Announcement

Collapse
No announcement yet.

Pretending to be a goon (as seen on dc-stuff)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pretending to be a goon (as seen on dc-stuff)

    The link to the story was posted by BobCat in the dc-stuff list.

    Obviously, I am not BobCat.

    The cost of hubris ( http://www.i-hacked.com/content/view/233/2/ ) is the downfall of many villians in movies.

    How many "bad guys" in James Bond films reveal their secret plans and how they won?

    It was a fun story to read-- I'm glad they took the time to put it on the intarweb (internet.)
    Last edited by MiracleGrwProxy; November 7, 2006, 05:57.

  • #2
    Re: Pretending to be a goon (as seen on dc-stuff)

    pretty neat read... and one that exposes the overall theme of so many security compromises: it's not the elegant, well-crafted, cat-burglar style attacks that tend to get you, it's the simple sidestep around a security measure that no one thought of (usually due to it being so low-tech) which tends to let someone or something slip past.

    i'm impressed more with their ability to have done this on the fly and at no cost (also, it seems, without a car to take them to a hardware store) than with their ability to think it up.

    it also made me very happy reading priest's reaction. he did what i and most others would feel is totally appropriate... confiscated the false credentials but issued them another regular "human" badge the following day. after all, the guy (albeit in a feat of drunken bravado) was forthright about his social engineering and badge hacking and meant no harm.

    contrast this with the HOPE staff who absolutely wanted to eviscerate BobCat, Laz, and others (i'm fairly certain tommEE pickles was their intentional havoc elsewhere) for temporarily taking the big metal "H2K2" letters and then returning them at HOPE 2002. totally uncalled for reaction, in my opinion, since our community (the HOPE crew, included) revels in exposing security flaws in ways that are both humorous and harmless.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: Pretending to be a goon (as seen on dc-stuff)

      I also saw a badge that had one half of one white side shaded in red sharpee. From a distance it looked just like half a goon badge.

      Someone should really think about this when designing the badges...
      --- The fuck? Have you ever BEEN to Defcon?

      Comment


      • #4
        Re: Pretending to be a goon (as seen on dc-stuff)

        Originally posted by kallahar View Post
        Someone should really think about this when designing the badges...
        Yes but this happens nearly every year (with the possible exception of the translucent badges) and Defcon hasn't come to a crashing halt. I remember the year we had metal badges, someone walked to Kinko's, dropped it into a photocopier, and turned the tint to red. The copy was simply paper, but it looked fine at a distance.

        Then there are those people that talk their way into getting a speaker badge (which carries its own privileges).

        In the end, it's the human end of security (i.e., the goons) that is the most effective. The badges themselves are mostly a cute way of branding people.

        Comment


        • #5
          Re: Pretending to be a goon (as seen on dc-stuff)

          Yeah, you got it. We try to make them hard to copy.

          I go with a "time value" system.. if it takes you two days to get the parts and figure it out then that is long enough.. you deserve to get in.

          Originally posted by Voltage Spike View Post
          Yes but this happens nearly every year (with the possible exception of the translucent badges) and Defcon hasn't come to a crashing halt. I remember the year we had metal badges, someone walked to Kinko's, dropped it into a photocopier, and turned the tint to red. The copy was simply paper, but it looked fine at a distance.

          Then there are those people that talk their way into getting a speaker badge (which carries its own privileges).

          In the end, it's the human end of security (i.e., the goons) that is the most effective. The badges themselves are mostly a cute way of branding people.
          Yeah.. the photocopier is mighty. Remember the lenticular badges that changed based on the angle? You can't duplicate them in a weekend, but you can photo copy them.. and at a distance they look real.

          It all comes down to our crack team of Goons. They can tell a badge is fake if they get their hands on one.

          There is some guy that claims to have duplicated all the badges from DC7 or 8 onwards. I would love for him to give a talk about it.. what was hard, what was easy.. and then show off the fakes next to the real ones. If anyone knows who this mystical person is, please have them contact me.
          PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

          Comment


          • #6
            Re: Pretending to be a goon (as seen on dc-stuff)

            Originally posted by Dark Tangent View Post
            There is some guy that claims to have duplicated all the badges from DC7 or 8 onwards.
            that would be pretty damn hard with the badge from DC9, if i'm recalling it correctly... the ones that were sort of a rounded trapazoid shape and were filled with lava-lamp style fluid and gel with plastic bits floating around in there for good measure.
            "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
            - Trent Reznor

            Comment


            • #7
              Re: Pretending to be a goon (as seen on dc-stuff)

              Hey Guys,

              Just dropping in -- glad you guys got a chance to check out my article. I had a great time writing it (and DC14 in general)

              I just wanted to say that Priest sent me a note today, and solidified his place on my "cool" list. Priest, if you catch this post -- you don't have to worry about me trying anything like that next year (not saying that I don't have other things planned ) Yeah it was nice walking around with a "red badge", but I think in the future any other colored badge I wear shall be earned. (Not ready to give up my H&B if you know what I mean)

              I appreciate the compassion that was shown, and look forward to DC15.

              ++Bill

              Comment


              • #8
                Re: Pretending to be a goon (as seen on dc-stuff)

                I like that you simply got past security and that was that. You did not throw switches, pull wires, turn dials or call in air strikes. You simply got in past security and that was that. Kudos to you.

                When I was issued my badge my first through was about someone getting spray paint to counterfeit it. Iam sure many people thought of that, like making money on a copy machine, but no one would actually do it, because we have all seen the mission and methods of the G.I.A. (Goons In Action). No one wants to be on the wrong end of Priest, Noid, Flea, or many of the other staff members. I'm glad your head wasn't handed to you.

                On the other hand I wish I had met you at the penthouse party and seen your work. Maybe next year.

                Comment

                Working...
                X