Attualità
Computer
Giornali/Notizie
Informatica
Spettacolo
Telefonia
|
We've updated the press page with even more DEF CON 18 coverage! Most of the new stuff can be found in the "Other" Category, and in a new category called "Video Coverage" which contains recaps, badge hacks, goon hijinks and more! Check them out on the Press Page, or the DEF CON 18 Archive Page!
The DEF CON 18 Archive Page is up and running! Currently, we have all of the presentation slides, white papers and extras posted, as well as the DEF CON 18 Program in pdf format! Coming in the next week or so we'll have contest results, press, and even a few early release videos! So check it out and begin reliving the glory that was DEF CON 18!
DEF CON 18 was a resounding success! With more contests, events, attendance and talks, this year's show was a fitting end to our years at the Riviera! We'd like to thank the Riv for working with and hosting us for 5 awesome years! We'd also like to thank all the folks who sacrificed time, effort, and resources to contribute to the hacking community, as well as a huge thank you to all the attendees for showing up and learning, growing and participating in all this con has to offer!
We've all had a chance to wind down decompress from all the excitement of DEF CON 18, and all of the results, press, photos, updated materials and other content is rollng in. Starting in the next couple of days and through the next few weeks, we'll be posting all of this info for everyone to enjoy, reflect upon, and learn from. Keep your eyes on defcon.org, the DEF CON RSS feed, our Twitter and Facebook for all the latest updates from the show!
Take a short survey at the table next to the Info booth in the Contest Area to participate! Here's more info:
The US electricity infrastructure relies on Industrial Control Systems (ICS) for better efficiency and reliability. However, these systems are susceptible to cyberattacks, which may disrupt essential power services. How cybercriminals rationalize target selection and attack technique is vital in offering a more comprehensive picture of ICS vulnerabilities, cybercrimes, and security. This Rutgers School of Criminal Justice PhD dissertation research project will survey both ethical hackers and industry representatives. It will assess their views on cybervulnerabilities of the electricity sector’s ICS to identify any gaps in their perceptions.
Craig Heffner discusses hacking millions of routers and his upcoming talk tomorrow in a new Speaker's Corner!
Be The Match offers the unique opportunity for you to give a life-saving marrow transplant to someone in need. Thousands of patients with leukemia and other life-threatening diseases depend on the Be The Match Registry, the largest and most diverse registry in the worlds, to find a life-saving donor. The more potential donors that step forward, more resources are available to patients and more lives can be saved.
Description of the donor recruitment drive:
Be The Match will have a booth at DefCon 18 where individuals can register to be part of the Be The Match Registry. All they need to be is between the ages of 18 and 60, meet the health guidelines and be willing to donate to ANY patient in need. At the recruitment drive, you will fill out a consent form with contact information and a short medical evaluation. You will receive more information about what it means to be a donor and then you will swab the inside of your cheeks. Your tissue type will be listed in the Be The Match Registry until your 61st Birthday. If you are a match for someone in need, then you will be contacted for donation.
This year we are offering 802.1x/WPA-encrypted wireless access for Internet access. In order to access the "DefCon-Secure" wireless network, you will need to create login information for yourself. We have setup a self-registration website.
https://wifireg.defcon.org
Go to this site to register a username & password.
You can hit it from your phone, WWAN, or the open DefCon wireless.
We have also included a copy of the SecureTrust CA root certificate in case your device does not have it in its default certificate trust chain (many systems do, some do not).
SSID: DefCon-Secure
or DefCon-SecureA for 5.0GHz devices (iPad, newer Macbooks)
Network Authentication: WPA2
Data encryption: TKIP or AES
Authentication EAP Type: PEAP
Authentication Mechanism: EAP-MSCHAP v2
The Suggmeister provides some insight into the genesis of a talk as a new speaker in this new Speaker's Corner!
Tips for getting the most out of your DEF CON experience are discussed in this Speaker's Corner by Nicholas Percoco entitled "Packing It All In"!
Lockpick shapes are de-mystified in this part one of a new Speaker's Corner by Schuyler Towne entitled "What's This Lockpick For?"!
There's a ton happening leading up to DEF CON 18 in just twelve more days!
The Mystery Challenge is heating up! Check out the Mystery Challenge forum for the latest hijinks!
We have some bad news, unfortunately the Geo Challenge will not be happening this year. You can read more about this on the Geo Challenge forum. Our sympathy goes out to the organizers for what promised to be a great contest. Definitely look for it next year!
There are some exciting new offerings that have surfaced recently! Among them are:
Dark Tangent is busting out the Tamper Evident Contest, in which you debunk the phrase "Impossible to reseal or re-use", and document how you did it!
The Backdoor Hiding Contest, in which you test your skills at hiding and finding backdoors.
Capture the Packet is a cool new network scavenger hunt. Look for clues, solve puzzles and win prizes!
Crack Me If You Can: 53,000 password hashes, 48 hours, nuff said!
PCB PWNage is a mini contest from the Hardware Hacking Village to find out who can design the coolest PCB!
The Twitter Hunt: Follow @TheSuggmeister and watch for the clues that lead to prizes!
For all the latest info on contests and events at this year's DEF CON, check out the DEF CON Forums!
Congratulations to the Winners of the DEF CON 18 Artwork Contest! We had a bunch of great entries this year, But we could only pick a few!
First Place and People's Choice vote win goes to "18 & Legal" by Mar!
Second place goes to "DEF CON Boy" by oshu!
Third Goes to "Her" by emtag!
Congrats to all the winners and a big thanks to all who entered! To view and download all the wallpapers from this year's contest got to the DEF CON 18 Artwork Contest Public Gallery!
You can now view all the bios and samples from the killer line-up of artists performing at DEF CON this year! Check them out on the Entertainment page.
Here's another twenty-four hot-n-fresh new DEF CON talks. Feast.
Katana: Portable Multi-Boot Security Suite
JP Dunning
Exploitable Assumptions Workshop
Joe "Crazy" Foley, Eric "Unlocked" Schmiedl, Zoz
The Law of Laptop Search and Seizure
Jennifer Granick, Kevin Bankston, Marcia Hofmann, Kurt Opsahl
Advanced Format String Attacks
Paul Haas
Tales from the Crypto
G. Mark Hardy
Decoding reCAPTCHA
Chad Houck
0box Analyzer: AfterDark Runtime Forensics for Automated Malware Analysis and Clustering
Wayne Huang, Jeremy Chiu
Hardware Hacking for Software Guys
Dave King
These Aren't the Permissions You're Looking For
Anthony Lineberry, Tim Wyatt, David Richardson, Sr.
Multiplayer Metasploit: Tag-Team Penetration and Information Gathering
Ryan Linn
App Attack: Surviving the Mobile Application Explosion
Kevin Mahaffey, John Hering
Searching for Malware: A Review of Attackers’ Use of Search Engines to Lure Victims
Dave Maynor, Dr. Paul Q. Judge
Getting Social with the Smart Grid
Justin Morehouse, Tony Flick
Electronic Weaponry or How to Rule the World While Shopping at Radio Shack
Timothy "Mage" Otto
WiMAX Hacking 2010
Pierce, Goldy, aSmig
Industrial Cyber Security
Wade Polk, Paul Malkewicz, J.Novak
Improving Antivirus Scanner Accuracy with Hypervisor Based Analysis
Danny Quist
Search & Seizure & Golfballs
Jim Rennie, Eric Rachner
pyREtic - In-memory Reverse Engineering for Obfuscated Python Bytecode
Rich Smith
Stratagem 1 - Deceiving the Heavens to Cross the Sea
Jayson E. Street
Breaking WPA-TKIP: Decrypting All Traffic
Mathy Vanhoef
Go Go Gadget Python! : Introduction to Hardware Hacking
Nick Waite, Furkan Cayci
The Night The Lights Went Out In Vegas: Demystifying Smartmeter Networks
Barrett Weisshaar, Garret Picchioni
Panels
PCI, Compromising Controls and Compromising Security
Jack Daniel, Joshua Corman, Dave Shackleford, Anton Chuvakin, Martin McKeay, Alex Hutton, James Arlen
Meet the EFF
Kurt Opsahl, Eva Galperin, Kevin Bankston, Jennifer Granick, Marcia Hofmann,
Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll!
Good Luck to all the fantastic entries!
Here's a new list of speaker adds You're probably not even finished absorbing the last one. That's just how we do. Deal with it.
Mobile Privacy: Tor on the iPhone and Other Unusual Devices
Marco Bonetti, sid77
Who Cares About IPv6?
Sam Bowne
masSEXploitation
Michael Brooks
Google Toolbar: The NARC Within
Jeff Bryner
WRT54-TM, Media Center and Network Sniffer
John A. Colley
IPv6: No Longer Optional
John Curran
Function Hooking for Mac OSX and Linux
Joe Damato
Breaking Bluetooth By Being Bored
JP Dunning
An Observatory for the SSLiverse
Peter Eckersley, Jesse Burns
How Unique Is Your Browser?
Peter Eckersley
Hacker Community (around) the Corporate World - Part II
Luiz "effffn" Eduardo
Be A Mentor!
Marisa Fagen
The Anatomy of Drug Testing
Jimi Fiekert
FOE‚ The release of Feed Over Email, a Solution to Feed Controversial News to Censored Countries.
Sho Ho
Exploiting Digital Cameras
Oren Isacson, Alfredo Ortega
How I Met Your Girlfriend
Samy Kamkar
Bypassing Smart-card Authentication and Blocking Debiting: Vulnerabilities in Atmel Cryptomemory-based Stored-value Systems
Jonathan Lee, Neil Pahl
We Don't Need No Stinkin' Badges: Hacking
Electronic Door Access Controllers
Shawn Merdinger
Letting the Air Out of Tire Pressure Monitoring Systems
Mike Metzger
Open Source Framework for Advanced Intrusion Detection Solutions
Patrick Mullen, Ryan Pentney
Antique Exploitation (aka Terminator 3: Point One One for Workgroups)
Jon Oberheide
Build Your Own Security Operations Center for Little or No Money
Josh Pyorre
Operating System Fingerprinting for Virtual Machines
Nguyen Anh Quynh
Lord of the Bing: Taking Back Search Engine Hacking from Google and Bing
Rob Ragan. Francis Brown
Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage
The Suggmeister
Getting Root: Remote Viewing, Non-local Consciousness, Big Picture Hacking, and Knowing Who You Are
Richard Thieme
INSECURITY ENGINEERING OF PHYSICAL SECURITY SYSTEMS: Locks, Lies, and Videotape
Marc Weber Tobias, Tobias Bluzmanis, Matt Fiddler
Build your own UAV 2.0 - Wireless Mayhem from the Heavens!
Michael Weigand, Renderman, Mike Kershaw
Crawling BitTorrent DHTs for Fun and Profit
Scott Wolchok
Over the past week or two, we've had a flood of announcements for new contests! Check them out below!
Dark Tangent's Tamper Evident Contest
There are various tamper evident technologies out there, including tape, seals, locks, tags, and bags, to name a few. This contest will test your ability to perform "defeats" (Described below) against a range of inexpensive commercial low to medium security products.
Backdoor Hiding Contest
Two in one Backdoor Hiding/Finding Contest (participate in either or both): In the first stage, hiding participants provide a source code hiding a backdoor, in the second stage organizers mix the source codes with non-backdoored (placebos), and then ask finding participants to spot the placebos. Hiding participants get hiding points for being voted as a placebo and finding participants get points for spotting the placebos and negative points for false positives.
KoreLogic's "Crack Me If You Can" Contest
As a part of an authorized penetration test of a large corporate network, you have captured a large number of passwords hashes. The hashes are from Active Directory, UNIX systems, LDAP servers, routers, etc. As part of your analysis, your client has asked for password complexity statistics, what their users are doing right and/or wrong related to generating passwords, and identification of weak passwords. You only have 48 hours to complete this effort.
Congratulations to the qualifying teams for DEF CON Capture the Flag 2010! Official Quals info is live on ddtek.biz, so check it out for standings, correct and submitted answers by team and much more!
Qualified teams:
1. VedaGodz (CONFIRMED!)
2. European Nopsled Team (CONFIRMED!)
3. TwoSixNine (CONFIRMED!)
X. Uberminers (deadline expired)
4. lollersk8erz (CONFIRMED!)
5. GoN (CONFIRMED!)
6. painsec (CONFIRMED!)
7. ACME Pharm (CONFIRMED!)
8. Routards (CONFIRMED!)
X. Nibbles (CAN'T PARTICIPATE)
9. shellphish (CONFIRMED!)
10. teambfe (CONFIRMED!)
alt. Plaid Parliament of Pwning (CONFIRMED!)
X. int3pid pandas (CAN'T PARTICIPATE)
alt. HackerDom (CONFIRMED!)
The folks at social-engineer.org have taken the reigns of the DEF CON 18 Social Engineering Contest, and Registration is Open! This promises to be an exciting addition to this year's DEF CON, and has some pretty cool prizes, including an iPad and a spot on the Social Engineer Podcast for 1st place. Check out the contest description and official rules at http://www.social-engineer.org/blog/defcon-social-engineering-contest/.
Only a few more days to submit your CFP to speak at DEF CON 18! Call for Papers will officially close Tuesday June 1, so get those submissions in to share your cutting edge hacking research with the world!
Check out the official announcement for details, and then fill out the Call for Papers Form.
We've got a couple of new sections on defcon.org, the first of which is the Capture The Flag Archive, a page dedicated to collecting accounts, walk throughs and other resources of Capture the Flag at DEF CON over the years, not only for history's sake but so the uninformed and/or interested can better grasp the epic journey that teams must face on the road to DEF CON CTF victory! We Just collected a bunch of the walkthroughs, video, and write-ups from this past weekend's CTF Quals so check it out!
The second new section of defcon.org is called Speaker's Corner, where we will be posting short stories, talk teasers, technical info and words of wisdom from our DEF CON speakers past & present. The first post is by DEF CON 17 Speaker Jayson E. Street, and is entitled "Trying to Be a Wise Man at DEF CON", and thanks to Jayson for being the first to jump onboard!
We hope you enjoy these new additions to the site and will help them to grow and be useful to all!
For immediate release:
MiniBosses ( http://www.minibosses.com/) have signed on as an official act to perform at theSummit on Thursday July 28th during DEF CON . They are the second act to confirm a performance spot at this years Fundraiser. At ShmooCon in February, DualCore announced that they will return again for this years event for the 4th consecutive year and 3rd year as the headlining act.
Follow Us on Twitter for Event and Feature Guest Updates:
www.twitter.com/effsummit
Coming to event? Make your presences known on the Facebook Event Page:
http://www.facebook.com/event.php?eid=112161832149640
About Mini Bosses:
Four mid-20's guys from Phoenix got togeather for one common cause...Recreate the NES hits you all know and love in real-time on stage for everyones enjoyment pleasure. They consider all Bossies to be their groupies from the costs of Toyko to the midlands of Michigan. If your into 8-bit power cords, get ready to ride the midi wave of Awesome!
About EFF:
Blending the expertise of lawyers, policy analysts, activists, and technologists, EFF achieves significant victories on behalf of consumers and the general public. EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that means taking on the US government or large corporations.
About Vegas 2.0:
A transient, a local or a weekend Vegas Warrior, however you peg us, we are THE Las Vegas InfoSec group. Our members are long time DEF CON and Computer Security Industry avant guards. When we are not planning theSummit, we spend are free cycles conjuring up Social Engineering, Web and Windows attacks. We are always looking for new locals to Las Vegas OR frequent visitors to stop by our labs conveniently located in North Las Vegas for a beer and some InfoSec foo!
The vortex is swirling folks. There's sense of urgency in the air, you can't quite put your finger on it, but it's beginning to make you a little nervous and a little excited. Can you feel it nagging the back of your mind? That little voice saying, ever so quietly, " Less than 2 weeks left to submit a talk!", and " CTF Quals reg ends tomorrow!". Or maybe you hear, " write a short story", " Figure out LosT's puzzles" or " enter the Art Contest".
That voice is actually us reminding you that all of these things are coming up or going on within the next two days to three weeks. So if you want to participate, you better get moving! Keep up on current events, as always, on the DEF CON Twitter, DEF CON Facebook, DEF CON RSS Feed and here on defcon.org!
It’s time again my creative friends, for another year of the DEF CON Artwork Contest! Get out your GIMP or Windows Movie maker and give a shot at making some awesome DEF CON Artwork!
This year we’re putting the art contest back in the digital realm. There will be three types of entries, none of which are the standard shirt, sticker, poster designs of the past. This time around we want you to think about themes, desktop wallpapers and animation/motion graphics. You may draw inspiration from past DEF CON art or go in a whole new direction. Check out all the rules at: https://forum.defcon.org/showthread.php?t=11342
Here's another fresh batch of delicious Speaker goodness for you! Enjoy!
Exploiting Internet Surveillance Systems
Decius
The Search for Perfect Handcuffs... and the Perfect Handcuff Key
Deviant Ollam
Jackpotting Automated Teller Machines Redux
Barnaby Jack
The Power of Chinese Security
Anthony Lai, Jake Appelbaum and Jon Oberheide
Repelling the Wily Insider
Matias Madou and Jacob West
You Spent All That Money And You Still Got Owned...
Joseph McCray
Cyberterrorism and the Security of the National Drinking Water Infrastructure
John McNabb
HD Voice - The Overdue Revolution
Doug Mohney
DEF CON Security Jam III: Now in 3-D?
David Mortman, Rich Mogull, Chris Hoff, Rsnake, Dave Maynor, and Larry Pesce
"This Needs To Be Fixed" and Other Jokes In Commit Statements
Bruce Potter and Logan Lodge
Airport Body Scanners and Possible Countermeasures
Paul F. Renda
Injecting Electromagnetic Pulses Into The Electric Grid
Paul F. Renda
SHODAN for Penetration Testers
Michael "theprez98" Schearer
SMART Project: Applying Reliability Metrics to Security Vulnerabilities
Blake Self, Wayne Zage and Dolores Zage
Hacking Oracle From Web Apps
Sumit "sid" Siddharth
So Many Ways to Slap A Yo-Ho:: Xploiting Yoville and Facebook for Fun and Profit
strace
Attack the Key, Own the Lock
Schuyler Towne and datagram
Balancing the Pwn Trade Deficit
Valsmith, Owner, Colin Ames and Anthony Lai
Keep your eyes on the DEF CON 18 Speakers Page and the DEF CON Twitter for new speaker announcements!
Check out the new site for DEF CON 18! It's got the most basic info for now, so keep your eyes peeled as all of the great talks, contests and events solidify!
You can expect the first round of accepted speakers to be posted very soon! We're also working on a page to guide those new to DEF CON where to look for pertinent information. You will be able find all of the scheduling and entertainment info here as well as it becomes available, so be sure to follow us on the Twitter or Facebook feeds to stay up to the minute as we post new data!
Wander around, get familiar, and be sure to check back for frequent updates to the madness that is DEF CON 18!
Do your hear it? The whir of the gears of DEF CON planning reaching operating speed? All around us events are springing into action!
HighWiz has stated intention to bring back DC101, a primer for those new to attending DEF CON. Not many details yet, but you can stay tuned to DC101 on the DEF CON Forums to stay up to date with details as they become available!
We've also noticed that The Summit will be back this year, hosted by Vegas 2.0 to benefit the EFF! You can find details on the Summit Facebook page!
We also can't fail to mention recent activity on LosT's Mystery Challenge. He says it's going to be the last year, so you better pay attention if you want to participate! You can follow the Mystery Challenge Forum and the Official Mystery Challenge Site at ten-five-seven.org.
There is also a new forums based contest, called " What's in Neil's Pants", wherein Nikita asks a trivia question every week for the chance to win fabulous prizes from the things Neil leaves in his many pockets when he throws his pants in the hamper.
You can also look for the DEF CON 18 Website to launch by the end of the month with an announcement for the DEF CON 18 Artwork Contest to be released in early May!
As always, keep your eyes trained on the DEF CON Twitter for Updates as they occur!
This contest is new this year and we are hoping it goes over well. Lots of you out there are avid writers and some just have an incredible imagination that when put to paper it blows your mind. Speaking from several years of reviewing white papers and slide decks, you guys are hilarious. We'd like to see your flair for creative writing put to another use and reward you for a (*cough*troll*Cough*) job well done. Good Luck! Check out all the details on the Short Story Contest Forum
From EFF.org:
As the winter snows begin to melt, revealing a landscape full of promise and hope, a hacker’s thoughts turn to flights of fancy: specifically, the thought of being in Las Vegas during the last weekend in July.
If you’re one of those hackers and you love digital freedom, EFF would like your help spreading the word about our efforts to protect and defend coders’ rights by encouraging your friends and neighbors to join you in supporting us. In return, EFF wants to help the best EFFvangelists enjoy Defcon 18 in style! Read more...
From the DEF CON Forums:
FOR IMMEDIATE RELEASE
1 APRIL 2010
DEFCON CTF QUALIFIER ANNOUNCED
Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 18 CTF.
Stock up on Red Bull, put the pizza delivery on speed dial, polish up your fancy shellcodes, and replenish the duct tape supply. The competition for these coveted spots will be held over 55 non-stop hours 21-24 May. When the dust clears only the 10 best will be invited to join us this summer in sin city for the annual DEFCON deathmatch.
In historical fashion VedaGodz will be automatically be permitted contest entry. However, we wish to point out that real ninjas would still attempt to qualify.
The qualification round will again be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking across a vast realm of security. This isn't CTF like your mama used to make. Level 1 questions make CISSPs turn red, Level 2 make SANS Fellows cry in frustration, Level 3 are typically only answerable by sheep of above average barnyard intelligence, you get the idea.
Pause your atari emulator and hop over the ddtek.biz to register. Only those that pre-register are permitted to play.
Registration site: http://ddtek.biz/register.html
Registration opens: 01 Apr 2010 00:00:00 UTC
Registration ends: 20 May 2010 00:00:00 UTC
Qualifications open: 21 May 2010 19:00:00 UTC
Qualifications ends: 24 May 2010 02:00:00 UTC
More information that will follow via your registered email address.
Those with SANS certs need not apply. CISSPs are right out.*
Vulc@n
Difensiva Senior Engineer
Diuntinus Defense Technologies, Inc.
DC949, the creators of the Open CTF Contest (formerly Amateur CTF), after five long years have decided to step down as organizers. DEF CON would like to thank them for all of their hard work over the last five years in making a contest that was not only fun, but also open to all who'd like to test the waters of Capture the Flag type competition.
They have passed the torch to a team that has competed in their contest many times, TubeWarriors. Welcome TubeWarriors, we wish you luck!
You can read more in the Open CTF thread on the DEF CON Forums, as well as DC949's Farewell Thread.
With the electronic DEFCON badge now in its fifth incarnation, we've decided to try something different. We're opening our kimono (just slightly) for DEFCON attendees, groups, villages, or contest organizers who want to integrate some piece of information or hide some piece of data in the badge to help further their cause during the con. For example, maybe your contest wants to hide a clue on the badge and then contestants have to find it in the code or press a certain button to reveal it... Read more on the DEF CON Forums. Submissions are due by April 1, 2010.
As some of you may know, One of our speakers Thomas Wilhelm was recently a bone marrow donor from the Be the Match program. He contacted us about setting up a registry drive at Defcon 18. We like that Idea and are going to do what we can to make sure they have the space they need in order to grow their donor registry. You can Read More on the DEF CON Forums, and keep your eye on that forum for further details as they develop.
The Artist Bookings for DEF CON 18 Bands and DJs are currently open! If you are a DJ or a Band that would like to play at the Black and White Balls, by the Pool, in the Chill Out area, or various other DEF CON events, now is the time to submit your application! DJ Great Scott will be accepting submissions up until May 3rd, 11:59pm (23:59) CST (US CENTRAL). You can find his post announcing this on the DEF CON Forums and fill out the application form. Good Luck!
Head on over to the Official DEF CON Facebook Fan Page and if you're not already, become a fan! We've uploaded pictures taken by the official DEF CON 17 photographer, ETA. Also some pics from Nikita, Dark Tangent, and other Goons who sent them to us.
While you're there, start a discussion or leave us a comment, and Let us know where your DEF CON pics are!
More exciting than the latest 0-day in Acrobat or Internet Exploder, it's time for the DEF CON CFP to open! Check out the DEF CON 18 CFP Announcement for all the details!
Was the swag line at the show too long for you? Just didn't get a chance to pick up a shirt? You can now find all of the remaining DEF CON 17 Merchandise at J!NX! There's even some shirts left over from DEF CON 16, Check it out!
As the CPU cycles of DEF CON 18 Planning begin to rise toward 100%, we wanted to inform you that the price of admission will be rising slightly for DEF CON 18 to $140 USD due to price increases in the cost of doing business in Las Vegas and Washington State. The economy is in a slump, but don't tell the tax crazy cities that!
I can't afford that, you say? You could offset this modest bump in price if you were to save an extra 10¢ per day from now until con. That's what, one can of Jolt Cola per week? For almost four days of some of the most groundbreaking talks, contests, events and hacker social funtime around? Check the newspaper coin returns, look under your couch cushions, keep your eyes on the ground for change! You'll find that extra $20, and it'll be worth it!
We are planning to make DEF CON bigger and better than previous years, with a new "No Drama Badge™" to keep you out of lines and in action. So keep watch on defcon.org and the DEF CON Twitter for news of the surprises we have in store!
As 2009 fades away into the memory back ups, we'd like to wish you all happy hacking in 2010! At DEF CON World Domination HQ, we are wrapping up the last of the archiving and moving to get into DEF CON 18. We have some new surprises in development to make this year's show even better. So stay tuned to the DEF CON RSS Feed and the DEF CON Twitter for the latest updates as we release past content and announce new events and contests!
We'll be opening the DC 18 Call for Papers some time in February, and now is a great time to start thinking about new ideas you may have for DEF CON 18. You can follow and participate in the Planning and New Ideas sections of the DEF CON Forums.
Happy New year to all from the DEF CON Team!
Gone are the days of the 10 mile deep DEF CON archives page! The new and improved archives pages for DEF CON 1-10 are now all up and running to match the 11-17 archives posted earlier this year. There is still a bit of audio left to transcode, and a few more RSS feeds coming, so keep your eyes on the archives and our twitter feed for those developments as they occur. You can also check out media.defcon.org for the list of of the most current updates to the media from past shows.
Hey Hackers, we just wanted to let you know what's going on here at DEF CON World Domination HQ! DT, Nikita and myself are grinding away at the DEF CON Archives working on the bestest New Year's gift ever, filling in the gaps and re-encoding all of the content from all of the past cons! We're also making audio and video RSS feeds for years that don't have them, and trying to pull some SEO magic to make everything ultimately more findable. SO, keep your eyes on the DEF CON Archives for all of the great stuff from the past 17 years that you forgot you wanted to know. If you don't already follow, the DEF CON Twitter feed is a great place to get the freshest announcements on what we are doing!
By the way, the buzz for DEF CON 18 is already humming on the DEF CON Forums, and a few of the contests have planning threads and announcements open. Now is a great time to start thinking about new ideas that you might want to propose for this year's DEF CON, so post them there if you've got a great new idea!
That's right kids! Whether you've been naughty or nice, all of the audio and video from DEF CON 17 is now available for download! You can get it by heading to the DEF CON 17 Archive Page, and check out all of the awesome talks you want. You can also get them straight from the iTunes store or from the following RSS Feeds:
- Speaker & Slides contains video of the speaker and their slides.
- Slides contains video of the slides with speaker audio.
- Audio for those you just want to listen to.
We're also considering posting them soon for one massive download over torrent and peer to peer, so stay tuned, and enjoy!!
Check out some of the hot presentations from DEFCON 17! We'll be releasing all of the videos for free a few months out, but for now we've chosen a few we think you might enjoy! If you'd like to purchase the entire DVD collection of the DEFCON 17 presentations, you can do so at The Source of Knowledge website.
Failure
Adam Savage
Video | Audio
"Smart" Parking Meter Implementations, Globalism, and You
Joe Grand, Jake Appelbaum, and Chris Tarnovsky
Video and Slides | Slides | Audio
More Tricks for Defeating SSL
Moxie Marlinspike
Video and Slides | Slides | Audio
The Day of the Updates
Itzik Kotler and Tomer Bitton
Slides | Audio
Advancing Video Application Attacks with Video Interception, Recording, and Replay
Jason Ostrom and Arjun Sambamoorthy
Slides | Audio
Head on over to the DEFCON Press Page and check out the news from this year's show! You can also find the press listed on the DEFCON 17 Archives Page! If you've come across a good article on DEFCON 17 that you think should be up there, don't hesitate to send it to neil {at} defcon }dot{ org for posting!
You can now peruse the DEFCON 17 Archives Page, which contains links to all of the presentation materials and code available, including all updated materials we have recieved! We'll have the printed program and press links up soon, and down the road you will be able to download all of the audio and video of the the talks for free! We're working on getting a few early release videos up next week to tide you over!
Help to preserve and share those DEFCON 17 memories on pics.defcon.org! If you have a DEFCON Forums account, you already have a pics account, just use the same login information. While you're at it, submit your galleries to defconpics.org as well!
Get over to the DEFCON Forums to join in on the post-con buzz from DEFCON 17! You can find out what people thought, content links, and it's never to early weigh in on next year's show. Remember, DEFCON is your con, and the best way to get involved is to get in on the discussions posted at forum.defcon.org. Have an idea for a new contest or event? It's the best place to start!
Up for Auction: THREE "I hack charities" White Signed T-ShirtS. All of the proceeds from these auctions except the ebay auction cost will be donated to "Hackers for charities" http://johnny.ihackstuff.com/
These Shirts were Signed by Most of the Big names at Defcon 17. Anyone that Attended may have seen these shirts displayed at the "Hackers for Charities" booth on sunday. Everyone online and at defcon has seen the Black "I hack charities" T-shirts. But not many have seen the white ones. Well that is because there were only 4 white shirts printed!! Johnny Long has 1 and the other 3 were all signed by the people below for these auctions. Each shirt is unique with the location of the signatures and the quotes written by the signers.
These shirts were signed by:
• Johnny Long
• Dan Kaminsky
• Jeff "The Dark Tangent" Moss
• Kevin Mitnick
• Joe "$Kingpin$" Grand
• Bruce Potter
• Nikita
• Priest
• The Entire 2009 CTF winning team
• and many others.
Listing URLs:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285523
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458285993
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120458286499
We'll we've made it back to our respective homes, with another awesome DEFCON on the books! We are now in recovery mode, and normal updating will resume next week! The DEFCON 17 Receipt of Admission is now posted! Thanks to all for making this a fantastic DEFCON!
Hack the Quantum
Presented by the Joint Quantum Institute, National Institute of Standards and Technology and University of Maryland, and the Centre for Quantum Technologies, National University of Singapore
With a hands-on Bell-o-meter for entangled photons you can convince yourself that there are quantum effects beyond classical physics: a real qubit is offered to the participant who achieves the strongest violation of a Bell inequality. We also present a fresh attack that breaks many current quantum crypto systems, and demonstrate a photon-based quantum randon number generator.
Find it in Capri 114 /115 Friday-Sunday at DEFCON 17!
There has been an outpouring of mobile ready and mobile friendly options from the DEFCON community this year to make your DEFCON scheduling easier!
First there is a full blown (and very cool) unofficial iPhone app that has been submitted to the Apple store for review, made by Johnnie "Jedi" Pittmann (@dtjedi) and Todd Kimball (@tkimball). As of this posting, This app is not yet available from the Apple store. They have opted, pending acceptance from Apple, to make the app available via ad-hoc distribution, and will be accepting requests by email until Wednesday, July 29th at 9am PDT. The method, contact info, and possible risks are clearly outlined at http://www.group6.net/AdHoc.html
From their site on http://www.group6.net/Defcon_App.html:
After years of misplaced, begged, borrowed, stolen Defcon schedules, we decided to do something to help. Introducing the Defcon 17 iPhone app. Get all the up to date details on the con on your iPhone/iPod Touch. In addition to that, you can view the offical Defcon RSS feed and #defcon Twitter posts. Talk and event calendars, speaker and dj bios, and a map of the venue.
Features
- Talk Calendar
- Event Calendar
- Speaker/DJ Biographies
- Defcon RSS Feed Reader
- Twitter #defcon
Not to mention the great efforts of Darth Null to bring you an extremely useful web-based iPhone/mobile ready schedule and map application! You can find his fantastic work at http://www.darthnull.org.
There are also a couple of Google calendars out there, one for events, thanks to JonM, and a full schedule at http://defcon.starthan.net/
All of these folks are coordinating together for updates, to bring you the freshest info from DEFCON 17! A huge thank you all of them for contributing!
Check out the Badge Hacking Contest threads on the DEFCON Forums to see what everyone is talking about bringing/using to Hack the badge this year. It might give you some inspiration!
Don't forget to attend The SUMMIT Fund Raiser for the EFF (www.eff.org), 50+ Speakers attending, 3 Djs, VIP event, Monaco Tower (TOP FLOOR), Top of the RIV , 8:30pm Thursday Night. See Forum for more info. Add to your social calendar. $30/$15 Student.
The specific info for events and contests has been posted in the DEFCON 17 Schedule Page! If you have an event or contast that is not posted please send hours of operation and location to neil at defcon.org, and we'll get them up!
Check out this awesome write-up of the CTF Quals from one of the qualifying teams, the Sapheads! Clever and educational, it provides a great perspective on the thought processes behind solving the B300 section of the qualification round. Sounds like they plan to do more, so we'll keep an eye out!
http://hackerschool.org/DefconCTF/17/B300.html
From G Mark on the DEFCON Forums:
THE PROPER (AND ONLY) WAY TO SIGN UP A TEAM FOR HACKER JEOPARDY
Okay, just to make sure that everyone has an equal opportunity, here are the directions to sign up your team. Don't do something else (like post a reply to Winn's thread, since it might not get read in time -- we had this problem last year.)
1. Open an e-mail to "hackerjeopardy@gmail.com"
2. Include your TEAM NAME and the real names and handles of your three (3) team players. (Privacy policy: we protect your identity unless a Fed or someone with a whole bunch of cash wants it.)
3. Explain why you are 31337 enough to play this year. Brag like you're trying to get lucky.
4. Include at least one cellphone number so we can contact you to notify if you're playing or there's a problem with your entry.
5. Send the e-mail as soon as possible, but absolutely no later than 90 minutes before the scheduled start of the round to be played. In case of any dispute, you're wrong (unless you are an entity described in #2 above.)
There are still alternate slots open for teams considering trying to register. There *may* be a way for alternate teams to knock teams from their spots on day one of the contest this year.
Check out the official Mystery Challenge site at http://ten-five-seven.org
Qualifiers - July 17-18
Get your teams together and mark your calendar. Qualifiers will be the evenings of July 17-18. As teams sign up, we'll work with the team captains to finalize scheduling. Also, we'll group the individual reg's together into teams for the quals as well.
If you haven't signed up, please do so sooner rather than later. NOTE you don't need a full team to sign up a team. If you've got 4 or 5 friends you want to play with, register a team and we'll fill the blanks up with individual reg's later.
Sign up at: http://www.nomoose.org/dctf2/
http://www.coffeewars.org/CallForBeans.shtml
From shrdlu on the DEFCON Forums:
Information for those hoping to win on our momentous Tenth Year of celebrating caffeine.
You can submit your beans before Friday morning, by various arcane methods, none of which will be posted here (but email to Foofus might help). You *MUST* submit them before 10AM (or close to it), since that's when we start brewing and drinking and judging. We'll send the occasional messenger out into the massed and frightening horde if you are trying to bring it Friday morning.
Coffee Wars only takes place on Friday morning. We're usually done by 11-ish, and vanished completely by Noon. You can spot most of the judges the rest of the day due to the slight vibration of their entire body (except me; I *like* that much caffeine).
That's right! The DEFCON 17 Schedule is now live! It may experience a few minor changes before all is said and done, but it is pretty much good to go! Events will be posted on the schedule page as exact times roll in, so keep your eyes peeled for updates! If you are a speaker and see any discrepancies, pass them along to talks at defcon dot org.
Go have a look, and while your at it, check out the last batch of awesome speakers we have lined up for you this year:
Preparing for Cyber War: Strategy and Force Posture in the Information-Centric World
Dmitri Alperovitch, Marcus Sachs, Phyllis Schneck and Ed Skoudis
Hello, My Name is /hostname/
Endgrain, Dan Kaminsky and Tiffany Rad
Dradis Framework - Sharing Information will get you Root
etd
0-day, gh0stnet and the Inside Story of the Adobe JBIG2 Vulnerability
Matt Richard and Steven Adair
Three Point Oh.
Johnny Long
Reverse Engineering By Crayon: Game Changing Hypervisor Based Malware Analysis and Visualization
Danny Quist and Lorie M. Liebrock
Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High
Matt Weir and Sudhir Aggarwal
Catching DNS Tunnels with AI
Jhind
Perspective of the DoD Chief Security Officer
Robert Lentz
Check out the big old list of hotness on https://www.defcon.org, we have just added 39 more speakers to the site! There are only a few speakers yet to post, and the schedule is being webbified into a more mobile-friendly format (than past years) as we speak, so expect more updates in the next couple of days!
You may have already heard on Twitter, it is our pleasure to officially announce that Adam Savage of MythBusters fame will be speaking this year at DEFCON!
So get on over to defcon.org and check it all out, and remember to follow us on Twitter for updates as they occur!
Here's what you do: go to the DEFCON 17 Artwork Contest Gallery on pics.defcon.org and pick your favorite. Then head on over here and vote in the poll!
The default display for the gallery is 12 items per page, so make sure you check out all 3 pages. There are 29 entries total.
Good Luck to all the fantastic entries!
Check out the new DJ pages on the DEFCON 17 site! You can find line-ups for the Black & White Balls, Pool Parties, and daytime Chillout area! There are also artist bios and samples of the music you might encounter! It's all at https://www.defcon.org/html/defcon-17/dc-17-djs.html!
And don't forget to follow the DEFCON Twitter feed for news as it happens, leading up to and during DEFCON 17!
This year, we're packing even more goodness into Thursday's activities, with a half day of talks aimed at the DEFCON n00b. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource!
DEFCON 101
HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, LosT, Siviak
Pre-Con Introduction to Lock Picking
Alek Amrani
DEFCON 1 - A Personal Account
Dead Addict
Con Kung-Fu: Defending Yourself @ DEFCON
Rob "Padre" DeGulielmo
Hardware Black Magic - Building devices with FPGAs
Dr. Fouad Kiamilev
DCFluX in: The Man with the Soldering Gun
Matt Krick "DCFluX"
Effective Information Security Career Planning
Lee Kushner and Mike Murray
DC Network Session
Lockheed
So You Got Arrested in Vegas...
Jim Rennie
Hacking with GNURadio
Videoman
---------------------------------------------
Mystery Challenge Registration Update
Congratulations to the following teams:
1. Team Silverlock
2. Team Psychoholics
3. Team Kuro
4. MobileDisco
5. Team Render
6. Team Security Catalyst
7. Team Lords of Failure
8. DEADC0DE
9. Team America (@#$& YEAH!)
There are still a few slots available. Are YOU up to the challenge?
1o57
--------------------------------------------------
The CTF Quals round has ended! DEFCON congratulates the qualifying teams!
From ddtek.biz:
Qualified teams:
1. sk3wlm4st3r (CONFIRMED! as sk3wl0fr00t)
2. Team Awesome (aka VedaGodz) (CONFIRMED!)
3. Sexy Pwndas (unconfirmed)
4. PLUS (unconfirmed)
5. Shellphish (CONFIRMED!)
6. Song of Freedom (CONFIRMED!)
7. lollerskaterz dropping from roflcopters (CONFIRMED!)
8. Underminers (unconfirmed)
9. Routards (CONFIRMED!)
10. WOWHACKER (CONFIRMED!)
alt. Sapheads_ (CONFIRMED!)
alt. sutegoma (CONFIRMED!)
alt. CLiP (unconfirmed)
alt. pebkac (unconfirmed)
alt. ACMEPharm (unconfirmed)
If you didn't make it and still want a mind bending challenge at DEFCON this year, there a few slots left in LosT's Mystery Challenge, so wrangle up a team and get to ten-five-seven.org to find clues on how to enter!
Open CTF will also be back this year, bigger and badder than ever if you need that attack/defend goodness!
Keep your eyes on the DEFCON 17 site for a page coming soon that will give you the lowdown on all the great DJ's that will spin at DEFCON this year. We'll have pics and bios, as well as sample tracks for download!
Also, due to the great number of awesome talks we're accepting in the 1200 second spotlight, we've decided to make a fifth track for turbo/breakout talks!
So keep watching for more updates, and as always, You can follow the DEFCON Twitter feed for links to the info as it's posted!
If you submitted a CFP and have not been notified of it's status hold tight! We have a lot of submissions this year that we want to accept. If you haven't heard back from us by now, you're still in consideration for a time slot. We're probably trying to find room for you. Sorry we missed our June 1st notification date, but we have too much awesome sauce for our burgers.
An update will be posted to the website when we have finished our selection process, all CFP's will be sent an email of their status at that point. Thanks!
In the past, we have usually opened up registration and swag midday Thursday for those early birds that want to get a jump on things before the con officially starts. There are also a few unofficial events and gatherings, like the Toxic BBQ and theSummit, that make Thursday almost an extra day of DEFCON.
This year, we're packing even more goodness into Thursday's activities, with a half day track of talks aimed at the DEFCON newb. These talks will cover everything from basic hacking skills to what our beloved con is about, and how to get the most out of it. If you are new to DEFCON, or feel like you could get more out of it, this "basic training" will be an invaluable resource!
In addition, the Chill Out Area will be open for hanging out and the infamous DEFCON wireless network will be up and running, so you can pwn or be pwned right out of the gate!
Stay tuned for a complete listing of all the great talks planned for Thursday, and as always, you can get instant updates as they occur by following the DEFCON Twitter feed!
LosT can neither confirm nor deny that registration is currently open for the LosT@Con Mystery Challenge. See Ten-Five-Seven.org for updates. Kuni welcomes you to the wheel of fish.
Riviera Rooms: Be sure to book your room for this year's DEFCON! The Riviera is offering a DEFCON 17 special room rate of $89/night for 1-2 guests, add $20/night for guests 3-4. Hurry, space is limited, and our block usually sells out early!
New DJ Organizer: Welcome to DJ Great Scott, who has accepted the mantle of DJ organizer for DEFCON 17. He will be the overlord of the Black and White Balls and the Poolside DJ action! Get ahold of him on the Forums (greatscott) or at blackandwhitedjs@gmail.com if you want to spin!
Capture the Flag: CTF Quals Registration ends 6/4/09! Get your teams together and get in there! Register at: http://ddtek.biz/ctf/register.html
Artwork Contest: Only about 2 weeks left in the DEFCON 17 Artwork Contest! Make some hacker art and win fabulous prizes (like free entry to DEFCON 17 and swag!) Rules posted at:
https://www.defcon.org/html/defcon-17/dc-17-artwork-contest.html
Contest & Events: Check out the Contests and Events section of the forums to see what's new! TommEE Pickles has resurrected the CannonBall Run, there's a new game called the 10,000 Cent Hacker Pyramid, and Coffee Wars is having it's 10th birthday! Extended hours at the pool mean Pool Party!
As always, follow the DEFCON Twitter for all the announcements as they occur!
Check out the DEFCON Tools page, a new section of the archives that collects the innovative tools released at DEFCON talks over the years! We currently have a list of the tools released at DEFCON 16, and are working backward to archive the tools from past shows. Special thanks to Mubix (aka Rob Fuller), of room362.com, for graciously collecting and writing up this content! All the tools Mubix could find are archived on the DEFCON media server. If you have access to a tool that is not locally stored, let us know at neil [at] defcon ]dot[ org and we'll get it up there!
Here's another great round of talks to get you excited for DEFCON 17!
DefCon 101
HighWiz, The Dark Tangent, Russr, DJ Jackalope, Deviant Ollam, Thorn, ThePrez98, Lost, Siviak
Session Donation
Alex Amrani
Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage
Andrea Barisani and Daniele Bianco
Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training
Sam Bowne
Attacking SMS. It's No Longer Your BFF
Brandon Dixon
Breaking the "Unbreakable" Oracle with Metasploit
Chris Gates and Mario Ceballos
Injectable Exploits: Two New Tools for Pwning Web Apps and Browsers
Kevin Johnson, Justin Searle and Frank DiMaggio
eXercise in Messaging and Presence Pwnage
Ava Latrope
Defcon Security Jam 2: The Fails Keep on Coming
David Mortman
Hacking Sleep: How to Build Your Very Own Sleep Lab
Ne0nRa1n and Keith Biddulph
RFID MythBusting
Chris Paget
Search And Seizure Explained - They Took My Laptop!
Tyler Pitchford, Esq.
Fragging Game Servers
Bruce Potter and Logan Lodge
Hackerspaces: The Legal Bases
RogueClown
Debaze - A Remote Method Enumeration Tool for Flex Servers
Jon Rose
Bluetooth, Smells Like Chicken.
Dominic Spill, Michael Ossmann and Mark Steward
"I Am Walking Through a City Made of Glass and I Have a Bag Full of Rocks" (Dispelling the Myths and Discussing the Facts of Global Cyber-Warfare)
Jayson Street
Dangerous Minds: The Art of Guerrilla Data Mining
Mark Ryan Del Moral Talabis
Follow us on Twitter!
This is just a general reminder, we want to make sure all the submissions sent to us get a fair shot and are reviewed equally. We don't want any submissions missed so we send you an email to let you know it arrived safely. You should receive an acknowledgment of your submission within 48 hours after you have submitted. If you have not received an email from us, please resend your submission to talks at defcon dot org.
That's right slackers, you now have until Monday, May 18th to turn in your DEFCON CFP Submission! We want your insightful and interesting research to make it to the DEFCON 17 Stage!
So get on it, what are you doing reading this? Go work on your submission!
You can read the submission rules and get the CFP form at: https://www.defcon.org/html/defcon-17/dc-17-cfp.html
The much loved and anticipated LosT@Con Mystery Challenge has a new home on the web at https://ten-five-seven.org! LosT informs us that team registration for this year's challenge will be opening soon, so keep your eyes peeled on the new site, and on the Mystery Challenge Forum on the DEFCON Forums for all the details on how to enter and for clues relating to the challenge!
It's that time again, art ninjas!
Whip out your favorite medium and get to creating, because the official DEFCON 17 Artwork Contest is now underway, and will run now to June 15, 2009.
The goal for this year's artwork contest is to create a piece of art you would see plastered on a wall, mailbox, telephone pole or bumper of a car of the nearest urban center. What we're looking for is an underground feel, reminiscent of DIY 'zines, gig posters, or pulp comics... (Read on)
The first round of speakers have been chosen with another to follow soon! You can check them out on the DEFCON 17 site, which is now live and will contain all the info for this year's con!
This year at the Riv we'll see some nice changes to some of the pricing and policies of the hotel.
Some initial RIV updates from the Dark Tangent on the DEFCON Forums:
1 - Room prices have been dropped to $89/Day and should be reflected here soon:
http://www.rivierahotel.com/resnet/roomres.asp?ID=309
If you booked under the old prices I _think_ the pricing will automagically be reflected in your bill as the new room block price.
2 - We will get the pool to 11pm for swimming and hanging out. We can do low key DJ action till then. We are currently talking with them to determine how we can keep it longer.
3 - Drink prices on beer and booze have been reduced. I'll update this post when I have accurate information.
We'll post more updates and details as they become available!
Time to book those rooms for DEFCON 17. The Riviera has posted the booking info for this year's show. They are offering a rate of $102USD per night for 1-2 guests (add $20USD for additional guests up to 4).
Note: The Nevada State Senate passed a law to increase room tax to 12% effective July 1, 2009. The tax increase will apply to all rooms occupied on and after July 1, 2009 regardless of when the reservation was made.
You can acquire your room online at the following url:
http://www.rivierahotel.com/resnet/roomres.asp?ID=309
FOR IMMEDIATE RELEASE
1 APRIL 2009
DEFCON CTF QUALIFIER ANNOUNCED
Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 17 CTF.
The competition will be held on 5-7 June - without a stop, participants can be located everywhere. All are to play, but only the 9 best groups will be invited to join us in Las Vegas for the annual DEFCON ninja square off. We also intend to honour the code of the former CTF host and automatically qualify last years champion, the sk3wl of r00t (although we sincerely hope them to participate in qualifications).
The qualification round will be in the style of game board, but answers need not be in the form of a question. Categories will require teams to demonstrate the superiority of hacking into a vast relm of security.
You must be registered for participate.
Registration site: http://ddtek.biz/ctf/register.html
Registration opens: 01.04.2009 00:00:00 UTC
Registration ends: 04.06.2009 00:00:00 UTC
Qualifications open: 05.06.2009 23:00:00 UTC
Qualifications ends: 07.06.2009 23:00:00 UTC
More information that will follow via your registered email address.
Bring all your l33t haxor skillz just leave your Kiddie toolz behind.
Vulc@n
Difensiva Senior Engineer
Diuntinus Defense Technologies, Inc.
The DEFCON website has been given a fresh new face, designed to deliver relevant content, inspire interaction within the community, and be more mobile friendly. We've released this beta to get feedback from you, the user, as we begin to flesh out the new features. Take a look around, on different browsers and devices, and if you like, report any bugs or voice suggestions to neil [at] defcon ]dot[ org.
We're adding a few new items to the site, restructuring and expanding the archives section, and highlighting community news and events. Keep your eyes on the DEFCON RSS, Forums, Twitter, and/or LinkedIn Group for announcements as these features are completed and implemented.
The fine authors of Proposal #1 on the DEFCON 17 CTF Submissions Thread. We are not at liberty to divulge much more than this at this time, but you can read DT's announcement and keep yor eyes peeled for new details at the aformentioned links!
DT has sanitized and posted the CTF Proposal submissions on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=10246 to be viewed and commented on by the community. Check them out and weigh in on which one you think should be chosen for 2009!
I've started to upload all the audio and video from DEFCON 16!
This year we are offering something new, a combo video file that has both the slides as well as the video of the speaker on the same screen. These files are big! If you just want to listen to a talk I suggest downloading the m4b audio files.. they are 1/2 the size of years past and will easily fit on your phone.. about 5 to 10 megs each.
Audio files have finished uploading!
https://www.defcon.org/podcast/defcon-16-audio.rss
Video of just the presentation slides with audio are uploading now, should take a day or so to be available, then the combo video files will be uploaded.
Let the leeching begin! Report any problems on this forum thread.
The Dark Tangent
Just a friendly reminder, if your group wants to set the bar to take the fame, and the massive challenge of being the next Capture the Flag Organizers for DEFCON, you must get your submissions in by this weekend! Good Luck!
This thread on the DEFCON Forums has all the details!
xxxxxxxxxxxxxxxxxx xxx xx x xx DEF CON 17, Las Vegas 2009
xxxxxxxXXXXxxxxxxxxxxxxx xx x x July 31st - August 2nd
xxxxxxXXXXXXxxxxx x x x The Rivera Hotel and Casino
xxxxxXXXXXXXXxxxxx xx x x Las Vegas, Nevada, USA
xxxxXXXXXXXXXXxxx x xxxxxxxx x https://www.defcon.org/
xxxXXXXXXXXXXXXxxxxxxxxxx x
xxXXXXXXXXXXXXXXxxxxxx xx x Call for Papers Call for Papers
xxxXXXXXXXXXXXXxxxxxxxx Call for Papers Call for Papers
xxxxXXXXXXXXXXxxxxxxxx x x xx Call for Papers Call for Papers
xxxxxXXXXXXXXxxxxxxx xxx xx x Call for Papers Call for Papers
xxxxxxXXXXXXxxxxxxx x x x Call for Papers Call for Papers
xxxxxxxXXXXxxxxxxxxxxx xx x x Call for Papers Call for Papers
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx x Call for Papers Call for Papers
Dark monks of techno-fu, it is that time of the year again! The DEFCON CFP is now open!
What: DEFCON 17 Call For Papers
When: The Call for Papers will close on May 15, 2009
How: Complete the Call for Papers Form and send to talks at defcon dot org
Don't know what DEFCON is? Go to www.defcon.org and clue up!
Papers and presentations are now being accepted for DEFCON 17, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, July 31 - August 2, 2009.
Two years ago we eliminated specific speaking tracks and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We will group presentations by subjects and come up with topic clusters of interest. It worked out so well in the past we are doing it again this year.
What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it.
Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion.
What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year..
Check out https://www.defcon.org/html/defcon-16/dc-16-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past.
We are looking for and give preference to: unique research, new tool releases, Ø-day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON.
Speaking Formats:
Choose between 12 hundred seconds, 50 minutes, 110 minutes, 1/2 day Thursday or a break out format of a length you determine.
We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium.
Remember being attacked by Gran Master Ratt's Flame Crotch™? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space.
New for DEFCON 17:
NEW this year is a 1/2 day set of tracks on Thursday, pre-con, to help orient newbies and provide 1/2 day training on different 'foundational' subjects such as networking, building custom Linux distros, a work shop on modding your PSP, the fundamentals of radio, things like that. These sessions will get you in the mood for the main conference and give you something to do if you showed up early Thursday. As such your submissions for the Thursday sessions should be entertaining and help attendees who are fairly new get their feet under themselves, or give more advances hacker types a half day of fun gutting their TiVo.
If you want to present a 1/2 day training or newbie talk just make sure you mark down you want to present on Thursday.
We have ALL the speaking rooms this year, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you!
To submit a speech:
Complete the DEFCON 17 Call for Papers Form.
We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them.
This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection.
Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected.
After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program.
Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity.
Please visit:
https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site.
https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 17. Join in on the action.
https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here.
https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON.
CFP forms and questions should get mailed to: talks/at/defcon.org
WANTED:
An evil large multinational corporation, or...
A nefarious group of genius autonomous hackers, or...
A shadowy government organization from somewhere in the world
TO:
Host, recreate, and innovate the worlds most (in)famous hacking contest.
WHY:
For everlasting fame, intrusive media interviews, the respect of your peers, or the envy of your enemies.
Do you have what it takes and know what we're talking about?
Go to https://forum.defcon.org/showthread.php?t=10130 for all the details!
From HighWiz on the DEFCON Blogs:
The original "Unofficial DefCon FAQ" wasn't the work of one single individual but a collaboration by many people. I view my role as more of an organizer of the information rather than the creator of it.
Version 1.0 is seriously outdated, http://defcon.stotan.org/faq/ and in need of a refresh. So I figured I'd utilize this blog space to request feedback on version 2.0 .
To find out more and how to contribute, got to https://forum.defcon.org/blog.php?b=101
Due to overwhelming feed back for the positive, the DEFCON Forums are now strictly SSL. This change has enabled us to utilize page compression which was previously unavailable, which speeds up page delivery. It will also enhance security, since the all sessions will now be encrypted.
If you haven't already joined the DEFCON Forums, you should, it's a great place to keep in touch with the DEFCON community and to be a part of the discussion and planning leading up to the next DEFCON!
Check it out at: forum.defcon.org
If you didn't make it out to DEFCON 16, or just wanted to refresh on some of the great presentations we had this year, you can order full DVD copies of all of the talks from The Source of Knowledge (TSOK) website.
TSOK's SynchVue DVD Format is new and improved, combining video and audio of the speaker, as well as slide material in one!
From TSOK website:
SynchVue DVD-ROM + SessionVue Audio
The SynchVue DVD-ROM is an incredible product which merges the live audio with the projected image. Whether it is a PowerPoint presentation, software demonstration, video or web page, all of it is captured and synchronized seamlessly with the audio from the presenter.
Check it out at: https://www.sok-media.com/store/products.php?event=2008-DEFCON
Get over to the DEFCON Forums and weigh in on whether or not they should only be accessible over an SSL connection. If you are a forums member, there is a handy poll in which you can vote. If you're not a member, SIGN UP!
From DT on the DEFCON Forums:
Hey everyone, I'd like everyone's input on switching forum.defcon.org over to SSL only. Brief background:
The way we do redirection from http to https is a clever kludge Cot came up with, but it prevents us from using http compression, which would speed things up for everyone. Now that mobile devices have supported http compression for years we may as well take advantage of it, not to mention it would be like getting extra free capacity.
With SSL only some of the XSS and related attacks would be more difficult and MITM concerns would almost vanish.
The downside is some people might not be able to log in through proxies (I can over Tor, though), at free WiFi locations, etc.
https://forum.defcon.org/showthread.php?t=9967
It's all behind the scenes of course, but defcon.org is currently being re-worked a bit to enhance the community aspect of the site, refresh some of the older content, and become more mobile friendly. Keep an eye out over the next several weeks for changes and enhancements to the site!
For those of you that couldn't make it to this year's DEFCON, or just didn't get a chance to stop by the Swag Booth, the remainder of this year's swag can now be purchased from J!NX. Check out the available styles at http://www.jinx.com/def_con?tcid=1, but hurry, sizes and styles are limited!
Tony Kapela, who blew minds by using flaws in BGP to intercept and re-route all of the DEFCON 16 network traffic, is the featured speaker at Black Hat's fourth free webcast. the webcast is entitled "Trust Doesn't Scale - Practical Hijacking on the World's Largest Network. It promises to be an interesting presentation. To find out more, go to https://www.blackhat.com/html/webinars/practicalhijacking.html. To register, you can go to http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277. The webcast will begin Thursday, October 16 at 1pm PST.
As many of you may know, the unique electronic badges for DEFCON (since DC14) are designed by the illustrious Joe "Kingpin" Grand. Formerly a member of the hacker group L0pht Heavy Industries and currently the brain behind Grand Idea Studios and The Kingpin Empire, Joe also has a new TV show called "Prototype This" premiering this Wednesday, October 15th on the Discovery Channel at 10pm eastern time.
The premise -- A team of four super smart guys with varying electronics and engineering backgrounds come up with and prototype crazy one-of-a-kind inventions on the cutting edge of technology in a limited time frame.
It seems like this could be a great introduction for many into the world of hardware hacking and design. We're looking forward to see what they come up with!
Upcoming Episode List:
MIND CONTROLLED CAR - October 15 @ 10 e/p
BOXING ROBOTS - October 22 @ 10 e/p
TRAFFIC BUSTING TRUCK - October 29 @ 10 e/p
GET UP AND GO - November 5 @ 10 e/p
WATERSLIDE SIMULATOR - November 12 @ 10 e/p
SIX-LEGGED ALL TERRAIN VEHICLE - November 19 @ 10 e/p
Some links about the show:
http://dsc.discovery.com/tv/prototype-this/prototype-this.html - Discovery Channel Page for Prototype This
http://en.wikipedia.org/wiki/Prototype_This - Wikipedia Entry
http://news.cnet.com/8301-13772_3-10016485-52.html - CNet News Article
There were many press-worthy happenings at DEFCON 16 this year, from the MBTA controversy to the New way of expoiting BGP. We've collected many of the articles for you to peruse on the Past Media Coverage page. You can check it out at https://www.defcon.org/html/links/dc_press/dc_press.html.
If you've noticed an article directly related to to DEFCON 16 we might have missed, send the url to neil ]at[ defcon {dot} org and we'll post it.
Lose your DEFCON 16 CD? Looking for updated presentation materials? Did you just miss DEFCON 16 altogether? You're in luck! The presentation slides and extras from the DEFCON 16 CD, including updated presentations we have received thus far can now be downloaded on the DEFCON Media Archives page.
Go to https://www.defcon.org/html/links/defcon-media-archives.html for all the goodies!
Popular Mechanics has interviewed Zack Anderson, one of the silenced MIT Students who were to give the Anatomy of a Subway Hack talk at DEFCON 16.
From Popular Mechanics:
Its rare that a hacker convention makes national news, but three MIT students caused a whole lot of controversy when they planned a presentation about security holes in Boston's subway system for DefCon in Las Vegas earlier this month. They were forced to cancel the talk at the last minute by a 10-day federal restraining order, requested by Boston's Massachusetts Bay Transit Authority (MBTA). On Tuesday, a judge denied motions by the MBTA to issue a preliminary injunction aimed at keeping the students quiet for a further five months. Now, in his most extensive interview to date, MIT subway hacker Zack Anderson talks with PM about what's wrong with the Charlie Card, what happened at DefCon, and what it's like to tango with the FBI and the MBTA.
Read more at: http://www.popularmechanics.com/technology/industry/4278892.html?page=1
From CNET.com:
BOSTON--The three Massachusetts Institute of Technology students who have been barred by a court order from discussing subway card vulnerabilities are now free to say what they want.
In a ruling certain to be cheered by computer researchers, a federal judge here Tuesday let the 10-day-old gag order expire. U.S. District Judge George O'Toole Jr. refused to grant a preliminary injunction requested by the Massachusetts Bay Transportation Authority that would have blocked the students from talking about their findings until January 1, 2009.
The MBTA's requested injunction would have replaced a temporary restraining order granted during the Defcon hacker conference, which under federal court rules automatically expires on Tuesday.
Read more at: http://news.cnet.com/8301-1009_3-10020252-83.html?hhTest=1
Brenno De Winter will be speaking Sunday on controversy surrounding hacks of the Belgian Subway system. The presentation will occur 13:00 to 13:50 in Track 3.
The EFF Announced today that they will represent 3 MIT students who were set to present at DEFCON 16 on Mass transit vulnerablities. The students were forced to cancel their presentation on Sunday, due to a Federal Court Judge's Order.
From eff.org:
MIT Students Gagged by Federal Court Judge
EFF Backs Researchers Forced to Cancel Presentation on Transit Fare Payment System
Las Vegas - Three students at the Massachusetts Institute of Technology (MIT) were ordered this morning by a federal court judge to cancel their scheduled presentation about vulnerabilities in Boston's transit fare payment system, violating their First Amendment right to discuss their important research. (read more at: http://www.eff.org/press/archives/2008/08/09
To see what other press is happening at DEFCON 16, check out the DEFCON in the news thread at https://forum.defcon.org/showthread.php?p=98012#post98012
DEFCON 16 Capture the Flag is Coming!
In just a couple of days, the ultimate battle will begin at DEFCON 16. That's right, we're talking about the DEFCON Capture the Flag Competition organized by Kenshoto! Eight Teams will unleash their best root-fu in the struggle for the coveted CTF Title! The Following teams will be competing.
1@stPlace (returning champions)
Routards
Pandas with Gambas
Guard@MyLan0
Shellphish
Taekwon-V
WOWHACKER
PLUS 4800
Head into CTF Room in Royale Pavilion to Check out the action!
The annual must-see Defcon event of BGP, booze, and bemusement returns in this year's TCP/IP Drinking Game. Panelists will pit their trivia knowledge of network trivia against one another and the ever-present haze of inebriation for all to see. We promise that no RFC nor hepatic system will be spared. As always, solid audience participation is encouraged, so bring well-researched queries.*
This year's event will be hosted by Adam J. O'Donnell, security researcher and provocateur.
The usual M.C. of the TCP/IP drinking game, Dr. Mudge, is spending this year sober for tax purposes...
see you next year with my new bionic liver :)
..mudge
* Anyone asking about Windows 98 TCP/IP UIs will be promptly ejected.
Friday @ 20:00 in Speaking Track 4 The vehicle of choice this year for up to the minute updates of breaking DEFCON news, announcements and so forth will be the DEFCON 16 Twitter feed. Sign up now at http://twitter.com and follow user defcon16 to keep up to date with this year's DEFCON!
See news breaking? Send events of note at DEFCON 16 to defconupdates {at} gmail ]dot[ com so we can tell the world! Well folks, the time for the 16th installment of the hacking convention known as DEFCON draws near, and this year promises to be a great one! We've got more content than ever, including 5 full tracks of talks, demos, workshops, new contests, a new Hardware Hacking Village, and even a new EFF fundraiser to replace the dunk tank! Here is some of the goodness you can expect:
DAVIX Visualization Workshop
At this "Bring Your Own Laptop" workshop we will introduce you to DAVIX. The workshop starts with an introduction to the set of available tools, the integrated manual, as well as customizing the CD to your needs. In a second part, you can use DAVIX to analyze a set of provided packet captures. In the end we will show some of the visualizations created by the participants. Be prepared for pretty and meaningful pictures! Get more info at: https://forum.defcon.org/forumdisplay.php?f=425
Mobile Hacker Spaces
Interested in visiting a Colorado Hacker Space here at DefCon 16? Check out the first ever Mobile Hacker Space, which will be parked in the outside chill out area during the convention. Try your hand against one of the challenges in the pentest lab, or learn from the web-based tutorials posted on the open network. Participation is encouraged, and presentations will be given every day from 2-4pm, which will provide a more hands-on look at how the Mobile Hacker Space operates and fits within published hacker space design patterns. Make sure you also attend the presentation on the history and design of the Colorado Springs Mobile Hacking Space on Sunday, at 1pm in Track One. Forums link: https://forum.defcon.org/forumdisplay.php?f=428
Quantum Spookshow
Quantum mechanics make possible some things that are impossible in the "classical" world of ordinary experience, and which even seem to contradict common sense. Some of these spooky effects are coming into practical use in security applications. The Quantum Spookshow of the National Institute of Standards and Technology (NIST) and the National University of Singapore (NUS) demonstrates quantum cryptography and quantum entanglement on a four-node quantum network, which supports quantum encrypted streaming video and violations of local realism. Participants are encouraged to interact with the light beams that constitute the physical link of this network, and to meet physicists who have designed and built quantum networks. Quantum mechanics provides methods of encryption that are secure from eavesdropping attacks against the quantum channel, but in any actual system there are points of vulnerability, e.g. correlations of classical noise in the operation of quantum elements. Participants will have a chance to discover vulnerabilities by hands-on interaction with our systems.
Hours: 10:00-18:00 on Friday and Saturday with Sunday, closing around 16:00
Location: 114. Directly across from the Contest area.
EFF Fundraiser
This year we decided to replace our beloved Dunk Tank with something NEW!
Hackers and Guns in Las Vegas – Ya gotta love it.
You've seen it played out numerous times in movies and on TV. A flash bang grenade goes off. SWAT kicks in the door and moves quickly to differentiate between the good guys and the bad guys in the same room. How do they train to effectively recognize and take out the bad guys, while not wasting any of the hostages? One of the tools they use is a Firearms training Simulator or FATS system and someone was foolish enough to let us get our hands on one for DEFCON 16.
So… Calling all Shooters, FPS Gamers, Psycho Killers, and 1337 wannabes. Come on by and pop a cap in someone’s VR ass. We will be set up in room 115 across from the contest area and next door to the Quantum Spookshow from 10:00 – 20:00. See if you got the skillz to make it through the challenges unscathed. Then the next time you hear a knock at your door in the middle of the night - you'll be ready. More at: https://forum.defcon.org/forumdisplay.php?f=427A WarBalloon, er... Airborne Surveillance & 802.11 Stumbling Platform, also known as the "Kismet Eye in the Sky" will be flying just outside the DEFCON convention center on FRI and SAT from 11AM - 2 PM.
DEFCON Attendees:
please note the Balloon & Electronics launch will occur Daily at 11:00 AM & several times during the day as we change antenna's & recon. new targets.
Read more at: https://forum.defcon.org/showthread.php?t=9613 From the DEFCON Shoot Page on Deviating.net:
The DEFCON Shoot is a public event happening just prior to the DEFCON hacker conference in Las Vegas, Nevada. Anyone who wants to can show up and for a small fee make use of a private range located about 30 minutes outside of the city. There will be opportunities to see and possibly shoot some of the weapons belonging to your friends and it will also be possible to rent firearms (including Class-III full autos) from the range itself. In addition to having a number of terrific pieces of hardware on-site, the range is directly affiliated with Small Arms Review Magazine and thus has access to their nearly limitless archive of equipment. Anything from a WWII Bren Gun to a Vulcan Cannon-style Minigun is possible.
As of right now, the event's ability to come off is contingent on participation... that means that we need you if we're going to make it happen. I have run the numbers, and I can acquire us private range time at a very sweet facility if we have about a little over two dozen people showing up, provided that about at least ten of them are interested in some full-automatic action. Read on for more details about location, pricing, etc.
You can sign up on the DEFCON Forums at https://forum.defcon.org/showthread.php?t=9574
You can get all the info at http://deviating.net/firearms/defcon_shoot/New DEFCON 16 Events/Contests
There are few new happenings recently added to the mix that you might want to know about, such as the EEE PC Mod workshop, The Leetskills Talent Competition, as well as Buzzword Survivor, where you can win your share of $10k! Get all the up to the minute info at https://forum.defcon.org/forumdisplay.php?f=346!
DEFCON 16 Black & White Ball: Acts Announced
Get ready for some hot DJ action kids! Zziks has posted a tentative lineup for the Black & White Balls and Daytime Chillout Area. Check them out as they evolve on the Forums at https://forum.defcon.org/showthread.php?t=9533! There will be one wildcard (walk-on) team allowed this year. Each year I have people asking about the contest after it is too late. This is my means of dealing with those people. Keep in mind that the first year Mystery Challenge ran a walk-on team won the competition.
Friday morning I will be accepting intentions to compete. THIS MAY CHANGE TO THURSDAY NIGHT. If only one team shows for this position, it is theirs. If multiple teams show, there will be a mini-challenge race to determine who gets the spot.
Anyone who intends to try for the walk on team should email me their intentions prior to con if possible. (DC16MysteryChallenge [at] MysteryChallenge ]dot[ org. This will help me gauge the magnitude of the mini-challenge race, if necessary (and it just helps me get an idea of the number trying out).
See you all in a few weeks.
LosT The wait is over. Buzzword survivor is here. The rules are simple, the money is real.
Rules: You sit and listen to 36 hours of straight vendor pitches
- No sleeping
- Eat what you want
- Bathroom breaks when you need them
- Stand and stretch when you need to, but you have to stay focused on the presenter.
Prize:
- 10 contestants
- Half the pot gets divided by all remaining contestants at the end.
- Half the pot get divided 60, 30, 10 by 1st, 2nd, 3rd in test scores.
Prizes as of June 1, 2008 (assuming all 10 make it to the end). Pot could rise depending on number of sponsors.
- 1st: $3500
- 2nd: $1500
- 3rd: $750
- All others: $500
To become a contestant email: buzzwordsurvivor@gmail.com Mystery Challenge registration is now closed. There will be 1 wildcard team allowed to sign up the first day of Defcon. Should multiple teams desire this position, there will be a mini-contest. Interested parties should email LosT with their intent to try for the wildcard slot. DEFCON 16 Schedule now on-line! We are proud to present the schedule of speakers and events for DEFCON 16! Thanks to all the new space available at the Riviera Hotel & Casino, we have even more room this year. 4 Full speaking tracks and an additional "Breakout" track filled with cool talks, demonstrations and workshops. We are pleased at our lineup, and the amazing list of speakers who really diversified the content this year.
Link: http://defcon.org/html/defcon-16/dc-16-schedule.html
Keep checking the website and schedule for changes, Contests & Event Schedules and Workshop room locations. This year is packed with more stuff to enjoy than any years prior and we hope you like it just as much as we do!
See you at the show! Mystery Challenge Registration will close this Sunday (6/29/08) at 11:59:59 PM.
If you intend to register do it now.
There should be sufficient information in the forums and on MysteryChallenge.org at this point.
1057 Recently announced at the DEFCON forums:
The DEFCON Badge Hacking Contest awards the top 3 most ingenious, obscure, mischievous, obscene, or technologically astounding badge modifications created over the weekend. No longer just a boring piece of passive material, the badge is now a full-featured, active electronic product, and it exists for your hacking pleasure.
We've had some amazing hacks in previous years. For info on the past badges and badge hacking contest entries, check out:
http://www.grandideastudio.com/portf...fcon-15-badge/http://www.grandideastudio.com/portf...fcon-14-badge/
This is the first year that it will be an official contest announced in advance, etc., as previously we've kept the whole thing under wraps until the first day of the con. For more info go to https://forum.defcon.org/showthread.php?t=9502
This is it, Ladies and Germs, the last few DEFCON 16 speakers have been chosen and the Talk schedule is now in it's final stages. Look for the DEFCON 16 Schedule page to be updated this week at https://www.defcon.org/html/defcon-16/dc-16-schedule.html. For now, check out the speaker page and see what these latest selections are all about!
Grendel-Scan: A new web application scanning tool
David Byrne, Eric Duprey
Comparison of File Infection on Windows & Linux
Iclee_vx
Anti-RE Techniques in DRM Code
Jan Newger
How can I pwn thee? Let me count the ways
Renderman
Hijacking the Outdoor Digital Billboard Network
Tottenkoph, Rev
You can discuss the speakers and talks on the DEFCON Forums at:
https://forum.defcon.org/showthread.php?t=9496DefconBots is back this year with the same rules as last year. Now is a great time to get started on your bot! Last year there were six competitors, this year let's get a lot more! Don't let "I can't solder" stop you again, you can get started with a simple kit available through http://defconbots.org There's even open source software to get you started in linux. 9 more talks have been added to the DEFCON 16 lineup, and are listed below, Alpha by Speaker
Digital Security: a Risky Business
Ian O. Angell
Pen-Testing is Dead, Long Live the Pen Test
Taylor Banks
Hacking the Bionic Man
Gadi Evron
Panel: Internet Wars 2008
Gadi Evron Moderator
The Big Picture: Digital Cinema Technology and Security
Mike Renlund
Inducing Momentary Faults Within Secure Smartcards / Microcontrollers
Christopher Tarnovsky
MetaPost-Exploitation
Valsmith, Colin Ames
Password Cracking on a Budget
Matt Weir, Sudhir Aggarwal
New ideas for old practices - Port-Scanning improved
Fabian "fabs" Yamaguchi, FX
Due to late blooming interest in the contest, all entries for the DEFCON 16 Artwork Contest will be accepted up until 5pm PST on Sunday June 22, 2008. You can find the rules at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html.
Voting for the People's Choice category will commence Monday June 23, 2008 and will run for one week on pics.defcon.org. A link to the voting gallery and instructions will follow at that time. You will need a DEFCON Pics account to vote, so if you don't have one, sign up now!
Good luck all! From Agent X on the DEFCON Forums:
The few, the proud (arrogant?) ,the insane? Yes, that's right Speaker Operations a subset of the Defcon Goon Squad is looking for a few good folks. Speaker Operations goons are the blue shirts that ferry speakers to and from stage, keep the speaking schedule in order, and generally try to make the talks not suck...
Sometimes we succeed, sometimes we fail, generally there is beer at the end.
In an effort to ensure a healthy supply of goons for future Defcons, I'm holding semi-formal auditions/interviews this year at Defcon 16.
So if you interested in joining the ranks of the Defcon Speaker Operations Goons squad, here's what you've got to do:
* Write me an email, telling my why you will rock speaker operations. (In a good way).
* Demonstrate your resourcefulness by tracking me down and arranging a time for us to talk at Defcon this year. Make it memorable...it's a busy con you know.
* Demonstrate to the speaker operations staff those blue shirted goons again, you know why they are so awesome (?!Schwag, beer?!)
Thank you for your interest.
Agent X
https://forum.defcon.org/showthread.php?t=9474 Formerly known as Amateur Capture The Flag (aCTF), this contest pits any Defcon attendee against the house (DC949) as well as other contestants. There are a series of challenges of varying difficulty involving a variety of things, including cryptology, stenography, malicious software, and websites (and other services) just waiting to be exploited.
Find out more at: http://dc949.org/oCTFIV/ This year on Friday night we will be screening a documentary, Hackers Are People Too, which will end before the director/producer needs to participate in Hacker Jeopardy. Then we will move on to some Blu-Ray goodness of "Appleseed Ex-Machina" for the latest in cg anime from Japan.
Saturday evening we will go retro with "Three Days of the Condor", where you can see an early Robert Redford deal with spies, telephones, and intrigue. For those who have seen 'safehouse' you'll recognize a scene for scene rip off homage to "Condor" Then we'll close with as of yet TBD movie...
The following teams have demonstrated their uber prowess by qualifying to participate in the DEFCON 16 Capture the Flag Contest, organized by Kenshoto.
These 7 teams will be battling last year's winners, 1@stPlace, for the CTF title! DEFCON would like to congratulate all of these talented teams and wish them luck!
Routards 5200
Trivia 1500
Binary Leetness 1000
Forensics 1500
Real World 600
Potent Pwnables 600
Pandas with Gambas 5200
Trivia 1500
Binary Leetness 1000
Forensics 1500
Potent Pwnables 600
Real World 600
Guard@MyLan0 4800
Trivia 1500
Binary Leetness 600
Forensics 1500
Potent Pwnables 600
Real World 600
Shellphish 4800
Trivia 1500
Binary Leetness 600
Forensics 1500
Potent Pwnables 600
Real World 600
Taekwon-V 4800
Trivia 1500
Binary Leetness 600
Forensics 1500
Potent Pwnables 600
Real World 600
WOWHACKER 4800
Trivia 1500
Binary Leetness 600
Forensics 1500
Potent Pwnables 600
Real World 600
PLUS 4800
Trivia 1500
Binary Leetness 600
Forensics 1500
Potent Pwnables 600
Real World 600
The LosT@Con Mystery Challenge preregistration will remain open for an undisclosed bit longer. Teams who have not completed the preregistration but that intend to enter are encouraged to post such intentions in the DC forums.
This year there will be one wildcard slot open, and a mini-contest will be held two hours prior to the official contest start for that slot.
https://forum.defcon.org/forumdisplay.php?f=369 Hacker Jeopardy
The Official Hacker Jeopardy entry thread on the DEFCON Forums is now open for signup, at https://forum.defcon.org/showthread.php?t=9444
From the signup thread:
This year, we will be accepting applications from both teams and individuals. We will likely hold a set of qualifying games Friday afternoon to allow unproven teams/people a chance to show off their skillz and advance into the late night tournament.
Buzzword Survivor - NEW!
Buzzword Survivor is a new contest that pits you against 36 hours of vendor pitches, with big cash prizes! Find out what it's all about and sign up at https://forum.defcon.org/forumdisplay.php?f=352 There's only a little over a week left to submit your creations for the DEFCON 16 Artwork Contest. The Contest info and rules can be found at https://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html. Current submissions are on https://pics.defcon.org/showgallery.php?cat=532&ppuser=16770 We've got more talks up on the speaker page, listed below, alpha by speaker
BackTrack Foo - From bug to 0day Mati Aharoni They're Hacking Our Clients! Introducing Free Client-side Intrusion Prevention Jay Beale
Arbitrary code injecting MITM attack vectors
Joachim De Zutter "byterage"
Wide World WAF's
Ben Feinstein
Virtually Hacking
John Fitzpatrick
Malware RCE: Debuggers and Decryptor Development
Michael Ligh
Fear, Uncertainty and the Digital Armageddon
Morgan Marquise-Boire
Toasterkit, a Modular NetBSD Rootkit
Anthony Martinez, Thomas Bowen
Bringing Sexy Back: Breaking in with Style
David Maynor, Robert Graham
Panel: All Your Sploits (and Servers) Are Belong To Us: Vulnerabilities Don't Matter (And Neither Does Your Security)
David Mortman, Rich Mogull, Chris Hoff, Robert "RSnake" Hansen, Robert Graham, David Maynor
Solid Stated Drives Destroy Forensic & Data Recovery Jobs: Animated!
Scott Moulton
Urban Exploration - A Hacker's View
Phreakmonkey
Beholder: New wifi monitor tool
Nelson Murilo, Luiz 'effffn' Eduardo
Keeping Secret Secrets Secret and Sharing Secret Secrets Secretly
Vic Vandal
RE:Trace: The Reverse Engineer's Unexpected Swiss Army Knife
David Weston, Tiller Beauchamp
https://www.defcon.org/html/defcon-16/dc-16-speakers.html Participants in Gringo Warrior will have five minutes to free themselves from handcuffs, escape from their "cell", get past a guard, retrieve their passport from a locked filing cabinet, leave through another locked door, and make their escape to freedom. The course will offer a variety of locks representing a range of difficulty, allowing participation by people of all skill levels. Points will be awarded based on the time of completion as well as the difficulty of locks attempted. The best warrior of all wins the grand prize!
Get the full story at: https://forum.defcon.org/showthread.php?t=9401 DEFCON 16 Now has a Twitter Feed for all you Tweeters out there! Frequent updates will be forthcoming up to and during the con to keep you in the loop for news, contest updates and events. http://www.twitter.com/defcon16 From Kenshoto.com:
See the final results at http://www.kenshoto.com/results.txt!
The first 7 teams on the list have qualified. If any are unable to attend, invitations will be extended to the alternates in scoring order. Do you think you have the wordsmithing skills to come up with he next great DEFCON slogan? The DEFCON 16 Slogan Contest is now up and running, so get on over to http://www.totallybog.us/dc16slogan/dc16slogan.html and submit your literary gems for a chance to be featured in the DEFCON 16 Program! Working with Law Enforcement
Don M. Blumenthal
CSRF Bouncing†
Michael Brooks
Hacking Desire
Ian Clark
Compromising Windows Based Internet Kiosks
Paul Craig
Shifting the Focus of WiFi Security: Beyond cracking your neighbor's wep key
Thomas d'Otreppe de Bouvette "Mister_X", Rick Farina "Zero_Chaos"
Snort Plug-in Development: Teaching an Old Pig New Tricks
Ben Feinstein
Playing with Web Application Firewalls
Wendel Guglielmetti Henrique
Advanced Software Armoring and Polymorphic Kung Fu
Nick Harbour
Under the iHood
Cameron Hotchkies
Tuning Your Brain.
Lyn
Forensics is ONLY for Private Investigators
Scott Moulton
Every Breath You Take
Jim O'Leary
Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving, Or, Techniques of Industrial Espionage
Eric Schmiedl
Gaming - The Next Overlooked Security Hole
Ferdinand Schober
Making a Text Adventure Documentary
Jason Scott
StegoFS
James Shewmaker
Let's Sink the Phishermen's Boat!
Teo Sze Siong, Hirosh Joseph
Medical Identity Theft
Eric Smith, Dr. Shana Dardan
Web Privacy and Flash Local Shared Objects
Clinton Wong
The BCCC run by Deviant Ollam has popped up on hackaday.com!
From the article:
Let's face it: no one likes warm beer. In the arid August air of Las Vegas, though, it's difficult to get anything else. To combat this problem, Deviant has hosted a competition the last three years at Defcon called the Beverage Cooling Contraption Contest, or BCCC. We're not talking about something as simple as a Coleman cooler or even a peltier cooler: the devices entered in this contest have to be able to take a beer from hot to cool and your glass within minutes.
For info on the contest, go to: http://www.deviating.net/bcccThe selection process continues, and the second batch of talks for DEFCON 16 is now on the the speaker page. They are listed below, alpha by speaker! Check 'em out!
Autoimmunity disorder in Wireless LAN
Md Sohail Ahmad, JVR Murthy, Amit Vartak
The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems
Zack Anderson, RJ Ryan, Alessandro Chiesa
Predictable RNG in the vulnerable Debian OpenSSL package, the What and the How
Luciano Bello, Maximiliano Betacchini
Buying Time- What is your Data Worth? (A generalized Solution to distributed Brute Force attacks)
Adam Bregenzer
ModScan: A SCADA MODBUS Network Scanner
Mark Bristow
Deciphering Captcha
Michael Brooks
Hacking Data Retention: Small Sister your digital privacy self defense
Brenno De Winter
Markets for Malware: A structural Economic Approach
Brian K. Edwards, Silvio J. Flaim
Identification Card Security: Past, Present, Future
Doug Farre
VLANs Layer 2 Attacks: Their Relevance and their Kryptonite
Kevin Figueroa, Marco Figueroa, Anthony L. Williams
Journey to the center of the HP28
Travis Goodspeed
Nail the Coffin Shut, NTLM is Dead
Kurt Grutzmacher
Race-2-Zero Unpacked
Simon Howard
Triad-Based Music Steganography
Adrian Johnson
Panel: Black vs. White: The complete life cycle of a real world breach
David Kennedy, Ken Stasiak, Scott White, John Melvin, Andrew Weidenhamer
Demonstration of Hardware Trojans
Fouad Kiamilev, Ryan Hoover
WhiteSpace: A Different Approach to JavaScript Obfuscation
Kolisar
Flux on: EAS (Emergency Alert System)
Matt "DCFLuX" Krick
Taking Back your Cellphone
Alexander Lash
Feed my Sat Monkey
Major Malfunction
Sniffing Cable Modems
Guy Martin
The World of Pager Sniffing/Interception: More Activity than one may suspect
NYCMIKE
New Tool for SQL Injection with DNS Exfiltration
Robert Ricks
Free Anonymous Internet Using Modified Cable Modems
Blake Self, Durandal
Evade IDS/IPS Systems using Geospatial Threat Detection
Ryan Trost
The Death Envelope: A Medieval Solution to a 21st Century Problem
Matt Yoder
The first round of speakers have been selected for DEFCON 16, and it looks like we have a great lineup going! The selection process is coming along nicely and we should have the next batch of speakers online by the middle of next week.
Here are the titles and speakers for the talks so far, alpha by speaker:
Time-Based Blind SQL Injection using heavy queries: A practical approach for MS SQL Server, MS Access, Oracle and MySQL databases and Marathon Tool
Chema Alonso, José Parada
VulnCatcher: Fun with Vtrace and Programmatic Debugging
atlas
Owning the Users with Agent in the Middle
Jay Beale
The emergence (and use) of Open Source Warfare
Peter Berghammer
What To Do When Your Data Winds Up Where It Shouldn't
Don Blumenthal
Generic, Decentralized, Unstoppable Anonymity: The Phantom Protocol
Magnus Bråding
Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer (practical low level attacks against x86 pre-boot authentication software)
Jonanthan Brossard
Building a Real Session Layer
D.J. Capelis
Hacking E.S.P.
Joe Cicero, Michael Vieau
Climbing Everest: An Insider's Look at one state's Voting Systems
Sandy Clark "Mouse"
Could Googling Take Down a President, a Prime Minister, or an Average Citizen?
Greg Conti
Next Generation Collaborative Reversing with Ida Pro and CollabREate
Chris Eagle, Tim Vidas
Ask EFF: The Year in Digital Civil Liberties Panel
Kevin Bankston, Eva Galperin, Jennifer Granick, Marcia Hofmann, Corynne McSherry, Kurt Opsahl
Panel: Hacking in the Name of Science
Tadayoshi Kohno, Jon Callas, Alexei Czeskis, Dan Halperin, Karl Koscher
de-Tor-iorate Anonymity
Nathan Evans, Christian Grothoff
Nmap: Scanning the Internet
Fyodor
BSODomizer
Joe "Kingpin" Grand, Zoz
Satan is on my Friends list: Attacking Social Networks
Nathan Hamiel, Shawn Moyer
A Hacker Looks at 50
G. Mark Hardy
War Ballooning-Kismet Wireless "Eye in the Sky"
Rick Hill
The Death of Cash: The loss of anonymity and other dangers of the cash free society
Tony Howlett
Intercepting Mobile Phone/GSM Traffic
David Hulton, "Skyper"
Ham For Hackers - Take Back the Airwaves
JonM
Career Mythbusters: Separating Fact from Fiction in your Information Security Career
Lee Kushner, Mike Murray
Developments in Cisco IOS Forensics
"FX" Felix Lindner
Good Viruses. Evaluating the Risks
Dr. Igor Muttik
Brain Games: Make your own Biofeedback Video Game
Ne0nRain
Joe "Kingpin" Grand
VoIPER: Smashing the VoIP stack while you sleep
N.N.P.
Hacking OpenVMS
Christer Öberg, Claes Nyberg, James Tusini
365-Day: Active Https Cookie Hijacking
Mike Perry
Malware Detection through Network Flow Analysis
Bruce Potter
The true story of the Radioactive Boyscout: The first nuclear hacker and how his work relates to Homeland Security's model of the dirty bomb
Paul F. Renda
CAPTCHAs: Are they really hopeless? (Yes)
Mike Spindel, Scott Torborg
Living in the RIA World
Alex Stamos, David Thiel, Justine Osborne
Xploiting Google Gadgets: Gmalware and Beyond
Tom "strace" Stracener, Robert "Rsnake" Hansen
TBA
Marc Weber Tobias
How to make Friends & Influence Lock Manufacturers
Schuyler Towne, Jon King
Compliance: The Enterprise Vulnerability Roadmap
Weasel
Mobile Hacker Space
Thomas Wilhelm
To read more about these talks, go to the speaker page at http://www.defcon.org/html/defcon-16/dc-16-speakers.html!
You can check out the first few submissions to the Artwork Contest on pics.defcon.org at this URL:
https://pics.defcon.org/showgallery.php?cat=532 The time has come to close the DEFCON 16 CFP. Speaker Selection is now underway, and updates to the Speaker list will be frequent as they are chosen. Keep your eyes on the speaker page, the schedule page, and subscribe to the RSS Feed to stay apprised of speaker announcements as they occur!
Speaker Page: https://www.defcon.org/html/defcon-16/dc-16-speakers.html
Schedule Page: https://www.defcon.org/html/defcon-16/dc-16-schedule.html
RSS Feed: https://www.defcon.org/html/defcon-16/dc-16-speakers.html For all you last minute stragglers and super busy folks, we are keeping the Call for Papers open through Monday the 19th. Get on it and send that submission to talks at defcon dot org!
https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html LosT is working his devious magic again with the LosT @ Con Mystery Challenge! There is a Pre-Reg Challenge currently open, and you can find instructions at https://forum.defcon.org/showthread.php?t=9357.
What is the Mystery Challenge you may ask...?
From mysterychallenge.org
The mystery challenge is just that- a mystery. Details of the contest are not given until the contest starts.
So take the dare, and enter a contest where you are flying blind.
So you heard about the challenge, and think you can compete?
Search for hints and clues carefully, even prior to Defcon.
Suggested Skillset for success:
-Physical security (Lockpicking, literal hacking, etc)
-Electronics (reading schematics, breadboard prototyping, etc)
-Puzzle and Riddle Skills
-Coding, networking, hacking...
-???
You've only got a few days left to submit your groundbreaking research to the DEFCON Call for Papers. Go to https://www.defcon.org/html/defcon-16/dc-16-cfp-form.html and get your submission in for the chance to give a talk at DEFCON 16! Kenshoto will be back this year bringing all out cyber-warfare to DEFCON 16. The qualification round for this year's Capture the Flag contest has been officially announced.
From the DEFCON Forums:
Deputy Director of Homeland Security, Dr. Kenneth Shoto today announces a call to cyber-ninjas everywhere to sign up for his annual fight-to-the-death qualifying competition for the Defcon Capture the Flag (CtF) contest. The qualifying competition will start at 10PM on Friday, May 30th and end at 10PM on Sunday, June 1st.
Find out more at https://forum.defcon.org/showthread.php?t=9352 or http://kenshoto.allyourboxarebelongto.us:1337/ The buzz concerning the new unofficial Race to Zero Contest at DEFCON 16 just keeps on building. Dan Kaminsky provides his thoughts on the mounting controversy in an interview with Search Engine, a Canadian public radio program.
Check it out here:http://podcast.cbc.ca/mp3/searchengine_20080508_5692.mp3 After a hiatus due to an XSS vulnerablity, The DEFCON pics site is back up and running! Don't hesitate to head on over and upload your favorite photos and videos from past DEFCON conventions! The Race-to-Zero anti-virus challenge was announce scarcely a week ago, and already the controversy surrounding it has bubbled all the way up to Wired. The contest's basic premise is that competitors will be given sample virus code and rewarded for modifying that code in such a way that it defeats common AV products.
AV vendors have made their discomfort with the idea clear, with various spokesmen for the industry voicing concern about the creation of new threats to existing AV products. Contest organizers have countered that the contest is categorically not about creating new virii, rather it is about demonstrating the speed with which currently blocked virii can be modified to defeat current virus-blocking software.
While it's important to note that while the contest will be happening at this year's DEFCON, it is not an official DEFCON contest. To learn about the contest from its creators and organizers, please check their website at www.racetozero.net.
Links:
http://www.racetozero.net/
http://blog.wired.com/27bstroke6/2008/04/hacker-challenge.html
http://www.infoworld.com/article/08/04/28/Security-vendors-slam-Defcon-virus-contest_1.html
Go to https://forum.defcon.org/forumdisplay.php?f=419 to chime in on the controversy Whip out your favorite medium and get to creating, because the official DEFCON 16 Art Contest is now underway! This year’s contest is a bit different from previous years, and will run now to June 15, 2008.
Go to http://www.defcon.org/html/defcon-16/dc-16-artwork-contest.html Check out this new contest brewing for DEFCON 16!
From the DEFCON Forums:
The Race to Zero involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.
Further details are available here: http://www.racetozero.net/ This is the Official CALL FOR TALENT :
This year the ballroom will lead a double life .
By day: the room will be a chillout/break out room complete with wifi
By night: the room will transform into the black and white ball complete with dance floor, lights,headlining acts and a bar.
This said we are currently taking all submissions for DJ/acts for the chillout/breakout . and have a few slots for black and white ball .
some of the styles we are looking for are :
drum n bass
trance
breaks
electro
industrial
If you are interested in performing please contact :
blackandwhitedjs@gmail.com
That's right! It's time again to submit your hacktastic discoveries to be considered as a DEFCON 16 talk! New and interesting research is always welcomed in the realm of security, hardware hacking, social engineering, lockpicking, and anything else you can modify, bypass or reverse engineer. Out of the box thinking is what we're after... Go to the CFP form and submit!. The Defcon 15 Video Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and watch the presentations any time.
http://www.defcon.org/podcast/defcon-15-video.rss
Supporting Materials will be online at:
https://www.defcon.org/html/links/defcon-media-archives.html#dc_15
The Defcon 15 Audio Podcast is now online. If you didn't make it, or missed the speaker you wanted to see here is your chance to download and hear the presentations when you want.
http://www.defcon.org/podcast/defcon-15-audio.rss
Supporting Materials will be online at:
https://www.defcon.org/html/links/defcon-media-archives.html#dc_15 Tiger Team is a new series on TruTV (formerly CourtTV) featuring a familiar face from DEFCON, Luke McOmie aka pyr0.
From wikipedia:
The show follows a "tiger team" of Chris Nickerson, Luke McOmie, and Ryan Jones, which is hired to infiltrate organizations with the objective of testing their weaknesses to electronic, psychological, tactical, and physical threats. Attacks executed on organizations in this television show include social engineering, wired and wireless hacking, and physically breaking into buildings.
The television show's first two episodes aired Tuesday, December 25, 2007 at 11:00 pm ET and 11:30 pm ET. The first episode is available on TruTV's website in streaming flash format.
TruTV Feedback: http://www.trutv.com/contact/feedbackform.asp?subject_id=148&start=true Join the DEFCON LinkedIn Group!
We have created a DEF CON group on LinkedIN, if you already have an account at LinkedIN please join us.
We don't collect email addresses so there is no easy way to pre-approve people, just use the following link to request membership.
http://www.linkedin.com/e/gis/47798/109B061719DC
It's beginning already... Check out the Pre-DEFCON 16 Discussions in the DEFCON Forums. If you want to get involved, start here!
The media storm that followed the NBC producer fleeing DEFCON included a lot of opinions, but none of them came from the DEFCON staff itself.
DT recently contributed a piece to the Thinkernet blog at InternetEvolution.com. It's an interesting piece about the significance of the event and some of the lessons that the media can take from all the hoopla. The DEFCON foums (forum.defcon.org) now supports projects and blogs. We have licensed the
blog http://www.vbulletin.com/features_blog.php, tool, and anyone with a
forum account can now create a blog. We'll be doing more with this in the
future, but for now we are encouraging people to create accounts and play
with it. If it works we'll keep it, if not we'll look for other software to
try.
We've also licensed Project Tools (http://www.vbulletin.com/features_project.php) that
everyone can use to plan DC Groups projects, events at the con, or their
latest hacking project.
If you're a forum member, we hope you'll take a little time to try out the new features. If you're not, here's hoping this helps you decide to join us. The Defcon 15 badge is a finalist in the Freescale Semiconductor Black
Widow $10,000 Design Challenge. Freescale selected the ten finalists
from a field of more than 775 participants. Each submission was judged
on creativity, design efficiency, technical complexity, number of
Freescale devices used, and overall application innovation and usefulness. Check out these photos of the badge hacking and final hacks at DEFCON
15. For badge source code, video of the hacks, and source of selected
hacks, check out Joe Grand's badge page at:
http://www.grandideastudio.com/portfolio/index.php?id=1&prod=54 It's a little late, but it's never to early to start planning for next
year. If you must get online at DEFCON, here's a little guide to help
keep you from getting completely owned.
>From The Register:
"..Defcon, the most bacchanal of security conferences and perhaps the
single largest gathering of technically adept pranksters. Now is the
perfect time to map out a strategy for keeping emails private and making
sure your system doesn't get ransacked by the scowling kid with the nose
ring and jet-black hair." Many of you know Deviant Ollam, from his extensive involvement in the Lockpick Village and his running of the Beverage Cooling Contest, as well as his new "Titanium Chef" and "guess the Flesh" contests at the Toxic BBQ this year. We came across a story about one of his projects and though we'd share.
>From tgdaily.com:
A New Jersey network engineer is on a mission to send some love and care
– of the digital kind – to Americans stationed overseas. Going by his
hacker handle ‘Deviant Ollam’, he’s been sending out hard drives filled
with popular movies, television shows and music for over a year. Dubbed
the Traveling Terabyte Project (TTB), the drives have seen action in
war-torn countries and one set is now making a small contingent of
Marines very happy in the former Soviet republic of Tajikistan.
Photos at:
http://www.tgdaily.com/index.php?option=com_content&task=blogsection&id=18&Itemid=41&slideshow=20070920 This little slice of gangsta was part of the winning Badge Hacking Contest submission by Team Osogato. This rap song was created by The Brothers Grimm and based on Kingpin's "Ode to the DEFCON 15 Badge" poem printed in the conference program. Played at the DEFCON 15 Awards Ceremony on Sunday afternoon.
Thanks to Kingpin for posting this on the media server at pics.defcon.org. If you've got any pictures or media from DEFCON, please consider sharing it with the DC family at pics.defcon.org. Ever wonder what it takes to compete in the DEFCONbot shootout? Check out some fascinating behind-the-scenes video from a team that had a sentry gun in this year's competition at the Burnt Popcorn blog. For more information about DC 15's DEFCONbots winners or data on past competitions, be sure to visit defconbots.org. If you have pictures of this DEFCON 15 (or any previous DEFCON) you'd
like to share, please upload them to https://pics.defcon.org
We're trying to create a visual record of all
the shows and your help is appreciated. Just create an account and start
uploading pictures and videos! The DEFCON media archives have been updated with slides, white papers and extras for DEFCON 15 presentations. Come check them out, and stay tuned - we'll be adding audio and video from DEFCON 15 as soon as it's ready.
Many interesting things happened at this year's DEFCON, from the sensational hackable badge by Joe Grand to the eye-opening talk by Zac Franken on access control reader (in)security. We blew the undercover reporter's cover, and we found out that a kid can bump a "bump-proof" deadbolt. We even married two Feds. What a year! Here are just a few of the headlines arising from DEFCON 15:
http://www.wired.com/politics/security/news/2007/08/medeco
Medeco Readies Assembly-Line Fix for DefCon Lock Hack
http://www.computerworld.com/action/article.do
command=viewArticleBasic&articleId=9029080
$10 hack can unlock nearly any office door
http://blog.wired.com/27bstroke6/2007/08/i-married-a-fed.html
I Married a Fed at DefCon
http://www.youtube.com/watch?v=nCvmkxO5hoQ
Michelle Madigan Video: Dateline Reporter Uncovered At DEFCON 2007.
http://weblog.infoworld.com/zeroday/archives/2007/08/defcon_diary_th.html
Defcon diary: The real story
Joe Decided to drop us a line and clue send us some info on whats going on with the badges AFTER the con. We loved the badges this year and apparently we arent the only ones who found them awesome.
>From Joe Grand
"You've probably noticed that people are still going *nuts* over the badges. That's a really awesome feeling and hopefully there will be some of the 40 people who took components and development kits coming back next year with some radical hacks.
Here are some pictures I took of the Black Hat and DEFCON conferences (and badge hacking):
http://www.flickr.com/photos/joesmooth/sets/72157601295119952/
and here:
http://www.flickr.com/photos/joesmooth/sets/72157601302838516/
The badges have been selling like hot cakes on eBay:
http://search.ebay.com/defcon-15
Take a look at the completed listings, too, to see the high bidders!
Also, there were TONS of blog and news reports about the badge. You've probably read most of them, but here are the ones I liked the best:
* Hack-a-Day, August 2, 2007, http://www.hackaday.com/2007/08/02/the-defcon-badge
* The Register, The romance and mystery of a good hack, August 6, 2007, http://www.theregister.co.uk/2007/08/06/defcon_final/
* The Inquirer, Defcon ID badge comes with its own technical manual, August 3, 2007 http://www.theinquirer.net/default.aspx?article=41436
* boingboing, Defcon's hackable badges, August 3, 2007, http://www.boingboing.net/2007/08/03/defcons_hackable_bad.html
* Wired, Threat Level, Badge Hack at DefCon, August 3, 2007 http://blog.wired.com/27bstroke6/2007/08/badge-hack-at-d.html
* Makezine.com: Defcon 15 round up, August 5, 2007, http://www.makezine.com/blog/archive/2007/08/defcon_15_round_up.html
* Makezine.com: Hackers on a Plane - Defcon, August 7, 2007, Http://www.makezine.com/blog/archive/2007/08/hackers_on_a_plane_defcon_1.html
* Gizmodo, DefCon Badge Hacked in 10 Minutes, August 3, 2007, http://gizmodo.com/gadgets/defcon/defcon-badge-hacked-in-10-minutes-285998.php
I'll be putting up a webpage with complete badge development info, badge hacking contest results/hacks/source, etc. in the next week or so. It will be directly accessible from the main www.grandideastudio.com site for a while.
Details on the winning badge hacking contest entry from Team Osogato can
be found here: http://www.osogato.com/hacks This was the only entry out
of seven that combined hardware and firmware modifications - they hacked
the badge into a line-level meter for under $10 that used the LED matrix
to display the peak audio levels of an audio signal fed into one channel
of the A/D. The two capacitive touch buttons are used to adjust the
input levels of the signal and there are even three shades of
"greyscale" for a fading effect on the LEDs. For the icing on the cake,
the team worked with The Brothers Grimm from Michigan
(http://www.myspace.com/CompleteError) to create a rap song based on my
poem that I wrote for the DC15 program (on page 3). What an honor! The
song is freely available at the Team Osogato link above and step-by-step
hack details are forthcoming.
Hope you guys are recovering!
Joe"
This year the Dunk Tank raised $4,700 We matched that and added our contribution to reach a total of $12,000 to the EFF! We know they will put it to good use with their hard work!
For the past 17 years, EFF has been proud to take on the hard cases to ensure that your liberty is not sacrificed unnecessarily. They are responsible for loads of support for Tor, stopping RIAA lawsuits, Privacy Issues, etc.
You don't have to wait till the next Dunk tank@ DEFCON 16 to support them!
Join EFF today!
They work all year round so support them by donating to EFF at http://secure.eff.org/. Spread the word to your friends and family.
Short goal list of current EFF Projects :
Pull Congress Back Into the Wiretapping Fight!
Repeal the REAL ID Act!
Reform the PATRIOT Act!
Support the FAIR USE Act!
Fight the Justice Department's Copycrime
Stop the SPY Act!
Stop the Broadcasting Treaty Flip-Flop!
CA Alert - Keep RFIDs out of State IDs!
Don't Let Congress Shackle Digital Music!
Tell Congress to Support E-Voting Reform! make sure every counts!
Improve the Freedom of Information Act!
Don't Let Cable Companies Ratchet Up Restrictions!.
Want to help support the EFF and Hacker Foundation? Would you like to meet with authors of those security books you have been reading all year long? Craving some live nerdcore? Kill three birds with one stone!
Thursday August 2, 2007 @ 9:00PM Vegas 2.0 presents "theSummit" a fund raiser with a twist! Meet with computer security guru, listen to some great live music AND support two great causes at the same time! Meet up with us in the Riv Skyboxes this Thursday, tickets are $35 at the door. Need more details? Visit http://www.vegassummit.org We are proud to present the FINAL schedule of speakers and events for DEFCON 15!
This year DEFCON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in.
Pending Natural Disasters, Emergency, Missing, kidnapped or Canceled speakers this is our final schedule...well that's the intention anyway!
If you are speaking or involved in the content side of things and you see a problem or something missing please let us know!
See you at the show!
The video and audio from DEFCON 14 has been encoded and ready for download!
There may be some minor tweaks, but all the video that is available has been encoded to iPod Video specs, H.264 and 320x240. Audio is in .mp3 192k format.
We are trying to identify the artists in each hour, so if you know who they are please let us know and we'll update the file names so everyone gets proper credit.
The following links will have to get you by until the complete RSS feed with iTunes and MRSS tags is complete:
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Carthsis-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Regenerator-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Jackalope-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Mind-Pop-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-Minibosses-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-2-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-3-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-4-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-5-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-6-320-517kbps.mp4
http://media.defcon.org/dc-14/music/dc-14-BandW-Ball-hour-7-320-517kbps.mp4
The Black and White ball is back in effect with the following bands and DJs ready to throw down.
Friday Night Black Ball
Industrial/ ebm / Noize
Dress: your best blacks: Bondage Rubber and Fetish Encouraged
Featuring :
Regenerator http://www.regenerator.net/
DJs
Patrice
Wintamute
SailorGloom
Great Scott!
Catharsis
Kriz Klink
And more ...
Saturday Night: White ball
==Geekdom Release party==
Dress: Your finest stormtrooper suit, togas, bedsheets and the likes.
Featuring :
Miss DJ Jackalope // Jungle Chaos http://www.dj-jackalope.com/
DualCore // Live Nerdcore Set http://dualcoremusic.com;
*Minibosses // NES classics http://www.minibosses.com/
DJs
Rustcycle / Electronic live mix http://www.rustcycle.com
Crashish // DNB
Casey // psytrance
Mitch Mitchem // breakbeat/electroclash
* scheduling tentative
All acts subject to change. please see a complete listing posted throughout DEFCON venues
For all you radio geeks!
146.58 (FM Simplex) will be the unofficial Defcon 15 frequency for Amateur Radio enthusiasts. Wednesday, August 1st at the Sushi Factory on Tropicana will be the location for ShshiCon 4.0 right before DEFCON.
Love sushi? Want to meet new people and hang out in a sake fueled pre-con ritual? Then ShshiCon is for you!
Organized byGonMinusOne, check out the forums for the latest details.
https://forum.defcon.org/showthread.php?t=8578 This year's DEFCON Movie Night will feature the new and highly buzz-worthy film "Infest Wisely." The film is centered around the increasingly less science-fictional world of commercial nanotechnology and it's been described this way:
"Infest Wisely asks what would happen if Critical Mass teamed up with the geeks from DEFCON to stop commercialized nanotech from taking over our bodies and the world."
It's a feature length movie in seven episodes, each with different directors but all written by novelist Jim Munroe, who will be our special guest for the screening. As always, there's no charge - come join us and support cinema licensed under the Creative Commons.
For more information about the film, you can check out it's website. http://www.infestwisely.com/ We are proud to present the schedule of speakers and events for DEFCON 15!
DEFCON
This year DEF CON has grown, and is offering the largest line of up speakers ever - thanks to all the new space available at our new venue, the Riviera Hotel. Because of this there are also more contests. There is an overwhelming amount of things to participate in.
Please note that this is the first schedule version and is not final. As speakers and contests finalize their information the schedule will be updated up to the last minute.
If you re speaking or involved in the content side of things and you see a problem or something missing please let us know!
From Deviant:
"There are two contests/events that I'll be running at this year's ToxicBBQ, both of which involve the "Exotic Meat" theme that I tend to focus upon year after year.
I have a web page up online with full details, rules, info, etc...
http://deviating.net/toxicbbq"
-=[ Titanium Chef ]=-
Cost to Participate: $40 per team
Prizes for Winners: OiNK invite for each team member, secret grand prize, refund of entry fee, extreme bragging rights and Free giveaways of fun stuff to all participants
DefCon Forums Sign-up Thread:
https://forum.defcon.org/showthread.php?t=8367
Teams of up to three individuals will put their heads together and engage in heated battle to concoct a delicious dining experience focused around a secret theme ingredient. These hacker chefs will have both their culinary skills and their organizational abilities put to the test in this challenging event. All participants will gather together a few hours before the Toxic BBQ in order to witness the revealing of the event's secret ingredient, then they will disperse in order to gather
supplies, reach Sunset Park, and prepare their food for the judges.
Whose cuisine will reign supreme? Will opponents' grill-fu be stronger than you? Participate and find out!
-=[ Guess The Flesh ]=-
Cost to Participate: $10 per person
Prizes for Winners: OiNK invite for first three people to correctly identify all meats. Free giveaways of fun stuff to all participants
DefCon Forums Sign-up Thread :
https://forum.defcon.org/showthread.php?t=8365
Have you ever thought to yourself, "Gee, i wish i could dine on the meat of nearly every kind of beast to walk the earth... but I don't own many high-powered firearms, i don't have the money to travel the world, and no government in their right mind would issue me a hunting license?"
Well, now your dreams can become a reality. For less than the cost of what passes for a movie and popcorn nowadays, you can have a sample platter featuring eight meats that you aren't likely to see at the supermarket. However, instead of just cooking and randomly giving out
samples willy-nilly, this year i have something new planned. I intend to prepare morsels of these meats and plate them in a way that they are not immediately identifiable or distinguishable from one another. Those who are eager to try some new flavors -- and those who think their pallets
are up to the challenge -- can take a whack at identifying these various animals by taste and texture alone.
The be prepared section of the DEFCON 15 site has been updated!
Check it out.
From IrishMASMS on the DEFCON forums comes this helpful post:
Las Vegas concerts for Black Hat & DEFCON time frame
Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring.
Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino
Fri 07/27/07 Jonny Lang House Of Blues
Sat 07/28/07 Tesla House Of Blues
Sat 07/28/07 Rush MGM Grand Garden Arena
Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino
Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino
Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms
Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms
Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues
Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues
Sat 08/11/07 The Fixx The Club @ Cannery Casino
As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be shitty in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference.
HTH!
Scavenger Hunt! Advice from the Winners!! Free advice courtesy of hackajar with Vegas 2.0
Here's a quick list of things you will need to be fully geared up, if competing. I kinda wish we had something like this three years ago!
1.) Money - we spent ~$500 each year, though some good social engineering could very well fix this
2.) Digital Camera - Judges won't know what you did, without proof!
3.) Video Camera - Sometimes a photo DOESN'T say a thousand words, but motion video does!
4.) Transportation - Sometimes you have to go on recon, we always paid extra to have a car in front of valet for those quick runs
5.) Room at Hotel - Need somewhere to build a 30ft straw or host a geek girl strip off, your best bet is in a local room
6.) Printer - Don't ask me how many points we never got for lack of a stupid printer!
7.) Beer - It's easy to bribe goons and judges with this stuff, if you can find it.
8.) Start Early - Some items and tasks we could only do on Friday, remember things close on Saturday and Sunday, so be wise!
9.) Memorize the phrase "It's for the Scavenger Hunt" - nuff said
I'm sure I'm missing something else in there, please add to my list!
-Vegas 2.0
Defcon 14 Scav Hunt Winners
DEFCON 15 CFP is now closed!
We are in the process of making our final selections and will start to fill in the online schedule soon! We will notify you of the status of your submission by July 1st. If you have not heard from us by then please email talks[at]defcon[dot]org. If you were not accepted don't be discouraged, we have recieved many many quality submissions this year but we can't accept them all. As you know we are in the process of expanding to accept more and more talks each year.
There is still plenty you can do to get involved, join the forums, read up on our contests, even just take some cool pictures!
pics.defcon.org is now live for use.The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on https://pics.defcon.org/
Do your Photoshop skilz 0wnzor?!
DEFCON Art Contest is currently open! Submit your art by June 25, to be used online and to be included in the DEFCON 15 program. We are looking for a Web Banner, Key Card, T-Shirt, Wallpaper! If you win you could win free admission and cash to be used at the DEFCON Swag booth!
https://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Guidelines.pdf
Lock Picking for Sport and Amusement
DEFCON is a great place to learn all sorts of new skills - the skill of lockpicking is no exception. This year's Con will again have a "Lockpicking Village" - a fantastic event with all kinds of presentations, practice locks, sample tools and general education. We want everyone who's interested to check it out, but we want you to be careful and safe as well.
Be sure to consult your state and local laws about possession of locksmith's tools. Staying in compliance with the applicable laws is, of course, your responsibility. When traveling, it's not a good idea to put tools of this nature in your carryon. While they're unlikely to cause any problems in checked baggage, those pointy little devils are very likely to be a problem in the security line.
It probably ought to go without saying, but if you're making an international trip to DefCon, the scrutiny is much higher and you owe it to yourself to be thoroughly familiar with the rules and err on the side of caution. You don't need that kind of hassle. There's plenty of lockpicking knowledge and fun to be had even without your k-rad tools, so don't put yourself in a position to miss your flight.
It's also an option to mail them to yourself in care of your hotel. Some hotels charge for this service, so be aware of the policies wherever you're staying.
If the world of locksport is brand new to you and you're looking to get a little knowledge before the Con, you can check out Marc Weber Tobias' contributions to techblog Engadget (called The Lockdown.) More info is also available from Locksport International (lsi.com) or The Open Organization of Lockpickers ( toool.us or toool.nl for Dutch speakers)
Link:
https://www.defcon.org/html/defcon-15/dc-15-beprepared.html
Hey Hey!
If you haven't seen it yet check out Hackers on a Plane!
2007 is a very special year for the global hacker community. Thanks to cooperation between the organizers of DefCon XV and the Chaos Communications Camp 2007, the two largest gatherings of hackers from around the world happen only a few days apart!
This is where "Hackers on a Plane" comes in: The Hacker Foundation has put together a complete travel package to help bring together hackers from around the world for ten days of fun, culture and community. We see it as the first step to building a truly global hacker community.
$1,337.00 (for those travelling roundtrip from the US & Canada)
Û1,337.00 (for those travelling roundtrip from Europe)
Gets you:
* Admission to DefCon in Las Vegas, NV, USA
* Flight from Las Vegas to Frankfurt
* Flight on the "Hackers on a Plane" charter flight from Frankfurt to Finow Airport
* Admission to all days of CCCamp2007
* Accommodation at Camp Anaconda (no need to bring a tent!)
* Return flight to select destinations in the USA (or flight to Las Vegas for DefCon for EU citizens.)
More info at Hackers on a Plane!
Link: http://hackersonaplane.info/info.html
mysterychallenge.org
Official registration is open.
To Register Teams must send an email to:
Defcon15MysteryChallenge ]at[ mysterychallenge [dot] org
-Teams are limited to 5 official members
-You must receive a confirmation that your team is registered or you are NOT
-You must submit a team name and list team members
-Teams successful in completing the challenge last year are guaranteed a spot if registered by June 17.
-New teams are encouraged to enter, however only those serious about completing the challenge
-The challenge will take longer to complete this year
Questions? Post here. Comments? Post here. New teams trying to decide if you have what it takes to compete? Post here (I encourage those who competed last year to answer these types of questions...)
Link: https://forum.defcon.org/showthread.php?t=8509
From ownthebox.cipherpunx.org/:
Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures?
So prove it, bucko... Bet your box on it, on the most hostile network in the world.
Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter.
The first person to compromise you walks away with your gear. When you're 0wned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere.
For the other side of the fence, the reward is clear... Pick your target, 0wn the box, and own the box. A shopping spree for the elite.
Link: https://forum.defcon.org/forumdisplay.php?f=337
Contest Site: http://ownthebox.cipherpunx.org/
Be sure to check the forums often it looks like they have already started to collect an interesting list of hardware up for the slaughter! Mwahahaha!
Announcing The DefCon 15 Wireless Contest
(queue Thus Spake Zathrustra)
Are you a freq-geek? Think your WiFiFu is hot? Get high from sniffing packets on the ether? Think you're a great lover? We can't help you with the last one, but get ready because here's your chance to prove the rest of those outlandish claims to the world.
Compete in the Wireless Contest, and we can validate you self esteem, at least in the geeky stuff.
The Wireless Contest, following the format for the past few years, will be a series of "Mini-Contests". You can compete in only a single mini-contest or all of them. We recommend that teams be formed to fill in different skill areas.
We are allowing a unlimited number of Teams -subject to resources- limited to 3 people each.
First Place winners of individual mini-contests events get prizes and with a top prize will be awarded for the best overall of the contests.
A common problem with the Wireless Contest in the last few years, is that some potential competitors felt that they didn't have the skills to even try. As a result, fewer competitors kept signing up. To elevate this, the Wireless contest this year is tied in heavily with the Wireless Village. If you want to compete in the contest, but feel you don't have a needed skill, you can come to the Wireless Village before a mini-contest and learn the needed skill at the one of the Wireless Village's world-famous Breakout Sessions. You walk in having no skills but a willingness to learn, learn a skill in an exciting breakout session taught by an expert, then go out and compete and the beat the pants at those loudmouth teams who said they'd pwn you.
Learn + Touch = DO!
link:
https://forum.defcon.org/forumdisplay.php?f=309
From invisigoth:
The qualification round for this years CTF is complete. More than 150 teams were actually submitting answers which means that participation for this year was more than double the previous high water mark (as far as we're aware). Results may be found at http://www.kenshoto.com/ as always.
This years challenges came in a wide range of technologies and difficulties. No single team actually solved them all... Additionally, this years level of international participation was staggering...
The MUD for this year will remain up for teams to ask questions and hopefully collaborate with each other about how they came to solutions for some of the harder challenges. Additionally, we will be putting most if not all of the challenges back online for a while so everybody can sharpen up... Stay tuned...
From the site defconnetworking.org:
"DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC."
TWO SLOTS LEFT!
To get an Idea check out last years network:
Here are the PPT slides from DC14 Closing Ceremonies with all the net stats: DC14network.ppt
http://www.defconnetworking.org/dc14network.ppt
Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it.
About Defcon Networking:
We're the group of volunteers who run the network at DEFCON. It's our job to design, plan, architect, implement, and secure the show network. We arrange bandwidth, we handle wireless, we provide secure connections for show staff, speakers, and press. Finally, we provide an environment where DefCon Attendees can share and be creative.
New speakers have been selected for DEFCON 15!
Check out their abstracts and bios online now. The Schedule is not yet finished and we still have room for a few more talks! So don't get discouraged, submit your rootfu now!
Speaker page: http://www.defcon.org/html/defcon-15/dc-15-speakers.html
New Speakers selected:
Squidly1, aka Theresa Verity, Thinking Outside the Console (box)
Brendan O'Connor, Greater than 1:Defeating "strong" Authentication in Web Applications.
Kenneth Geers, Greetz from Room 101
Peter Berghammer (pf0t0n), A Journalist's Perspective on Security Research.
Schuyler Towne, Locksport: An Emerging Subculture
Many more are online, check back often, the DEFCON 15 Schedule will be online shortly! The DEFCON 15 CFP will be Closing June 15th!
Please submit your rootfu to talks@defcon.org. We have been making selections and we are pleased to have accepted some really great speakers.
There is still room to squeeze in a few more exceptional talks. Submit now, there will be no extensions possible!
Submit:
https://www.defcon.org/html/defcon-15/dc-15-cfp.html
New for DEFCON 15:
The second year being at the Riviera has allowed us to make some changes to the format from last year.
We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini
trainings. We have additional small rooms that will enable highly focused demonstrations or workshops.
If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you! If you have an IDEA please submit it, talks@defcon.org!
Registration for this years aCTF is officially open!
Registration page:
http://www.dc949.org/aCTFIII/register.php
>From Contest Organizers:
"We're recommending that you group yourselves in teams of three, as the
prizes will come in triplicate.
There will be prizes for win, place and show. We have some really good
stuff in the works in terms of prizes, but I'm not going to mention them
here since they're not bought and in our hands (and/or built)"
For a little more information about the setup this year.
http://www.dc949.org/aCTFIII/README.php
Official DC949 aCTF Artwork Contest
The winners artwork will be made into an 8x4 foot vinyl sign.
Besides bragging rights, the winner will also receive yet to be
determined prize.
Rules
1. The contest will remain open for a minimum of 1 week, and will remain
open until a winner is chosen.
2. Submissions must be have a 2x1 or 1x2 ratio with a minimum resolution
of 2000x1000 pixels.
3. Artwork must contain simplistic designs and colors. ie designs with
definitive edges and no fading or merging colors.
4. Maximum number of colors that can be used is 4.
5. Artwork must contain "DC949" and "aCTF" in some legible form.
Submissions must contain a .PNG, .JPG, or .GIF of the artwork as well as
in a vector format. (.PSD, .EPS, etc)
Please email submissions to cp-at-dc949-dot-org
Forums discussion is here:
https://forum.defcon.org/showthread.php?t=8456
Don't forget to use your talents to enter into the DEFCON 15 Artwok
Contest too!
DEFCON 15 Artwork Contest Guidelines
http://www.defcon.org/html/defcon-15/dc-15-forms/DC15-Artwork-Contest-Gu
idelines.pdf
Submission deadline: All submissions must be received by June 25,
2007.
Submit all entries to: sleestak\at\defcon dot org
Categories:
Web Banner
Key Card
T-shirt
Wallpaper
Banner Art Prize:
- The first place winner will receive free admission to DEFCON 15 for
one person (non-transferable to a future con),$50 credit that may be
used at the official DEFCON SWAG Store and recognition in the con
program and website.
T-Shirt Art Prize:
Free admission to DEFCON 15 for two persons, $130 credit that may be
used at the official DEFCON SWAG Store and recognition in the con
program and website.
Wallpaper Art Prize:
Free admission to
the conference for one person, $50 credit that may be used at the
official DEFCON SWAG Store
As DC 15 gets closer all goon teams are powering up!
Ever wonder what the network team is up to? Ever wanted to sniff the con traffic feed?
Check out the defconnetworking.org! Lockheed throws down some defcon history and gets us ready for more!
>From the site:
DC15 Network
15MAY07
DefCon presents a really unique opportunity. You know how hostile the environment is. Have you ever wondered what that traffic looks like? All you need do is ask. For years we've provided people the ability to plug in a capture/sniffer box and capture public con traffic to take back to your Evil Laboratory(tm) for analysis after con (you know, once you've sobered up & stuff). If you want in on the action, email us so we can RSVP a spot for you on our Table-of-Doom in the NOC.
11MAY07
Why yes, we are in the midst of planning for DC15. Now that we've "done the dance" with the hotel (who are awesome folks, btw!) we know what we can and can't do and should have virtually no surprizes this year. We're planning higher bandwidth, better monitoring, and also some new interactive-type stuff (I hesitate speaking of it for fear of jinxing it!). We're actually spending our funds boosting up our own infrastructure (beyond the Arbua kit we have) so we have more ports, better fibre connectivity, better trunking.
Remember, if you're planning anything "special", have specific needs for your talk, for your demo, for your break-out session, let us know EARLY so we can plan for it.
--Lock
From the official web site for the Amateur CtF:
aCTF 3
"King of the Hill"
Yes, it's official; we'll back again this year. The first year, nobody scored, the wifi network we set up had massive problems, but people seemed to have a little fun and see the potential. Last year, the network was stable, people scored, battled back and forth, and we were actually able to give out some prizes. There was some trouble with boxes staying up, but overall it was a huge success.
Last year we saw some things that surprised us. There was a case of two teams which both could take a flag, but neither could lock the other out. They both then proceeded to write scripts to play the game for them. Yeah, it then made the server inaccessible due to the massive amounts of requests, but still... hats off to both of you. We didn't expect automated hacking. We also learned that while Windows NT might have worked in our little test environment, it really can't hold up to the brutality of a Defcon contest. I'm happy to say that Windows NT will not be appearing in this year's contest.
We will be changing a few things around this year, but the basics will be the same as before. Find a flag, find a way to put your team name on it, and you'll score points for as long as you can keep your flag up there.
As usual, details on the contest will be limited, however we will say that we're branching out a bit more this year. Hacking isn't just about buffer overflows and running metasploit, it's really about one upping someone (or everyone) else. It's about figuring out how things work and taking them apart and putting them back together to do something different, customizing things to make them do things they were never intended to do, and just generally learning how to beat the system.
Kallahar has updated the software page for the DefConBots Contest.
"Improvements over last year include faster response times and software alignment of the camera to where the gun is actually shooting.
All the code is public domain, do whatever you want with it!"
What is the point of the contest you ask? Quite simple it is to ceate a computer controlled gun that can shoot down targets in a shooting gallery.
See http://defconbots.org/ for complete contest information.
Guitar Hero II Contest!!
A new contest at Defcon 15: Are you a Guitar Hero? Do your friends think you're l33t and can shred like a rock star? Then prove it!
Contest Site: http://www.panadero.org/gh_home.html
Forums discussion: https://forum.defcon.org/forumdisplay.php?f=335
Guitar Hero II - DEFCON STYLE!!!! Why Not!!!
Rules (cause they tell us we have to have them...)
* The contest will consist of 3 levels of play, Medium, Hard and Expert.
* The contest will be played on Guitar Hero II, on the Xbox 360.
* A initial pre qualification round will be held so that Experts aren't playing in the Medium level, etc...details of the prequals to come...
* All contestants should be at their assigned time to play 10 minutes before their time. There will be some leeway if you are a few minutes late, but don't expect to get your turn if you show up hungover an hour after your time.
* You may use your own guitar, as long as it has not been modified, and is for Xbox 360.
* Free play is a chance for people that have never played Guitar Hero to have a chance. It's not a chance for contestants to practice. This contest is for everyone, and we want to make sure that is the case. Free play will be limited to one song per person, depending on how many are waiting to play.
Scoring
* The 'prequals' will be designed to ensure that Experts are not playing in the Medium category, just to win. We want the game to be fair, and everyone to have fun. We would hate for the lesser/newer players to be upset and frustrated because it's dominated by those that have years of practice.
* The 'heats' are designed to weed out the newbs from the Guitar Heroes. Each player will play 2 songs, back to back, to come up with a cumulative high score.
* The four highest scores will move to the finals for each level.
* The finals will be tournament style, head to head, most points win and move to the final song.
* The final two players for each level will play against each other to become the first annual Defcon Guitar Hero champion!
* It is VERY important to pick the right songs to get into the finals. Some songs have more notes, for more Star Power and higher points, as some songs have less notes.
* All songs in the finals will be chosen by the event coordinators and will not be announced until the start of the finals. Final songs will not be songs included in Xbox Live downloadable content, so that no player has an advantage over others, GOOD LUCK!
Defcon STAR POWER!!!
Do you want an extra 1000 points added on to your song??? Do ya? Bring me a COLD unopened beer! I won't accept it if it's opened (no date rape drugs for the contest organizers!)
Any beer, except for Guinness, you get an extra 1000 points of Star Power! Keep in mind that 6-packs are appreciated, but it will still only get you 1000 points! I love beer, but it's not fair to bring a case of beer and get an extra 12000 points!
Once again, the Toxic BBQ is looking for a slogan.
Something catchy, something creative. It will be used on the front of the Toxic BBQ T-Shirts.
Last year was ASTCells slogan
"If its dead we cook it"
"If its alive we cook it"
" ... a little longer."
Submit your ideas. https://forum.defcon.org/showthread.php?p=86581#post86581
Come on, It's not that hard.
Toxic BBQ IV Events and Contests:
Iron Chef I
Time: To Be Announced
Contact: Deviant Ollam
Event Desc: Contestants in teams of 3 or less will race to cook and present a dish made from an ingredient revealed to them at the start of the contest. After a timed preperation period, the dishes will be awarded points by a panel of judges who will judge for Presentation, Uniqueness, and Flavor!
For more info on the Toxic BBQ go here:
http://www.toxicbbq.com/
Forums discussion:
https://forum.defcon.org/forumdisplay.php?f=308
The Coffee Wars Crew is getting ready for their Call for Beans!
>From the website:
Wake up and smell the coffee war, people: DefCon 15 is just around the corner, and that means another edition of the world's best-known hacker coffee competition. Already, the frenzy has begun!
Now's the time when you have an All-Inclusive Divine Excuse to unashamedly mingle with your own kind without having to shroud your activities under the shadow of the Evil Corporate Coffee Empire! Yes, now we caffeine fiends can gather without shame!
WHAT? You want a shot of espresso?! We got your shot right here, pal. This event ain't no freebie. If you want a cup, you gotta pony up. Coffee, that is. Whole bean. We're judging it all. The best, the strongest, the most caffeinated. You name it. ...but regular store-bought or corporate coffee trash will only earn a trashing.
You think you got what it takes? Then we'll take what you got! Bring your best beans and put 'em up for judgment by our over-qualified, over-caffeinated, (and over-rated) Coffee Wars judges and contestant panel! We keep hearing that someone else's beans are the best. Now it's time to prove it bean-to-bean!
Forums discussion is here:
https://forum.defcon.org/forumdisplay.php?f=284
The idea is simple.. form a team, get a box, open box.
But is it that simple? The box is a mystery, with many puzzles involved in opening it. To get things going for this year Lost Boy has started to accept team sign ups, as well as release clues to hint at some of the puzzles involved.
Here is a picture on how NOT to open a mystery box:
https://pics.defcon.org/showphoto.php?photo=153
For a bit on the last challenge check CNet's coverage here:
http://news.com.com/2300-1029_3-6102806-5.html
Interested? Check out the thread on the challenge over on the forums.
Capture the Flag at DEFCON continues it's long tradition with the announcement by Kenshoto of the CtF qualification round!
>From their announcement:
Kenshoto's army of code-gnomes has been working feverishly on the production of this years installment of WarGamez (CTF), more to come here yet tonight, but we'll be making the quals announcement *very* soon.
Check it:
Dr. Kenneth Shoto proudly announces that the qualifying round for the Defcon Capture the Flag contest is now pen for registration. The qualifying contest will start at 1 June 2007 @ 2200 EST and end 3 June 2007 @ 2200 EST.
Teams can be any size you'd like (more ninjas clearly == better) and each team will need to register before 1 June 2007 @ 2200 EST in order to get an account for the actual game. The top 7 teams qualify for a seat at the table at the proverbial 'big show' (the actual CtF competition) to be held at Defcon 15. Defcon takes place August 3-5th 2007 (https://www.defcon.org/) so make sure you clear all those WoW, D&D, and Eve-Online play dates off your calendar early.
That's right hackers and hackettes, get your debuggers warmed up and your shellcode tested, cuz it's that time of year again. What you say? You don't know what the hell we're talking about? Well, peep dis:
The core of the qualifying competition will be a quiz-like interface where each team may select a question and then must hack until they can answer it. Topics will vary widely, but of course include such fan-favorites as reversing martian binaries, landing shellcode and a double lutz
simultaneously, and stealing information from strange places. We've also thrown in challenges like intar-webs hax0rification and mind-bendy trivia so the 5kr1p+ K1dd1e5 can play along (much love).
This year the game allows for maximum parallelization on questions. When the leading team selects a question, that question (and all the ones they already answered) becomes available to the trailing teams. In other words, there is no need to register multiple ghost accounts
as they won't give any advantage (*ahem*skewl*cough)...
Don't have the stones to think you can win? Well, you should sign-up and play anyway. The winning team from last year actually got primed up for the game by competing in quals. They then kicked it up a notch by spending the next three months figuring out every detail of every challenge we put out there and explaining it all as if paid to do so (check it out http://nopsr.us/ctf2006prequal/). Besides, how else are you gonna sharpen those skillz and convert yourself from poser to p3wner?
So what are you waiting for? Jump onto your nops-sled and slide over to http://kenshoto.allyourboxarebelongto.us:1337/ to sign up for quals now...
-kenshoto
(ctf07 at kenshoto.com)
DEFCON 15 Artwork Contest Guidelines
DEFCONDEFCON
Submission deadline: All submissions must be received by June 25, 2007.
Submit all entries to: sleestak\at\defcon dot org
What we will do with your artwork: Art contests submissions will be added on-line to the DEFCON web site and may be included in the con program. By submitting artwork us, you are allowing DEFCON to publish and reproduce your artwork in electronic and print formats.
Categories:
Web Banner
Key Card
T-shirt
Wallpaper
Required Elements:
Artwork should incorporate a version of the following text: DEFCON / DefCon / Def Con with the number 15 / 2007 / Fifteen / 0x0F / XV / etc.. you get the point. It ties DEF CON to the year of the con.
Artwork Preparation Specs:
All continuous tone artwork must be at least 600dpi
The following formats are accepted for artwork:
- .EPS with Vector preferred, all fonts converted to outline
- .Jpg
- .Gif
- .Psd - layers with all fonts converted to outline
***We strongly recommend Illustrator Vector artwork for any submissions for the T-shirt or Key Card categories since these will need to be reproduced in print.
Prizes:
1. Winners will be contacted individually and be announced on the website and recognized in the DEFCON 15 printed program.
2. There may be multiple winners per category.
3. DEFCON reserves the right to not select a winner for every category
Banner Art Prize:
- The first place winner will receive free admission to DEFCON 15 for one person (non-transferable to a future con),$50 credit that may be used at the official DEFCON SWAG Store and recognition in the con program and website.
T-Shirt Art Prize:
Free admission to DEFCON 15 for two persons, $130 credit that may be used at the official DEFCON SWAG Store and recognition in the con
program and website.
Wallpaper Art Prize:
Free admission to the conference for one person, $50 credit that may be used at the official DEFCON SWAG Store
Announcing Brew Wars for DC 15!
It's time to remind everyone of Brew Wars again. The very first Brew Wars will happen this year at Defcon 15.
The rules are simple. Just bring twenty four ounces of your home brew to Defcon. A judging panel of three people, including myself, will drink and rate each brew. The beer will be rated on a scale of 1-10. Each beer will be judged in it's catergory. The standard of each category of beer is last year's winner of the Great American Beer Festival in the style you have entered. A list of those winning beers can be found at the URL below.
http://www.beertown.org/events/gabf/...medalists.aspx
The judges will be blind tasting the beers. The only information given to the judges will be what style of beer it is.
Judges will not be allowed to enter their own brews.
Judges have already been selected. All judges are were at the GABF and sampled all winning brews. Extensive tasting notes were taken at the time.
I have sourced a glass carboy for the winner. This carboy will be etched will a logo commemorating the event. If your beer is good enough, you could soon be brewing your next batch in a unique carboy.
Dr. Faustus
Arena Updated!
We've started building the new arena for this year's robot contest. The details about the arena and the build photos are here:
http://defconbots.org/defcon15/arena.php
So now that it's (almost) done, teams are invited to come practice on the actual arena if you want to get yourself to Orange County, CA :)
If anyone has questions or if you need more detailed photos, please let me know!
Kallahar
DEFCON 15 Contests are starting to get organized!
Interested in running a contest or competing in one? Check out the current list of what's happening over on the forums.
Capture the Flag is back in full force, the Toxic BBQ is in effect, the Black and White Ball will happen as usual, and a whole host of new contests are getting ready. Some of them include:
- The Amateur CtF
- Beverage Cooling Contest
- Brew Wars!
- Coffee Wars
- DefconBots Robot Contest
- Hacker Jeopardy
- Lockpicking Contest
- LosT @ Con Mystery Challenge
- QueerCon
- Spot the Fed
-The Summit meeting and party
- Sushicon
- Wireless Village, Lockpick Village and RFID village!
- Sekret Challenge!
DEFCON 15 Call For Papers is now officially Open and will close on June 15, 2007.
Don't know what DEFCON is? Go to https://www.defcon.org/ and clue up!
Papers and presentations are now being accepted for DEFCON 15, the conference your mother and ISC(2) warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, August 3-5, 2007.
Last year, we eliminated speaking tracks, and we received a diverse selection of submissions. From hacking your car, your brain, and CIA sculptures to hacking the vote, Bluetooth, and DNS hacks. We group presentations by subject and come up with topic areas of interest. It worked out so well in the past we are doing it again.
What are we looking for then, if we don't have tracks? Were looking for the presentation that you've never seen before and have always wanted to see. We are looking for the presentation that the attendees wouldn't ask for, but blows their minds when they see it. We want strange demos of Personal GPS jammers, RFID zappers, and HERF madness. Got a MITM attack against cell phones? We want to see it.
Subjects that we have traditionally covered in the past, and will continue to accept include: Trojan development, worms, malware, intelligent agents, protocol exploits, application security, web security, database hacking, privacy issues, criminal law, civil law, international law/treaties, prosecution perspectives, 802.11X, bluetooth, cellular telephony protocols, privacy, identity theft, identity creation, fraud, social implications of technology, media/film presentations, firmware hacking, hardware hacking, embedded systems hacking, smartcard technologies, credit card and financial instrument technologies, surveillance, counter-surveillance, UFO's, peer2peer technologies, reputation systems, copyright infringement and anti-copyright infringement enforcement technologies, critical infrastructure issues, physical security, social engineering, academic security research, PDA and cell phone security, EMP/HERF weaponry, TEMPEST technologies, corporate espionage, IDS evasion.
What a mouth full! Well you can't say we didn't give you some ideas. This list is not intended to limit possible topics, merely to give examples of topics that have interested us in the past, and is in fact the same list we used last year..
Check out https://www.defcon.org/html/defcon-14/dc-14-speakers.html for past conference presentations to get a complete list of past topics that were accepted if you want to learn from the past.
We are looking for and give preference to: unique research, new tool releases, Ø day attacks (with responsible disclosure), highly technical material, social commentaries, and ground breaking material of any kind. Want to screen a new hacking documentary or release research? Consider DEFCON.
Speaking Formats:
Choose between 12 hundred seconds, 50 minutes, 110 minutes, or a break out format of a length you determine.
We are continuing the Twelve Hundred Second Spotlight, which is a shorter presentation (about twenty minutes) that doesn't warrant a full 50 or 110 minute talk. The Twelve Hundred Second Spotlight is designed for those who don't have enough material for a full talk, but still have a valuable contribution to make. This is to ensure that great ideas that can be presented quickly don't fall through the cracks merely because they didn't justify a full length talk. Examples include research, announcements, group presentations, projects needing volunteers or testers, requests for comments, updates on previously given talks, quick demonstrations. You get the idea. Presenters will get a speaker badge which entitles them to free admittance to DEFCON, but we will be unable to pay an Honorarium.
Remember being attacked by flying meat? Do you remember thick accented Germans trying to convince you to attack critical infrastructure? Do you remember extravagant vapor ware releases by a stage filled with posses? We do, and sans projectiles of raw meat we want to encourage such shenanigans again this year. We are calling on all "hacker groups" (you know who you are, and the FBI has a nifty file with your name on it) to present at DEFCON, to discuss what you're up to, what your mission is, to discuss any upcoming or past projects, and to discuss parties/conferences you are throwing. We do humbly request that all gang warfare be relegated to electronic attacks, and not fall over into meat space.
New for DEFCON 15:
The second year being at the Riviera has allowed us to make some changes to the format from last year. We have more speaking rooms, and because of this I want to announce a call for workshops, demos, and mini trainings. We have additional small rooms that will enable highly focused demonstrations or workshops. If you want to talk about building a passport cloner or a tutorial on developing Metasploit exploits this might be the format for you. You tell us how much time you need, and we try to accommodate you!
To submit a speech Complete the Call for Papers Form at: https://www.defcon.org/html/defcon-15/dc-15-cfp-form.html and send to talks at defcon dot org. You will receive a confirmation within 48 hours of submission.
We are going to continue last year's goal of increasing the quality of the talks by screening people and topics. I realize you guys are speaking for basically free, but some talks are better than others. Some people put in a bit more effort than others. I want to reward the people who do the work by making sure there is room for them.
This year we will have two rounds of speaker acceptance. In the first round we will fill about half of the schedule before the submission deadline, and the remaining half afterwards. This is to encourage people to submit as early as possible and allows attendees to plan on the topics that interest them. If you see the schedule on-line start to fill, do not worry if you have not heard from us yet, as we are still in the process of selection.
Barring a disaster of monstrous proportions, speaker selection will be completed no later July 1. The sooner you submit the better chance you have of the reviewers to give your presentation the full consideration it warrants. If you wait until the last minute to submit, you have less of a chance of being selected.
After a completed CFP form is received, speakers will be contacted if there are any questions about their presentations. If your talk is accepted you can continue to modify and evolve it up until the last minute, but don't deviate from your accepted presentation. We will mail you with information on deadlines for when we need your presentation, to be burnt on the CDROM, as well as information for the printed program.
Speakers get in to the show free, get paid (AFTER they give a good presentation!), get a coolio badge, and people like you more. Heck, most people find it is a great way to meet people or find other people interested in their topics. Speakers can opt to forgo their payment and instead receive three human badges that they can give to their friends, sell to strangers, or hold onto as timeless mementoes. Receiving badges instead of checks has been a popular option for those insisting on maintaining their anonymity.
Please visit:
https://www.defcon.org/ for previous conference archives, information, and speeches. Updated announcements will be posted to news groups, security mailing lists and this web site.
https://forum.defcon.org/ for a look at all the events and contests being planned for DEFCON 15. Join in on the action.
https://pics.defcon.org/ to upload all your past DEFCON pictures. We store the pictures so you don't have to worry about web space. If you have an account on the forums, you have an account here.
https://www.defcon.org/defconrss.xml for news and announcements surrounding DEFCON.
CFP forms and questions should get mailed to: talks/at/defcon.org
"Keep your friends close and your enemies closer. Why the Pentagon's toughest Internet crime fighter likes hanging out with blackhat hackers" is the sub title of the article.
DEFCON
It turns out to be a well written piece about Jim Christy's career and the birth of the DoD Cybercrime Center. It is set to a back drop of DEF CON 14, and has a couple funny bits, some interesting war stories plus a quote from me.
A snip from the article:
"Christy points out a pulsing vein in the guy's neck – suggesting it's a sign he is lying. The guy calls Christy an old man. He hints that maybe he might have some small connection to Mossad. As he finally sits down, Christy passes him a business card." Starting March 1st we will be opening the call for papers for DEFCON 15 - the annual gathering of subversive computer folks.
Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about.
Once the date is closer there will be more specifics.. I just wanted to give everyone a heads up! DEFCON has released the second batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
The new media server will be going on-line in the next month, and because the old media server is out of drive space you will notice that all DC 7 content has been taken off line to make room.
Once the new media server is on-line all past content will be restored! DEFCON has released the first batch of content from DC-14 encoded for download. This marks the third step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
Happy Holidays from all of us here at Defcon!
We would like to wish you the best this Holiday season. We hope you have plenty of family, food and fun to go around. If you get bored you can always gather the family around the warm glow of your flat screen to watch the ghosts of presentations past. There is no better gift than that. Unless of course your loved ones headed over to Jinx and got you some sweet Defcon gear!
We also wanted to remind you that pics.defcon.org is up and running, we are looking forward to seeing it grow with the new year. If you get together with your fellow hackers this holiday season, or mod that must have Christmas gift, feel free to upload your photos in the members and dc groups galleries.
That said, Eat plenty of other peoples food, stay up late with your new shiny toys and have fun with friends and family. See you next year! We've gotten in some updated presentations, and have updated www.defcon.org to make them all available. So if you want to see the slides to a preso you missed, check out the link below.
DEFCON
Next up we'll be posting the audio and video from DC-14 for download.. DEF CON's XMas present to the community, coming in December. pics.defcon.org is now live for use.
DEFCONDEFCON
What is it you ask? Think of it as a repository for all pictures related to DEF CON. It is a place you can upload your pictures and arrange them however you want. Others can comment on them, vote, or put them in their own favorites album.
The idea is that as people change providers there is no long term repository for DEF CON pictures except to the links www.defconpics.org points to. Because they don't mirror the content I wanted to create a free place for people to share their pictures that won't change or go down.
The pics software is integrated with the defcon forums, so if you already have an account there you automatically have an account on pics.defcon.org.
So get busy! Upload those pictures. both http and https connections work. Spread the word!
DEFCON has released the first batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
DEFCON has released the second batch of content from DC-12 encoded for download. This marks the second step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
Here are the music videos of the music from the Black and White Ball at DEFCON 13.
DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house! We took the audio .wav files and encoded them into .mp3 files.
DJs include Wintamute, Ms. Jackalope, Shatter, Kris Klink and Casey with the bands Catharisis and Regenerator in the house!
Hey everyone, I want to make some announcements surrounding DEFCON 14.
DEFCONDEFCONDEFCONDEFCON
It's about that time to briefly lay down the inf0z, so here it goes.
- Speakers have been selected, and are now listed on-line:
http://www.defcon.org/html/defcon-14/dc-14-schedule.html
They include an assistant Secretary of Defense, an FBI agent, Scary Hackers, privacy fanatics, security studs, and a hardware hacking ninja.
- The con hotel is sold out, but overflow exists here:
http://www.defcon.org/html/defcon-14/dc-14-hotel.html
- Need a ride or got a room to spare? Check out the ride and room section of the DEF CON Forums
https://forum.defcon.org/forumdisplay.php?f=26
- There are a lot of new contests, and some old ones that are no more (We'll miss you WiFi Shootout!) I'd mention them all, but it takes up too much space. To get a good grip on what is happening I'd suggest reading the contest area of the forums:
https://forum.defcon.org/forumdisplay.php?f=102
- Black and White Ball is two nights this year, with some great bands and DJs including Regenerator, The Minibosses, DJ Jackalope, Catharsis and DJ Wintamute.
- DEF CON 13 Audio and Video is now on-line for DOWNLOAD. Yep, you saw that right. We are phasing out the real media server and going to download mode. The audio is in .mp3, and the video is in H.264 2-pass 192k .mp4, optimized for the iPod video screen size. Right now you gotta subscribe to the rss feed, but the web site will soon sport the direct links. We hope to have DC-12 on-line in the next week.
http://www.defcon.org/defconrss.xml
Notes:
This year we are at a new hotel, the Riviera. I did this because DEF CON was going to stagnate and die if it stayed at the Alexis Park any longer. The benefits of the new hotel are that the speaking rooms are larger, there is air conditioning, and we have room to grow. This year we get about 1/2 the space, and next year we should get 3/4 of the space. That extra room will allow us to offer break out classes, get togethers, and an additional track of speaking. Things we could only dream of before, but now are possible. It will take us all a year or two to learn what to do with all the space, but those are the kinds of problems I can live with. Did I mention the sky boxes?
General hang out site: http://forum.defcon.org/
Remember DEF CON is what you make of it, and we have been lucky over the years to have a great group of people supporting us. The line up this year looks great, and the rest is up to us.
Andrew over at The Register writes about a fire that broke out on Sea Land wrecking the generator room. For those not familiar, there was a talk by Ryan Lacky of HavenCo, a company set up on Sea Land to provide privacy services. I believe it inspired some of the characters in Neil Stephenson's Cryptonomicon book (Go read it.. very good)
I've wondered what happened since the business imploded in 2003, but from the article it seems not much.
Fire has damaged a World War II gun emplacement seven miles off the English coast. Better known as "Sealand", the fort was acquired in the 1960s by Roy Bates, who declared it an independent principality."
"In a presentation to the 2003 DefCon convention, a former employee described how internal politics and a lack of investment backing had thwarted the experiment. Contracts were broken, the bandwidth never materialised, and the location was vulnerable to DOS attacks. At the time [6] of his 2003 presentation, HavenCo had no new customers, and had seen several of its existing customers leave." We took the audio .wav files and encoded them into .mp3 files. We are working on DC-13 music next! Since Todd has been announced as a participant on NBC's new show "Treasure Hunters" we have had more than enough curious folks interested in his presentation. We will be watching him on the new show when it airs, in the meantime you can watch him now on his Defcon 12:"Cracking Net2Phone" Presentation.
Do you think using Internet Telephony is more secure than a regular phone? Think again! Internet Telephony is becoming more common and those that think it is safer from wiretaps than regular phone communications are wrong. This presentation will demonstrate how to decrypt Net2Phone's dialed phone numbers, and playback fully reconstructed audio conversations from network packet captures. Included will be a demonstration of NetWitness 5.0's VOIP playback capability.
Todd Moore is the product manager of NetWitness, a commercially available cyber-forensics tool. Moore's extensive knowledge of Internet technologies, network security, and software development helped make NetWitness well-known for providing powerful insight into network traffic.
Moore has over ten years of professional experience in the field of network security and has extensive experience developing commercial software applications. He has a bachelor in Computer Science from Old Dominion University and is a Microsoft Certified Solution Developer (MCSD). Moore started with CTX Corporation in 1996 securing global intranets and designing network security software to help audit and analyze network traffic. He joined Forensics Explorers, a Division of ManTech ISandT, as Director of Software Development in 1999 and later became the NetWitness Product Manager.
Moore teaches classes on designing quality software and has made numerous television appearances presenting the latest in technology trends. He has two patent pending inventions in the field of cyber-forensics. Moore resides in the greater Washington, D.C. area. I saw this over on SecurityFocus written by Rob Lemos, a long time Info Sec reporter with a solid reputation.
It is a piece about how "Cybersecurity" events are going national. From Old old CTF games, to DEFCON, to the Cyber Defense Exercise (CDX) to the new CCDC it is all a progression of learning through different game challenges.
It makes a couple brief mentions of DEFCON, but does not explain who or what we are. That's OK. If people really want to know, they'll find us.. From the article:
"As the hackers came in, you could see (the students') reactions: They were frustrated when they saw the attackers breach their systems and excited when they stopped the attack," said John Carr, a mentor for the team fielded by Valley High School of West Des Moines and senior solutions consultant with Iowa-based technology consulting firm QCI." DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
DEFCON
The second release is .mp3 audio files in a friendly CBR 64k format. As time goes on we will be re-encoding all previous conference content and releasing it! Next up DEFCON 13 DJ music and video.. From By Robert McMillan at Computerworld some words about database security researcher and Oracle. DEFCON devotees may well recognize David's and Caesar's contributions to this space.
Oracle once marketed its database as unbreakable, but security researcher David Litchfield has a less inflated opinion of the software.
"God forbid that any of our critical national infrastructure runs on this product," he said recently on the widely read Bugtraq security mailing list. Oops it does.
Going to DEFCON 13? Want to share a ride or a room? Got extra space in your car or room?
Now is your chance to find others and make new friends. From TheCotMan's post about this:
Suggestions:
Your best bet in finding a ride, or room sharing is actually found by attending your local Defcon User Group, getting to know people in person, who then may give you space in their room. Trying to hook up with people on the Defcon Forums is a tricky thing.
Generally, strangers won't offer other strangers space in their room. People will want some sort of references-- someone both parties know and trust to vouch for you.
The Unofficial Defcon Faq http://defcon.stotan.org/faq/ was written by many, and assembled by HighWizard. It has some outdated information for when the convention was at the Alexis Park but also has some useful information about room sharing, and life at Defcon.
Good luck.
DEFCON has released the first batch of content from DC-13 encoded for download. This marks the first step of moving away from the real media server to a direct download model in an effort to spread far and wide the presentations from past DEFCON conventions.
The first release is .mp4 video files in an iPod friendly h.264 format. Soon to follow will be the .mp3 versions of all the same presentations. As time goes on we will be re-encoding all previous conference content and releasing it! The speaker selection process for DEFCON 14 is now underway, with early selections being made. While the CfP closes officially in two weeks, we are doing early selection to fill half the speaking spots now to speed things up. We will try very hard to have the process completed in two weeks, right at the end of the deadline. We'll be making announcements on-line as well as on forums and mailing lists.
If you submitted a talk, look for acceptance or rejections over the next two weeks in your email. I am proud to say some of the submissions this year are of very high quality, and we should break in the Rivera with some killer content.
As usual we are talking about the con over on the forum.defcon.org system. Well it has taken a bit of work to get the old web server happy with serving http 1.1 compressed content, but now that it is you should see a speed improvement in page views as well as availability.
These changes are in preparation for the site and server change over, something that I hope will happen in the next week.
If your browser supports content-encoding compressed, you should see a gain! Also note that forums.defcon.org is also enabling compression later this week after some testing. This is a good thing leading up to the convention because it is effectively like buying more bandwidth with a software upgrade.
From Kenshoto's announcement: Once again ...
kenshoto will be running the Defcon Capture the Flag contest in 2006. This year's CtF will be a knock-down-drag-out-cyberninja war, the likes of which the world has never seen (except maybe last year).
For the qualifying round, we've widened the scope from last year. With multiple challenges in various categories, there's something for every hacker, regardless of skillset (except running scripts and writing perl).
The core skill for this contest will be finding vulnerabilities in software. Those of you who have avoided playing in CtF because you think it is for lamers, we bet you can't find all our vulnerabilities.
Teams will still need to defend a server, and will need to be able to exploit the vulnerabilities they find. As last year, the vulnerabilities will be 100%-custom, so leave your nessus, metasploit and core impact bullshit at home.
There will be a qualifying round, which will start on Friday, June 9th at 10:00 PM EDT. Only 8 teams will qualify. Last year's winners,Shellphish, are automatically qualified (leaving 7 team slots), unless they too decide to play in the qualifying round, in which case they will still need to place in the top 8.
Registration is currently open at http://kenshoto.com/quals/
We encourage anyone (even individuals) to attempt to qualify, even if as a learning experience. We intend quals to be enjoyable for everyone,regardless of your plans for Defcon.
Challenges will range wildlyin difficulty from Mitnick to Eagle we've got it all. Good luck... you're going to need it.
-kenshoto
The Call for Papers for DEFCON 14 is closing soon. June 15th is the cut off date, but we will start making early speaking selections in the next two weeks. Want to get a groups perspective of DC13? While this 133 page .pdf is largely copied from various speeches, there are some pretty pictures, and the various contributors to the report did a good job. It must have been some work to put together. Check it out, and if you know of other reports like this one, please let us know. An update to the official FAQ talking about DEFCON and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. The next update will include a split into two FAQs. One for general DEFCON questions, and one for DEFCON 14. Who hails DEFCON as a noncommercial event, calls its attendees 'digital cognoscenti', throws in a oblique Linus sex quote, and places DC as the 8th best north American geek fest? Follow the link to find out! We are opening the call for papers for DEFCON 14 - the annual gathering of subversive computer folks. Earlier submissions are given higher priority, so prepare your best kung-foo, and send it our way. Remember, we are always looking for original and highly technical content, unusual subject matters, software releases, innovative hardware hacking, and generally mind-blowing content. Check out past convention archives to get an idea of what we are talking about. If you thought being a pen-tester required knowledge, skill, and professionalism, Dmitri sets the record straight. His step-by-step tutorial will teach you how to write incoherent emails, slap imposing stickers on your notebook, and mumble with enough techno-bullshit to become a world-renowned pen-tester at a big-name firm. Check out Dmitri's blog for the full article. Dennis Moreau, CTO of Configuresoft Inc, discusses security trends likely to appear in the coming year. In addition to discussing the limitations to black-list based security technologies, he highlights a dramatic DEFCON 13 speech. Sherri Sparks and Jamie Butler presented "Shadow-Walker" Raising The Bar For Rootkit Detection. 22 student teams from 18 universities on four continents competed in the largest Capture the Flag event ever attempted. Inspired by DEFCON's CTF and organized by DEFCON CTF winner Professor Vigna, the CTF event differed from DEFCON's contest in by not limiting the amount of teams and having international participation. Vigna's page describes his contest in enough detail to allow others to set up their own contests. Renderman, winner of various contests at DEFCON is written about in this article. "A Las Vegas magazine once described Renderman as "infamous,'' which he admits was flattering. He's only famous to other hackers." Longtime DEFCON staffer Chris Hurley collaborates with DEFCON Speakers Bruce Potter, Johnny Long, and Ken Caruso to produce "OS X for Hackers at Heart." DEFCON.ORG is now SSLorized for your enhanced privacy and crypto happiness. Also SSL enabled for more private discussions - forum.defcon.org. The fall 2005 issue of Blacklisted! 411 has an extensive six page write-up of DEFCON that's worth reading. If you've never read Blacklisted, you should - it's a worthy mag. The first official FAQ talking about DEFCON, and DEFCON 14. Questions and Answers about the new hotel location, costs, events, resources and more. Please check it out and provide feedback so we can get a really solid v 1.0 FAQ out by the end of the year! Charlie Demerjian over at the Inquirer has a piece about HP shooting a .308 bullet at an XP12000 storage array, and the array still functioning. I have questions about where the bullet actually went, I mean if it smashed all the controller cards or went through the power supplies it wouldn't still function. But hey! They got it just right. The best part, though, is the end.
'The XP12000 was then brought back to a fully functional state without any loss of uptime. Not bad at all. As far as I know, this is the only test of it's type, but I am sure we could arrange something similar at DefCon if Sun wants to loan us a 15K.' As DEFCON 14 gets closer, I plan on making some major network changes to better support the convention. I plan on moving the web site, forum, and store to new servers and ip addresses in the next month. Shortly after that I will be upgrading the media server and starting to release past conference archives for download. That is right, you read it here! No more real media streaming, soon you will be able to D/L the files directly in h.264 (Video iPod compatible) format. So this is just a heads up that things will be switching around over the next month or so. |
