DEF CON in the news

Its interesting to see how many people are able to find government jobs at these types of events. I wonder if the government will ever start using these as a normal means of advertising. I can see it now, a US Navy Recruitment Table by the front door.

...
Both hackers were awarded with the notebook they attacked, $10,000 in cash and a paid trip to the DefCon hackers conference in Las Vegas this summer.
...

At the 2008 Defcon hacker conference in Las Vegas, researchers demonstrated a BGP attack that allowed them to redirect traffic bound for the conference network to a system they controlled in New York. Also in 2008, large chunks of the internet lost access to YouTube when BGP tables inside Pakistan spread to other countries.

The contestant to raise the most money for EFF between now and June 30, 2010, will win...

Some “Hacker Contests”, are extreme challenges for leading experts in security.

Three of the more important contests of `hacking' at international level occur at DEF CON, Codegate and PWN2OWN cause some companies to tremble with fear.

...

DEF CON is one of the more important Hacker Conventions in the world. It takes place every year in Las Vegas, NV, US and was founded by Jeff Moss. The first DEF CON was held June of 1993. In 2008, DEF CON 16 was able to bring together 8,500 skilled people from governments, corporation as well as security professionals, journalists, lawyers, employees, crackers and hackers, interested in systems, architecture, programming and more.

...

One of the most famous DEF CON contests is Capture the Flag (CTF)
...
It is a challenge involving hackers that try to attack or to defend networks and systems. Over the years, it has even become well known in academic and military circles with people competing from each.
...

What exactly does your government gig as an advisor entail?
...
I'm one of 24 members of the council. In the post-9/11 world an act was passed that imposed advisory councils on various aspects of Homeland Security to prevent groupthink and provide an outside opinion to the secretary or other people who want it.
...

Eventually, we paid £199 to Elcomsoft (the company whose employee Dmitry Sklyarov was arrested in 2001 at Defcon for cracking Adobe eBook files) for its Advanced Office Password Recovery software and it found the password after about 18 hours of constrained brute-force attempts.

3. Learn how to dress: ... But then there are times to dress to match the crowd you are in, particularly at security conferences. Business attire won't help you network in a crowd of hackers at ShmooCon or DEFCON....

Project Mayhem’s “anti-sec” stance wasn’t completely unwelcome in the security world. There was a sentiment among some in the DefCon crowd that the security community’s focus on profit was at odds with hacking’s roots.

In 2002, Watt had appeared on stage at the DefCon hacker conference as the “Unix Terrorist,” touting the purloined files that Mayhem had seized from white hats. His deep voice and towering height made him easily memorable.

Another common physical weakness in the data center is the door lock: Jones says he sees many weak locks and unprotected door latches at the data center threshold. "Lock-picking a well-known and understood trick," he says. "It's almost a sport now."

Free lock-picking kits distributed at Defcon and for sale on the cheap on line make it easy for most anyone to crack the standard door lock, he says.

Video System Attack

Last year at the DEFCON conference, which describes itself as "The Hacker Community's Foremost Social Network," a network research firm (people who do network penetration testing for a living) hacked a brand-name system and fed back copied video into its video display and recording stream. They picked up an object off a table, but the video system showed the object as still being there. This type of attack is called a "replay attack," where data recorded earlier is played back later and fed into the system.

A sophisticated version of this attack would involve injecting captured video data of the object removal several hours later in time from when it actually occurred. The system's time-stamped video would then provide "evidence" of the object's removal at a time when the attackers were several hours away, establishing a solid alibi. The recorded video would be properly watermarked by video management software, thus falsely "authenticating" the fact that the attackers "could not have done it."

You can download the 50-minute video of the presentation from the DEFCON home page (www.defcon.org), under the heading "Advancing Video Application Attacks with Video Interception, Recording, and Replay."

Marcus said Americans are the "bad-asses" of cyber warfare because of organisations like the SANS (SysAdmin, Audit, Network, Security) institute, which teaches people "how to be a cyber-warrior". He also called the DEFCON conference "a combination of performance art plus computer security".

This morning I was flipping through the slides security researchers Tom Eston, Kevin Johnson and Robin Wood cooked up for the "Social Zombies: Your Friends Want to Eat Your Brains" presentations they gave at DEFCON 17 and ShmooCon.

The further in I got, the more I was hit with an uncomfortable realization. As careful as I am on these platforms, I still put my privacy at risk all the time.

This past weekend was the return of the wildly popular Defcon Capture the Flag qualifiers. "Quals," the commonly used nickname, is an entire weekend of non-stop online security challenges that test everything from simple trivia to advanced reverse engineering and exploit development.
....
Wondering what the teams get out of competing? Well, for starters, the top nine go on to compete in Las Vegas during Defcon against the previous year's winning team.
...

...For the first time, this year's Defcon gathering in Las Vegas will feature a contest in which participants will compete to gather nuggets of information from unsuspecting target companies...
....
Social-Engineer.org is partnering with Defcon to present spotlight social-engineering techniques in the form a new capture-the-flag (CTF)-style contest.
....
CTF hacking tournaments have long been a staple at Defcon, with teams working against each other both to protect their systems from attack and to penetrate the systems of opposing teams.

In a twist to the popular "capture the flag" game played by hacking teams every year at Defcon, the hacker conference is hosting a contest that aims to test participants' social engineering skills ...
....
They score points for the reconnaissance information gathered as well as for the plan of attack, all of which must be submitted one week prior to Defcon in a dossier format.
....
Each contestant gets a 20-minute window to perform the attack live at Defcon...
....
Hacking contests are all the rage at Defcon...
....
But given that it's Defcon, it's still likely to stir up a little trouble somehow.
....
The "flag" in the contest is basically a list of the specific information the contestants must get during their phone call at Defcon...
....
The social engineering contest runs from July 30 to Aug. 1 at Defcon in Las Vegas.

They have recently announced that they came up with a proof-of-concept kernel-level rootkit in the form of a loadable kernel module, with the help of which they will demonstrate an attack on a Android smartphone at the DefCon conference next month.