PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

New forum for Eddit the Yeti (Y3ti) and the art he sells to raise money for the EFF:

https://forum.defcon.org/forumdisplay.php?f=723
"Art for the EFF"

Site: http://eddietheyeti.deviantart.com/

He has been in the contest room for years.

I received word from Pyr0 that it is a go for this year. Forum created, and announced on twitter.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

As some of you might have noticed, I just rolled our SSL/TLS key from a Network Solutions to an EV cert from DigiCert.

The new key besides being EV is also big, 4096 bits, as well as using SHA-2 (Also known as SHA 256).

If you see any issues please let me know, I am curious if older mobile devices can handle the full power of this new battle station, er, cert.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

First, if you are planning to run a contest or event at DEF CON 21 and
you want to use DEF CON resources (table/floor space, power, network,
program content/description, link from Main Defcon 21 site / page(s)
and forum) you'll need to submit your info to Pyr0 and his team for
planning and resource allocation.

You can submit your info to him and his team here:
http://defcne.net/e/guidelines
http://defcne.net/

This opportunity is presently set to close on May 25, 2013.
This was announced by the @_defcon_ twitter account:
https://twitter.com/_defcon_/status/335930652102905857


Related to this, some contests, events and other gatherings that have
had their info submitted to his team now are up, showing that resource
allocated has been planned/approved for DEF CON 21.

The list of these contests, events and social gatherings that have
approved access to DEF CON resource with appropriate planning for them
should be listed here:

http://defcne.net/e/21

This email update primarily will cover these contests, events and
social gatherings that are on that page. Some will be duplicates of
previous announcements or updates, and of these duplicates, some URL
have been changed or updated.

=========================================

Scavenger Hunt:
[Synced]
"Discussions for The DefCon Scavenger Hunt. Send suggestions for the
scavenger hunt list to scavlist (and here is where the at symbol can
be placed) gmail (and of course you need a dot here) com, (site),
(Facebook), (twitter.)"
https://forum.defcon.org/forumdisplay.php?f=689
http://www.defconscavhunt.com/
https://twitter.com/DefConScavHunt
http://www.facebook.com/pages/DefCon...51406414877779

Hacker Karaoke
[ADDED]
"Hackers, Karaoke... What more do you need to know? Time: ...
Location: ... (site), (twitter.)"
https://forum.defcon.org/forumdisplay.php?f=729
http://hackerkaraoke.org/
https://twitter.com/hackerkaraoke

Hackfortress
[ADDED]
"Hackers and gamers team up in the coolest gaming tournament at
Defcon. Combining a hacking contest with a TF2 tourney, the teams must
work together as actions in one environment impact the other.
(twitter), (site)"
https://forum.defcon.org/forumdisplay.php?f=730
http://hackfortress.net/
https://twitter.com/#!/tf2shmoo

Schemaverse Championship
[Synced]
"The Schemaverse is a space-based strategy game implemented entirely
within a PostgreSQL database where you compete against other players
using raw SQL commands. Use your SQL skills to interactively command
your fleets to glory during this weekend-long tournament for the
database geeks. Or, if your PL/pgSQL-foo is strong, wield it to write
AI and have your fleet command itself while you enjoy the con! (site)
, (Twitter)"
https://forum.defcon.org/forumdisplay.php?f=690
https://schemaverse.com
https://twitter.com/Schemaverse

Warl0ck Gam3z
"Participants try their skills with digital forensics, physical
security, and other challenges from an exploit team. (site)"
[ADDED][NEW]
https://forum.defcon.org/forumdisplay.php?f=731
Participants try their skills with digital forensics, physical
security, and other challenges from an exploit team.
http://www.gam3z-inc.com/

Wifi Sheep Hunt
[ADDED][NEW]
"Defcon Wide search for all sorts of wireless emitting devices...
...if it can transmit a RF signal, it might be on your quest. Start:
solve a encoded riddle, locate certain devices to create a key to
access wifi.sheep.hunt network, where the game continues. (site)"
https://forum.defcon.org/forumdisplay.php?f=732
http://www.WiFiSheepHunt.com/

DEF CON short story contest
[Sync]
NOTE: As of now(); this closes June 1, 2013
"RTFR inside and submit to us a short story. The topic may be of your
choosing so long as it meets the guidelines in the rules. Read threads
inside for more information"
https://forum.defcon.org/forumdisplay.php?f=700

Cycle Override DEFCON Nike Ride
[Sync]
"Rent bicycles, hire a guide, and endure a 2 Hour bike ride in the Las
Vegas heat! Got Water? (Event Info), (Join List/Form), (twitter),
(#hacktheheat)"
https://forum.defcon.org/forumdisplay.php?f=726
http://www.cycleoverride.org/
http://cycleoverride.org/2013-3rd-an...ign-up-online/
https://www.twitter.com/cycle_override
https://twitter.com/#!/search?q=%23hacktheheat
https://docs.google.com/spreadsheet/...wxSmc6MA#gid=0

Ham Radio Examinations
[ADDED]
"Want to get your amateur (ham) radio license? (Registered ARRL Event)"
https://forum.defcon.org/forumdisplay.php?f=733
Event Registered: http://www.arrl.org/exam_sessions/la...-nv-89103-4043

Skytalks
"Back for a fifth blowout year, Skytalks are presentations (55-110
min) that are designed to overclock your brain with cutting edge
information about sensitive topics that you might not be able to
freely discuss or research from the privacy of your own home,
workplace, or favorite con. (Facebook), (twitter), (site)"
https://forum.defcon.org/forumdisplay.php?f=699
https://skytalks.info
https://twitter.com/dcskytalks
https://www.facebook.com/pages/Skytalks/193792913989520

The DEFCON Darknet Project
[ADDED]
(Waiting for public description)
(Details TBA)
https://forum.defcon.org/forumdisplay.php?f=734

Project 2
[Synced]
"A drop-in puzzle contest for novice to advanced individuals or teams
who don't want to commit to doing a contest for the whole con. (site)"
https://forum.defcon.org/forumdisplay.php?f=698
http://dirtbags.net

Black Bag
[Synced]
"Contest run by Deviant, Black Bag is to replace Gringo Warrior, (twitter)"
https://forum.defcon.org/forumdisplay.php?f=695
http://twitter.com/COREblackbag

Crack Me If You Can
[ADDED]
"For the 4th year, KoreLogic is running the premiere password cracking
contest. How many hashes can you crack during DEFCON? Fire up your
CLOUD and GPUs. (site), (twitter)"
https://forum.defcon.org/forumdisplay.php?f=735
https://contest-2013.korelogic.com/
https://twitter.com/crackmeifyoucan

DEFCON Military Veterans Security Meetup
[Synced]
(Description is TBA. Still need short description for forums.)
https://forum.defcon.org/forumdisplay.php?f=717
http://myleverage.org/milvet/
https://twitter.com/vetsec

DARPA Mobile Cybersecurity Challenge
[ADDED]
"Win cash prizes by analyzing a set of Android mobile apps to
determine which ones are Trojan horses and which ones are benign using
any manual, semi-automated, or automated method."
https://forum.defcon.org/forumdisplay.php?f=736

Social-Engineer Capture the Flag
[Synced]
"Returning to Defcon 20, the Crew at Social-Engineer.org is
challenging you. We are inviting those of you who think you can use
ethical social engineering skills to stretch your limits as a social
engineer. A unique blend of information gathering, planning and attack
vector execution will challenge the very core of every participant.
This will be a different SE challenge as our focus is not on who can
“get” the target the worst, but a true display of SE talents. (site),
(event)"
https://forum.defcon.org/forumdisplay.php?f=721
http://www.social-engineer.org/socia...cial-engineer/

Social-Engineer Capture the Flag for Kids
[Synced]
"For Defcon 21, the Crew at Social-Engineer.org is challenging kids.
We are inviting those of you who think you can use ethical social
engineering skills to stretch your limits as a social engineer. A
unique blend of information gathering, planning and attack vector
execution will challenge the very core of every participant. This will
be a different SE challenge as our focus is not on who can “get” the
target the worst, but a true display of SE talents. (site)"
https://forum.defcon.org/forumdisplay.php?f=721
http://www.social-engineer.org/socia...ids-at-defcon/

Wireless Pentathlon
[ADDED]
"Multi-feature, multi-contest, wireless rig contest. (site)"
https://forum.defcon.org/forumdisplay.php?f=737
http://defcon-wireless-village.com
Multi-feature, multi-contest, wireless rig contest.

Exploit Hackathon
[ADDED]
"Accept challenge to code a new exploitation utility for release
during Defcon. (Description may change)"
https://forum.defcon.org/forumdisplay.php?f=738

Crash and Compile
[Synced]
"Coding, compiling, competition, consumption (of alcohol) -- think of
the fun! (site), (twitter.)"
https://forum.defcon.org/forumdisplay.php?f=725
http://crashandcompile.com/
https://twitter.com/CrashAndCompile

Hackers Against Humanity
[ADDED]
"From Vegas 2.0, creators of The DEF CON Summit, Borrowed from "Cards
Against Humanity," you have Hackers Against Humanity. (site)"
https://forum.defcon.org/forumdisplay.php?f=739
From Vegas 2.0, creators of The DEF CON Summit, Borrowed from "Cards
Against Humanity," you have Hackers Against Humanity.
http://site.vegassummit.org/

Communicating on a Different Frequency
[ADDED]
"A contest requiring use of DEF CON Badges from DEF CON past to
communicate messages. (image link)"
https://forum.defcon.org/forumdisplay.php?f=740
http://m.flickr.com/photos/tommiethe...6909/lightbox/

Network Forensics Puzzle Contest
[ADDED]
"The Network Forensics Puzzle Contest is a challenging mystery
requiring contestants to forensically analyze packet captures (and
more!) to uncover an evil plot. (site)"
https://forum.defcon.org/forumdisplay.php?f=691
http://forensicscontest.com

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

After a couple months of testing on www.defcon.org I have changed the SSL support for the forums to _only_ support "perfect forward secrecy" using Diffie Hellman Ephemeral AES 256 SHA1 (DHE EAS256 SHA)

This change will help mitigate recorded traffic being decrypted in the future should the keys from today be compromised.

For more information on those interested here is a good article:
http://vincent.bernat.im/en/blog/201...d-secrecy.html

To test your own site try these tools:
https://www.wormly.com/test_ssl
https://www.ssllabs.com/ssldb/index.html

Please let me know if you have any issues!

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Forum maintenance cycle completed. Please report any problems you see. Thanks!

-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

We had a DB problem this morning from about 3am pacific time to 7am pacific time.

3 Hours were spent reviewing and repairing the DB.

It appears that no posts (blogs, threads, posts, etc.) were lost, but access to service was denied until repair was complete.

3 hours was spend reviewing service and repairing DB.

Service to forums and pics was restored at 10am pacific time.


Separate from this, the forced lurking period has been re-enabled, with a minimum of 24 hours between signup and ability to reply to threads.
If this proves to be insufficient, then i will bump it back up to 3 days instead of 24 hours.

Strikes-system has been re-enabled.

Please let us know about problems by replying here or emailing us at forum support with the "defconforums" account with "gmail"

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

DEF CON 21 planning forum has been closed. I will move it to the archive soon. If there are any threads you would like to see copied-forward to the "DEF CON 21 and Beyond" forum for more discussion, please let me know.

In other news, the main site mentioned dates for DEF CON 22. This has triggered the creation of the DEF CON 22 planning forum, and by creating this forum, triggers the creation of the thread asking leaders/organizers of contests, events and social gatherings if they could let me know about their plans to bring back their thing, so I can notify them at their forum account registered email address when Pyr0 and his team have directions for the RFI for DC22.

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Some time next month (in September) I'll be closing the DEF CON 21 contest/event forums and begin the process of opening new contest/event forums for people that have announced their intention to bring their thing back to DEF CON 22 in this thread: https://forum.defcon.org/showthread.php?t=13646

Some time before the end of this month, I'll be closing some of the other DEF CON 21 forums. I plan to copy the thread asking for suggestions to make DC22 better over to the DC22 forum, and then close the DC21 thread with a final post directing people to the new thread.

Please let me know about any other threads in the DC21 areas that should be copied forward to the DC22 planning forum.

Thanks!

-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

I have closed all of the DEF CON 21 contests, events, and social gathering forums today, October 1. I planned on closing them mid September, but wanted to give people a little longer to reply.

I see a new post in the Post DC 21 forum, only a few days ago. After a week or two of inactivity, I'll close the last DEF CON 21 forum, and then move them all to the DEF CON 21 archive forum.

No firm date has been established on rolling out the new Contests, Events, and Social gathering forums. Some time between October and December is a best estimate.

Thanks!
-Cot -- The guy that puts the "dick" in being a forum "dictator" :-)

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

So, there was this issue on October 9th, and I started work to address it...

Then I tested some of the improvements to deny access to some content, and my testing broke my access to the servers.

This morning, access was restored, so I could continue, and finish work from the 9th.

Forum have been running, but were inaccessible due to a temporary policy that was only supposed to last about 8 hours.

Upgrade is completed. Please report new problems if you find them.

Sorry about the lack of access.

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

No new activity in the DEF CON 21 forums. They have all been closed and archived in the [forum=766]DEF CON 21 Archive forum[/forum]: https://forum.defcon.org/forumdisplay.php?f=766


Still no firm date on rolling out the contests/event forum for DEF CON 22. The announcement of where and when DEF CON 22 has been posted on the main site ( https://www.defcon.org/ says: "DEF CON 22 will be August 7-10, 2014 at the Rio Hotel and Casino!") so the forums can have forums for contests and events any time.

All forums for contests, events and social gatherings included now, before the RFI from Pyr0 (later) are created on the presumption the organizers will fill out the RFI for their contests, event or social gathering before the deadline to-be-announced by Pyr0. Forum will follow the decisions of his department on which have been approved (allocated DEF CON resources.) Off-site events like the DC Shoot, etc. can benefit from filling out the RFI, by getting their contest, event or social gathering listed in the program and linked from the main site, but those that pre-date this process can still be added, as unofficial. (Grandfather Clause.)

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Forums, pics, testforums, and tamperevidentwiki were taken off-line after there was a claim made by a group, stating they found a vulnerability in the forum vendor's production code.

This was further explained in this article:

http://thehackernews.com/2013/11/vBu...erability.html

As a precaution, at the possibility this claim was real and valid, and without details on how we could defend against it, or detect it, and due to lack of details on the method of attack which was claimed, we decided to disable the forums. It is a good time of year for us to down service, and gives me an opportunity to conduct maintenance and inspect the system(s) for possible insertion of unexpected content. No evidence of success found.

The vendor has claimed the claim by the team for exploit is bogus:

http://www.vbulletin.com/forum/forum...s-in-vbulletin

Me? It does not matter to me if it is real or not, and I have no opinion without having seen the exploit, and I'm not paying $7000 to see it.

Major changes to several configs and services have been completed. Please report troubles, or any new bugs you happen to see.

I've been really busy at work, or the forums would have been back sooner.

Sorry about the down-time.

Any questions or comments are welcome.

Thanks!
-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Minor changes to software on many defcon servers/services.

This is now complete and services should be back. Please report troubles here, or to defconforums@gmail.com if you can't post issues you found, here.

Thanks!

-Cot

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Forums now supports SSL v3, TLS 1.0, 1.1 and 1.2 and speed has been upgraded!

I have added support for TLS 1.1 and 1.2 over what we were previously using (SSLv3 and TLS 1.0)
Currently we allow 4 ciphers:

DHE-RSA-AES256-SHA256 (TLS 1.2)
DHE-RSA-AES256-SHA (SSLv3, TLS 1, 1.1, 1.2) <-- This is the only cipher for "legacy" SSLv3
DHE-RSA-AES128-SHA256 (TLS 1.2) <-- This may be removed in the future if no one has problems with using only 256)
AES256-SHA256 (TLS 1.2) <-- This is to enable support for some browsers that choke on 1.2 and support for DH forward secrecy.

I would love to drop support for SSLv3 entirely and only support ciphers that use DH key exchange for "Perfect Forward Secrecy (PFS)" but don't want to loose users, so over the next few months I'll see what browsers break.
On a side note I asked Mr. Diffie about why it is called "Perfect" and he said it isn't and shouldn't. :-)

On the speed front we doubled our up-link speed. It hasn't been a problem for us in the past, but it was a free upgrade so I didn't argue!

As always please let me know if anyone has any issues.

DT

Re: PUBLIC-NOTICES: Forum Changes/Fixes. Any Questions?

Odd troubles reported from some people. One claims SSL negotiation issue, others report errors like this from firefox: "The connection was interrupted" and MSIE: "Zero Sized Reply".

I've notified DT, but did not call or SMS... I don't want to wake him in his timezone.