to go to learn about the many facets of Con and to begin your Defconian
Adventure. Whether you're a n00b or a long time attendee, DC101 can start
you on the path toward maximizing your DefCon Experiences. (site), (twitter)"


I received word on twitter from MyCurial that he plans to bring back
"10,000¢ Hacker Pyramid" to Defcon 21:
URL1=https://twitter.com/myrcurial/status/283787439112351744
URL1 wrote:
> @myrcurial (James Arlen)
> @TCMBC @_defcon_ You know that @HackerPyramid is coming back…
> with a special surprise replacement for 10,000 pennies!!!

10,000¢ Hacker Pyramid
Forum: https://forum.defcon.org/forumdisplay.php?f=702
Site: http://hackerpyramid.com/
Twitter: https://twitter.com/HackerPyramid
Description: "Back for DEFCON 21 - The 10,000¢ Hacker Pyramid!!!
Come and be a lucky audience member who will participate with a
DEFCON Celebrity in a fast paced game of Pyramid! It may be the
last Dick Clark property to be Seacrested... so we're bringing it to
you FIRST! Every contestant has a chance at the FABULOUS PRIZES -
all the way up to the GRAND PRIZE of 10,000¢!!!!!!! (site),(twitter.)"
(Description is subject to change, especially about the prizes:)

A later tweet on a possible replacement of the 10,000 Canadian Pennies:

URL2=https://twitter.com/HackerPyramid/status/285165214448627712
URL2 wrote:
> @HackerPyramid (HackerPyramid)
> What say ye - The Quadrillion Dollar Hacker Pyramid?
> (10 100 Trillion Zimbabwean Dollar bills)

This means the title and description are likely to change. When I get
an update, I'll pass it on.