|HOPE Conference Audio|
"So it was a bunch of smelly communists that took a break from playing with linux and looking at kiddy porn to gather together and (shock) relay their displeasure with the current politcal administration. Yeah that sounds like fun. Looks like that one Aaron guy didnt follow his own advice to 'shut the hell up, you don't know anything'. Sounds like a really nice guy though."
--- Anonymous Coward comment on Slashdot regarding H2K2.
"'You should try one of my body tune-ups,' says [John] Draper. 'It's a great energy boost.' Indeed, he spends a good deal of time at the conference enticing young attendees back to his hotel room, where he offers full-contact 'stretching' sessions."
"... he won't give his handle - spent over $3,000 on a loft in Chelsea, insurance and other expenses, with plans to stage a $25-a-head orgy. Instead, he says, 'the FBI investigated us; we were going to let some 17-year-olds come, so we were crossing a state line with the intent of having sex with a minor.'"
--- Very interesting quotes in Hello, My Name Isn't ... while at H2K.
"... twenty-some years later he showed up in the San Francisco rave scene, a wild-looking man with gray hair and majorly fucked-up teeth as a result of his prison experience. He would stay up for days dancing and partying -- 'high on the energy', he said -- and trying to seduce young rave boys."
--- Old quote about regular HOPE attendee "Captain Crunch" on 666.com.
"Suddenly pedophilia's relevant. I'll give this some context. All day friday and possibly all day saturday, (I can only vouch for friday) there seemed to be a team of legit journalists interviewing each panelist right after they got off the stage. Except they were using a huge VHS camera. And they weren't claiming to be a college class. yadda yadda. So anyhow it seems that each interview started out seeming quite legit but all of a sudden one of the lines of questioning became, 'do you have any evidence that Capn Crunch is a child molestor? How about Emmanuel, I hear he hangs out with young boys.' Then all of a sudden there are people all over here, all over the 2600.com irc chat, all over the slashdot threads spreading innuendo about Cap'n Crunch and Emmanuel."
--- Some comments about $2600 Magazine, HOPE, "Captain Crunch," Steve Rombom, etc. which are posted at http://jewishdefense.org/rombom/.
"Actually, he has been seen doing the same things in public. People notice it at meetings, and warn other teenagers. A certain person named Hitman from NYC 2600 mention to someone to watch out for Emmanuel. The kid went back to Emmanuel and had Hitman banned from HOPE 6. I have always wonder where to of the teenagers that alway hung out with Emmanuel went. RedHackt and Mr.Ohm disappeared from the scene after being close friends with Emmanuel."
"Maybe he was taken into custody because he was molested by Emmanuel Goldstein who is a suspected Pedophile."
"What is wrong with you people? It's perfectly normal for a young boy to sleep in the same bed with a grown man."
"Probably just a ploy so that the Hope conference won't look so lame (as always) when compared to next week's Defcon conference"
--- Some very interesting comments on the "Steve Rambam" arrest at HOPE Number Six which were posted in the Washington Post blog.
"Before joining Gist, David Ruderman designed software for web sites including Time, Money, Fortune, Entertainment Weekly. At Time Warner's Pathfinder site, he developed web applications for community building, text retrieval, and content management. He has developed electronic books for Times Mirror, and at Cold Spring Harbor Laboratory, Dave even worked on one of the first human-genome databases. In 1984, Dave co-founded the hacker zine 2600. He earned his Master Degree in Computer Science from the State University of New York at Stony Brook and holds a Bachelor Degree in Biology."
"Gist Communications is backed by Neptuno G.m.b.H., a subsidiary of Sal. Oppenheim Jr. & Compagnie, a private bank based in Cologne, Germany. Neptuno's initial investment was several million dollars."
--- September 16, 1996 quote in the New York Times about GIST Communications. David Ruderman, one of the co-founders of $2600 Magazine, is GIST Communications' Vice President of Technology - and fucking rich!
"Today he earns in the low six figures by advising executives on how to protect their companies from the current generation of ingenious but reckless geeks."
--- Quote about HOPE keynote speaker Kevin Mitnick from Jonathan Littman in his Playboy article The Invisible Digital Man. Nothing like using manufactured fear, history revisionism, and blatant lies to help you pull in six-figures a year.
"If [Steve] Rombom were tried and convicted as an adult, he would be subject technically, but not realistically, to a maximum term of imprisonment well over a hundred years."
--- Quote from the United States District Court, S. D. New York, 1976 discussing Steve Rombom's Jewish supremacist domestic terrorist activities in the 1970s. Steve Rombom is often a keynote speaker at HOPE. (Original)
"[Jello] Biafra has spent large amounts of time and money on attorney fees and court costs. He continues to spend money on his appeal. Although he lives in a 1.1-million-dollar house in the hills of San Francisco, he is asking others for donations to pay for his appeal. The appeal will nevertheless reaffirm the court Judgment against him. These resources could be used to maintain his record label, Alternative Tentacles. But by continuing with his expensive, failing and misguided legal maneuvers, Alternative Tentacles may very well go under."
--- Quote about commissar Eric Reed Boucher (Jello Biafra) from his fellow bandmates. You just paid $100 to watch a bunch of gay millionaires tell you how to think!
- HOPE: Hackers On Planet Earth (1994)
- Beyond HOPE (1997)
- H2K (2000)
- H2K2 (2002)
- The Fifth HOPE (2004)
- HOPE Number Six (2006)
- The Last HOPE (2008)
- The Next HOPE (2010)
- HOPE Number 9 (2012)
HOPE: Hackers On Planet Earth
- HOPE took place on August 13-14, 1994 at Hotel Pennsylvania in New York City..
- Post-HOPE Analysis From Off The Hook, August 17, 1994.
- HOPE Picture Archive From $2600
- HOPE Picture Archive From Pluvius
- USENET Announcement
- Hackers on Planet Earth - Pre-HOPE editorial in $2600 Magazine Vol. 11 No. 2 announcing their first conference.
- Opening Doors - Post-HOPE editorial in $2600 Magazine Vol. 11 No. 3 discussing their first conference.
- Bumper Sticker
- Registration Form
- Gray Areas Magazine Review of HOPE by Netta Gilboa
- Robert Steele Keynote and Conference Introduction - Robert Steele (YouTube)
- Former Central Intelligence Agency case officer Robert Steele welcomes hackers to New York. Includes Jello Biafra's opening speech recording. Also, Emmanuel Goldstein and Rop Gonggrijp introduce the conference.
- MP3 Partial audio from the ??? ?, 20?? episode of Off The Hook.
TDD Fundamentals - Bernie S. (Ed Cummings) (YouTube)
- The use of Telecommunications Devices for the Deaf (TDD), procedures, and the use of TDD relay services.
Fun With Pagers - Thomas Icom (YouTube)
- Have you ever had the opportunity to monitor the pager of your choice, seeing each and every page as it comes over, alphanumeric included? You will. The entire city of New York is wide open and we'll demonstrate exactly how it's done. More pager tricks and little-known facts will be presented. Special appearance by Ixom.
Control the World From Your PC - Paul Bergsman (YouTube)
- Paul Bergsman will show attendees how to use a home computer to decode DTMF signals, control relays, lights, motors, and input burglary sensor data, monitor electric trains, and record voltage, temperature, or frequency.
Cellular Phone Panel - Bernie S., Jason Hillyard (Mr. Upsetter), Mark Lottor, and Andy Mueller-Maguhn (YouTube)
- O.K., how is it done, really? We've all heard about cellular phone cloning but how many of us have had the guts to actually do it ourselves? Actually, probably quite a few because it's relatively easy. But, as with any technological trick, there is a multitude of misinformation being handed out. That won't happen here as the true experts will be on hand to demonstrate cloning and answer questions. We will show how cloning is not just for criminals and how you can clone a phone on your own PC! Cellular software to do this will be made available for free! You will also see first hand the risks of using a cellular phone.
The New York City Metrocard - Red Balaclava (Jeopardy Jim [Jim Vichench]), BillSF (Bill Squire) (YouTube)
- New York City has just introduced a brand new farecard system for mass transit, one unlike any other in the United States. We have been gathering data on this system for some time now and hackers all over the world are trying to figure out ways of cracking it. Unlike most other mass transit card systems, this one uses master databases. We will read the cards, duplicate them, and make every attempt to defeat the system. By the end of HOPE, we will have either cracked it or deemed it secure. Your participation is encouraged. We expect to have representatives of the Metropolitan Transit Authority on hand to answer questions and keep a nervous eye on us.
European Hackers - Rop Gonggrijp, Steffen Wernery, Hans, Andy Mueller-Maguhn (YouTube)
- Germany: For many years now, Germany's Chaos Computer Club has been making headlines all over the world for all kinds of mischief. But, as with all things, there is much much more to the story. For the first time ever, the CCC will be in this country to answer questions and share information of all sorts.
- Holland: Although it's almost entirely in Dutch, Hack-Tic and the many people involved in its production have been the inspiration for hackers all over the planet. If HOPE is half as successful as the two hacker congresses Hack-Tic has hosted (Galactic Hacker Party of 1989 and Hacking at the End of the Universe of 1993), it will be an incredible event. Because of the far more relaxed atmosphere in Holland, hackers there are able to accomplish much more without all of the paranoia that is so abundant here. We will hear their story and find out about all of the technological projects they're involved in.
Social Engineering Panel - Cheshire Catalyst (Robert Osband), Supernigger (Zohar Shif), and Emmanuel Golddigger (Eric Corley) (YouTube)
- By far one of the most effective ways of getting information is the art of social engineering. You will see some live social engineering, get tips on what not to do, hear some great legendary tales from the masters, and listen to social engineering tapes of the past. You are welcome to participate in our social engineering contest - we give you an operator and you go as far as you can.
- MP3 Partial audio from the May 4, 2011 episode of Off The Hook.
Lock Picking - Paul Bergsman (YouTube)
- Everything from picks to electric drills to Simplex locks.
- A talk on lock picking by Paul Bergsman recorded with NO SOUND! Hey, it was only our second day doing this and somebody rewired the sound board while we were all sleeping. But maybe you can read lips or understand some of the diagrams. And we did manage to get the audio figured out in the last four and a half minutes. For the true collector.
The National Identification Card - Judi Clark, Bob Stratton, and Dave Banisar (YouTube)
- That's right, it may be coming a whole lot sooner than you EVER thought possible. As you read this, there is a proposal in the works that would establish several states as a testing ground for mandatory national ID card. We'll have the latest scoop on who's behind this and reaction from civil liberties and other groups. We'll also be hearing from people in countries where national ID cards are already a reality and what it means to them. Can it be stopped? Should it be stopped? Why you need to care.
Linux - Michael Johnston (YouTube)
- Linux is the freely distributable Unix clone available by FTP from many sites on the Internet. It is a remarkably complete and stable OS for Intel-based PC's that is a direct result of the existence of the Internet, which allowed for the cooperative development team of volunteers to communicate in real-time during their development of their respective parts of the project. Linux continues to enjoy rapid development and is already a viable and popular alternative to commercial Unix OS's. It is being installed in basements and at commercial, academic, and governmental organizations around the world. Michael Johnston, developer of the new Slackware Professional Linux package (in partnership with Patrick Volkerding, author of the Slackware distribution of Linux on the net), will speak on the differences between the different Linux distributions available "for free" by FTP on the Internet, and in particular the changes in Slackware (the most popular Linux distribution on the net) between versions 1.2 and the new 2.0.
Leeches, Lamers, and Losers -
- With so many new people being drawn to the net every day, the criminal element is bound to become more visible. This means users who destroy files, wipe entire systems, harrass users, and cause intentional pandemonium. Perhaps the worst part of this is that the media considers such deliberate malice to be another part of hacking. How do hackers deal with such users and the misperceptions of the hacker world that are created? Is it proper for hackers to go to the authorities on such occasions or will that ultimately backfire? You'll hear stories, experiences, suggestions, arguments, etc. from experts and non-experts alike.
The Art of Boxing - BillSF, Kevin Crow, and Mark Abene (Phiber Optik) (YouTube)
- Contrary to popular belief, boxing is not dead. As you will see, there are so many possibilities. We will have some top phone phreaks on hand to show you what works, what doesn't, what used to work, what never did, and what probably might. American boxing is only one small part of the entire global picture. In this panel, we guarantee all questions will have answers. Also included: An overview of current inband systems like R1, R2, and C5. The pains of ANI and the ease with which it can be spoofed. Phiber calls in from prison.
Hacker Authors Panel - (YouTube)
- A panel discussion focusing on writing about hackers with Steven Levy (Hackers), Winn Schwartau (Terminal Compromise), Paul Tough (Harpers, Esquire), Julian Dibbel (Village Voice, Spin), Rafael Moreau, and some of the production staff (Michael Peyser, Iain Softley) for the movie Hackers.
The History of TAP Magazine - Cheshire Catalyst (YouTube)
- From the early seventies to 1983, the major source for technically "subversive" material was TAP Magazine, a publication still eagerly traded by hackers and phone phreaks today. Originally started by the Yippies and Abbie Hoffman, TAP evolved into a cornerstone for phreaks all over the world. The last editor of TAP, Cheshire Catalyst, will tell the story and answer your questions. This is where it all began.
The Future of $2600 Magazine - Manny Golddigger, David Ruderman, Scott Skinner, Joe630, (Ben Sherman) (YouTube)
- How did it all start? How did it almost never happen at all? Are our phones tapped? What's the craziest letter we ever got? Who are the people behind the names? How many lawsuits have we been threatened with? What do the covers mean? Where is it all leading? Get the picture?
Legal Issues and the Clipper Chip - Dave Banisar (YouTube)
- Dave Banisar of the newly formed Washington D.C. based Electronic Privacy Information Center (EPIC) will fill us in on the latest laws, restrictions, and risks facing us all. There will also be updates on the $2600 Pentagon City Mall incident and tips on how to make the Freedom of Information Act work for you. Come to this panel with any questions or comments about the ACLU, EFF, CPSR, etc.
What is this Cryptography Stuff and Why Should I Care? - Bob Stratton, Eric Hughes, Matt Blaze, and Bernie S. (YouTube)
- There have been quite a few articles in the national media recently about cryptography and privacy. Bob Stratton will attempt to provide an introduction to the terms and technology, how it affects the average citizen, and insights into the public policy debate currently raging in Washington and around the world. There will be a special emphasis on the relationship of cryptographic technology and emerging personal communications tools.
- Also, a demonstration by Bernie S. and John Turbo of the AT&T Surety Telephone Device 3600, the world's first Clipper Chip telephone encryption unit. Attendees will be invited to make telephone calls between two AT&T 3600's and a loudspeaker will enable all present to actually hear the encrypted audio. An actual Clipper Chip will be given away as a door prize with the opportunity to smash it with a hammer in front of all.
Closing Ceremonies - Various HOPE staffers (YouTube)
- Door prizes will be awarded, we'll hear from Phiber Optik in prison, comments, questions, and answers from the audience, and a message from the President.
- HOPE Car Keys
- Beyond HOPE took place on August 8-10, 1997 at the Puck Building in New York City.
- Beyond HOPE Advertisement in Vol. 14, No. 1.
- Post-Beyond HOPE Analysis From Off The Hook, August 12, 1997.
- Who's Hacking Whom? HOPE Springs in Manhattan by Peter Wayner
- Hackers for Hire
- Beyond HOPE Hacks into Big Time by Austin Bunn (Original)
- HOPE On A Rope by Noah Robischon
- Hackers on Holiday by Joe Territo
- HIP Opening and the Beyond HOPE Press Conference - Rop Gonggrijp, Emmanuel Goldstein (Eric Corley), Cheshire Catalyst (Robert Osband), Deth Vegtable (Luke Barrymore), Phiber Optik (Mark Abene), CyberJunkie, Zap (YouTube)
- The Hacking In Progress (HIP) outdoor hacker event in Holland was taking place at the exact time as Beyond HOPE in New York City. Through a really poor video connection, we attempted to address the overseas conference as they opened early in the morning. As we kick off the conference, we thought it would be only right to take questions from the various members of the press who will be in attendance. This will also be the time where we will be announcing things too shocking to be printed here. It's a good opportunity for all of us to meet the people who will be covering the conference and to dispel all those myths and rumors that seem to follow us around the planet.
The $2600 Panel - Manny Golddigger, Pamela Finkel, David Ruderman, Bernie S. (Ed Cummings), Ben Sherman (Joe630), Dave Buchwald (Bill from RNOC), Kiratoy (Shawn West), Scott Skinner, and Phiber Optik (YouTube)
- Since this whole thing is being thrown together by $2600 and friends, we thought it would be nice to have a panel dedicated to the zine, what has happened over the years, where $2600 is going, and what could be done better. This is your chance to ask whatever questions you've had festering over the past 13 years.
Opening Address - Hacking for the Next Century - Brock Meeks (YouTube)
- In this age of heightened awareness about security and hacking, where have all the good hacks gone? Too many are claiming the title "hacker" when they are no more than snot-nosed wannabe posers. Or worse, downright petty criminals, as was witnessed at Defcon when people were trying to pass counterfeit bills and bad counterfeit bills at that. Brock will talk about where hackers have come from, where they've gone, and where they should head into the new millenium.
Tiger Teaming Panel - Dave Buchwald, Chris Nichols, Laura Brown, Ira Winkler, and Steve Lutz (YouTube)
- What are the implications when hacking becomes legal? Over the years, major companies have learned to rely on the expertise of the same people they once tried to prosecute. Hear some interesting stories about what has happened in this weird marriage of two cultures. And decide for yourself what kind of effect this will have on the future of hacking.
Information for the Masses - Steven Rambam (Steven Rombom) (YouTube)
- There is so much information available on all of us, but most of it is only accessible to governments and to major companies/big business. In this session, the hackers will "level the playing field" and access data that is not restricted, but is rather... expensive. Or just plain hidden. There will also be a discussion on just how much info is out there, including such categorization as religion, health, sexual preference, etc.
The L0pht - Brian Oblivion (Brian Hassick), Weld Pond (Chris Wysopal), Kingpin (Joe Grand), Mudge (Peiter Zatko), Space Rogue (Christopher Thompson), Tan (John Tan), and Stefan (Stefan von Neumann). (YouTube)
- This, incidentally, is the entire L0pht lineup all in one place at one time! They will be talking about recent projects and accomplishments, not the least of which will be their adventures with Windows NT and why Microsoft would like to see them shot. Look for some new projects to be introduced and for a discussion of emerging trends and shortcomings in the technologies that are backing them. This will be followed by a Q&A session.
Cryptography: Opportunities, Threats, and Implementations - Bruce Schneier (YouTube)
- From encryption to digital signatures to electronic commerce to secure voting - cryptography has become the enabling technology that allows us to take existing business and social constructs and move them to computer networks. But a lot of cryptography is bad, and the problem with bad cryptography is that it looks just like good cryptography; most people cannot tell the difference. Security is a chain: only as strong as the weakest link. In this talk Bruce Schneier will take a look at the future of cryptography: the needs, the threats, the limits of technology, and the promise of the future.
Off The Hook Live Broadcast - Emmanuel Golddigger, Phiber Optik, and more! (YouTube)
- A special two hour live broadcast from the conference to the entire tri-state area. Off The Hook airs weekly on WBAI 99.5 FM and has gotten a very diverse audience over the years. This show will obviously be different than most since there aren't usually hundreds of people in the studio like there will be here. There will be all kinds of special guests and surprises, most of which we probably won't even be expecting. We hope to link this show to the HIP conference and have it available live over the mbone and real audio to make this the largest hacker broadcast ever.
- A special edition of Off The Hook broadcast live from the Beyond HOPE conference at the Puck Building in New York City. Guests include Major Hacking, CyberJunkie, Bernie S., Veggie, Mike Roadancer, Steve Rambam, Paul from name.space, as well as a special media panel (Paper Tiger, Cyberwire Dispatch, Netly News, Japanese TV, Internet Underground). Listen for the ring voltage complete with Caller ID data every time phone calls are taken.
Pirate Radio - "Steal This Radio" Staff, Lazlow Jones of the Techno-File Radio Network (No Audio Available)
- What does pirate radio have to do with hacking? Are you SERIOUS?! Come on, don't be stupid. First off, it's wrong to call micro-broadcasters pirates. If anyone's a pirate, it's those megacorporations who take over the airwaves and dictate what it is that we watch and what kind of music we listen to. But it's our own fault, for standing by and watching it happen. Tonight you can begin to change. Meet the people from "Steal This Radio," a low-power operation eminating from somewhere in the neighborhood. This station has no censorship, lots of interesting and diverse programs, and a growing audience. And there are more of these stations popping up on the dial all over the country. Learn how it's done and hear firsthand how commercial broadcasting operates.
Corporate Espionage, or Where Hackers and Criminals Collide - Ira Winkler (YouTube)
- A talk by Ira Winkler on how and where the hacker and criminal communities intersect. This presentation will also address what basic skills a "real hacker" would have. Highlighting this topic will be an "Are You Clueless?" test.
GSM Phones and the Future - Phiber Optik, and t0m from England (YouTube)
- One of the newest hacker toys is the GSM phone, which has been around in Europe for quite some time and has just being introduced in this country fairly recently with companies like Omnipoint and Sprint Spectrum. We'll show the capabilities and potential weaknesses of these phones and compare the different systems that exist throughout the world. Learn about the future of telecommunications from the people who will help to shape it.
Metrocard - Red Balaclava (Jeopardy Jim [Jim Vichench]) (YouTube)
- The mystery transit employee who appeared at the original Hackers On Planet Earth conference in 1994 returns (via ISDN) to talk about the easily hackable but ingeniously self-correcting payment method of New York City's subways and buses. We will also discuss the subtle - and possibly increasing - dangers of the Transit Authority's ability to trace your travels via Metrocard.
Low-Bandwidth Access - Cheshire Catalyst (YouTube)
- A discussion and demonstration on how to achieve Internet access using simple text-only computer terminals and web browsers to access information on the World Wide Web. While you don't get all the graphics and whiz-bang, you can get basic information, download files, images and software for later perusal, and you don't need a Windows machine to do all this! Webmasters will be given tips on making their pages more accessible to these users.
Dangerous Legislation - Shabbir Safdar (YouTube)
- There has been much movement recently involving dangerously vague legislation aimed against hackers and, not coincidentally, against privacy. There are some really scary and little known details that may surprise the hell out of you. Hear firsthand how the legislators' ignorance of technology and desire to control the masses could make your life a living hell. Find out what you can do now to help shape pending laws on cryptography, privacy, free speech and even owning a computer.
Cult of the Dead Cow and World Domination - Deth Veggie, Mudge (Peiter Zatko), Nightstalker (Chris Tucker), Tweety Fish, Oxblood Ruffin (Laird Brown), Lady Carolin (Carrie Carolin), Sunspot, Count Zero (John Lester), and Theo de Raadt (YouTube)
- Cult of the Dead Cow is the oldest active group in the hacker underground (around since 1984), and they've got a little bit to say about the impact of the Internet on the world around us. From Chinese dissidents to our own political activists, the underdogs finally have an advantage over the Goliath of Big Brother.... The times they are a changin'. 1997 is the Year of the Cow, and cDc is your only hope for absolution.
Social Engineering Panel - Zap, Manos Megagiannis, Manny Golddigger, Netweasel (Ryan M. Basile), Thee Joker (Jason), CyberJunkie, Bernz (David Bernick), and Asymmetry (YouTube)
- One of the panels we had the most fun with at the first HOPE was the social engineering seminar. We expect to have at least as much fun this time as hackers attempt to demonstrate live just what it means to get unauthorized information out of a human being. No matter how advanced and secure our networks and systems become, this is one form of hacking that can never die. At least, not until there are no more people.
The Kevin Mitnick Story - Attorney Donald Randolph (YouTube)
- For more than two and a half years, Kevin Mitnick has been held in a prison by the U.S. government. And during this whole time, all kinds of mistruths and fictions have been uttered by the prosecution, echoed by the media, and believed by the public. On this panel, Mitnick's lawyer Donald Randolph will help set the record straight and provide some little known details on what has happened so far. Find out who Kevin Mitnick is and who he isn't.
Prisoners - Phiber Optik, Bernie S., and Manny Golddigger (YouTube)
- One of the sadder aspects of the hacker world is the growing number of hacker prisoners. Some victims of this will describe their experiences and what kinds of tricks the government plays on naive young people. If you want to be a hacker who stays out of jail, it might be good to sit in on this one. If you're interested in things that go on in our nation's prisons, prepare to have your eyes opened.
The r00t Panel and Closing Ceremonies - Hosaka, Entropy, rs, loki, and various HOPE staffers (YouTube)
- "The most beloved, the most hated, and the most respected hacking group of all time" (r00t description of themselves) will discuss their history, their evil deeds, and their many uses of silly putty. Your one and only chance to see a real live hacking group yet to narq out themselves. They're all a bunch of idiots, but they own you.
- About eight hours after the HIP conference in Holland ends, it'll be our turn to pull the plugs. This may take a while.
- H2K took place on July 12-14, 2000 at Hotel Pennsylvania in New York City.
- Post-H2K Analysis From Off The Hook, July 18, 2000.
- Complete Panel & Speaker List
- GSM and CDMA PowerPoint Slides Slides from Jason Hillyard's presentation. (Audio not available)
- Krispy Kremes and Ancient Ethics by Brendan Koerner
- To Heck With Hactivism by Brendan Koerner
- Why Defcon Beats H2K by Drew Ulricksen
- Hard Times at Hacker High by Robert Lemos
- HOPE 2000 Hackfest Hits New York by Deborah Radcliff
- 'New Breed' Drowning Out Hacker Culture? by Weld Pond
- Code of Honor by Time Out New York
- H2K: HOPE 2000 Review by DANtheMAN
- Underground Online H2K Q&A Video Segments
- H2K Photos by Rob T. Firefly
- H2K Photos by FearFree
- H2K Photos by Eddie.com
- H2K Photos by Javaman
- H2K Photos by JoHnY
- H2K Photos by Deco
- H2K Photos by Halo 6
- H2K Photos by Jason Scott
- H2K Photos by The Digital Sorceress
- Jello Biafra Keynote - Jello Biafra (Eric Reed Boucher) (YouTube)
- Former lead singer of the Dead Kennedys Jello Biafra may appear to have little to do with the world of hackers. But all one has to do is look at the many injustices we've faced over the years and the ominous overtones of what lies ahead - more laws, more crackdowns, more global controls with little or no oversight, and plenty more prisons. There is no better spokesperson for the ongoing fight of the individual vs. the system than Jello. What we in the hacker world are going through extends far beyond the world of computers - the issues of free speech that we're engaged in will have an effect on people everywhere for a very long time to come. By the same token, we must remain aware of what's going on in the rest of the world or we won't see what's coming. We guarantee - Jello WILL wake you up. This is also the first time ever that a presidential candidate has addressed a hacker convention.
The Hacker's Code - Greg Newby (YouTube)
- This session will ask audience members to work together on a "Hacker's Code." Is it possible to have a shared code of ethics? Is it desirable? Will this help distinguish hackers from script kiddies from criminals? We will look at some possible examples, including the Hacker's Manifesto, Hippocratic Oath, The Three Laws of Robotics, and others.
- Hacker's Code
DeCSS and the DMCA - Hackers vs. Corporate America - Emmanuel Golddigger, Jon Johansen, and Macki (YouTube)
- There has never been a case like this in the history of the hacker world. For the first time, thanks to the Digital Millennium Copyright Act, it's actually illegal to figure things out and tell people how technology works - if the powers that be decide to keep this knowledge secret. Since hackers throughout the world continue to decrypt, reverse engineer, figure out things, and spread whatever it is they discover to whoever is willing to listen, there is a battle brewing like none we've ever seen. $2600 is only the first of what will likely be many defendants as the corporate/governmental fist continues ever more desperately to try to control the dissemination of information. A look at what DeCSS is, what it's not, and how the DMCA is going to effect each and every one of us.
Hackers of Planet Earth - CyberJunkie, Rop Gonggrijp, and Andy Mueller-Maguhn (YouTube)
- You thought hacking was an American thing? Think again. There are hackers in every nook and cranny of the globe, from Bosnia to Burundi, and a lot of them are coming to H2K to share information, technique, and adventures. This "meeting of the minds" is what the authorities fear the most. Come join the conspiracy and make friends around the globe.
Hacktivism - Terrorism or A New Hope? - Reid Fleming, Oxblood Ruffin (Laird Brown), and ShapeShifter (Terrence McGuckin) (YouTube)
- We've all heard the phrase but what does it mean? Is there such a thing as activism on the net and, if so, how does it work? Learn just how much organization there is - and how much disorganization.
Hardware and Electronics Q&A - Javaman (Adam O'Donnell), Kingpin (Joe Grand), and Brian Oblivion (Brian Hassick) (YouTube)
- Do you have questions about basic electronics, embedded systems, secure hardware design, smart cards, hardware tokens, or wireless and radio technologies? Having a problem reverse engineering your latest flea market find? Are you sick and tired of hearing about software-only related security problems? Not to worry! Stop by the Hardware and Electronics Q&A Panel to explore a different form of hacking and interface directly with fellow electronics enthusiasts. The panel will be an open discussion and will attempt to field and answer any related questions. Three hardware hackers, Kingpin, Brian Oblivion, and Javaman, will be on hand. Special guests may appear.
High School Horror Tales - Greg Newby and Various Teenaged Boys (YouTube)
- We've all read the letters from high school kids who have their copies of $2600 seized by the principal or who get suspended or even expelled for using an unauthorized command on one of the classroom computers. Unfortunately, this seems to be the rule, not the exception. Hear from high school kids from around the world who have suffered at the hands of the technologically inept and be shocked at some of the incredible accusations that have been hurled at them.
Information on the Masses - Steve Rambam (YouTube)
- How much information is out there on every one of us? Who is able to access it? How much can money really buy? And just how much digging do you really have to do in order to find out the real secrets? An update to the Beyond Hope discussion by world renowned private eye Steve Rambam that will shock, enrage, frighten, and intrigue you.
The Jon Johansen Story - Jon Johansen and Per Johansen (YouTube)
- On January 24, 2000, 16-year-old Jon Johansen and his father were both arrested by Norwegian authorities under pressure from the Motion Picture Association of America and the major film studios it represents. The authorities seized his computer, some disks, and a mobile phone. Jon, a member of Masters of Reverse Engineering, was believed to have been responsible for reverse engineering CSS (although this has never been definitively proven) and thus igniting the current controversy that has resulted in $2600 being sued in federal court for publishing the program on its web site. Hear from both Jon Johansen and his father as they tell the story of the raid and arrest which could result in three years in prison.
Has Anyone Learned ANYTHING? - Rick Forno (YouTube)
- While a select few may have learned how to cope with the issues inherent in the Information Age, the majority have not. A look at current security trends that explores exactly how far corporate America and the government have come in accepting/dealing with computer and information security. Are we any better off now? Have major incidents been an eye-opener to anyone? Are current laws and processes effective? Sadly, the report card is NOT GOOD.
The Legal Panel - Martin Garbus, Emmanuel Golddigger, and Robin Gross (YouTube)
- What is illegal these days? What isn't? Just how many of these crazy laws are being passed that make a great amount of what we do illegal and punishable by more prison time than many violent offenders? Just how bad is this going to get? Find out what country you should be trying to escape to and what new laws are "coming down the pike" with our panel of legal experts and pundits. This is not a panel for the squeamish.
Lock Picking - Barry Wels and Hans "Unicorn" van de Looy (YouTube)
- Barry "The Key" is one of Europe's leading experts on locks. In his first presentation in the United States, he will talk about lockpick "sportgroups" that are very popular in Europe. He will also give a demonstration for basic and advanced lockpickers. If his suitcase is not too heavy he will bring some exotic European locks to show.
Low-Bandwidth Access to the Internet - Cheshire Catalyst, and The Voxy Lady (YouTube)
- A continuation of Cheshire Catalyst's Beyond HOPE discussion that will disparage flashy graphics and shockwaved sites in favor of informative text based information content that gives the user the INFORMATION they are looking for, not just glitz.
Low-Power FM - Bernie S., Pete Tridish, and Andrew Yoder (YouTube)
- Have you ever wanted to set up your own radio station? For the first time in 20 years, it's possible to apply to the FCC and be granted a low-power community radio station license. But before you can reach that euphoric goal of "radio by the people, for the people," there are lots of pitfalls and hurdles to cross, not to mention possible legislative problems with the whole process. This informative discussion will go into detail about the history of the LPFM scene along with a discussion about current legislation, loopholes, and possible impacts of Congressional rulings.
Hackers and the Media - Robert Lemos, Doug Mohney, Viktorie Navratilova, and Deborah Radcliff (YouTube)
- Hear straight from the mouths of journalists why hackers seem to always get such bad media exposure. These guys may not be the enemy (then again they might be - you decide) but they will offer some valuable insight into how the media works and how we can make it work to our advantage. So far, MSNBC, ComputerWorld, and Boardwatch are represented.
Ethics in Military and Civilian Software Development - Sam Nitzberg, Winn Schwartau, and Robert Steele (YouTube)
- The quality with which systems are developed for either civilian or military purposes has systemic, infrastructure-wide consequences. What are the ethical considerations present in developing military and civilian software?
MTV - How Did It Happen? - Izaac Falken, Tommee Pickles, and Weld Pond (Chris Wysopal) (YouTube)
- We all know about the travesty that MTV put out on its "True Life" series last year on the subject of hackers. Hear from an ex-employee of MTV who will reveal what was left out and why, as well as what was whispered in the hallways of Viacom. Hear from some of the other participants in the show as well.
- MTV True Life - "I'm a Hacker" (YouTube)
Cracking the Hacker Myth: A Study by the Laurentian University Hacker Research Team - John Dodge, Bernie S., and Bernadette Schell (YouTube)
- In the past, many misunderstood groups in society have reaped the rewards of public backlash due to misinformation propagated by members of the media and authorities. Despite what society has learned from these past cases, history has repeated itself yet again. For at least the last decade, hacker myths have been concocted and propagated by acclaimed experts in the media and authorities in society. What are the undercurrents that are driving this behavior? The Laurentian University Hacker Research Team has been undertaking an independent study to create a balanced view of hackers. They believe that hackerdom is misunderstood and grossly misrepresented to the public. From their study, science may be able to dispel some of these myths and provide the public and organizations with a balanced view regarding hackers in society.
- Additional Information
Napster: A New Beginning or Beginning of the End? - Jello Biafra, Glen Otis Brown, James Hanna, Keith Hopkin, Lazlow Jones, and Siva Vaidhyanathan (YouTube)
- We've read the papers and seen the hysteria. Many of us have also been affected by the clogged bandwidth. So what will programs like Napster wind up doing to the Net, the music industry, artists, and the consumer culture? Hear from Professor Siva Vaidhyanathan of New York University, radio personality Lazlow, Jello Biafra, and people in the music business who are feeling the effects of Napster and the Net.
The Old Timer Panel - Cheshire Catalyst and Captain Crunch (YouTube)
- Hard as it may be to believe, there are hackers who have been active for twice as long as many of the H2K attendees have been alive! Quite a bit has changed since the old days - the technology, the laws, the amount of interest (just look around you!) and there are some things that haven't changed at all. Hear some incredible stories from the past and learn a bit about the origins of the hacker culture.
The King's Mob Open-Source Mediamaking Panel - Matt Pizzolo (YouTube)
- NYC's do-it-yourself new media and movie studio, King's Mob Multimedia, will present a panel discussion on open-source mediamaking and how the DiY ethic can shatter major corporations' grasp on independent production and distribution. From DeCSS to the WTO protests, the world is learning that technological convergence means more than a TV that is also a microwave: technology gives us the means to converge people and cultures and to set information free. It's all about empowering voices that wouldn't otherwise be heard. The King's Mob's first release, THREAT, is a DiY movie about kids coming of age in a world of violence and intolerance, recognizing too late that the establishment pits us against one another across lines of race, gender, and privilege. The movie was a four year collaboration between over 200 kids from numerous cultures and lifestyles across five countries. It has since toured skateparks, hip hop clubs, and punk shops from LA to Berlin.
Pirate Radio 101 - DJ Anne Animus, Mr. E, DJ Ken-Zo, and Professor Klystron (YouTube)
- A demonstration and presentation of a portable microradio station providing live, wireless audio transmissions throughout buildings and neighborhoods and around the world via the Internet. Although the revolution will not be televised, this panel discussion will inspire hackers to get involved in our fight against short-sighted, out-of-touch governmental regulatory agencies and the large, powerful corporate puppeteers who control them.
Internet Radio - FearFree, Juintz (Mike McTeague), and Porkchop (Michael Kaegler) (YouTube)
- While it's true that radio space on the dial is controlled by fewer and fewer people, broadcasting on the net is something that almost anyone can do. Hear from someone who actually does it - how to get started, how to do it right, and how you can make a difference
Retrocomputing - Graphix, Mr. Ohm, Nightstalker (Chris Tucker), and Sam Nitzberg (YouTube)
- This panel will discuss and explore "obsolete computers" such as TRS-80s and Atari 800s. It will be open to techno-geeks who know everything there is to know and newbies who wish to learn about these interesting systems from long ago. People are urged to bring their old computers (for the retro network table) and a mini-network of old computers will be created. The panel will also be a sort of swap meet for those looking for parts they cannot find in stores.
The Robotic Graffiti Writer - The Institute for Applied Autonomy (YouTube)
- The Institute for Applied Autonomy (IAA) is a politically motivated robotics collective which develops technologies to both counter existing military/police technologies as well as extend the autonomy of human activists. The IAA has already completed and tested the Robotic Graffiti Writer (developed in part with funds from RTMark) as well as the propaganda distribution device, Little Brother. Current research includes a street worthy prototype of the GraffitiWriter as well as new innovations in technologies for surveillance of police actions/movements.
Selling Out: The Pros and Cons of Working for The Man - Scott Blake (YouTube)
- There's lots of talk in the media about hackers who get straight jobs in the security industry. What does it cost a hacker to get a real job? What are the benefits? What about those nasty intellectual property agreements? Scott Blake runs the RAZOR security research team. He actively recruits and manages hackers for BindView, a publically traded software company. He's defended this to the executive management and the press. In this talk, you'll hear it straight about what you have to give up for the paycheck, as well as what you get to keep.
- PowerPoint Slides
Social Engineering Panel - Cheshire Catalyst, Emmanuel Golddigger, Robert J. Lupo (v1ru5), and Kevin Mitnick calling in from prison (YouTube)
- Home of the first social engineering panel back in 1994, we continue the tradition this year with more tales of triumph and disaster plus some live telephone antics that should leave you in stitches or put us in cuffs. Panelists are still being rounded up for this one - if you think you're worthy, let us know why. Hear how we intercepted an AT&T security bulletin about this very panel and used it for some serious laughs. Also, Kevin Mitnick joins in over the telephone with his interpretation of what social engineering is and isn't.
Spy Stuff: Everything You Never Believed But Wanted to Ask About - Robert Steele (YouTube)
- Robert Steele, former clandestine case officer (spy) and author of ON INTELLIGENCE: Spies and Secrecy in an Open World, has been described by Bruce Sterling as "about 100 times smarter and 10,000 times as dangerous as the best of the hackers...." Find out why in a free for all discussion about spy stuff, smart nations, dumb governments, and more.
The Mock Trial - The MPAA vs. 2600 - Adam Cohen, Emmanuel Golddigger, Jon Johansen, Glenn Kurtzrock, Bernie S., Shana Skaletsky, Scott Skinner, and Alexander Urbelis (YouTube)
- When we first scheduled this, our REAL trial wasn't supposed to happen until December. Then things changed and the trial was moved to the DAY AFTER H2K! Well, how could we resist? What better way to go into court Monday morning than to remember what the verdict of our TRUE peers had been the night before? The fun starts Saturday with a two hour courtroom drama in which both sides will be presented as factually as can be managed. "Lawyers" for each side will be selected as will a judge. Email us if you think you're qualified for this - we are only considering people with some legal background and knowledge for these positions. Expert witnesses will also be called to the stand and a jury will be selected who will render a verdict 24 hours later. Probably a lot more exciting and jovial than the real trial which H2K attendees are encouraged to stick around for.
Introduction to Computer Viruses - Robert J. Lupo (YouTube)
- This talk covers how viruses work. Bootsector, multi-parti, file infectors, macro, Trojan, and fakes will all be approached in detail. There will be detailed discussions on VBS scripts and what's in the future regarding viruses.
Closing Ceremonies - Cheshire Catalyst, Emmanuel Golddigger, Porkchop, Bernie S., and Ben Sherman (Joe630) (YouTube)
- The final words from H2K as thanks are given, door prizes are flung, cleanup begins, and we all look towards 2002.
- H2K2 (HOPE 2002) took place on July 12-14, 2002 at Hotel Pennsylvania in New York City.
- Post-H2K2 Analysis From Off The Hook, July 17, 2002.
- H2K2 Speaker Info
- H2K2 Wrapup
- AT&T Warns Workers Not to be Duped by Hackers
- H2K2: Hackers on Planet Earth by Angst
- Dual and Rax Do H2K2 Random video footage from Radio Freek America. (13.8M WMV)
- Logic Regulated Firearms Systems: The Future of Firearms Beyond Personalized Weapons Basing analysis on the application of principles of computer and information security, this presentation reflects on the effects and ramifications of integrating control logic, computer systems, and networking, into arms design to control and monitor their use, by Sam Nitzberg. (488k PowerPoint)
- H2K2 Photos by Rob T. Firefly
- H2K2 Photos by golgo13
- H2K2 Photos by shredder
- H2K2 Photos by Dataprophet
- H2K2 Photos by phzero.net
- H2K2 Photos by Deviant
- H2K2 Photos Hosted on H2K2.net
- Abuse of Authority - Bernie S. (Ed Cummings) and ShapeShifter (Terrence McGuckin) (YouTube)
- Over the years, there have been many stories in the hacker world of law enforcement personnel who have abused their authority. Two of the more dramatic cases in recent memory both come out of Philadelphia. Many of us are already familiar with the horror story of Bernie S. who toured five dangerous prisons for over a year - not because of what he was charged with - but because the United States Secret Service was upset about his collection of information about them. Then there is the case of ShapeShifter, $2600 layout artist, who was arrested at the Republican National Convention in 2000 (shortly after leading a panel on the RNC at H2K) and held on half a million dollars bail as if he were a terrorist mastermind - all because he had been targeted for speaking out in public. Hear the games the authorities play and how public education really can make a difference in putting an end to such abuse.
Access Control Devices - Mike Glasser (YouTube)
- There are all kinds of access control devices that we come in contact with every day. They include such things as magnet readers, proximity card readers, fingerprint readers, camera systems, biometrics, and basic standard operating procedures for a business. This talk will be a comprehensive guide to what's out there.
The Argument Against Security Through Obscurity for the Non-Digital World - Greg Newby (YouTube)
- In the world of networked computers, security through obscurity is generally ineffective. Hiding algorithms, protecting source code, and keeping procedures secret might be effective initially, but eventually the cloak of secrecy is penetrated. This talk will examine how security through obscurity is relied upon in the non-computerized world. When can security through obscurity work? What risk analysis should we use to examine the role of obscurity in the non-computerized world? The talk will present and examine the hypothesis that an "open-source" mentality should be applied to security procedures for public places. This is a logical extension of the lesson in cryptanalysis - that no cryptographic method can be considered trustworthy until it has undergone a rigorous examination by qualified persons. Similarly, can we trust security procedures in the physical world designed, ostensibly, to protect the public if these procedures never undergo public scrutiny?
- PowerPoint Slides
Black Hat Bloc or How I Stopped Worrying About Corporations and Learned to Love the Hacker Class War - Gweeds (Guido Sanchez) (YouTube)
- Hackers must deal with governments and ultimately the corporations that wield most of the decision making power within them. Looking over the past few decades of hacker interaction with corporations, we notice some interesting trends in the two worlds that indicate strong influences of the corporate and hacker worlds on the other's ethics and culture, often only hinted at to the rest of the world via biased corporate PR machines in the form of broadcast and publishing media. Hacker posts to Bugtraq become resumes, hacker tech like BBSes and IRC become the technical implementations of every Internet startup's business plan, hackers testify in front of Congress to warn them of impending doom directly resulting in increased federal cybercrime funding, while piracy is accepted by governments and media (but not the public) as theft. Has hacking become the fast venture capitalist track to shiny gadgets that go fast and make noise, a la Slashdot? Should we ignore intellectual property legislation and treaties that are passed solely to make rich people richer? This talk takes a look at where hacker/corporate/government relationships have been, where they are now, and where they could be going - hopefully shedding some light on everyone's motivations along the way.
Bullies on the Net - The Ford and Nissan Cases - Emmanuel Golddigger, Eric Grimm, and Uzi Nissan (YouTube)
- We could fill the entire weekend with stories like these and we have no doubt there will be many more such tales in the years to come. With the help of agencies, corporations, treaties, and laws with acronyms like ICANN, WIPO, WTO, and the DMCA, the individual very often finds himself at the mercy of corporate giants with virtually unlimited funding - and seemingly unlimited power. Throughout it all however, there remains hope. Hear the story of Uzi Nissan, who is being sued by the Nissan Motor Company for daring to use his own name on the Internet. We'll also talk about how the Ford Motor Company sued $2600 - and lost.
Caller ID Spoofing - Lucky225 (Jered Morgan) and Tray Smee (YouTube)
- A demonstration of how Caller ID works as well as methods that can be used to emulate and display spoofed Caller ID messages on Caller ID and Caller ID with Call Waiting boxes using a Bell 202 modem. Details on the technical aspects such as Caller ID protocol for both regular and Call Waiting Caller ID. If all goes well, you may actually see a live demonstration of spoofed Caller ID.
"The Conscience of a Hacker" - The Mentor (Loyd Blankenship) (YouTube)
- Probably the most famous single essay about what it's like to be a hacker is The Conscience of a Hacker by The Mentor, written in 1986. It's been quoted all over the place, including the movie Hackers. It remains one of the most inspirational pieces written about the hacker community and it's survived well over time. This year, we're pleased to have The Mentor himself give a reading of it and offer additional insight.
- Video Excerpt
Conspiracies - Gonzo DeMann (Michael J. Ferris), Leo, and Rev. Sergey (YouTube)
- Technology can be a wonderful thing, but it can be quite harmful as well. Unenlightened corporate interest as well as government interest can make for some savage bedfellows. This panel will deal with technology, its good uses and some of its evil ones.
Crypto for the Masses - Matt Blaze, Greg Newby, and Anatole Shaw (YouTube)
- This panel will approach cryptography from the perspective of enabling a "digital world" where key social schemes are preserved - personal identity, anonymity, and the right to privacy. We'll talk about the basic inner workings of cryptosystems, and discuss how they can be applied now to create and enforce cyber rights. We'll also discuss the hurdles faced by crypto and its adopters, along with the public at large. And we'll learn just how crypto is being threatened and abused by certain global goons.
Cult of the Dead Cow Extravaganza - (No Audio Available)
- This year, the megamerican computer hackers of patriotism, Cult of the Dead Cow, honor our country with "Hooray for America!" -- an all-star revue including the Anheuser-Busch Clydesdales, NASCAR champion Dingus McProstate, and the Dallas Cowboy Cheerleaders. Reid Fleming will give a thorough and thoroughly educational description of the history and symbology of the Great Seal (which you can find on the back side of a $1 bill). Grandmaster Ratte himself will lead the audience in a sustained chant of "U.S.A.! U.S.A.! U.S.A.!" Oh, and maybe there will be some new software too
Databases and Privacy - Steve Rambam (Steve Rombom) (YouTube)
- Once again, world renowned private eye Steve Rambam will enlighten and frighten attendees with the latest updates on the personal information that is out there about each and every one of us. Find out which databases contain the most invasive information and who has access to them, as well as what you can do to protect your privacy. There will also be a discussion on truth and accountability on the net as well as live demonstrations.
A Day in the Life of a Directory Assistance Operator - Cheshire Catalyst (YouTube)
- Odds are most of us take things about the phone companies for granted. But there is a whole world that we don't see which is always operating. Hear how the system really works from The Cheshire Catalyst.
- Slides & Notes
The DeCSS Story - Emmanuel Golddigger, Robin Gross, and Ed Hernstadt (YouTube)
- At our last conference, we were preparing to go on trial for daring to have the code to DeCSS on our web site. Quite a lot has happened since then. The public perception of entities like the MPAA and the RIAA has gone down the toilet as their true motives became apparent. We were the first in what will be a long line of courtroom battles to defend freedom of speech, fair use, and open-source technology. While we lost the case and the subsequent appeal, we still somehow feel victorious. Find out why.
Digital Demonstrations: Criminal DDoS Attack or Cyber Sit-in? - Maximillian Dornseif (YouTube)
- Being able to carry political opinions to the public by showing them on the street is a basic part of democratic rights. Nowadays, a steadily increasing part of our life takes place in cyberspace. Things which aren't happening in cyberspace will therefore get less and less public attention. How can protest be taken into the virtual realm? What strategies for "online demonstrations" have we seen so far? How about the ethical and legal dimensions? Who gets hurt? Host Maximillian Dornseif will present a new approach for conducting online demonstrations without adversely affecting other users on the net.
DMCA Legal Update - Mike Godwin, Eric Grimm, and Robin Gross (YouTube)
- Since we last met, the Digital Millennium Copyright Act has claimed more victims and been at the forefront of all kinds of legal action. We even had the first instance of a programmer being thrown into prison because of a program he wrote while in his native Russia! Hear the latest on the Dmitry Sklyarov case and others that the DMCA is responsible for as well as what is being done to put an end to it.
Domain Stalking - RenderMan (Brad Haines) (YouTube)
- Ever wanted to legally have a $900 million dollar company in your debt? Intellectual property is a big deal to a lot of companies (witness the $2600 vs. Ford case) and it can be very easy to legally screw with it. This presentation will be a discussion of how easy it can be to get a company in your debt by simply watching their domains and catching them when they neglect to renew. It's a bigger problem with large companies than you think and can be exploited for many good causes. Hear how everyone from Symantec to the Red Cross to Jello Biafra has benefited from RenderMan's watchful eyes.
- Additional Info
- PowerPoint Slides
Educating Lawmakers - Is It Possible? - Declan McCullagh and Matt Blaze (YouTube)
- Trying to educate Congress about technology is approximately as useful as teaching a pig to type. It doesn't work and you get one peeved pig. But there are sometimes ways to make a difference in law and policy circles without becoming a wholly owned tool of the Demopublican Party. A discussion with journalist Declan McCullagh and cryptologist Matt Blaze.
Face Scanning Systems at Airports: Ready for Prime Time? - Richard M. Smith (YouTube)
- A talk about the technical problems of face scanning systems being used at airports to pick out terrorists. Will these systems work like the promoters are claiming they will? Or will they fail to catch terrorists and instead turn our airports into round-up zones for petty criminals?
Freedom: File Not Found - Bryan Maloney (YouTube)
- Since the explosion of the world network in the early 1990's, visionaries and pundits have been promising that "information wants to be free" and the web's free exchange of knowledge and ideas would be a liberating political and economic force throughout the world. It's been almost ten years now: where is this newfound freedom, especially in places like China? The Middle East? What about right here at home? This talk will discuss government/corporate efforts to restrict the free flow of information on the Internet and the political, ethical, and socioeconomic consequences. Topics will include hardware in use by the People's Republic of China to monitor and censor information it deems "subversive," routing tactics in Saudi Arabia to enhance government oversight and censorship, and the constitutionality of email snooping hardware and software in use in America. A Q&A session will follow.
Fucking Up the Internet at ICANN: Global Control Through the Domain Name System and How to Escape - Andy Mueller-Maguhn (YouTube)
- Did you know that the entire Internet domain structure is controlled by a mysterious group called the Internet Corporation for Assigned Names and Numbers (ICANN)? Andy Mueller-Maguhn, longtime member and spokesman of Germany's Chaos Computer Club and currently elected from European users to be on the board of ICANN, will explain the latest developments at ICANN and how the mixture of intellectual property and governmental interests affects the freedom of the Internet. Paul Garrin, founder of Name.Space and Free.The.Media!, will talk about his initiatives to establish rights to access to the legacy ROOT.ZONE, from the historical antitrust action against Network Solutions in 1997 through the US Department of Commerce's IFWP process (the predecessor to ICANN), and Name.Space's $50,000.00 TLD application to ICANN in 2000 (ICANN kept the money and took three TLD's previously published by Name.Space). The question is raised: Is there hope for seeking fair access to the legacy ROOT.ZONE through due process or is it time to treat ICANN as "damage" and route around it?
Fun With 802.11b - dragorn (Michael Kershaw), Porkchop (Michael Kaegler), and StAtIc FuSiOn (YouTube)
- Would you be surprised if you could turn on your laptop anywhere in the city and find yourself on someone else's network? How about if you were able to connect to the Internet? Or see someone's private data go flying by? It's all possible and it happens all the time - all over the country. This panel will cover 802.11 wireless ethernet networking basics, as well as detecting and monitoring wireless networks with active and passive methods. Community free networks, custom antennas, and methods of securing wireless networks will also be covered.
Fun With Pirate Radio and Shortwave - Craig Harkins and Allan Weiner (YouTube)
- Too few people take the time to appreciate shortwave radio. Even fewer have the opportunity to appreciate pirate radio. Here's your chance to learn more about these fascinating subjects. Allan Weiner will talk about his days operating Radio New York International, a famous pirate station from the 80's that served the New York area before it was raided by federal authorities in international waters. (We have no idea how the feds got away with that.) Today Weiner operates shortwave station WBCQ - along with chief engineer Timtron - which serves nearly the entire western hemisphere from studios in Maine. Craig Harkins joins the panel to talk of his experiences operating Anteater Radio during much of the 90's from an 18-wheeler truck. He received international acclaim from listeners while consistently evading American and Canadian radio police.
GNU Radio: Free Software Radio Collides with Hollywood's Lawyers - Eric Blossom and Matt Ettus (YouTube)
- The GNU Radio project is building a platform for experimenting with software radios - systems where the actual waveforms received and transmitted are defined by software, not special purpose hardware. One of their projects is building an all-software ATSC (HDTV) receiver. An all-software free ATSC receiver would allow among other things the construction of the mother of all "personal video recorders." Think Tivo or Replay on steroids. The folks from the Broadcast Protection Discussion Group (BPDG) have other ideas. They'd like to lock up the cleartext signal and make sure that only members of their club would be allowed to build receivers, modulators, and storage devices for digital TV. A discussion of where this is all likely to head. Panel participants include GNU Radio technical folks Eric Blossom and Matt Ettus as well as representatives from the EFF.
Closing Ceremonies (YouTube)
- A final review of the events of the weekend along with all kinds of guests, giveaways, and more. Remember, only wimps leave early.
Hacking for Community Radio - Pete Tridish, Josh Marcus, Dave Arney, Roland Aguilar, and K. Clair (YouTube)
- The technical and political struggle to take back the airwaves for the community. A panel discussion about the attempt to build Linux based free software that can stream broadcast quality audio over the Internet from a studio to a transmitter site. In addition, there will be discussion on attempts to use wireless Ethernet to shoot broadcast quality audio across town with high gain antennas and 2.4 GHz amplifiers.
Hacking Nanotech - Jim "Cipz" (YouTube)
- Nanofabrication technology is an up and coming field that will revolutionize the way humans live on a day to day basis. Host Jim "Cipz" tells what the future projections about nanofabrication are - things like robots so small you would need an electron microscope to see them. There will also be an examination of some amazing achievements that have been accomplished already as well as an analysis of the possible ethical problems that may arise with nanofabrication in the future.
Hacking National Intelligence: Possibilities for a Public Intelligence Revolution - Robert Steele (YouTube)
- Robert David Steele, author of two books on intelligence reform and sponsor of the Council on Intelligence, will provide a briefing on the state of the world, 21st Century tradeoffs that are NOT being made by our elected leaders, and how citizens can take back the power by practicing the new craft of intelligence to monitor and instruct their elected officials on key national security decisions. Among other major aspects, this would translate into a freezing of the Pentagon budget at $250 billion a year and redirection of $150 billion a year toward global education, public health, water and energy conservation, and "soft power" options including diplomacy and information peacekeeping, a term Steele devised in the early 1990's.
- MP3 - 1, MP3 - 2, MP3 - 3
Hacking the Invisible World - Craig Harkins, Bernie S., and Barry Wels (YouTube)
- Everything you could possibly want to know about the workings of scanners, frequency counters, intercepting/spoofing RF A/V feeds, STL's, pagers, infrared signs, night vision, electronic surveillance, etc.
Hardware Q&A - Javaman and Binary (Nick Amento) (YouTube)
- Explore a different form of hacking and interface directly with fellow electronics enthusiasts. Javaman and friends will try to answer any questions related to hardware and electronics including but not limited to hardware tokens, radio/wireless technologies, embedded systems, smart cards, and secure hardware design.
How to Start an IMC in Your Town - Jello Biafra (Eric Reed Boucher) (YouTube)
- At H2K, Jello Biafra urged attendees to become the media. Since then, many people have done just that. One of the most powerful tools in fighting the corporate media's stranglehold on information in this country has been the Indymedia network. Learn what's involved with becoming a part of Indymedia, the various hurdles and roadblocks you can expect to face, and how you can make a difference.
Human Autonomous Zones: The Real Role of Hackers - Doug Rushkoff (YouTube)
- How the role of hackers in society has changed. They used to be a necessary counterbalance to corporate and government power. Now, it's more like hackers are the only ones who understand the technology. They have become a balance to the power of technology itself. A discussion by renowned author Doug Rushkoff.
"I Am Against Intellectual Property" - Nelson Denoon (YouTube)
- In the words of host Nelson Denoon: "Quit fucking apologizing for filesharing. Intellectual property is evil, filesharing is freedom fighting, and the sooner Jack Valenti is bumming quarters for a living, the better. The question is not how to protect artists, it is how to muster enough force to protect the right to hack."
The Ins and Outs of Webcasting - Lee Azzarello, Lynea Diaz-Hagan, Tarikh Korula, Lazlow Jones, and Kevin Prichard (YouTube)
- While the airwaves have been almost completely taken over by corporate interests, there is a whole world of broadcasting on the Internet just waiting for creative minds. Find out what it takes to get an Internet station going and what kinds of creative programming are possible. Also, learn what the recently mandated RIAA licensing fees will mean to the future of this broadcasting medium.
Introduction to Computer Viruses - Robert Lupo (YouTube)
- Understanding the fundamentals of how to identify, remove, and defend against hostile code. Robert Lupo will cover how different computer viruses work - boot sector, file infector, multi-parti, VBS, Java, the different OS viruses, etc. He will also explain how to remove different computer viruses with and without anti-virus software and discuss the future of computer viruses and hostile code.
Jello Biafra's State of the World Address - Jello Biafra (YouTube)
- Since his keynote address at the H2K conference in 2000, Jello Biafra has witnessed further corporate consolidation and censorship of mass media. He's also been on the front lines of the growing uprising against corporate power itself. He may speak about that, and/or the Bush mob's cynical exploitation of the tragedy on September 11, or the corporate music biz convention on "the future of digital music" he was invited to speak at a few days before H2K2. He's not sure yet so stay tuned.
- MP3 - 1, MP3 - 2, MP3 - 3
Aaron McGruder Keynote - Aaron McGruder (YouTube)
- Just about everyone has at one time or another read the daily comic strip The Boondocks. Not everyone has appreciated it. In fact, it's generated a share of controversy among the mainstream for its "alternative" views. In addition, McGruder has devoted space to hacker issues, most notably the DeCSS case - which was presented accurately for probably the first time in most of the papers his strip appears in. McGruder is one of those rare individuals with access to the mainstream who actually "gets" the technical issues. Needless to say, he has been targeted relentlessly by censors for daring to speak his mind. Sound familiar?
Life in a Distributed Age - Siva Vaidhyanathan (YouTube)
- Distributed information systems of all kinds are challenging cultural and political assumptions. The moral of the story is that whether we like it or not, it's time to take anarchy seriously. We have spent the past 200 years thinking centralization of power and information was the greatest challenge to republican forms of government and corporatized commerce. But now, it should be clear, decentralization and encryption have emerged as the most important dynamics of power.
Lock Picking - Barry Wels (YouTube)
- Barry "The Key" Wels returns from The Netherlands to provide details of some high security lock weaknesses and to demonstrate some state of the art techniques of exploiting them. He will tell the story of a company that had the famous line "Nobody can pick this lock" on their website. Of course, this was the ultimate motivation for the sport-lockpickers. This panel is where you can find out if a particular lock can be picked or not. Spare locks are always welcome, as TOOOL (The Open Organization of Lockpickers) is short of good locks.
Low-Power FM Basics - Pete Tridish and John Ramsey (YouTube)
- Learn exactly how to navigate the LPFM licensing process. Pete Tridish of the Prometheus Radio Project and John Ramsey of Ramsey Electronics will present background about the fight for community radio and explain the absurd technical limitations placed on low-power community FM radio stations by powerful corporate interests.
Magical Gadgets: The Profound Impact of Yesterday's Not-So-Trivial Electronics on Our Digital World - Jay Hanson and Paul Zurek (YouTube)
- Rewind to an age when electronics had originality; the era when a new product was inspired by creativity. Get the story about the evolution of IC-based devices, and see for yourself how the soul of electronics has been sold out.
Magic Lantern and Other Evil Things - Rudy Rucker Jr. (YouTube)
- A talk by Rudy Rucker Jr. on the BadTrans worm and the FBI's Magic Lantern software. Both of these pieces of software are very similar and install keystroke logging software on clients' machines. Rucker has collected a couple of gigabytes of the BadTrans data and will explain how he parsed it and created a web-based tool for people to browse the database.
Making Money on the Internet While Still Saying "Fuck" - Philip Kaplan (Pud) (YouTube)
- Pud of www.fuckedcompany.com will speak about his experiences setting up and maintaining a popular Web site for corporate rumors. How does he handle confidentiality of rumor-mongers, avoid lawsuits, provide custom software to drive the site, and make money from it?
Negativland: Past, Present, Future - Mark Hosler (YouTube)
- If there is any one group who personifies the concept of "fair use," that group would have to be Negativland. The Bay Area based band has, over the years, drawn the ire of everyone from rock band U2 to American Top 40 host Casey Kasim to angry parents to confused legislators. Founding member Mark Hosler hosts this presentation which will focus on media literacy as well as the activism, pranks, and hoaxes that Negativland has engaged in over the years. A number of rare Negativland films will also be shown.
- MP3 - 1, MP3 - 2
The New FBI and How It Can Hurt You - Mike Levine, Declan McCullagh, and Robert Steele (YouTube)
- On May 29, 2002 the Federal Bureau of Investigation dramatically changed its focus. Now, instead of investigating crimes, its mission is to prevent them, meaning they have virtual carte blanche to infiltrate any law abiding organization or gathering to make sure all is right. And, even better, their third priority of dangerous crimes to stop (next to terrorism and espionage) is "cybercrime." We all know what a wide net that can be. Hear the dangers firsthand from the people who follow this kind of thing.
Open-Source Security Testing Methodology Manual - Tyler Shields (YouTube)
- The Open-Source Security Testing Methodology Manual (OSSTMM) came about as a need for an open, free security testing methodology in response to the numerous security testing companies who claimed to have a secret, internal, and corporate confidential methodology for testing. It was this methodology that they used to differentiate themselves from other testing companies. The problem was that often it didn't exist and the tests turned out to be no more than commercial scanners set loose on a list of systems. The development of the OSSTMM began as a series of logical steps to make a good test and grew into the need to make the most thorough test. This presentation will show the origin of the OSSTMM and the logic behind it, as well as results of reverse-engineering the reports of corporate tests, commercial tools, and commercial presentations.
The Password Probability Matrix - Jon Erickson (Smibbs) (YouTube)
- A windowing method for brute-force password cracking using lossy compression. Cryptologist Jon Erickson will present the specifics for a newly developed password cracking method and perform a demonstration of it. The method is a hybrid between using computational power and storage space for an exhaustive brute-force attack utilizing a compressed matrix of probabilistic values. He will demonstrate the ability to crack any 4 character password with a fixed salt in under 8 seconds (assuming 10,000 cracks per second), using only a 141 meg file. A normal exhaustive brute-force on the same system would take over 2 hours, and flat text storage of the plaintext/hash pairs would normally use over a gigabyte of storage. This translates to 99.9% keyspace reduction and 89% storage compression.
The PATRIOT Act - New York City People's Law Collective (YouTube)
- Members of the New York City People's Law Collective will be discussing the dangers of the PATRIOT Act and providing information on warrants, hacktivism, what is legal and what is not, and ways that hackers, activists, and normal citizens can protect themselves from The Man.
Protection for the Masses - Rop Gonggrijp (YouTube)
- Host Rop Gonggrijp gives updates on two projects designed to help people protect their privacy from prying eyes. One is a localhost mail proxy for PGP that is really nice and could "save the world" as the PGP plugins stop working (soon...). The other one is Secure Notebook, a project to create a notebook which runs Windows, yet is secure against theft. Source for all projects will be open for review.
Proximity Cards: How Secure Are They? - Delchi (YouTube)
- They're used everywhere but they could be making you even more vulnerable to privacy invasion. Delchi has been working with proximity based card systems for two years and has developed a method of casually extracting data from proximity cards in a public environment. Riding in an elevator, subway, or just walking down the hall, a person can bump into you, say "excuse me," and walk away with the decoded information from the proximity card in your pocket. It could then be possible to build a device that can capture and replay these snippets of information on demand or to even brute force a proximity card system. This talk will focus on the vulnerabilities of the systems and show a low-power working prototype. Alternatives will be discussed, as well as other vulnerable aspects of proximity based building and computer access systems.
Report From Ruckus - The Ruckus Society (YouTube)
- Very recently, history was made in California as The Ruckus Society held its first-ever Tech Toolbox Action Camp. It lasted for a week and brought together geeks and activists from around the world who shared information on how they're using the Internet and other technologies in working for change. Part of the goal was to emerge from this and show others what they learned. Some of the attendees of the Ruckus Camp will be here to do just that.
Retrocomputing - Mr. Ohm, Sam Nitzberg, Nightstalker (Chris Tucker), and Bernie S. (YouTube)
- This year's retrocomputing panel will focus on hardware hacking and cloning such systems as the Apple ][ and C64. Also included will be a discussion on homebrew microcomputers and kits from the 70's as well as antique cellphone hacking. Witness firsthand genuine pieces of history. Attendees are encouraged to bring their really old (working) computers for the "retrocomputer neighborhood" in the network room.
Secure Telephony: Where ARE the Secure Phones? - Eric Blossom and Rop Gonggrijp (YouTube)
- Panel participants will take a look at the history of secure phones, what's worked and what hasn't, who the players are, and what needs to happen to make truly secure telephony a ubiquitous reality. Panel members include former Starium CTO Eric Blossom and Rop Gonggrijp of NAH6.
The Shape of the Internet: Influence and Consequence - Javaman (YouTube)
- Network researchers have discovered strong power law relationships in the Internet. These can be interpreted as a direct fingerprint of the fractal structure present on the net. Work has only recently begun on analyzing the implications of such a structure on attack tolerance, government snooping, and the like. In this talk, a review of these topics will be presented, along with a proposed network structure that can avoid such issues.
Social Engineering Panel - Bernie S., Emmanuel Golddigger, Cheshire Catalyst, and Alexander J. Urbelis (YouTube)
- A tradition started at the first HOPE conference in 1994, the social engineering panel remains one of our most popular each and every time. It would be wrong for us to tell you what we have planned because then our victims might have a fighting chance of escaping. Suffice to say, we will find someone somewhere who will tell us something they really shouldn't have because they believed we were somebody we weren't. This panel is always open to participants so if you feel you're worthy, just let us know during the conference and you might find yourself up on stage trying to be clever on the phone.
Standing Up To Authority - John Young and Deborah Natsios (YouTube)
- "How is it you folks have gotten away with not getting shut down by the powers-that-be?" is the question most frequently asked of Cryptome since its inception in 1996. Post-9/11 H2K2 is an opportune time and place to reconsider implications of this question with Cryptome founders John Young and Deborah Natsios, New York City-based architects (of bricks and mortar), who will discuss their means and methods of sustaining activism in the face of opposition, with reference to ongoing cases.
Steganography: Wild Rumors and Practical Applications - Peter Wayner (YouTube)
- Is Osama bin Laden sending coded messages in the pictures of goods for sale on EBay? Is that MP3 file carrying a secret note that tracks the listeners? Steganography is the art and science of hiding information in digital data and it stretches the boundaries of information theory and philosophy. An artful programmer can hide secret messages in such a way that a 1 is not always a 1 and a 0 is not always a 0. This talk will explore some of the popular schemes for inserting messages and discuss how they're used by hackers, poets, corporate bean counters, and programmers on a deadline.
Strategic Thought in Virtual Deterrence and Real Offense: The Computer's Role - Wanja Eric Nae, and Sam Nitzberg (YouTube)
- Computers are pivotal components in modern society: daily life, banking, and military. What must be considered and what risks do we all face when they are used in conflict? These concerns are societal in nature and apply to both "minor" and "major" groups, governments, and militaries. There will be opportunity for ample questions from the audience. The intention is to share the overall attendee perspective. The goal is to be thought provoking, not scare-mongering.
Teaching Hacker Ethics with a Common Curriculum - Greg Newby (YouTube)
- An introduction of a new proposed curriculum guideline for teaching information ethics to students in elementary school, high school, and college. This curriculum is being proposed through the North Carolina chapter of Computer Professionals for Social Responsibility. The idea is to foster creative, exploratory, effective, and intelligent use of information tools (aka, the hacker ethic), rather than powerless end-user mentality. There are many reasons to desire a common suggested curriculum for different educational levels. We might argue that most major advances in computing were brought about by hackers. We could point out that it's necessary to encourage creative and exploratory behavior for the next generation of computer users to do brilliant things. For today's hackers, the goal is simply to shape tomorrow's hackers so that they will use their abilities to help create a better society.
- PowerPoint Slides
Technomanifestos: Visions of the Information Revolutionaries - Adam Brate (YouTube)
- Author Adam Brate discusses the seminal works of the information age, from Norbert Wiener's Cybernetics to Abbie Hoffman's Steal This Book to Richard M. Stallman's GNU Manifesto, uncovering the remarkable stories behind the beginnings of the personal computer and the Internet and how they are changing society.
Tracking Criminals on the Internet - Richard M. Smith (YouTube)
- How certain criminal investigations have been investigated in the past couple of years with perps being tracked by IP addresses, email, and web surfing. Such cases include the murder of Daniel Pearl, the search for bin Laden, the Melissa virus release, the Clayton Lee Waagner escape, the anthrax attacks, and the Wakefield mass murders.
The Ultimate Co-location Site - Avi Freedman and Ryan Lackey (YouTube)
- Sealand was founded as a sovereign principality in 1967 in international waters, six miles off the eastern shores of Britain. The island fortress is conveniently situated from 65 to 100 miles from the coasts of France, Belgium, Holland, and Germany. HavenCo has been providing services since May 2000 and is fully operational, offering the world's most secure managed servers in the world's only true free market environment - the Principality of Sealand. Avi Freedman and Ryan Lackey of HavenCo will talk about the challenges and potential of this unique working environment and what it could mean to the future of the net.
The Vanished Art of Human Intelligence - Mike Levine (YouTube)
The Fifth HOPE
- The Fifth HOPE took place on July 9-11, 2004 at Hotel Pennsylvania in New York City.
- Post-Fifth HOPE Analysis From Off The Hook, July 14, 2004.
- Random The Fifth HOPE Video Footage by Jason Scott
- The Fifth HOPE - Pictures by Rob T. Firefly
- The Fifth HOPE - Pictures by kdude
- The Fifth HOPE - Pictures by Sasja
- The Fifth HOPE - Pictures by Renderman
- The Fifth HOPE - Pictures by Dr. Who
- The Fifth HOPE - Pictures by Pete
- The Fifth HOPE - Pictures by Myke
- The Fifth HOPE - Pictures by Hikeeba
- The Fifth HOPE - Pictures by Kyoorius
- The Fifth HOPE - Pictures by Judas Iscariot
- The Fifth HOPE - Pictures by Big-E
- AS/400: Lifting the Veil of Obscurity - StankDawg (David Blake)
- The AS/400 system from IBM is a powerful system that is in widespread use. Despite that, it is difficult to find information on it or learn about it from any school. A general overview of its design and the architecture of the OS will be presented. This will then be tied into fundamental computing knowledge to show where "interesting" data can be found and where possible weaknesses are in the system.
Automotive Networks - Nothingface
- This presentation provides an introduction to the electronic networks present on late model automobiles. These networks will be described loosely following the OSI model of networking. Common uses of these networks will be presented and the privacy implications of some uses will be questioned. The presentation will conclude with an introduction to OpenOtto, a free software and hardware project implementing the network protocols previously described.
Bloggers at the DNC - Brad Johnson
- The Democratic National Convention has become a sclerotic, television-driven celebrity parade. This year bloggers - aka hacker journalists - are being invited onto the floor to shake things up. Can the Internet bring democracy back to the mother of all Democratic Party shindigs? The panel will talk about what is planned - from WiFi to video blogging - and how you can get involved, in Boston or remotely.
Building Hacker Spaces - Binary (Nick Amento), Count Zero (John Lester), Freqout, Gweeds (Guido Sanchez), Javaman (Adam J. O'Donnell), Mangala, Shardy, Rev. Al, and Dr. Nick
- This is a panel discussion on how to build and maintain a hacker space, hosted by representatives of the Philadelphia Walnut Factory, the Hasty Pastry (Cambridge), New Hack City (San Francisco), PUSCII (Utrecht), ASCII (Amsterdam), the L0pht (Boston), and the Hacker Halfway House (Brooklyn). Experiences and tales will be shared.
- Video Excerpts
Building the Anti-Big Brother - Peter Wayner
- This will be a talk on how databases can do useful work and serve society without storing any personal information. For the past several years, Peter has been exploring how banks, stores, and businesses everywhere can offer their customers personalized service without keeping personal data about them where it can be abused by nefarious insiders or malicious outsiders. Building these systems requires more of a change in attitude than a change in technology because all of the solutions use standard encryption tools as a foundation. Topics will include how to build these systems and when they can help make the world a safer, saner place.
Bypassing Corporate Restrictions from the Inside - barbwire
- Working for an organization can be annoyingly restrictive. As they feel they need to cater to the lowest common denominator, you are subjected to web content filters, outgoing port restrictions, and firewalls. This panel attempts to provide an understanding of how these restrictions are usually implemented and how techniques such as tunneling can be your saving grace. It will also address potential security implications and measures that should be considered whenever you compromise your own company's infrastructure.
Cheshire's Rant Session - Cheshire Catalyst
- When The Cheshire Catalyst spoke about problems at his Directory Assistance job at H2K2, corrections that nobody could get done in over three years were miraculously being made within two weeks after getting back to work following the convention. Could telephone company agents have infiltrated the convention and reported back? What other Large Corporate Problems aren't corporate executives listening to? Write out your rant and be sure you can deliver it in 45 seconds (isn't that what the stopwatch mode on your digital watch is for?). When it's all over, any hyperlinks mentioned by ranting attendees will be available on the web, allowing the Agents of Normality to not only find out what you're ranting about, but have your own references to work from when they report back to their executives.
The CryptoPhone - Rop Gonggrijp and Barry Wels
- Trying to keep government out of everyone's phone calls is a lost battle. What little legislation we had to protect us will be removed in the next few years and ignored until then. Storing the content of all phone calls forever is now affordable, even for smaller countries. Strong end-to-end cryptography on a massive scale is the only answer. But where are the phones? CryptoPhone makes a phone based on a commercially available PDA/phone that features an open protocol and published source code. And there's a free Windows client if you don't want to buy the phone! The talk will outline precisely how it works, what's next, and how you can help.
Cult of the Dead Cow Hactivism Panel - Eric Grimm, Sharon Hom, Dr. James Mulvenon, Oxblood Ruffin (Laird Brown), and Nart Villeneuve (YouTube)
- Over 40 years ago, Marshall McLuhan declared that the Third World War would be an information war in which civilians and the military wouldn't be particularly distinguished. That vision has become a reality. Governments from China to Zimbabwe have strangled access to information critical of their regimes, often with the aid of American companies. And as quickly, resistance has sprung up to challenge that repression. Areas of opportunity are beginning to emerge as hackers, human rights activists, and the academic community begin to join forces. This panel will explore the phenomenon of state-sponsored censorship and grassroots resistance from the political, legal, technological, and human rights perspectives.
- MP3 - 1, MP3 - 2
Digital Rights Management - Michael Sims
- Digital Rights Management is quickly becoming pervasive in electronic devices of all sorts. This minimally-technical overview of DRM systems in use now and planned for the future will show you how and why your ability to make use of electronics is being reduced by corporate desires to increase profits and exercise control over their products. The emphasis here will be on DRM systems that have gotten little publicity. The DVD CSS system will be touched upon but most of the time will be spent describing systems for controlling television broadcasts, DRM built into CPUs and BIOS's, and other areas that haven't gotten nearly as much attention as CSS.
Distributed Password Cracking API - David "Bernz" Bernick
- The low-cost of the modern PC, the proliferation of the Internet, and the speed of its underlying networks make parallel task-based computing very possible. We've seen massive networks like SETI demonstrate this. SETI is programmed for a simple task: Get a piece of data, process it at leisure, spit out results if any, get a new piece of data. This has been used already to do some brute-forcing of security tasks with systems like distributed.net. But that system is sophisticated and large and you can't make it do tasks like cracking crypt() passwords or websites or any variety of brute-forcing tasks. This talk is about an extensible framework and API for creating distributed password crackers. The framework is easy to use, easy to distribute, and easy to add different kinds of cracking to. The software will be released open-source during the conference.
Encryption Key Signing - Seth Hardy
- It's a surprising fact that a large number of attendees at this very conference, even those who call themselves hackers and/or security professionals, probably don't use any sort of encryption - or don't use it properly. One reason may be because people think nobody else uses it. So until it has a stronger presence, it won't be as widespread as it really should be. In order to help fight this, Seth will be hosting a key signing session. There will be a rundown of why people should be using strong crypto, how the web of trust works, and moderation to public verification of identity and key fingerprints.
Everything You Ever Wanted to Know About Spying, 9-11, and Why We Continue to Screw Up - Robert Steele (YouTube)
- Two 30 minute PowerPoint slide shows will be presented, followed by as much discussion as desired. The first, "9-11, U.S. Intelligence, and the Real World," will discuss the specifics of how we failed and why we will continue to fail. The second, "The Failure of 20th Century Intelligence," will discuss the specifics of how American intelligence has blown it in collection, in processing, in analysis, in leadership, and in mindset. If desired, for those who last into the night, other briefs will be available, including "New Rules for the New Craft of Intelligence" and "The Literature of Intelligence: Why People Hate Us and Why We Don't Get It."
- Notes & Audio Clips
- MP3 - 1, MP3 - 2, MP3 - 3, MP3 - 4, MP3 - 5
- Another one of our traditions is to gather everyone together in one room and bid farewell until next time while summarizing some of the highlights of the last three days. This is also where we give away various prizes to audience members. If you're one of those people who booked your return trip for Sunday afternoon, you'd best get on the phone and change those plans. The weekend ends Monday morning, after all!
Kevin Mitnick Keynote - Kevin Mitnick (YouTube)
- I'm an idiot, now buy my books!
Frustrating OS Fingerprinting with Morph - Kathy Wang
- Sun Tzu once stated "Know your enemy and know yourself, and in a hundred battles you will never be defeated." By denying outsiders information about our systems and software, we make it more difficult to mount successful attacks. There are a wealth of options for OS-fingerprinting today, evolving from basic TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the original Xprobe and the packet timing analysis of RING, to today's suite of multiple techniques employed by Nmap. The ultimate advantage in the OS-detection game lies with the defender, however, as it is they who control what packets are sent in response. Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and configurable, and will frustrate current state-of-the-art OS fingerprinting. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them. There will be a live demo, and Morph v0.2 will be released with this talk.
Hack Nano - Jim "Cipz"
- This is a continuation of Jim's presentation at H2K2 on hacking nanotechnology. This year there will be more on developing simulation software, thinking of new ideas, and investigating current discoveries. All of these are theory and thought driven. There will be a demonstration of some experiments and a discussion on the realities of nano hacking and why it's an important area of exploration.
Hacker Radio - Sl1pm0de (Matt Smith)
- Hacker radio is a growing phenomenon throughout the world. Hackers are discussing the current issues faced in today's technological world over the airwaves and through the net. There are all sorts of hacker issues being discussed via hacker radio including the DMCA or software patents in the European Union that seriously limit innovation and allow for others to have too much control over something you purchased in your home. By having this discussion in a radio format, those outside the hacker community have the opportunity to hear it and learn. The evolution of hacker radio from the early days of spreading information via bulletin board systems, websites, forums, and mailing lists to today's online audio streams will be explored. There will also be a discussion of hardware and open-source software methods for setting up your own show and getting your own opinions and ideas out there for all to hear. Current examples of hacker radio will be featured.
Hackers and the Law - Dr. D. Kall Loper, Annalee Newitz, and Wendy Seltzer
- This panel will cover current legal crises around privacy, free speech, and intellectual property, with a special focus on the concerns of hackers. Presenters will discuss the laws which protect (or don't protect) your right to anonymous free speech online, your right to reverse-engineer, and your ability to make fair use of your digital media. They will also discuss the PATRIOT Act and the ways this sweeping set of laws changed the nature of investigation and the rules governing wiretapping online.
Hackers in Modern Imperialist America vs. Barbarians in the Holy Roman Empire - Christopher Davis
- In the time the Roman Empire controlled most of western civilization, the barbarians were known as enemies to society - savages that lived in the frontiers of the empire that resisted control by the Romans. Today, as the United States moves forward with an imperialist foreign policy, a new enemy has emerged that is resisting the system from the outskirts of the socially accepted: the hackers.
Hacking CDMA PRLs - The Prophet (Babu Mengelepouti)
- CDMA is the dominant mobile phone technology in North America and is operated by Alltel, Sprint, US Cellular, Verizon, and many other carriers. On CDMA handsets, roaming is controlled via a configuration file called the PRL. In this talk, you will learn how to unload PRLs from CDMA handsets, how to disassemble them, and how they can be hacked. This talk isn't about making free phone calls or doing anything illegal, but you will learn how to determine what you're really buying when your carrier promises "nationwide service."
Hacking More of the Invisible World - Bernie S. (Ed Cummings) and Barry Wels
- An update on the H2K2 panel focusing on HF, VHF, UHF, and microwave signals. You will learn what's out there and how to intercept it. There will also be a discussion on TSCM (Technical Surveillance Counter Measures), the art of evading electronic surveillance, and a presentation of selected intercepts and equipment demonstrations.
Hacking National Intelligence: Power to the People - Robert Steele
- Do you want to live in a nation where decision makers lie, cheat, and steal? Where national intelligence is so secret that you are not allowed to know a) the truth, b) that national intelligence (spies) are ignorant about the real world, and c) that what policy makers tell the people (e.g. about reasons to go to war in Iraq) has nothing to do with reality? Imagine instead an America in which public intelligence supersedes secret intelligence and elitist corruption is displaced by an informed democracy in which consensus conferences at every level assure that "We the People" all serve the public interest. That is "The OSINT Story." Come hear the story and discuss how we are going to run the world as we achieve open spectrum, open-source software, and open-source intelligence.
Hacking the Grid - Greg Newby and Porkchop (Michael Kaegler)
- One of the biggest projects in computing for big science and enterprises these day is computational grids. Grid computing is at the heart of marketing plans from Oracle, IBM, Sun, and other big companies. For them, "grid" is mostly a buzzword that describes various ways of tying computers together. A more specific use of "grid" is found in big science, however. The national TeraGrid, based on the National Science Foundation's Middleware Initiative (NMI), uses the Globus toolkit and a variety of other packages to run some of the world's largest supercomputers. It's also used to tie many smaller computers and clusters together in the academic and business worlds. Can this "big iron" be hacked? This talk will examine real and potential weaknesses in Globus and other elements of NMI, as well as the promise and reality of end-to-end security for Grid-enabled computers.
Hardware Bus Security in Embedded Systems - Dan Matthews
- Surprisingly, every individual comes into contact with over 100 embedded computer systems every day. A great many exist in our homes without our realizing it and many more operate the commonplace items in the world around us. An "embedded system" is a self contained miniaturized "computer system" (CPU, memory, I/O) that is dedicated to performing a single type of operation. They are now common in households through HVAC (Heat Ventilation and Air Conditioning), stoves, refrigerators, televisions, video players, set-top boxes, lawn sprinkler systems, and many other items. They are in the world around us controlling our street lighting, door openers, intruder alert systems, product theft security, speed cameras, and much more. The concept of security for these buses is traditionally very low because the designer has always been able to depend on physical security of an enclosed box. However, as more of the "boxes" are connected together more external buses and networks come into being and more opportunities for access and malfunction, whether through poor design, unforeseen circumstances, or foul play, become possible. This is a discussion of the progression of design from self-contained systems to more complex ones with internal buses and finally external standard buses. There will be an explanation of what an embedded system is and examples of complex embedded networks. Their security, and hence your security, is at risk in many cases, much of it due to "security through obscurity."
Homeland Security And You: Harry Potter Meets Reality - Marc Tobias
- A study of how conference participants can use their expertise to assist private industry and government in assessing vulnerability. Marc Tobias will present his ideas for a National Security College to train young adults in many topics: crypto, lock picking, encryption, etc. He will outline the technical subjects that would need to be taught so students could assist in protecting private sector and government from cyber and physical attack. Also, a look at some of the potential conflicts students might have in such an environment, including attitudes on intellectual property and its protection.
How the Great Firewall Works - Bill Xia
- China currently puts in the most effort to censor information on the Internet. Bill was first involved in freenet-china and started DynaWeb in 2002. He has developed a thorough understanding of China's Internet censorship technology ranging from IP blocking to DNS hijacking etc. Various techniques have been implemented to get around them. There will be an explanation of a censorship algorithm never before publicly released as well as a live demo on how it works. Time permitting, an analysis of how the Chinese government uses information control on its people will also be presented.
How The Net Worked
- The Fifth HOPE network has been in the planning stages for many months. Did it hold together? How was it built? What worked and what didn't? An open discussion from members of the network crew on what it's like to do something on this scale, some of the hurdles that were faced, ways in which the technology has evolved, and how we can do things differently for future gatherings.
How To Break Anonymity Networks - Nick Mathewson
- Today's anonymous communication software (such as Mixmaster, Mixminion, Nymservers, JAP, Tor, Anonymizer, etc.) allows people to communicate while concealing their identities from each other and from external attackers. But no deployed system is strong enough to protect every pattern of user behavior against a sufficiently resourceful adversary, and many of them fall to far simpler attacks. In this talk, Nick will discuss working attacks against today's anonymity networks, drawing from past technical and social attacks on deployed networks and from recent academic research in traffic analysis, stylometry, and mix-net design. He will present defenses to these attacks when such defenses are known to exist.
How To Send Encrypted Email - Joshua Teitelbaum
- One day you wake up and you have the sinking feeling that someone may be reading your e-mail correspondence. Your only recourse is to encrypt or hide your sensitive communications. This is a look at one web-based solution - CryptoMail - and how it deals with the problem of simplifying encrypted e-mail while maintaining a high level of confidentiality. A detailed analysis of the CryptoMail session establishment, message encryption, and data store model will be presented. Furthermore, a demonstration of the working system will be given and attendees may create accounts, ask questions, or comment on the system.
How to Talk to the Press - Stephen Cass
- Whether you're an activist planning a campaign, a hacker caught in a legal squabble, or just a bystander buttonholed on the street, dealing with journalists can be an essential part of ensuring that your views are heard. IEEE Spectrum Magazine associate editor Stephen Cass talks about how you can improve your chances of getting a fair hearing. Topics include understanding what journalists want, interviewee tips, and how to get the attention of news organizations.
Incentive Structures: Mechanisms of Control - Jason Kroll
- Where do incentive structures come from? How do political elites use incentives to make us die for them? How do market elites use incentives to control politicians and co-opt the media? How can we stop them from doing the same to computing and communications technology? Why does mankind have to be led through the desert for 40 years every time technology advances? How are cultural and religious values like computer code and the institutions they create analogous to programs? How are markets like the AIs in The Matrix? When mechanisms of control get out of control, we have to ask who really coded Agent Smith and how can we retain control of technology before it comes to that?
- How are hundreds of independent journalists from around the country going to work together to cover the Democratic and Republican National Conventions? From networks to working groups, from distributed communications such as text message networks and leaflets, and from FTP video transfers to people hawking newspapers on street corners, this session will examine all the tools of organization and distribution that will make these large scale collaborations possible. Find out how IMCs everywhere have challenged the monopolies of mass media and how this summer in particular will be one of the most active ever for independent media.
An Introduction to Dissembler - Jon Erickson (Smibbs)
- A presentation of a tool called dissembler, which can be used to generate printable ASCII polymorphic bytecode from any existing piece of x86 bytecode. The technique used will be explained and the tool will be demonstrated to exploit various sample programs. Q&A session afterwards.
The Kismet Story - Dragorn (Michael Kershaw)
- Hear the tale of how the widely acclaimed wireless network detector, sniffer, and intrusion detection system came to be from its creator. This talk will also focus on how Kismet's development has been shaped by other security tools and users, along with predictions on where it's likely to go in the future. Also included will be a look at the current state of open wireless drivers and the impact security tools are having on the use of wireless networks.
Lock Picking - Matt Blaze, Marc Tobias, and Barry Wels (YouTube)
- Lock picking is becoming popular as a sport/hobby among hackers throughout the world. In a special two-hour session the joy of lock picking will be explained and demonstrated, from basic techniques to the state of the art. A whole range of new tools and tricks will be covered. Many stories will be told including that of Matt discovering a vulnerability in MasterKey systems as well as the members of TOOOL (The Open Organization of Lockpickers - www.toool.nl) discovering a severe vulnerability in a European lock. This forced a major European lock manufacturer to shut down the factory for a few days and collect a lot of locks from shops.
- MP3 - 1, MP3 - 2
Making Use of the Subliminal Channel in DSA - Seth Hardy
- This talk will focus on one reason why it's extremely important to verify the trustworthiness of your encryption programs. A number of papers about a subliminal channel in the Digital Signature Algorithm (DSA) used by the United States Digital Signature Standard were published more than ten years ago. This channel allows for undetectable communication via digital signatures. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in an undetectable way to anyone who knows what to look for. This presentation will show how this subliminal channel works and demonstrate - using a patched version of the GNU Privacy Guard - how to use it for both benign and malicious reasons: legitimate communication using the subliminal channel, and leaking secret keys with each signature.
Media Intervention via Social and Technical Hacking - Nathan Martin and Tyler Nordgren
- The Carbon Defense League (CDL) and Conglomco are two tactical media arts collectives engaged in both technical and social hacking processes. Their first collaboration with each other was a website that facilitated barcode relabeling for "user defined pricing." The site was live at re-code.com before it was shut down by pressure from Wal-Mart, Kellogg's, Price Chopper, and the FBI. CDL and Conglomco will present details of their past and present projects (including peoplesjeans.com) and discuss alternative tactics for media intervention.
Mischief and Mayhem at the RNC - ShapeShifter (Terrence McGuckin)
- Back in 2000 at H2K, Bernie S. and ShapeShifter led a discussion on secrets of the major political conventions in the United States. Not long afterwards, ShapeShifter was arrested on the streets of Philadelphia on suspicion of being a "ringleader" of dissent. In the end, he won his case against the city and all charges were dismissed. Like Bernie, his interests weren't squashed because of unjust prosecution. That's why this panel will focus on the 2004 Republican National Convention taking place across the street from the Hotel Pennsylvania in late August. The panel will detail how cops spy on people, their methods of surveillance, and how they often abuse authority. You will learn how to infiltrate organizations like the RNC, how to look for and find security holes, and how mischief and mayhem is achieved. There will also be details on a unique scavenger hunt.
Non-Lethal Technology - Gonzo DeMann (Michael J. Ferris)
- Technology is neutral. The patterns to which it is submitted are what determines if it can be used for betterment or detriment. This panel will go into that. As we all know, technology has greatly helped mankind. But what about technology that has been altered so that it can be used for non-lethal means? Imagine a bomb that can be dropped that won't kill anyone but will kill any technological related hardware. How about a blast from a sound wave, or a radio wave that can do physical damage to the body? These and other topics will be discussed, as will the technology behind it, and sinister applications.
Off The Hook Special Broadcast - Part 1
- Part 2
- As part of the $2600 20th anniversary and the HOPE tenth anniversary, we're putting on a special two hour edition of our weekly WBAI radio show live from the conference. We did a show like this once before at Beyond HOPE in 1997 and it was great fun. We'll have all kinds of special guests who will visit the stage and we'll have plenty of audience participation. The show will be transmitted over WBAI 99.5 FM in New York City throughout the entire tri-state region as well as throughout the Internet.
- A special edition of the program live from The Fifth HOPE, introducing members of the panel, some of the momentous events that all are occurring at the same time, Porkchop reminisces about the editing of Freedom Downtime ($30), this is Kevin Mitnick's first HOPE conference, the hunt for Kevin at the CFP conference in Chicago back in 1993, memories of the various HOPE conferences, Redhackt gives an update on the movie room, Lazlow discusses how corporate radio is causing destruction, Jim talks about his panel at the first HOPE, how Metrocards can be used to track people, Geoff recalls his first experience at HOPE, Mike reveals some of the difficulties involved in creating the HOPE armbands, Jim talks about the new threat posed by Coke cans to national security, the threat of Furbies, the importance of the radio station, an appeal for people to join the station, introducing Juintz, how others can help with the broadcast, ShapeShifter tells the story of what happened to him at the last Republican National Convention, Greg Newby discusses some of what goes into the planning of the conference, Kevin Mitnick talks about his experience at the conference, the connection is lost, Robert Steele talks about the changes since the first HOPE, the risks posed by New York's water system, Bernie S. talks about the usefulness of the CryptoPhone, Jen discusses the thought behind the artwork at the convention, the story of the posters in the windows, Rop compares the hacker conventions of Europe to those of the United States, how the Galactic Hacker Party and Hacking at the End of the Universe inspired the HOPE conferences, plans for a conference in Holland next year, Bernie S. describes the DBS hacking video that will be shown in the movie room, more about the movie room, Chris describes how the A/V came together this time, some listener mail, Porkchop talks about the early days of audio streaming of Off The Hook, Adam gives an update on the status of the network, Dan Morgan stops by, another outage, how the actual connection to the radio station is working, a question about telemarketing, Rebel appears live, Kevin reveals how he was able to call cell phones from prison, how Bernie S. was able to reach the station from prison, other prison phone memories, some of the new material on the Freedom Downtime ($30) DVD, how things are different in Canada, a question from Risctaker, Dan compares his magazine and radio show to those of $2600, some words about "Grand Theft Auto," how the "Free Kevin" message got out to a larger audience, the famous Autumn 1997 cover, how people can become volunteers at the conference, the issue of IP portability, Cheshire talks about his upcoming rants session.
Packet Purgatory - Twist Your Packets Before You Set Them Free - Todd MacDermid
- Ever wondered what it would be like to have your own custom IP stack readily programmable? Ever wanted to be able to use stock clients connecting to stock servers, but still be able to tweak the underlying connection? Have you ever wished you could poke at individual packet bits within a real connection without having to patch your kernel? Packet Purgatory is a library that allows userland programs to do all of the above portably. This talk will highlight the development of Packet Purgatory, how to use it, and ideas for future tools. Also included in the talk will be a discussion of two example tools that have been constructed on Packet Purgatory: Stegtunnel, a tool to hide covert channels in TCP/IP connections and LSRTunnel, which spoofs connections using loose source routing.
Phreaking in the Early Days - Captain Crunch and The Cheshire Catalyst
- Captain Crunch and his friend The Cheshire Catalyst will tell some "war stories" from the early days of phone phreaking. They'll explain what the Blue Box did, how it was used, and some of their "adventures" in using them. And kids, don't try this at home!
Phone Losers of America - Murd0c, Rob T. Firefly (Rob Vincent), I-baLL (Leo), Judas Iscariot, and Big-E
- The Phone Losers of America was created in 1994 as a general hacker/phreaker group. They eventually started PLA Magazine which in its lifetime released 46 issues (the most recent being a few months ago). The PLA has done many things over the years, including pulling pranks, operating numerous voice bridges, running their own forums, etc. This panel will involve a discussion of the history of the PLA, what they are up to now, and the future. There will also be some videos and sound files presented along with a few "how-to" presentations.
- Partial Video
- PLA HOPE Flyer
- PLA Media CD
- Phone Loser of America - PLA Book Project
Pirate Radio: Running a Station and Staying on the Air - b9punk (Jennifer Gergen) and Monk
- A guide to the setup and operation of a pirate radio station and how to stay on the air when the federal government wants you off. Monk, founder of KBFR and ongoing benevolent dictator of the group (now over 40 DJs broadcasting 24/7), will moderate this panel on how to beat the authorities at their own game. Discussion will include types of technologies used to stay a step ahead of the FCC (and some that have failed) as well as more general information on how to set up and run a successful pirate radio operation.
Preserving Digital History - A Quick and Dirty Guide - Jason Scott (Jason Sadofsky)
- Knowledge doesn't move forward without history and while there have been many steps to capture the stories, lore, and data of different aspects of computer cultures, a lot of the same mistakes are made over and over. In a fast-paced talk, Jason Scott of www.textfiles.com busts out some ideas, tools, and mindsets towards halting the loss, bringing the stories back, and making something to build upon instead of throw away. Along the way, expect a few bucketloads of trivia and memories to sauce up the proceedings.
Privacy - Not What it Used to Be - Steve Rambam
- Steve Rambam has been at every one of our conferences and each time he's outdone himself with tales and demonstrations on how much data is stored on each and every last one of us. We all hear the news reports about how government and industry want to expand their databases and share all kinds of information. We hear how people try to protect their privacy and how various organizations attempt to quash the legislation that would broaden these databases. But what we don't hear is how much of our info is already out there and how much of it is being shared between law enforcement, private industry, and many more. Steve will share some of his vast knowledge on the subject and leave you feeling terrified and helpless. And as a special treat, a selected "victim" will learn firsthand just how much personal data can be uncovered on them.
Prometheus Radio Project - Dharma Dailey, Josh Marcus, Hannah Sassaman, and Pete Tridish
- The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations. But over the years, Prometheus has sued the FCC to stop media consolidation, built stations in places like Guatemala and Colombia, and experimented with using off the shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands to do. This panel will help bring you up to date on the political debates in Washington about low-power FM, reforming the spectrum for wireless broadband access, and the grassroots organizing that can be done to reshape the media. A picture show of community radio barn raisings and stations that Prometheus has worked on around the world will be included.
Propaganda in Art and Media - b9punk (Jennifer Gergen), Mike Castleman, Frederic Guimont, and Lazlow Jones
- We see propaganda around us every day, some of it a lot more obvious than others. This panel will show you how to find it and how to make some of your own. Whether it's something like Frederic's comic book adaptation of George Orwell's 1984 or Mike's "Students For an Orwellian Society" website, you too can have fun with manipulation of the masses. Lazlow will reveal from the inside how mainstream media strives for control of the masses while b9punk will explain how much of her propaganda art creations came to be displayed at this conference.
Retaliation With Honeypots - Laurent Oudot
- Most of the time a honeypot is considered to be a security resource whose value lies in being probed, attacked, or compromised. The purpose of this talk is to explain how honeypots might be deployed not only to use passive defense technologies, but also active defense ones. As a specific example, think about what might happen the day honeypots are able to automatically strike back at an aggressor or a worm! Different technical possibilities offered to honeypots on the cyberwarfare field will be explored, such as playing with or even hacking back an usual aggressor (scanner, worm, exploit, client of a trojan, etc.), improving traceback capabilities to find the real source of an attack, etc. This will open up all kinds of legal implications which will also be discussed.
Retrocomputing - Richard Cheshire, Sam Nitzberg, and Steve Wozniak
- The focus of the retrocomputing panel will be computing technologies from the 1980s and even earlier. Experiences involving the Altair 8800, the Apple II, and other great machines, their software, and operating systems will be discussed.
- PowerPoint Slides
Steve Wozniak Keynote - Steve Wozniak (YouTube) Secure Instant Messaging - Phar (Mike Davis)
- A look at the evolution of secure instant messaging and how AOL tried to shake off open-source and non-vanilla clients by altering the AIM (oscar) protocol. The open-source community adapted and readapted until AOL finally gave up. Phar, who has written the first secure messaging clients for Unix and Windows (BLAIM and Impasse), will discuss other IM issues, such as the buyout of ICQ by AOL and the subsequent change (and deterioration) of its protocol.
- PowerPoint Slides
Security, Liberties, and Trade-Offs in the War on Terrorism - Bruce Schneier
- Since 9/11, we have the PATRIOT Act, tighter screening at airports, a proposed national ID card system, a color-coded national alert system, irradiated mail, and a Department of Homeland Security. But do all of these things really make us any less vulnerable to another terrorist attack? Security expert Bruce Schneier evaluates the systems that we have in place post-9/11, revealing which of them actually work and which ones are simply "security theater." Learn why most security measures don't work and never will, why bad security is worse than none at all, and why strong security means learning how to fail well. Most of all, learn how you can take charge of your own security - personal, family, corporate, and national.
Security Through Automated Binary Analysis - Dildog (Christien Rioux) and Weld Pond (Chris Wysopal)
- Automated binary analysis techniques have become sufficiently advanced so that having the source to software is no longer a prerequisite for finding security flaws. The binary is equivalent to the source. And a patch is equivalent to a detailed description of a security flaw. This talk will cover the implications of the latest binary analysis technology and give an overview of some of the technology available.
Security Through Diversity - Javaman (Adam J. O'Donnell)
- Establishing a diversity of operating systems and software on the Internet is now being viewed as essential to global information security. This talk will explore how individual systems and large networks can improve their tolerance to massive attack through this principle. Copies of obscure OS's will be handed out for good questions. Interpretive dance may or may not be involved.
Slaying the Corporate Litigation Dragon: Emerging the Victor in an Intellectual Property Cybersuit - Atom Smasher
- Have you ever wanted to tackle a corporate giant and live to tell about it? Meet web warrior Atom Smasher, whose lifelong fascination with law proved an invaluable commodity the day he found himself in the cross-hairs of some Fortune 500 big guns. In this lively discussion he'll recount his personal odyssey with the "men and women in black" whose federal lawsuit attempted to pull the plug on his whistle-blowing site. Learn how he responded to a cease and desist letter, what he did when served with a lawsuit, and how he triumphed in his legal battle.
Social Engineering Panel - Emmanuel Golddigger and Kevin Mitnick
- This has always been one of the more popular panels since we started it at the first HOPE in 1994. And this year, for the very first time, Kevin will be at the conference to be part of the festivities. He authored a book on the science of social engineering entitled The Art of Deception which was an eye-opener to many in the corporate world. Emmanuel has been confusing people on the telephone for many years and derives great pleasure out of getting total strangers to give him information he has no right to possess. In addition to a discussion of methods and stories, be prepared for some live demonstrations over the phone. Suggestions for good targets are always welcome.
Jello Biafra Keynote - Jello Biafra (Eric Reed Boucher) (YouTube) Tactical Media and the New Paranoia - Mike Bananno and John Henry
- The Institute for Applied Autonomy (IAA), The Yes Men, and the Critical Art Ensemble (CAE) are activist collectives that use unconventional means to deliver their message. The IAA is an anonymous collective of artists, hackers, and radical engineers who have produced projects such as high speed graffiti-writing robots and map-based websites that help people avoid surveillance cameras. The Yes Men have gained international notoriety for their use of extreme social engineering in order to impersonate World Trade Organization officials at conferences, on the web, and on television. A feature length film documenting their antics will be released by United Artists in August. The Critical Art Ensemble is a collective that explores the intersections between art, technology, radical politics and critical theory. Their books including Electronic Civil Disobedience and The Molecular Invasion have been translated into 18 languages and are used in universities the world over. Recently the FBI has accused the group of bio-terrorism. Due to the ongoing investigation, members of CAE are unable to speak publicly on these issues. However, members of IAA and The Yes Men will describe the events of the case and discuss it as it relates to investigations of hackers.
Technology in Romania - Catalin Acio
- An overview of the ten year period in Romania from 1989 to 1999 and the challenges involving access to technology, the perception of IT in the formerly communist country, and issues of freedom of speech and information. Ninety percent of all access to the Internet is still done via timed dial-up connections which makes connectivity much harder for programmers, researchers, and the average citizen. Learn about the differences in technical cultures and what is being done to level the playing field.
Ten Years of Practical Anonymity - Len Sassaman
- Strong anonymity systems have been available for public access on the Internet for the last decade. During this time the Internet landscape has changed considerably, while the body of knowledge in the field of anonymity research has deepened greatly. This talk will review the history of anonymity systems, describe the methods by which modern anonymity systems protect their users, explore the classes of attacks which exist against anonymity systems, and give examples of practical anonymity systems which can be freely and easily used by the public at large. Emphasis will be placed on e-mail anonymity and the long-lived anonymous e-mail software Mixmaster and the associated remailer network, though other forms of Internet access anonymization will be included for discussion.
Terrorism and Hackers - Greg Newby
- This presentation will put forth a full range of activities in which hackers can apply their skills to achieve goals related to "the systematic use of violence to create a general climate of fear in a population and thereby to bring about a particular political objective" (britannica.com). This range includes many specific ways for hackers to combat terrorism, methods to fight terrorist tendencies of your country, and how hackers might actually participate in terrorism. Despite being demonized by corporate media and the subject of many recent laws, most hackers, like most people of all types, are not terrorists. What can we do to protect against hackers being misperceived as threats and terrorists?
Today's Modern Network Killing Robot - Viki Navratilova
- This is an overview of the new generation of DDoS tools. Back in the day, a couple of large pings could take down lots of machines. When those techniques stopped being effective means of taking down networks, people started writing DDoS programs. These programs required a little bit of manual work to install, but were effective at taking down large networks for a while. This generation of DDoS tools was made famous in the media for victimizing famous websites for hours at a time. Soon people learned to control the damage done by these tools, and so a new generation of DDoS tools was born: Ones that could infect thousands of machines automatically to create large botnets and hide their communications in order to evade detection better than their predecessors. These botnets are now the most effective DDoS tools in popular use today. This talk will go over the more popular botnets, such as gtbot and sdbot, and talk about how they work and some ways to spot them on your network. There will be a demonstration of an irc botnet in action.
- Note: The recording of this panel is incomplete, though we've posted what we have. Please accept our apologies.
Urban Exploring: Hacking the Physical World - John and Laura Leita
- Urban exploring is the art of going places off limits to most and unseen by many. Explorers are brave souls who often dredge through great dangers for their art. Often they research and document historic abandoned places to accompany pictures and video taken on the locations of sites with enormous history. Otherwise they are simply in search of a beautiful view. John and Laura will talk about the different locations of interest to urban explorers, such as abandoned asylums, steam tunnels, rooftops, abandoned rail spurs, former used industrial sites, and deserted gold coast estates. From there they will go into how this art is best performed and various associated issues. Topics will include how to find urban exploration sites, how to go about exploring and documenting them, UE photography and video, computer assisted exploring, and research techniques to learn about a site. A video CD presentation will be shown to illustrate urban exploring and show some cool places.
When Corporations Attack - Acidus (Billy Hoffman), Virgil Griffith, Dan Morgan, and Wendy Seltzer
- We all know the wrath that major corporations are capable of unleashing when the actions of hackers and other individuals anger them. This panel will focus on two of these cases. Dan was the publisher of Satellite Watch News, a publication that focused on the technical workings of the satellite industry. DirecTV (owned by General Motors) managed to completely shut down the newsletter and take nearly all of his possessions. Acidus and Virgil did research into the Blackboard college ID card system (used at universities everywhere) and they uncovered all kinds of interesting facts. This was to be presented at the Interz0ne conference in Atlanta in 2003. Blackboard filed an injunction that not only kept that from happening but has prevented the two from discussing specifics about Blackboard to this day. In addition to these three panelists, a representative of the EFF will be on hand to talk about the legal aspects of these frightening cases.
Where'd All That Spam Come From? - John Draper
- A study of the mechanisms spammers use to flood your mailbox along with what some of the work and research of SpamCrunchers have uncovered. Topics of this talk will include spam bots, spam trojans, some of the sneaky methods spammers use, how they get around filters, why none of this stuff really works anyway, and what you can do to significantly cut down on spam.
Wireless and WiFi: The Good, the Bad, and the Ugly - Dragorn, IrishMASMS, Mike Lynn, and Porkchop (Michael Kaegler)
- A panel to discuss wireless networking: the basics of 802.11 and current products, along with stories of wardriving and a look at network security. Find out why you should care about your network's security even if you don't think anyone else would take an interest in your traffic. Questions and comments from the audience will be solicited.
HOPE Number Six
- HOPE Number 6 took place on July 21-23, 2006 at Hotel Pennsylvania in New York City.
- Post-HOPE Number 6 Analysis From Off The Hook, July 26, 2006.
- Hacking Couture at HOPE Number Six
- HOPE 6 Review by Gonzo
- Official HOPE Number Six T-Shirt Get yours today!
- $2600 Meetings: A Valuable Resource or a Waste of Time? - Rop Gonggrijp, Emmanuel Golddigger, LexIcon, and others (YouTube)
- Since they began in 1987, $2600 meetings have sprung up all around the world. They inspired the movie Hackers. Helped to launch a number of federal and state investigations, provided journalists with fodder for all sorts of wild and crazy stories, and brought all sorts of hackers together who might otherwise never have met. But is this a good thing or a bad thing? Do the meetings actually strengthen the community or do they expose it to hostile elements that help to destroy it? You will hear a number of perspectives as well as stories on things that have happened at the many meetings that have taken place. If you've ever attended a $2600 meeting, we'd like to hear your feedback at this panel.
Aether Madness with the Prometheus Radio Project - Dharma Dailey, Andy Gunn, Hannah Sassaman, Pete Tridish, and Anthony Mazza (YouTube)
- The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations. Over the years, Prometheus has sued the FCC to stop media consolidation, built stations in places like Venezuela and Tanzania, and experimented with using off-the-shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands for. Prometheus fights for change by going straight to the pileup where technology, politics, and the media crash into each other. This panel will help bring you up to date on the political debates in Washington about low-power FM, reforming the spectrum for wireless broadband access and other uses, and the grassroots organizing that can be done to reshape the media. A picture show of community radio barnraisings and stations that Prometheus has worked on around the world will be included.
Alienation and Engagement - Jason Kroll (YouTube)
- The hacker sense of social responsibility is undermined by our alienation from the mainstream. From bad school experiences in childhood to the content property grab of today, we infer the world to be hostile and corrupt. Unwilling to become sociopaths, yet unable to find avenues for social change, we are tempted to withdraw from civil society and limit ourselves to technical contributions. A discussion of three non-technical areas where hackers can make positive contributions and where we might find principled people: journalism, economics, and law. The next civic establishment has to come from somewhere and this should be our historical era. So we might as well participate - or maybe just take over.
The Art of Electronic Deduction - StankDawg (David Blake) (YouTube)
- This was an unscheduled talk given to replace a postponed presentation.
Basics of Forensic Recovery - Kall Loper (YouTube)
- This presentation will introduce the basic model for forensic recovery of data in civil and criminal contexts. Technical challenges of acquisition and analysis will be briefly covered but the primary emphasis will be on the requirements of bringing data to court. Common tools will provide examples to illustrate the model. There will also be a brief discussion of provisions of the enforcement mechanisms of the Digital Millennium Copyright Act and recent case law dealing with failures to comply with production of evidence.
Binary Revolution Radio - Stankdawg and Guests (YouTube)
- Binary Revolution Radio is a weekly Internet radio show that has been around since early 2003. The show covers topics that are of interest to the hacking community including hacking, phreaking, programming, digital rights, social engineering, and everything in between. The beginning of season four of this show coincides with HOPE Number Six this year and this will be an episode of the show recorded in front of a live studio audience! There will be lots of special guests, audience participation, and maybe... just maybe... punch and pie. You have to show up to experience it live and see why "The Revolution Will Be Digitized!"
bin Laden, National Intelligence, and How NOT to Spend the Taxpayer's Treasure - Robert Steele (YouTube)
- This presentation will address the Ten Threats, Twelve Policies, and Eight Challengers. And if you want to find out what all that means, you'll just have to attend. Robert was our keynote speaker at the original HOPE in 1994 (and our very first speaker ever) and has continued to rivet audiences ever since with stories and facts about national intelligence.
Breaking Down the Web of Trust - Seth Hardy (YouTube)
- The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have key signing parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory.
- Seth will take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better) and the current "correct" practices for establishing trust (and why they could be a lot better). To finish, Seth will talk about some of the many bad trust policies that have managed to become mainstream and commonly accepted, even by many self-described "computer security professionals."
Building a Hacker Space - Porkchop (Michael Kaegler), Harry Hoffman, Dragorn (Michael Kershaw), and Nick Binary (Nick Amento) (YouTube)
- By pooling resources, hackers can get bigger and more impressive toys to accomplish bigger and more impressive projects. This talk focuses on setting up and managing collectives for fun and profit - from finding a space to keeping it going. Presented by people who did it in Massachusetts, New York, and Pennsylvania.
Building the Anti-Big Brother Databases - Peter Wayner (YouTube)
- Databases don't need to be huge collections of personal information waiting to be exploited. This talk will show how a few simple encryption functions can build a database that answers questions for the legitimate users but locks out all illegitimate users including those with the root password. The techniques make it possible to build privacy-preserving systems with much less complexity and overhead than conventional techniques.
Can Security Detectors be Hacked? - Paul Renda (YouTube)
- Today we are challenged by a multitude of security detectors. But can they be beaten? This talk will deal with their vulnerabilities. The electromagnetic spectrum will be explained along with how waves propagate. Security systems like X-ray backscatter and mm wavelength microwave will be discussed along with possible defenses. Most of the talk will focus on the ubiquitous metal detector - the walk-through and handheld variety.
- The question of whether radio frequency devices can compromise security will be explored. Front door and back door attacks (coupling modes) will be defined. The urban myth of radio frequency devices/weapons will be discussed. It will all top off with a discussion of Carl Jung and King Hubbert and how they relate to terrorism.
- This talk is dedicated to Paul's cousin Tommy Farino, a New York Fire Department captain who died on 9/11.
Citizen Engineer - Consumer Electronics Hacking and Open-Source Hardware - Phillip Torrone and Ladyada (Limor Fried) (YouTube)
- This is a hands-on session on all the things you're not supposed to do (but want to) with the gadgets that fill our drawers and shelves: transform an old VCR into an automatic cat feeder, use open interfaces to control Roomba robotic vacuums. Projects like these (and others, such as WRT54G hacking, iPod Linux, car-computer hacking, etc.) are part of a growing trend where consumers are going back and hacking what they buy. Just as computer hacking is closely tied to the open-source software movement, so can such embedded gadget-hacking lead to an open-source hardware movement.
Comparison of WAN Routing Protocols - Miles Nordin (YouTube)
- A comparison of three members of a class of WAN routing protocols called "interior gateway protocols." Each member of the class - RSTP, OSPFv2, and IS-IS - is bound to a different kind of datagram: Ethernet frames, IP packets, and OSI CLNP datagrams respectively. Most companies with large WANs use one of the first two protocols for two purposes: to route around failed redundant links and to automatically find the correct path to a destination address on a large network with many hops. Including RSTP in the comparison is a realistic acknowledgment of the way L2 switching is abused these days. Including OSI in the comparison should reveal some habitually irritating aspects of switched IP networks that are mere accidents of history, and others that are more fundamental. Miles will provide background about how Ethernet switching works, what an IGP is, and what the now mostly-abandoned supposed-future OSI world feels like.
Constructing Cryptographic Protocols - Joe Salvatore Testa II (YouTube)
- This lecture will show how to construct advanced cryptographic protocols. Beginning with a set of requirements for a communications protocol that includes immunity from replay attacks, traffic analysis resistance, and resiliency against partial compromise, the audience will be shown how a naive protocol can be iteratively improved into a protocol satisfying those requirements.
Coupon Hacking - Sam Pocker (YouTube)
- The price of everything has become too expensive. As retailers feel they need to cater to the lowest common denominator, you are held prisoner in artificially antiseptic environments, customer service is a mockery of intelligent discussion and basic common sense, and yet somehow we now live in a consumer-driven economy. This presentation attempts to provide an understanding of how you can fight back - how to understand what you are really seeing when you walk into a supermarket, a "big box" mass merchant retailer, or even a local mall. It will also address "coupons," how you can read the barcodes with the naked eye and decipher them, and how you may use them to get nearly anything for free, or almost free.
The CryptoPhone Project - Frank Rieger and Barry Wels (YouTube)
- In 2003 a group of enthusiasts turned a standard PDA phone into a military grade voice encryption device. Unlike other players in the secure communications market, CryptoPhone decided to publish the complete source code for review. Not only that but a software-only client that will turn your PC and modem into a CryptoPhone is available for free download. The product range has expanded to landline and satellite solutions. What is next?
E-gold - As Misunderstood as Hackers - Richard Cheshire, and Oddsman (James M. Ray) (YouTube)
- Internet Commerce is a wonderful concept. So is Internet privacy. They clash where the government can access private bank records. E-gold allows private transactions to remain private. Unfortunately the Bad Guys want their transactions to be most private, giving e-gold and their financial brethren a bad reputation.
Exploring Your World with Open-Source GIS, GPS, and Google Maps - Mike Dvorak and Paul Suda (YouTube)
- Digital mapping is the ideal information sharing medium for urban explorers, war walkers, and travelers alike. Powerful open-source geographical information system (GIS) software such as GRASS exists for users of all computer platforms to explore, analyze, and digitize custom maps. A brief overview of mapping will be given and then GRASS will be used to demonstrate how to make an annotated bike trip map around New York City. The Google Maps API for making customized maps will also be explained and demonstrated.
Europe Has Hackers Too - mc.fly (Elmar Lecher), Frank Rieger, and Rop Gonggrijp (YouTube)
- There are hackers on the other side of the pond too! This is a view of parts of the European hacker scene, especially that of Germany and the Netherlands. The Chaos Computer Club will be discussed along with other European hacker groups. You will learn about the major differences between the American and European hacker scene, see what the different lifestyles are like, and get a good look at some of the European hackers' nicest projects. There will also be details on upcoming European conferences which you are cordially invited to. After the presentation an open discussion will permit you to ask any questions about all of those fancy countries on the other side of the pond.
Everything You Ever Wanted to Know About Spying and Intelligence - Robert Steele (YouTube)
- This is an update of Robert Steele's famous informal presentation, completely unstructured, which will address all sorts of specific details about spying, information, intelligence, emerging threats (hackers are NOT one of them), strategy, anti-Americanism, and the destruction of the treasonous Republican and Democratic parties.
- MP3 - 1, MP3 - 2
Flash Sucks for Advertisers - The Digital Divide - Richard Cheshire, and Gerald Greene (YouTube)
- While the contention is that Macromedia Flash sucks for consumers who can't download Flash, it actually means that the advertisers using it are not getting their message out to those consumers. This will be a discussion of Internet access and The Digital Divide, with emphasis on the Internet's role in special education.
The Future of Wireless Pen Testing - Dragorn, Frank "Thorn" Thornton, and RenderMan (Brad Haines) (YouTube)
- The future of wireless pen testing and vulnerabilities of 802.11 networks, RFID, and Bluetooth, including a then-and-now perspective of the past five years of development in wireless vulnerabilities and research, pet peeves, the future of wireless protection standards, and topics from the audience.
The Geek Comedy Tour 3000 - Chris Barylick, Frank Hong, Jimmy Meritt, Justin Schlegel, Evan Valentine, Danny Rouhier, Joe Deeley, Paul Schorsch, James Jones, Erin Conroy, and Ryan Conner (YouTube)
- Picture what happens when you give the kids who were picked last for dodge ball a microphone and some stage time. The Geek Comedy Tour 3000 is just that. A collection of some of the best standup comedians from the Washington D.C. area, this group comes to the stage with a high-energy approach as well as topical, intelligent material that is accessible to both techies and non-techies alike.
The Geeky, Personal, and Social Impact Sides of Creating Defensive Technology - Mitch Altman and Ladyada (Limor Fried) (YouTube)
- Ever wish you had the power to turn off a TV in a restaurant or disable an intrusive cell phone? Social defensive technologies are "reality hacking" devices that give us the sort of sociopathic control we've come to enjoy on the Internet alone. Three years ago, Mitch decided he'd had enough of televisions and designed the TV-B-Gones, a universal "off" keychain remote. Around the same time, Ladyada designed a personal RF jammer. Together they will discuss these projects in the context of reclaiming personal space, culture-jamming, and how we can design technologies that do what we really want. Don't expect good WiFi/cell reception.
Ghosts (and Zombies) in the Machine - Brad Johnson (YouTube)
- What do dark fiber, zombie networks, web ghosts, and net spooks have in common? They're all scary! Boo! Come for a fun and wide-ranging survey of largely unrelated Internet phenomena, from computers zombied by script-kiddie rootkits to MySpace pages and blogs left after their creators have died. Is there really a ghost in the machine? Maybe not, but there's definitely a lot of bizarre stuff around the edges.
Hack the Palate! How to Set Up a Kitchen Hack Lab - Gweeds (Guido Sanchez) (YouTube)
- Chefs are a lot like hardware hackers. Both geek out, absorbing the specs of vegetables/technology for the purpose of creating something that nobody else has: innovative food/new machines). So what kind of food comes out of a kitchen that's turned into a hack lab? Something delicious. Something geeky.
Hackers and Academia - Adam J. O'Donnell (Javaman), Matt Blaze, and Gillian Andrews (YouTube)
- In many ways, the hacker community and the academic community don't appear to get along. The classical view of how both academia and the hacker community operate seemingly are mutually exclusive, with the academy priding itself on rigor and proof while the hacker community espouses a "proof by example" methodology. The relatively slow pace of academia turns off hackers, and the lack of rigor of hackers does the same for academics. During this panel discussion, we show how the two worlds are not that far apart and present individuals who are actively trying to bridge the gap between the two. Current students, past students, professors, and hackers, one in the same, will be present for the discussion.
Hackers in Prison - Mark Abene (Phiber Optik), Bernie S., and Kevin Mitnick (YouTube)
- For the first time ever, the three most famous imprisoned hackers of the 90s appear together on the same panel. Mark served ten months in 1994, bernieS was locked up for 14 months in five maximum security prisons in 1995 and 1996, and Kevin was held for nearly five years. Each of these cases received a lot of exposure from $2600 and Off The Hook which wound up getting the attention of mass media and the public. But these cases are only the tip of the iceberg. You'll hear some of the background, learn about what's going on today with some other cases, and maybe even hear some prison stories.
- Kevin Mitnick unfortunately wound up in a hospital in Colombia for the entire conference and is replaced here by Darci Wood.
Hacking Copyright and Culture - Fred Benenson (YouTube)
- Taking things apart, reusing, and remixing the old in order to create the new are tenets of the hacker ethic. But these impulses have also been at the heart of artists, musicians, and writers since the beginning of human creativity. Complete access to copy, reuse, and remix work is necessary for cultural and technological progress, a progress that the current state of copyright and the increasing ubiquity of DRM threatens to permanently undermine.
- This fight has become political. From protests to boycotts, from lobbyists to students, there is a movement underway and an increasing number of ways to get involved and fight for your digital rights beyond sending $15 to the EFF and running GNU/Linux (which you should already be doing).
- This talk will be about the current state of the free culture student movement and events being organized in the area, including the first ever anti-DRM protests, a Creative Commons art show, and a DVD remix contest.
Hacking the Mind: Hypnosis, NLP, and Shellcode - Mike Murray (YouTube)
- The similarities between the methods used to exploit a computer network and the language patterns involved in hypnosis and Neuro Linguistic Programming (NLP) are striking. In this talk, nCircle's director of vulnerability research Mike Murray (who is also a Master NLP practitioner and certified clinical hypnotherapist) will demonstrate the use of hypnotic language patterns, metaphors, and other patterns of influence, as well as showing how a good hypnotist structures inductions in a similar way to the methods of a skilled computer hacker. Hypnotic analogues to buffer overflows, shellcode, and other types of computer attacks will be demonstrated, leaving the audience with a deeper appreciation for language patterns and their effect on the human mind.
The HOPE Net: What Worked and What Didn't (YouTube)
- This is where we review what it took to put the network together. There are bound to be some fascinating stories to share as far as what went on over the weekend. This network is by far the biggest ever attempted at any hacker conference on this side of the ocean with more bandwidth available than many countries have. This makes the stories even more entertaining. The network gurus of HOPE will have a lively discussion on the challenges of running a network at a hacker conference right before it all gets taken apart.
Closing Ceremonies (YouTube)
- The tradition continues. Instead of going home early, we encourage people to stay late and celebrate the conclusion of the conference. (Consider Monday a lost day.) You will hear some of the highlights of the past three days and get one last chance to see people before the next time we decide to do this. It's also a chance to win all sorts of prizes by demonstrating skills and abilities or just by being at the right place at the wrong time. And most importantly, you will finally learn who Number One is.
How to Steal Someone's Implanted RFID - And Why You'd Want To - Annalee Newitz and Jonathan Westhues (YouTube)
- Annalee Newitz will talk about how she got a RFID implant to demonstrate some of the basic security problems with these devices. These are problems that the companies who make RFID systems are either ignoring or outright lying about. She'll discuss the process of implanting the RFID, including getting the surgery and unpleasant dealings with VeriChip. She will also talk about the many problems with security used for implanted RFIDs (and security problems with RFIDs used as access control devices). Then Jonathan, the RFID-hacking expert who cloned Annalee's RFID, will talk about how he did it and (hopefully) he'll be able to give a demo. He'll describe how he made his device and how it can also be used for proximity card cloning. He also has a new cloner which he may or may not want to talk about in detail.
How to Talk to the Mainstream Media - Stephen Cass (YouTube)
- Blogs, vlogs, podcasts, RSS, even old-school web sites and mailing lists - there's never been more ways for hackers to get their message out. So why bother dealing with the Mainstream Media? Because that's where the audience is. Only a tiny percentage of blogs have sizable audiences and even the biggest of those are dwarfed by the audiences for TV news, mainstream media websites, or the circulations of the larger dead-tree newspapers and magazines. If you're interested in getting your point across to as many people as possible, this talk will improve your chances by telling you what professional journalists want and why, how you can help give it to them, as well as what pitfalls to avoid.
IBOC vs. DAB-T: In-Band vs. Multiplexed Digital Radio - Russell Trafford-Jones (YouTube)
- More and more U.S. stations are going digital using "In-Band On-Channel" methods where the data is sent with the analog radio station. But a lot of the rest of the world uses a different frequency for the digital version of the station. This talk describes the transmission methods technically, discusses the pros and cons of the different methods as well as the commercial implications, and focuses on how community radio can fit into the changing landscape of radio.
- Will the U.S. and its listeners lose out by using different systems than most other countries? A look at this question, why IBOC has been adopted, and how digital radio helps and hinders reception.
Richard Stallman Keynote - Richard Stallman (YouTube)
- Talking about software rights, except for the right for you to do what you wish with your own code.
Michael Hart Keynote - Michael Hart (YouTube)
- Using eBooks to break down the bars of ignorance and illiteracy.
Jello Biafra Keynote - Jello Biafra (Eric Reed Boucher) (YouTube)
- Hacked by Uncle Sam, vote fraud, and the end of democracy.
Law Enforcement Wiretaps: Background and Vulnerabilities - Micah Sherr, Eric Cronin, Sandy Clark (Mouse), and Matt Blaze (YouTube)
- The politics of wiretapping is a hot topic (again) lately. But how do the police actually tap telephones anyway? How might tapping technology fail? Telephone wiretap and dialed number recording systems are used by law enforcement and national security agencies to collect critical investigative intelligence and legal evidence. This talk will examine the technology of (legal) wiretapping and show how many of these systems are vulnerable to simple, unilateral countermeasures that allow wiretap targets to prevent their call audio from being recorded and/or cause false or inaccurate dialed digits and call activity to be logged. An exploration of possible workarounds, as well as the broader implications of the security vulnerabilities in evidence collection systems.
The Life and Times of Alan Turing, Father of the Computer - Karamoon (YouTube)
- Alan Turing was an intriguing guy whose life was as tragic as it was amazing. Known as the father of the computer, the man who broke the Enigma code, and a sad victim of British homophobia in the 1950s, Turing serves as a role model for many hackers, computer scientists, and mathematicians. This talk tackles three subjects: Turing's role in breaking the German Enigma code, Turing as the father of the computer, and Turing's personal life (and death). A look at Turing's life in chronological order, focusing on events which had profound effects on his thinking and feelings. Turing's story is ultimately a sad one, but along the way you'll see a breakthrough in cryptography and the birth of the computer. You'll also want to fight much harder for freedoms that we still take for granted, despite the fact that they are disappearing fast.
Lock Picking: Exploits for Mechanical Locks - Barry Wels and Marc Weber Tobias (YouTube)
- Every mechanical lock, no matter how sophisticated, can be bypassed. And here you will learn how. A wide variety of opening techniques will be demonstrated. Ranging from "lock decoders" that are in use by the intelligence community to till tools and techniques that allow a layman to open a wide variety of locks with little training and using only inexpensive tools. Even the opening of some state of the art electronic locks will be demonstrated on stage. If you're willing to learn then simply join one of the training sessions during the conference (in the lockpick village) to have Barry and his friends teach you how to pick and bypass locks yourself. You are invited to bring your own locks and find out if they are any good.
Low-Level Firmware Analysis and Hacking - John Maushammer (YouTube)
- A presentation using examples from John's experience reverse engineering disposable digital cameras. Hardware disassembly, reading firmware from the flash chip, firmware disassembly, figuring out hardware registers, and how to identify and circumvent lock codes will be among the topics touched upon. The CVS camcorder lock and the vulnerability that hacked it will also be discussed.
Magnetic Stripe Technology and the New York City MetroCard - Joseph Battaglia (YouTube)
- Curious what's on all those magnetic stripes in your wallet? Learn how magnetic stripes work and how you can use parts from your "junk drawer" to build a simple reader. Joe's reader design is easy to build and is capable of reading proprietary formats that most commercial readers can't. The software, which runs under Linux and requires only a sound card, does most of the work and is easy to tweak. Also included in the lecture will be a discussion about the New York City MetroCard and how its proprietary encoding was reverse engineered with this reader design.
Making Reliable Links Using WiFi - Catonic Cinotac (YouTube)
- Ever wondered exactly how much engineering goes into professionally installing WiFi links to 99.999 percent availability? In this talk, Catonic will be covering calculating path loss, Fresnel zones, gain, power, and other topics which when combined are used to design RF links between two locations. The information in this talk is useful for VHF, UHF, and microwave link planning. Additionally, Catonic will be providing an analysis of some of the factors considered when iFiber Redwire planned and then executed last year's record WiFi shot of 125 miles.
Managing Your Company's Intellectual Property: An Introduction to IT Security - Daniel Estrada (YouTube)
- Data is every company's most valuable asset and its protection is imperative for survival. This presentation gives managers and other business leaders the practical foundation they need to secure their intellectual property, properly comply with legislative requirements, and maximize the overall value their IT strategies provide.
The Monochrom Collective - Johannes Grenzfurthner, and Roland Gratzer (YouTube)
- A talk medley from monochrom, a worldwide operating collective from Vienna dealing with technology, art, context hacking, and philosophy which was founded in 1993. They specialize in an unpeculiar mixture of proto-aesthetic fringe work, pop attitude, subcultural science, and political activism. Their mission is conducted everywhere, but first and foremost "in culture-archaeological digs into the seats (and pockets) of ideology and entertainment."
- This session will be a little tour-de-farce about their projects and political motivation. A joyful bucket full of good clean fanaticism, crisis, language, culture, self-content, identity, utopia, mania and despair, condensed into the well known cultural technique of a gala show.
- Among their projects, monochrom has released a leftist retro-gaming project, established a one baud semaphore line through the streets of San Francisco, started an illegal space race through Los Angeles, buried people alive in Vancouver, and cracked the hierarchies of the art system with the Thomann Project. In Austria they ate blood sausages made from their own blood in order to criticize the grotesque neoliberal formation of the world economy. Sometimes they compose melancholic pop songs about dying media and they have hosted the first annual festival concerned with cocktail robotics. At the moment they're planning a conference about pornography as one of the driving forces of technological innovation. They also do international soul trade, propaganda camps, epic puppet theater, aesthetic pregnancy counseling, food catering, and - sorry to mention - modern dance.
Network Monitoring and the Law - Alexander Muentz (YouTube)
- A discussion of federal and state criminal law as well as civil penalties, expectations of privacy at work, and the relative rights and duties of employers, employees, and IT workers. Also included will be an explanation of network monitoring and the Wiretap Act.
The New Engineers of Graffiti - James Powderly, Evan Roth, Theodore Watson, and Evan Harper (YouTube)
- The Graffiti Research Lab is dedicated to outfitting graffiti writers, street artists, and protesters with open-source technologies for urban communication. The goal of the GRL is to technologically empower individuals to creatively alter and reclaim their surroundings from unchecked development and corporate visual culture. During 2006, the GRL has toured across the globe demonstrating and teaching new graffiti technologies and DIY skills to diverse public audiences. Their work has been featured in alternative and mainstream news sources like the New York Times, Wooster Collective, TIME Magazine, Visual Resistance, and The Village Voice. In May 2006, Ars Electronica gave the GRL an Award of Distinction in Interactive Art. You can find their work at www.graffitiresearchlab.com.
- This panel will give an introduction to geek graffiti and focus on the Eyebeam OpenLab with particular attention to public domain DIY hardware hacking, GNU software, and Creative Commons content. Some GRL tools will include LED "throwies," the "night writer," the "electro-graf," and more.
Off The Hook - The Indecent Version - Featuring the Off The Hook Cast (YouTube)
- Yes, that's right, the acclaimed WBAI radio show does an edition that the FCC won't permit us to air. Restrictions on what we're allowed to say over the radio will be addressed in a very "direct" manner. Over the years the American broadcast media has become increasingly government-controlled with the federal authorities determining what is decent and what is not. The result has been a whole lot of blandness and conformity, not to mention a good dose of fear and paranoia behind the scenes. While we may not be allowed to say a lot of things over the air, we CAN say them in a room full of people. At least for now. One day perhaps this edition will be allowed to be heard on the radio. For now, though, you can win a prize by figuring out just how much we could be fined and imprisoned if this show were to make it to air. In all honesty, we believe it will be a pretty "decent" hour. You can even bring the kids.
Password Cracking and Time-Memory Tradeoff - Jason Davis (YouTube)
- An in-depth explanation of the applications of time-memory tradeoff when applied to password cracking and its relevance to the future of the IS industry. Also, a demonstration of what quite possibly could be the fastest web-based MD5 password cracker on the planet.
Phone Phreaking 101 - Black Ratchet (Ben Jackson) (YouTube)
- Have you ever caught yourself thinking "Gee, I wonder how this phone thingy works?" Do you often dream about what's inside that building downtown with your local phone company's logo emblazoned upon it? Do you find yourself confused when people start talking about "op-diverting," "setting up 8s," or "getting on the bridge?" If so, then this presentation is for you.
- Ever since the early 1990s, most people have thought that phone phreaking was dead. They have thrown their black, red, and blue boxes out with their trash and have dismissed the idea of "phone phreaking" with the same zeal that they dismissed the idea of the Easter Bunny and Santa Claus. But phone phreaks still survive to this day! The phone network was one of the first great networks. Yet today it just sits there, only explored by a handful of people.
- This presentation is an attempt to change all that. It will answer basic questions and clear up common misconceptions about phreaking, the phone system, and telephony in general. It will also attempt to clear up urban legends that continue to exist today and show people that phreaking is not a dead art. Topics covered will include history, basic phone network operation, VoIP, myths and misconceptions, general phreaking, and stupid phone tricks.
Privacy is Dead - Get Over It - Steven Rambam, Gerard P. "Jerry" Keenan, Reginald "Reggie" Montgomery, Kevin Noppinger, and Kelly Riddle (YouTube)
- This will be a wide-ranging lecture covering databases, privacy, and "computer-aided investigation." Steven is the owner of PallTech, the largest privately held online investigative support service in the U.S. This talk will include numerous examples of actual data and secret databases as well as a demonstration of an actual online investigation done on a volunteer subject. During the second hour, Steven will be joined by a four member panel of investigators and intelligence experts.
Privacy Through Technology: A Hands-On - Aldert Hazenberg and Paul Wouters (YouTube)
- Until recently, using cryptography to protect your privacy when using the web, email, or instant messenger while connecting your laptop all over the world from very insecure and untrusted networks was a daunting task that most people could never set up. For those who could, it proved impractical to use over a longer period of time. Fortunately, things have changed a lot in the last year. But the notion that cryptography is too difficult to use is still a widespread belief.
- In this presentation, Aldert and Paul will demonstrate how easy it is these days to use cryptography. They will bring a Windows and an OSX laptop, and demonstrate how to set up encryption tools from scratch. After the presentation, a slide show version of their presentation will be available as download for everyone to take home.
- Topics will include how to secure email using GPG with Thunderbird and Mail.app, how to protect IM traffic using OTR with a variety of IM clients such as Gaim, Adium, iChat, Trillian, or other clients using the OTR proxy, how to encrypt your browsing using Tor and Privoxy, how to build an L2TP VPN to encrypt all your traffic while browsing at Starbucks by using your home DSL, how to encrypt your VoIP calls using Gizmo and Zfone, how to enable WPA/WEP security on your wireless network, and how to use an encrypted hard disk using FileVault or Windows software. Finally, they hope to be able to show you the first IPsec encrypted WiFi mobile phone.
- This presentation will be a hands-on training. That means no slide shows on how things work in theory, but demonstrating live to you that it only takes a few minutes to set up the cryptographic tools to protect your privacy.
Proactively Secure Programming Techniques - Joe Salvatore Testa II (YouTube)
- This lecture will teach several proactively secure programming methods that can be applied to direct-memory languages like C and C++. These methods are an application of the fundamental defense in depth principle that can provide an extra level of security against common buffer overflow attacks, double-free vulnerabilities, and logic errors.
Project MF - Mark Abene (Phiber Optik) (YouTube)
- This project began in late 2005, when the website www.phonetrips.com came to Mark's attention. On that site one can find old recordings of phone sounds: call-progress tones, clicks, ker-chunks, all sorts of things. Someone had traveled around the country back in the 70s capturing these magical sounds. In addition, there were a handful of actual recordings of blue boxing recorded in a narrated "radio show" format for all posterity. Hearing those tones brought back memories of when Mark himself experimented with blue boxing back in the 80s. Blue boxing can best be defined as directly signaling those legendary MF tones across analog trunks in the old telephone network, exploring the inner workings through pure sound alone.
- After repeatedly listening to these "phonetrips," Mark thought to himself, "It's a shame all that's gone now. No more analog trunks or MF signaling, no more 2600 Hz. SS7 and the completely digital, intelligent routing network are the order of the day." And that's just the way things are. But wouldn't it be cool if there was some way to bring it all back? And so...
- This presentation is the daring story of how Mark used Asterisk and VoIP to bring back blue boxing - essentially a fully working model, connected to the public telephone network, of analog signaling in all its glory. We can all blue box again and Mark will show you how you too, with some Asterisk and VoIP experience, can use his code modifications to Asterisk to set up your very own working analog trunks and vintage routing codes, and ultimately recreate a piece of history for all telecom enthusiasts, MFers, and phone phreaks to enjoy.
Pseudonymous Software Development and Strong Distribution - V. Alex Brennen (YouTube)
- A talk and tutorial on cryptographically strong pseudonymous software development and distribution models with the intent being to show hackers that when developing software is forbidden by law, developers can use PGP and other tools to continue to safely exercise their right to free speech in the form of source code. There will be a description of software release, upgrade cycle, security advisories, development team collaboration, and how to handle the reception of bug reports and patches from users. In addition you will learn how software developed by cypherpunks like the anonymous re-mailers, onion routing network implementations, and PGP key server networks can be used. See how the software works in theory (not command line options, etc.) covering topics like public key cryptography, digital signatures, zero knowledge proofs, and reputation systems. There will also be a discussion of the use of not commonly used cryptographic technologies such as ring signatures to prevent successful rubber hose attacks by authorities.
Radio Communications for Hackers, Amateurs, and Activists - LinH, Bernie S., Joseph Battaglia, and Skip Arey (YouTube)
- Sometimes cell phones, telephone lines, and Internet connectivity just aren't good choices for communications. Whether those networks are down, unreliable, too expensive, or you just don't trust carriers or ISPs to not hand over all your communications records to Big Brother's data-mining program, there are alternatives. Amateur (ham) radio, GMRS, FRS, MURS, Part 15, and other technologies can provide free and effective short-range or even global voice/data communications. This panel will explain how you can use the magic of radio to take control over your communications.
Retrocomputing - Sam Nitzberg, Cheshire Catalyst, Sellam Ismail, and Jason Scott (Jason Sadofsky) (YouTube)
- A regular feature of HOPE conferences, this year's retrocomputing panel will reminisce about bulletin board systems. The dial-up BBS was how many people sent their first email, read forum posts, and found the electronic communities that would later migrate to the Internet.
- Sellam will also give a brief introduction of the history of computing and talk about the various eras since the invention of the first modern day computers in the 1950s with an introduction to Babbage's work in the 1830s. Also discussed will be hacker history, phreaking history, how the culture sprang up, and what it has morphed into today.
RFID Privacy - Old Threats and New Attacks - Karsten Nohl (YouTube)
- A look at the challenging requirement of anonymity in RFID systems. After a discussion on proposed solutions to the privacy threat you will see how easily such solutions can be circumvented or completely broken. By looking at the physical characteristics of the tags, Karsten will demonstrate how new attacks can circumvent these solutions, some of which have been implemented in a lab. There will then be a look at the back-end infrastructure of the RFID system which will show that the currently outlined implementation will compromise privacy in ways that have never been anticipated - basically allowing for customer tracking over the Internet by everyone.
Selfness-Copyfight: From Censorship to New Business Models - Jorge Cortell, and Alvaro Gonzalez (YouTube)
- Pro-copyright cartels use direct extortion, among other methods, to keep their outdated business models and views alive. Yet the "copyfight" goes on and more and more examples every day prove that their view is not only very shortsighted, but dangerous. "Selfness" is the extreme opposite of copyright, not only practically (it is currently being used as a business model), but also philosophically.
Social Engineering Panel - Emmanuel Golddigger and Others (YouTube)
- Once again we continue the tradition of not only explaining what social engineering is, but demonstrating it to the throngs as well. Emmanuel has been confusing people on the telephone for many years and gets a whole lot of pleasure out of tricking total strangers into giving him information he has absolutely no business having. And after you see this in action, you'll be able to do it too! We always appreciate suggestions on who can be targeted. All sorts of special guests may drop by this panel.
TrackSploits - Lance James and Joshua Brashars (YouTube)
- In a time where bureaucracy can hold you back against a foe that is more agile, fast, and who definitely doesn't care about the laws they break, a new method of forensics is being developed. TrackSploits have been used against phishers, malware authors, and distributors as well as "black hat" hackers to gain intelligence on them in a passive, yet active, manner. These techniques do not break the law, but they will bend them and test the law's resilience. Techniques include tracking attackers behind proxies, breaking encryption algorithms to unmask IP addresses, stealing data back from the phishers in real-time, and using cross-site attacks to track malware authors. This talk will open your eyes about intelligence gathering and counterespionage against relentless entities dedicated to causing havoc and profiting from it.
Under The Desk at MIT - V. Alex Brennen (YouTube)
- A formal announcement of the creation of the Public Domain Software Foundation (PDSF). The PDSF is meant to be a parallel to the Free Software Foundation. It is being started to advocate and support the placement of source code and documentation in the public domain rather than under the GNU licenses. This presentation will include an explanation of how cryptographic management of identity makes many licenses unnecessary. Package and patch management solutions are becoming much more automated with Linux distributions as well as with various software packages. An explanation of why this trend is making the public domain a necessity for many types of modern software.
Underground Documentaries: The Art of the Interview and the Access - Julien McArdle (Seal) and Jason Scott (Jason Sadofsky) (YouTube)
- This panel will cover what it takes to make your own underground indy documentary - from asking "attack questions" to recording industry execs to approaching historical legends to sit down with you and be interviewed. Topics will include the equipment required, legal no-nos, the Creative Commons, editing, distribution, and how to do it all on the cheap.
Urban Exploring: Hacking the Physical World - John and Laura Leita (YouTube)
- A continuation of The Fifth HOPE talk that will cover more urban exploring. Topics will include how to find and navigate university tunnels and how certain aspects of society work/worked by looking through ruins. This presentation will include pictures and videos of various urban exploration sites. There will also be a discussion of urban exploring photography, ethics, laws, and safety.
Virtual Private Servers and the (Free) Open-Source PBX - Mark Silverberg (Skram) (YouTube)
- Mark will show how VPS virtual server technology can combine with the Asterisk PBX to replace your expensive, proprietary phone system - while still using the same server to run your website! Not only does this exciting technology apply to old-school Nortel sysadmins (with large corporate budgets) but phreaks at home can try this too!
VoIP Unlocking - The Prophet (Babu Mengelepouti) (YouTube)
- Voice over IP (VoIP) services such as Vonage, AT&T CallVantage, and Packet8 have recently gained popularity. Unfortunately, there's a catch: your VoIP phone only works with the phone company you bought it from. In this live demonstration, The Prophet will show you how to free a D-Link DVG-1120M VoIP adapter from the chains of AT&T CallVantage service. He will also demonstrate FreeWorldDialup, a free alternative to paid VoIP services.
Vulnerabilities in a Connected Future - Sysmin (Nathan Hamiel), and QuiGon (Gene Cronk) (YouTube)
- This presentation deals with the vulnerabilities of emerging connected technologies and their uses. As manufacturers continue to pump out new technology without properly assessing the risks, those risks end up affecting customers. The focus of this presentation deals with vulnerabilities and attacks on Smarthomes and Smartcars taken from analyzing these emerging technologies. Vulnerabilities also exist in these technologies from how users interface with and utilize them. Modern connected technologies are intrusive and it is important that everyone understand the dangers. This presentation also delivers a healthy dose of problems with the next generation IP protocol, dealing with problems in its implementation and future. IPv6 will play a big part in the connected future with integration into previously mentioned technologies and mobile devices. Lastly, the presentation will discuss problems with biometric authentication technologies and refute how these devices are being touted as security silver bullets.
Weird Technology - Gonzo DeMann (Michael J. Ferris), and Leo (YouTube)
- This panel will deal with technology that is a bit off the beaten path, technology of the government, private sector, and the home brew variety, as well as the legalities and affects of all this weird tech.
Wireless Security Flaws - Raven Alder, 3ric Johanson, and Brandon Uttech (YouTube)
- Wireless security flaws are commonplace but not many people realize just how much of the inner workings of infrastructure and management traffic for large networks are often accessible over wireless. Working as a team of professional penetration testers, the first time these three saw routing protocols and management traffic visible over 802.11, they thought the client really lacked clue. The tenth time, it wasn't so funny anymore.
- This session will show you the common switching, routing, and management traffic commonly present in urban wireless environments, discuss the security risks (from information disclosure to remote exploit), and show you how to prevent this sort of highly critical data from leaving your network by way of your access points. Using examples from the last five years of growing urban wireless presence, this talk will show the initial signs of backbone control traffic creeping out of poorly secured access points and present statistics on overarching protocol trends over time. The talk will then take a more serious turn, showing the sorts of damage that a malicious attacker can wreak on a network with the information provided in just a few routing protocol packets. Lower level attacks such as switching and CDP will also be covered. Finally, a ray of immediately practical hope will be offered, giving recommendations on actions that will prevent this sort of critical data from being advertised out of your wireless access points.
The Last HOPE
They don't even try to hide it anymore!
- The Last HOPE took place on July 18-20, 2008 at Hotel Pennsylvania in New York City.
- Post-The Last HOPE Analysis From Off The Hook, July 23, 2008.
- The Last HOPE - Part 1 YouTube video from Afternoon Playland.
- The Last HOPE - Part 2 YouTube video from Afternoon Playland.
- Emmanuel Goldstein - Sock Puppet Q&A YouTube video from Afternoon Playland.
- Speaker Information
- The Last HOPE Video Tracker
- The Penn Is Mightier
- Advanced Memory Forensics: Releasing the Cold Boot Utilities - Jacob Appelbaum (YouTube)
- This talk will cover some of the issues involved with "Cold Boot" attacks. A description of the multiple methods (disk, network, etc.) developed for targeting computers whose memory is being targeted for extraction. The tools used for these experiments will be released here. In addition, code will be released that was written and has improved since the initial public release of these experiments. This includes a dumper using a standard iPod with unmodified Apple firmware. In addition, an improved AES keyfinding tool has been implemented. Great caution has been taken to not stomp on important bits in memory. All of the tools will be released as free software. Possibilities for protection as well as other ideas for improvement of the attacks in software and hardware will be discussed. The paper related to this talk can be found at http://citp.princeton.edu/memory.
The Art of Do-Foo - Matt Joyce (YouTube)
- The one thing that sets a nerd apart from a hacker, a dork, or anyone else for that matter is simple. Nerds seek to quantify every facet of their lives. From baseball statistics to Star Trek trivia, there's a little nerd in all of us. But true nerds pursue the quantification of everything. The idea of this talk is to quantify successes and failures within the New York City community. By utilizing modern information theory and simple statistics, we can isolate the key factors that have both positively and negatively influenced the culture in our region. Why have specific projects succeeded? Why have others failed? What are key factors in the success of a community? This talk will have fun exploring a roller coaster of statistical exploits on what may be one of the coolest and difficult to quantify datasets our planet has ever known. Learn how to get down with your nerd self in a fun and educational foray into the hacking culture, and the numbers that comprise it.
The Attendee Meta-Data Project - LexIcon, Daravinne, Neo Amsterdam, Aestetix, Echo, Dementia, Matt Joyce, and Christopher Petro (YouTube)
- The Attendee Meta-Data (AMD) project is a large scale study of the movement, demographics, participation levels, and interests of HOPE conference attendees over the three day conference period. At registration, preregistered attendees and others on a first-come first-serve basis will receive a numbered badge with an active RFID chip and a unique PIN. They will take the badge number and PIN to a terminal, or to the internal website via their own laptop, choose a username, log in, and fill out a web survey querying biographical and interest-based data. As attendees move around the entire conference area, their presence will be tracked and their movement information will be compiled in a database alongside their contextual data. All this information will be funneled into a real-time data visualization. During the conference, attendees will be able to query the database and generate their own visualizations and data comparisons, play games based on timing and location, and find others with similar interests during game sessions. In this talk, the AMD project development team will discuss the concepts involved and answer questions about the system. On the last day of the conference during our closing ceremonies, the team will address the project's original goals, the results obtained during the conference, and what was learned throughout the whole process.
Autonomously Bypassing VoIP Filters with Asterisk: Let Freedom Ring - Blake Cornell and Jeremy McNamara (YouTube)
- Foreign governments and ISPs within Panama, Belize, the Caribbean, Mexico, Brazil, the UAE, China, India, Saudi Arabia, and others have implemented VoIP filters of some type. The effect is obvious - phone calls are effectively blocked. How can Asterisk developers and providers develop mechanisms to help maintain communication through the wake of government supported access control mechanisms?
- PowerPoint Slides
Bagcam - How Did TSA and/or the Airlines Manage to Do That to Your Luggage? - algormor (YouTube)
- Ever wonder exactly how TSA or the airlines managed to destroy your luggage or what security measures are actually in place once your checked luggage disappears from view? After having yet another bag destroyed while flying several months ago, algormor decided to build Bagcam to find out what happens once the airlines have control of your luggage. Bagcam is a small suitcase containing a mini-DVR and pinhole camera. This presentation will cover the construction of Bagcam, potential future enhancements to Bagcam, and issues to consider should you decide to build your own Bagcam. In addition, various security measures currently in place for commercial passenger flights and the efficacy of these measures will be discussed. Finally, select footage will be presented from flights through Washington D.C.'s Reagan National Airport (DCA); Ted Stevens Airport in Anchorage, AK (ANC); Sky Harbor in Phoenix, AZ (PHX); Chicago's O'Hare (ORD); and other airports.
Biohacking: An Overview - Chris Seidel (YouTube)
- Biological systems are large assemblies of parts that function together following rules of basic chemistry. As systems, they can be studied, modified, and engineered for novel purposes. DNA molecules contain the information used to encode living systems, and methods exist for discovering and manipulating this information. This talk will cover the basic components of biological systems, including how DNA can be modified to make new proteins or genetically modified organisms, such as fluorescent mice, therapeutic viruses, or bacteria that eat explosives or smell like bananas.
Botnet Research, Mitigation and the Law - Alex Muentz (YouTube)
- This talk will discuss current U.S. federal laws that affect botnet researchers and IT professionals defending against botnets. Existing methods of capture, analysis, and mitigation will be analyzed from a legal perspective. Likely scenarios and outcomes will be discussed in an accessible manner.
Building a Better Ballot Box - Smoke (YouTube)
- We all know by now the folly of current election technologies from Premier and Sequoia Voting DRE (Direct Record Electronic) systems as well as some of the new, more promising systems on the horizon such as the open-source OVC (Open Voting Consortium) and Scantegrity. The question of whether we can do better will be raised. What needs to be done to make this process better than it is today? Both software and hardware methods to secure the ballot box will be discussed.
Building Hacker Spaces Everywhere: Your Excuses are Invalid - Nick Farr and Friends (YouTube)
- Four people can start a sustainable hacker space. Whether you're in an urban area where space is expensive, in the middle of BFE where finding four people is hard, or just outside of an active war zone in Uganda, there are few excuses left for not joining the global hacker space movement with a place of your own. This talk will cover the ten most often heard excuses for not building a hacker space and how existing hacker spaces, fab labs, co-working spaces, and other tech-oriented "third spaces" have solved them.
Citizen Engineer: Consumer Electronics Hacking and Open-Source Hardware - Phillip Torrone and Limor Fried (YouTube)
- In addition to the future of DIY, building hardware, open-source hardware, and a roundup of amazing projects anyone can build, this talk will present the debut of the film Citizen Engineer - named after the HOPE Number Six talk. The session will be the first time this how-to video series for hacking is shown in public. There will also be some hands on hardware demos, hacking, and a lot of trouble.
A Collaborative Approach to Hardware Hacking: NYCResistor - Bre Pettis and Friends (YouTube)
- In this panel, 18 members of NYCResistor will each, in turn, speak about a piece of infrastructure or project associated with their hacker space collective. By presenting 18 perspectives on the infrastructure, process, and projects, you will experience different windows into the organization. The presentation will encompass stories and pictures of cake, lasers, and drink serving robots as well as insight into such fascinating topics as book balancing, documentation, and the massive importance of failure. NYCResistor is a Brooklyn-based hacker space focused on learning, sharing, and making things.
Community Fabrication - Far McKon (Jon McKamey) (YouTube)
- In the 1970s, computers were still the foray of big business and government. They were known to be powerful tools, but they were beyond the reach of individuals. Though several other home computers came out in the early 70s, the MITS Altair 8800 is generally credited as sparking the home computer revolution, which in turn sparked computers everywhere. The base of another revolution in fabrication powered by hobbyists will be revealed here. The Fab@home, RepRap, and other projects will (hopefully) do the same thing for fabrication. This talk will cover community based fabrication, why it's so cool, and how it could fundamentally alter the global economy for the better.
A Convergence of Communities - John Strauchs (YouTube)
- Most people in either industry already know something about the relatively recent convergence of computer technology (CT) and physical security. But they probably aren't aware that computer professionals are increasingly assuming a leadership role in the process, as well as the management of the process. Moreover, the physical security and computer technology (CT) and information technology (IT) communities have traditionally been at odds. Computer professionals don't know as much about physical security electronic systems and devices as they think they do. Conversely, physical security senior managers know virtually nothing about CT and some don't want to! This session will examine the convergence phenomenon from both perspectives. It will review what is occurring, how it is happening, and what effects it has on both security and CT/IT. The effects upon, and from, the Department of Homeland Security will be discussed. The session will conclude with an in-depth analysis of Homeland Security's shortcomings and unmet needs and the role of CT/IT in protecting the nation. The critical need to triage security resources will be examined, along with a look at how it should be done, as well as an attempt to understand why it isn't already happening.
Crippling Crypto: The Debian OpenSSL Debacle - Jacob Appelbaum, Dino Dai Zovi, and Karsten Nohl (YouTube)
- In May 2008, a weakness in Debian was discovered which makes cryptographic keys predictable. A Debian-specific patch to OpenSSL broke the pseudo-random number generator two years ago, which led to guessable SSL and SSH keys. The vulnerability allows for impersonation of secure servers, as well as the potential to login to SSH secured systems. Since many popular derivatives like Ubuntu and Xandros are affected, the weak keys are found all over the Internet. The panel will present their approach to generating lists of weak keys using cloud computing and explain how they collected large numbers of SSL certificates of which several thousand are weak.
Death Star Threat Modeling - Kevin Williams
- In the field of Information Security, the terms vulnerability, threat, and risk have specific meanings and are often misapplied and misidentified in projects. This presentation will explain threat modeling as it applies to information and application security projects, utilizing the shared memory of the Death Star trench run as an analogy to better understand these concepts. You will learn how to define risks, threats, vulnerabilities, and countermeasures; how to integrate threat modeling into a software development lifecycle; examine example threat modeling methodologies; and hear real-world anecdotes of threat modeling successes and failures.
A Decade Under the DMCA - Marcia Wilbur (YouTube)
- In October 1998, the Digital Millennium Copyright Act (DMCA) was signed by President Clinton. Since that time, the DMCA was used to prevent free speech and reverse engineering. The DMCA offers patent-like protection although this is a copyright law. Many people have been adversely affected by the DMCA. Cases will be discussed and information regarding filing counter notifications will be presented.
Dirty New Media: Art, Activism, and Computer Counter-Cultures - Jake Elliott (YouTube)
- This talk presents a short history of electronic art by illustrating connections between artists, activists, and hackers. The connections and histories presented include: the demoscene and its origins in software piracy; video and conceptual artists in the 1970s and their activist work; contemporary artists working with circuit bending and other detournements of modern technologies; the Chicago "dirty new media" community; contemporary artists, hackers, and activists creating software and electronic art with a punk/anticapitalist ethos. Excerpts of work from these different artists and communities will be screened and discussed.
Earth Intelligence Network: World Brain as EarthGame - Robert Steele
- The first speaker at the first HOPE in 1994 will describe the emergence of the Earth Intelligence Network, the World Brain, and EarthGame as the triumverate that will empower We the People and make most governance and many organizations both transparent and obsolete. Emphasis will be placed on the eradication of corruption and restoration of the sovereign individual.
E-Mail: Descendant of the Telegram - The Cheshire Catalyst
- The former telex hacker will take us on a verbal tour of yesteryear when telegrams meant the smell of machine oil and teletype machines. You'll learn how the term "break text" became the equal sign and why you should indent your name five spaces to "sign" your e-mail. It's a geek thing. Maybe you can understand.
The Emperor is Naked - Virtualization Technolgies Examined - Michael Kemp (YouTube)
- Virtualized technologies are being lapped up left, right, and center by corporates committed to the cash savings they promise. Sadly, the savings that can be gleaned are not without the attendant risk. Instead of nice normal networks that people can understand, many vendors are offering networks in a box. As well as being lovely single points of failure, they have a number of risks that remain largely unexplored. Research has already been conducted around platform virtualization technologies such as VMWare, but there still exists a fundamental flaw within virtualized resource technologies that no one seems to have spotted. This talk will illustrate why and how virtualization works, what the difference is between what the vendors say and how it is being implemented in RL, and will discuss a theoretical vulnerability that if it can be exploited can bring down the house of cards.
Escaping High Security Handcuffs - Ray (YouTube)
- Everybody knows normal police handcuffs are no real challenge for lockpickers, even though it helps to know the inner workings and tiny differences of the various models in use today. Less publicly known is that there's also a variety of "high security" handcuffs on the market, used mainly for high-risk prisoners and during transfers. But those also have their weaknesses... This talk will give an overview of the products in use today and their different attack vectors - not only focusing on picking but also bypassing some of the most advanced locking mechanisms used in this field.
Evil Interfaces: Violating the User - Gregory Conti (YouTube)
- In a perfect world, interfaces help users accomplish tasks quickly and efficiently. However, in the real world, interfaces are often designed to manipulate users into behaving according to the designer's calculated and suspect intent. Malicious interfaces abound on the web - employing trickery, misdirection of browsing, forced viewing of advertisements, and even animations designed to trigger epileptic seizures. Evil interfaces are seen virtually anywhere profit is at stake, from desktop applications and websites to gas pumps and toothpaste dispensers. This talk explores malicious interface techniques both on and off the desktop, and aims to energize the audience to pursue positive solutions. You'll leave with a better awareness and understanding of the problem, increased resistance to attack and ideas for generating solutions.
Exploration of Possibilities: Brain Hacking - Dot.Ret (YouTube)
- The human brain is an incredibly complex and advanced central processing system. Interestingly enough, in spite of its uniqueness in several respects, it has many qualities in common with modern computer systems. Like modern computer systems, the brain and ultimately the mind can be predictably influenced and even exploited. This talk will cover the basic nature of the brain in relation to computer systems and will discuss the relevance, the advantages, and the dangerous implications of this topic.
Jello Biafra Keynote - Jello Biafra (Eric Reed Boucher)
- A regular speaker at HOPE since 2000, Jello provides a unique and charismatic look at what's been going on in the world since the last time we all got together. Whether you're a technologist or a technophobe, his words will almost certainly have an effect on your emotions one way or another.
Kevin Mitnick Keynote - Kevin Mitnick (YouTube)
- The "world's most dangerous hacker" and subject of our documentary Freedom Downtime ($30) (along with many other more sensationalist pieces over the decades) gives us an update on what's been going on in his life since the last time he was here in 2004. (A severe case of food poisoning in Colombia forced him to cancel his HOPE Number Six appearance - which may be one of the stories he tells this time.)
- How to Unmask Caller-ID Using Asterisk (YouTube)
Steven Rambam Keynote - Part 1 - Steven Rambam (Steven Rombom) (YouTube)
- Part 2
- Hopefully there will be no surprises this year. In 2006, privacy expert Steven Rambam's two hour panel was disrupted by federal authorities who arrested him at the conference just prior to its commencement. In the end, he was completely vindicated and went on to finally give his talk several months later to a packed house at a local university. This year, Steven will be on for three hours, in part to make up for what you may have missed last time, but mostly because what he says about the state of privacy in our society will captivate you.
- MP3 - 1, MP3 - 2
Adam Savage Keynote - Adam Savage (YouTube)
- The esteemed co-host of the popular TV show Mythbusters on the Discovery Channel and "a maker of things" will give a captivating talk on the nature of his particular obsessions.
- Post-Talk Interview (3.5M MP3)
From a Black Hat to a Black Suit - How to Climb the Corporate Security Ladder Without Losing Your Soul - Myrcurial (Dave Lewis) (YouTube)
- You want it all. You can see the brass ring and you want to jump for it. But you're scared. You don't want to put on a suit and watch your soul shrivel like the spot price on RAM. There is another way. In this session, you will learn: why you want to do this to yourself, how to get the first job (which will suck), how to turn the first job into the next job (while still having fun), how to get the top job (sooner than you thought you could), and how to do it all without feeling like a corporate whore. You want to hack the planet? You've got to start somewhere.
Ghetto IDS and Honeypots for the Home User - Black Ratchet (Ben Jackson) (YouTube)
- Have you ever wondered what the heck was pounding on your Internet connection? Or what exactly was making your cable or DSL connection's activity light blink wildly when you knew there was no traffic from you? If so, this presentation will shine a light into the dark corners of your personal tube, showing you the unending stream of junk that comes across your Internet connection as well as how to pick out the good, the bad, and the ugly. This presentation will cover the steps involved in setting up a poor man's IDS and honeypot. Using open and freely available tools, strategies of IDS deployment on your home LAN and the setup of both low interaction and high interaction honeypots will be covered. Learn what you can expect to see, how to pluck out the signal from the noise, and generally be aware of what is flowing in - and out - of your LAN.
Graffiti Research Lab Extravaganza - Graffiti Research Lab (YouTube)
- GRL's presence at HOPE this year will be represented by Graffiti Research Lab in Utah. Michael Auger (aka Love Monkey 4000) will come from the mountains of Utah to the Big Apple to run workshops, conduct technology demonstrations, screen a movie, and announce (for the first time) a new GRL project very close to his heart: One Laser Tag Per Child. The event will start with a LED Throwie workshop. Throwie workshops only last until the supplies run out, anywhere from 30 minutes to an hour. The screening of the new GRL movie (fresh from Sundance, MoMA, the Tate Modern, etc.): Graffiti Research Lab: The Complete First Season will then begin. People will be encouraged to misbehave with their throwies in the dark, yell at the screen, etc. All this will be documented so that the HOPE viewing of The Complete First Season will actually be footage for the sequel: Graffiti Research Lab: The Complete First Season II. After the movie ends, GRL Utah will come to the front of the room and introduce GRL live via webcam from Korea. New GRL technologies and initiatives will be unveiled, including (but not necessarily limited to) the One Laser Tag Per Child system. During the course of the HOPE conference GRL Utah will man a table where interested attendees will be able to do the following: play with lasers, get trained on how to set up the laser tag system, take a closer look at the prerelease of the One Laser Tag Per Child system, download the disc image of the GRL movie (or buy the actual DVD), learn how to set up a GRL in their hometown.
Grand Theft Lazlow - Hacking the Media by Laughing at Them - Lazlow Jones (YouTube)
- A talk by Grand Theft Auto IV cowriter and coproducer Lazlow focusing on that phenomenal project as well as what's been going on in media in the last decade. Beginning in 1996, corporations began gobbling up every newspaper, billboard, radio and TV station in the United States. Ironically, since then, readership and ratings have plummeted, resulting in entertainment executives and editors programming even more sensationalist and desperate content. Lazlow discusses how parody of the media in video games, on TV, and online can often garner a larger audience reaction than the media establishment itself. He will describe why the mainstream media invents crises, and the reaction by the media and Hollywood establishment to the growing popularity of interactive worlds where players are celebrities rather than smug starlets tittering for TMZ. How can you hack the media? In this interactive talk Lazlow talks about his work in radio, video games, and the future of the media, democracy, and the role of comedy in it.
Hackateer Premiere - John Threat (John Lee) and Mark Abene (Phiber Optik) (YouTube)
- Hackateer is an episodic adventure series about a team of hackers who are being chased by quasi-government agencies. The show blends a reality "Do-It-Yourself" tech show with a scripted spy/adventure narrative shot in anime style. Embedded within the entertainment of an episode, viewers learn how to take everyday technology and use it in ways they never dreamed of and not always originally intended. The show also features interrogations with top hackers and tech people from around the world that are kidnapped by the Hackateers. Hackateer is also unique in that the show is cast with real underground hackers and the stories are drawn from world famous hackers and their real life exploits.
A Hacker's View of the Freedom of Information Act (FOIA) - Phil Lapsley (YouTube)
- As part of his book on the history of phone phreaking, Phil submitted hundreds of Freedom of Information Act (FOIA) requests to various three-letter government agencies. In this talk he will give an overview of how FOIA works, describe the type of documents you can get via FOIA, and discuss some of the typical FOIA stumbling blocks and workarounds to them. He will then focus on FOIA from a "hacker's perspective" and will examine the recent launch of several FOIA/hacker related websites such as GetGrandpasFBIFile.Com, GetMyFBIFile.Com, TvShowComplaints.Org, UnsecureFlight.Com, WhatDoTheyKnow.Com", and GovernmentAttic.Com.
Hacker Space Design Patterns - Jens Ohlig
- How do you get a hacker space started? How do you manage it once you have a space? This talk presents wisdom collected over a decade of building sustainable hacker spaces in Germany. Through "design patterns," Jens and Pylon will cover the essentials of assembling an initial group, finding the perfect location, and managing the community. Earlier versions of this talk have inspired the creation of the U.S. hacker spaces NYCResistor and HacDC. This version will inspire and help you create a hacker space where you live!
Hackers and Planet Earth - Peter Jackson
- Technological innovations of the last few centuries have changed our relationship with Planet Earth. With fossil fuel supplies in decline, energy demand growing, and worrying climate change predictions, the future doesn't look great. The presentation will start by briefly looking at the challenges that lie ahead. What can we as hackers, both individually and collectively, do to be more environmentally sustainable? How could we use our skills in the event of the situation reaching crisis point?
Hacking Cool Things with Microcontrollers - Mitch Altman (YouTube)
- Microcontrollers can do your bidding. This presentation will show a few fun, simple projects that Mitch has hacked together as examples to show how fun and easy it is to create your own microcontroller projects - even for people who have never built anything in their lives. Sample projects include: The Brain Machine, TV-B-Gone, Trippy RGB Light, LED Cube, Solar BugBot, and Mignonette (a very simple handheld game platform). Basic hardware design, simple firmware design, and how to use the free, open-source software available for programming the chips used will be discussed at this talk.
Hacking Democracy: An In Depth Analysis of the ES&S Voting Systems - Matt Blaze, Sandy Clark (Mouse), Eric Cronin, Gaurav Shah, Micah Sherr, Adam Aviv, and Pavol Cerny (YouTube)
- Last Fall, Ohio Secretary of State Jennifer Brunner commissioned Project EVEREST, a comprehensive security review of the electronic voting technology used in her state. The project contracted several academic teams and others to examine the election procedures, equipment, and source code used in that state, with the aim of identifying any problems that might render elections vulnerable to tampering under operational conditions. The ten-week project examined in detail the touch-screen, optical scan, and election management technology from e-voting vendors ES&S, Hart InterCivic, and Premier Election Systems (formerly Diebold). Penn led the analysis of the ES&S system source code, which is also used by voters in 42 other U.S. states besides Ohio. This talk will outline the U. Penn team's findings, which included the discovery of exploitable security vulnerabilities in almost every hardware and software component of the ES&S touch-screen and optical scan systems. Some of these flaws could allow a single malicious voter or poll worker to alter countywide election results, possibly without detection. The team will discuss their findings and will also describe more generally the process of analyzing 700,000 lines of unfamiliar source code in less than ten weeks under highly constrained conditions. The full 334 page report (which also includes analysis of the Hart and Premier systems done at Penn State and WebWise Security) can be downloaded from the Ohio Secretary of State's web site.
- Academic Evaluation and Validation of Election-Related Equipment, Standard and Testing - Final Report (11.6M PDF)
Hacking International Networks and System(s) using VoIP - Da Beave (Champ Clark) and Jfalcon (YouTube)
- There is an entire world of PSTNs out there that most people never bother to look into. People have a tendency to call within their area (country) and never stray or "wander" outside. This talk hopes to change that perception. With VoIP, we have the ability to call worldwide for fractions of a penny. Why not call that X.25 network in Russia? Or India? Why not explore foreign data networks and find new and old things still out there? Think war dialing in the U.S. is washed up? Why not try a country where computers and technology are built on the hardware we've thrown out? In many parts of the world, phone networks and data networks are built using the existing PSTN infrastructure. They simply can't afford to purchase modern SONET/DS hardware. Nor can they afford to run fiber optics or coax to every neighborhood. The legal ramifications in hacking such systems are significantly less than hacking U.S. computer networks. The media is filled with reports of Chinese hackers infiltrating U.S. networks. That being said, doesn't it make sense to return the favor?
Hacking the Mind, Hacking the Body: Pleasure - C4bl3FL4m3 (YouTube)
- A continuation of the infamous "hacking sex" third track presentation from HOPE Number Six. This will be a talk about sexuality, pleasure, and our bodies from a hacker's point of view covering such diverse methods as hypnosis, BDSM, role play, sex toys, and body modification. C4bl3FL4m3 will share her in depth (and sometimes hands-on) knowledge in increasing the pleasure felt by ourselves and our partners. With brand new material as well as tried-and-true secrets, this presentation is perfect for all genders and orientations. Topics covered will include erotic hypnosis, sex toys and their usage, BDSM, body modifications, meditation and other sexual/spiritual forms of mind altering, sexual role play, sexual techniques, cybersexuality, tele and technodildonics.
- MP3 - 1, MP3 - 2
Hacking the Price of Food: An Urban Farming Renaissance - Bicycle Mark (Mark Fonseca Rendeiro) (YouTube)
- With the global price of food rising dramatically around the world, the number of people at risk of starvation and malnutrition will also increase. The United Nations Food Program announced earlier this year that it would not have enough money or food to meet its targets due to the cost of food. In Egypt and other parts of the world, people have been rioting in the face of food shortages and sharp increases in prices. In places like Thailand that are famous for exporting rice throughout the world, the government has announced cutbacks in exports because of shortages. A grim picture, to say the least. Yet while this crisis seems to be unfolding, another rise has come to pass - the return of urban and community farms. How do these farms manage to exist, seemingly, outside the global game? Is their business model sustainable and is this truly a renaissance of growing and thinking locally? Through a series of podcast interviews and reports, the case is presented of how some farmers are hacking the price of food.
Hacking the Young Lady's Illustrated Primer: Dispatches from the Field of Educational Technology - Gillian "Gus" Andrews, and Ivan Krstic (YouTube)
- The takeaway message of this panel will be that the critical element in teaching with technology is people - and that hackers need to consider what this means. The talk will encourage the audience to consider the best ways to tackle the horrendous failures of current technology education. Topics to be covered: Neal Stephenson's The Diamond Age/Young Lady's Illustrated Primer and whether it can be achieved; the one laptop per child project and the difficulties it currently faces; hair-raising experiences writing an A+ certification curriculum; whether the Pacific Northwest Tree Octopus is real; responses from seventh-graders (or Why Johnny Can't Read on the Internet); and Richard Feynman already taught us everything we needed to know about education - why aren't we listening?
The History of Phone Phreaking, 1960-1980 - Phil Lapsley (YouTube)
- This talk will give a brief history of phone phreaking from 1960 to 1980 the Golden Age of the analog telephone network. After a quick introduction to the then-modern long distance network and "operator toll dialing," you'll see how the first "blue box" came to be, look at why organized crime loved the technology, and see how AT&T and the Department of Justice reacted to this fad in the 1960s. You'll then follow the phreaks into the 1970s as their hobby hit the mainstream in 1971 with the publication of Secrets of the Little Blue Box in Esquire and the founding of YIPL, the first phone phreak newsletter. As a bonus, you'll get to listen to some sounds of the old network! If you've ever used a blue box, this will be a phun trip down Memory Lane - and if you haven't, you'll get to listen to some great examples of hacking with tones!
Home Is Where The Heart Is? The Question of Jurisdiction - Douglas Spink (YouTube)
- A presentation on the subject of corporate legal jurisdictions and related topics. While this sounds boring on the surface, it's actually not - and is more and more relevant every year for those in the tech game. As physical human beings, we do in fact have a "home jurisdiction" in the legal sense, which is wherever we are living at present. However, corporations are also "people" in the legal sense but have a flexibility of where they call home. This ties into areas of international legal issues, corporate governance, privacy of company information, financial systems/banking, personal versus corporate liability, and so on. Basically, for anyone from a coder who wants "a company" to bill his clients through, all the way up to major tech projects that span multiple jurisdictions in a sophisticated way, few of us who play the tech game are not directly impacted by the question of where a company lives, where it calls home.
How Do I Pwn Thee? Let Me Count The Ways - RenderMan (Brad Haines) (YouTube)
- The business world has spawned a new kind of creature, the mobile, traveling worker. This creature typically carries a multitude of wireless devices on them while traveling to and from clients. Unless special care has been taken, these devices present a plethora of ways to pwn them and their data. This talk will take a look at a worst case scenario and go through all the ways one of these business travelers can be pwn'd at a distance by a bored attacker in an airport, hotel, or other public space.
How Piracy Feeds a Starving Audience - Michael Perkins
- This talk will present observations of the relationship between technology and art in a comprehensive look at how the rise of piracy and its effect on the music industry can enrich the art form as well as the global audience. Drawing from the ideology of open-source and user-supported technology, this talk will attempt to demonstrate that the concept of "free music" is set to overhaul the way in which music is created and acquired. The topics to be discussed include the history of the music industry, the war with the RIAA, Digital Rights Management, Creative Commons, and more.
How to Talk to the Mainstream Media - Stephen Cass (YouTube)
- Why bother with the mainstream media? Because that's where the audience is. Only a tiny percentage of blogs have sizable audiences and even the biggest of those are dwarfed by the audiences for TV news or the circulations of the larger dead-tree newspapers and magazines. Even online, websites run by mainstream media organizations are major players. If you're interested in getting your point across to as many people as possible, this talk will improve your chances by telling you what professional journalists want and why, how you can help give it to them, and what pitfalls to avoid. Also: how to become a TV pundit!
Identification Card Security: Past, Present, Future - Doug Farre (YouTube)
- Come learn how identification cards have taken over our lives, how they can be manufactured at home, and how you can start a legal ID making business. Learn all the tips and tricks about amateur ID manufacturing and pick up the first ever Complete Amateur ID Making Guide. Also, come test your ability to spot a fake versus a real and check out the newest in ID technology: polycarbonate laminates, biometrics, Teslin, and RFID. Lastly, see how corporations are affecting the identification card fiasco in the U.S. and how the Real ID Act is going to affect you. What's in your wallet?
The (Im)possibility of Hardware Obfuscation - Karsten Nohl (YouTube)
- This talk will discuss several different approaches to reverse engineering proprietary algorithms from hardware. It will focus on our mostly automated approach to reconstructing functionality by using a combination of analyzing photos of chip structures and protocol analysis. Using these techniques, the Mifare RFID tags were hacked, which caused quite a bit of public discussion about proprietary cryptography and "security by obscurity." The cryptography of the Mifare tags has several vulnerabilities including weaknesses in the random number generator and low resistance against brute force attacks. Furthermore, statistical flaws of the cipher enable very practical key-recovering attacks. This presentation will show the whole range of attacks as well as some general techniques to improve cryptographic protocols so they are more resistant.
- HOPE 2008: The Impossibility of Hardware Obfuscation Hack a Day entry.
The Innermost Unifier: Today It's the Corporate Anthem - Johannes Grenzfurthner
- Using different historical and current examples (especially from the area of the hardware/software-industry), Johannes will give a theoretical and applied - and not unamusing - overview on the musical genre of corporate anthems. Come and sing along. Powernapping is welcome, too.
Installation Art in HOPE Space - Daravinne (Christina Olson), Albert Hwang (Phedhex), Randy Polumbo, Erik Sanner, and Sean Mongomery
- In an effort to continue the knitting together of the art scene and the tech scene, Daravinne has gathered local artists to create art installations in the lobby and mezzanine spaces of the conference. Four artists are being showcased, each with their own unique spin on tech art. Albert Hwang has created a 3D wiremap, Randy Polumbo has some electrified flowers, Erik Sanner wants us to play chess, and Sean Montgomery's biofeedback wearables will tell you how you're feeling.
The Intersection of Culture Jamming, Hacking, and Hacktivism - Part 1 - Pan Goat (Jaime Magiera), Phineas Narco, Tim Maloney, %20, Fred Church, Steev Hise, Ricardo Dominguez, Bernardo Attias, and Mark Hosler
- Part 2
- Over the past nearly 20 years, the Internet has proved to be fertile ground for projects that raise awareness, question authority, and inspire social cohesion. Culture jamming, hacking, and hacktivism have helped provoke changes in the technical, cultural, and political aspects of our society. This panel aims to provide an overview of these techniques through examples of some of the more memorable projects. Starting with the manipulation of voicemail services and leading up to denial of service attacks on government web servers, the panel will cover how these projects were organized and executed as well as the reaction that they inspired. This 90 minute panel will also include a discussion section (with audience participation encouraged) where they will contemplate what use these techniques have in light of the quickly changing Internet and digital media landscapes.
Introduction to MCU Firmware Analysis and Modification with MSP430static - Travis Goodspeed
- The Texas Instruments MSP430 is a low-power, 16-bit microcontroller which is rapidly gaining in popularity in the embedded world. MSP430static is a tool for reverse engineering the MSP430's firmware. Following a quick tour under the hood of this tool, this lecture will demonstrate how to analyze, modify, and reflash a black-box firmware image.
Introduction to the Open Web Application Security Project - Tom Brennan (jinxpuppy)
- This talk will provide attendees with an introduction to the Open Web Application Security Project as well as a discussion and demo of application security hacks based on research of common client issues discovered when performing assessments. In the end, those attending will have a better understanding of APPSEC.
IPv6, the Next Generation Network Playground - How to Connect and Explore - Joe Klein
- A replacement for IPv4 was first imagined after the 1990 report warning of IP address exhaustion was released. It took another five years until the RFC for IPv6 was released and another year before it was implemented in an operating system (BSD) and a network (6BONE). During that time RFCs meant to extend the useful life of IPv4 were killing the end-to-end connections. This includes RFC 1518 - Classless Inter-Domain Routing (CIDR), RFC 1631 - Network Address Translation (NAT), and RFC 1918 - Address Allocation for Private Internets. From that point on, many protocols required workarounds, patches, and hacks just to continue to communicate. Worse yet, each change reduced the usefulness of firewall and increased the attack surface. Now, 18 years later, we have the opportunity to test and explore this replacement for IPv4. This presentation will discuss the basics of IPv6 including features, benefits, and addressing. There will also be a review of how to connect to the IPv6 network - even if your ISP is clueless. Discussion will include a review of tools needed to test and explore IPv6 as well as a look at the most common IPv6 vulnerabilities.
Steven Levy Keynote - Steven Levy (YouTube)
- The author of Hackers: Heroes of the Computer Revolution and chief technology writer and a senior editor for Newsweek will give us his insightful perspective of hackers, technology, and history.
Kitchen Hack Lab: Interactive Food Disassembly - Gweeds (Guido Sanchez) (YouTube)
- Open-source recipe development vs. secret restaurant techniques, hacked hardware vs. expensive science toys. Food hacking is the redheaded stepchild of molecular gastronomy. With audience participation, there will be some weird cooking, documenting of tasting notes on the wiki, a demonstration of current culinary exploits with kitchen appliance hacks, and an introduction of some recent food hacking ventures including hack lab tours and some dope culinary software.
Closing Ceremonies (YouTube)
- This is where it all comes to a thrilling conclusion. In an even longer than usual finale, we'll be sharing some of the highlights and technical details of the AMD project and what we learned from our experiment of RFID-enabled badges for 1500 of our attendees. We'll also have our entire network team on stage to let you know what succeeded this year and what didn't. And then it's on to the actual closing down of what will certainly prove to be a most memorable conference. Highlights will be recollected, prizes will be awarded, tears will be shed. This is the moment where we all realize just how much fun it's been and how we can accomplish great things (like cleaning up after the closing ceremonies) if we join forces and work together.
- MP3 - 1, MP3 - 2
Macro Social Engineering - LexIcon
- Macro social engineering is using social interactions, mass media, and other methods to affect wide scale social change. LexIcon will talk about leadership and the artist's editorial voice in relation to his own efforts to improve both the hacker community and the global community.
Maintaining a Locksporting Organization and Breakthroughs in the Community - Doug Farre and Jon King (YouTube)
- This presentation will go into detail about how to start and maintain a locksport organization and how groups like these can lead to influential research. You'll learn how to keep everyone excited about lock picking and how to turn your club into a well oiled machine for years to come. In addition, you'll find out what it takes to produce a good lock picker and see how anyone can influence the lock industry even after only a few months of being on the scene. Jon King's research on high security Medeco locks will be revealed in detail. There will also be a demonstration on how to build a tool to pick high security cylinders, and how the responsible disclosure of exploits in the hardware world can make a positive impact for all involved.
Methods of Copying High Security Keys - Barry Wels and Han Fey (YouTube)
- In this two hour workshop you will learn some new and advanced opening techniques for high security locks from two key members of the locksport group TOOOL in the Netherlands. Special attention will be given to duplicating high security keys and detailed analysis of modern locking systems. After the presentation, some of the tools and techniques can be seen up close at the Lock Picking Village. You are invited to bring your complex locks or "impossible to copy" keys....
Monumental Women Who Influenced Today's Technology - L33tphreak
- An historical summary of females who either participated in or were pioneers of advancements that affect the technology-driven industries of today. This talk will be covering topics including: the gender bias surrounding ENIAC and how it pushed women to show they can succeed in a "man's world," how "The Women of ENIAC" came to be and why, historical females in computing sorted in chronological order by birth starting in the early 1800s, the women who contributed to telephony, and ending with a short video clip borrowed from Nightline. This is designed as a 50-minute whirlwind journey exposing the estrogen-laced side of technology - women are strongly encouraged to attend and show their pride of being female geeks (a rare find in the testosterone ocean of technology).
The New York City Taxi System: Privacy vs. Utility - Nick Leghorn (YouTube)
- When people think of New York City, three icons come to mind: the Statue of Liberty, the Empire State Building, and the classic yellow taxi cab. However, even the most seasoned New Yorker barely understands the complicated system that transports over 241 million passengers every year, includes more than 40,000 vehicles, and generates in excess of $2 billion every year. During this presentation you will learn about the New York City taxi system and how the new technologies (such as GPS tracking, credit card transactions, SMS messaging, and touch screen kiosks in the car) are being implemented, including the privacy and security concerns that surround them. You'll also take a peek at some of the proposed changes that will make the New York City taxi system more accessible and more efficient.
No-Tech Hacking - Johnny Long (YouTube)
- The best way to describe this talk is to simply quote some of what we received from its presenter:
- "I'm Johnny. I hack stuff. I've been at it for quite a while now, and I've picked up a few tricks along the way. I get asked about my tricks all the time, mostly by kids who saw that movie. You know the one. But I've always said no. I've held onto my secrets as part of the pact I made with the hacker underground. I mean, I'm allowed to give talks and presentations about hacking stuff, but the secrets... the real super-cool secrets I've had to keep to myself. The head of the underground said so. But I got this email the other day that says I'm THIS close to getting kicked out of the underground. Seems the glare of the public eye has been on me for far too long and I've become a liability. So, I'm going to be proactive. I'm going to quit before they can fire me.... The underground is gonna be sooo ticked off."
"Off the Grid" Voice & Data Communications - Skip Arey, Bernie S., Redbird (Joseph Battaglia), and LinH (YouTube)
- It's Orwellian. We're so conditioned to believe we've little choice but to rely on government-regulated, corporate-owned voice/data networks designed to log our communications traffic and content. People can be held incommunicado by routine network failures, natural disasters, and by political actions- often when communications is needed most. But modern two-way radio can provide effective and reliable short-range and global voice/data communications at relatively little cost, and it can't be logged by conventional (CALEA) methods. This discussion will tune into the latest surprising developments in amateur (ham) radio, unlicensed spread-spectrum, and other two-way radio technologies and applications.
One Last Time: The Hack/Phreak History Primer - Jason Scott (Jason Sadofsky) (YouTube)
- In 2008 $2600 is 24 years old, the computer bulletin board system is a 30 year relic, and a good number of attendees of HOPE were not born when some events of the "modern" era of computers and hacking began. Historian Jason Scott of textfiles.com presents a quick primer of a large part of the basics of hacking and phreaking history, touching on those sometimes obscure or hilarious subjects that may have escaped notice in a Web 2.0 world.
Packing and the Friendly Skies - Why Transporting Firearms May Be the Best Way to Safeguard Your Tech When You Fly - Deviant Ollam
- After a particularly horrible episode of airport theft, Deviant made the decision to never again travel by air with unlocked luggage. Because of this he now flies with firearms all the time. Federal law allows (in fact, it requires) passengers to lock firearm-bearing luggage with non-TSA-approved padlocks and does not permit any airport staffer to open such bags once they have left the owner's possession. In this talk, you will learn the relevant laws and policies concerning travel with weapons. It's easier than you think, often adds little to no extra time to your schedule (indeed, it can expedite the check-in process sometimes), and may actually be the best way to prevent tampering and theft of bags during air travel.
- PowerPoint Slides
Pen Testing the Web with Firefox - John "DaKahuna" Fulmer and Michael "theprez98" Schearer (YouTube)
- Hacking the web has never been easier. Whether you're using Firefox as a standalone tool for information gathering, modifying your browser with innovative extensions, or using Firefox as a web front-end for other penetration testing tools, you can hack all within the potentially anonymous cozy confines of your customized browser. Putting it all together brings your hack-foo one step further. DNS lookups, uptime reports, hosted hash crackers and online scanners are at your browser's fingertips. With Firefox's innovative add-on feature, a number of powerful extensions have been developed for security scanning, ethical hacking, penetration testing, and general security auditing. Finally, a number of penetration testing applications are built specifically with web-based front-ends. Add in a few recommendations for your setup and a few places to test your hacking skills, and your recipe for hack soup is complete.
PenTest Labs Using LiveCDs - Thomas Wilhelm (YouTube)
- Despite being discussed in both books and a magazine article, the De-ICE.net PenTest LiveCD project is not well known. To help spread the word, this talk will discuss the history and current state of the project along with ideas for the future. In addition, a new project will be presented for the first time for those interested in learning more about PenTest tools.
PGP versus PKI - Laura Raderman (YouTube)
- Both PGP and PKI take advantage of public key technology, but they are fundamentally different in the ways they perform key management. The talk will start with a quick overview of asymmetric cryptography before diving into the details of how and why PGP and PKI are different, what audiences they serve, as well as how to get on the "PKI bandwagon." The discussion will be focused on the key management and trust issues in both technologies.
Phone Losers of America - Murd0c, Rob T. Firefly (Rob Vincent), I-baLL (Leo), and Sidepocket (Jordan White) (YouTube)
- The Phone Losers of America's 15th anniversary panel will include video presentation of various prank calls, real-life pranks on unsuspecting businesses and people, audio prank calls, real-time questions and answers, as well as a history of prank calls, phone phreaking and the ways the PLA have gone about setting everything up.
- PLA Media DVD 15 Years of PLA (July 2008)
Phreaking 110: The State of Modern Phreaking - I-baLL
- An intermediate talk about phreaking today. Discussion will include information about INWARDS operators and how to reach them, along with Automatic Call Distributor phone exchanges that allow anonymous access to all sorts of weird locations (911 operators, local operators, etc.) while confusing the crap out of the people on the other line as they see you coming in from nonexistent locations. Also touched upon will be the basics of SS7, the IAM, differences between CID, CPN, and ANI plus CLIR and CLIRO. Discussion will include Caller ID spoofing, tips on how to increase your chances of getting a fully legal tour of your local CO, and other topics such as calling supervision, telephone extenders, and weird telco tie lines.
Phreaks, Confs, and Jail - TProphet and Barcode (YouTube)
- In the mid to late 90s, phreaks spent a lot of time on teleconferences (known as "confs,") created a lot of mischief, and more than a few went to jail. Fast forward a decade and phreaks still spend a lot of time on confs, create even more mischief, and still occasionally go to jail. Join TProphet for a walk down memory lane and into the present day, where practically any security can still be defeated by a smooth-talking social engineer. More importantly, learn how new technologies such as VoIP can impact the trustworthiness of the telephone system (even including critical infrastructure such as 911).
Policy Hacking: Taking Back Public Sector IT - Arjen Kamphuis
- On January 1st, 2002, Arjen tried to access the website of the Dutch national railway (www.ns.nl) using Linux. The site refused him access, saying it was IE-only. This sparked a conversation with members of parliament about the need for open standards. Over a five year period, he progressed from talking to opposition MPs to meeting the economics minister directly and was able to significantly influence national policy despite total lack of funding or any specific mandate. As a result, the Dutch public sector will move to standardize on Open Documents Format and use open-source where comparable functionality is available in all new procurements as of 2008. Use of ODF as a public sector document standard will be mandatory in 2009. This talk will tell the tale of why this was accomplished, how it was done, and how others can do it too in other countries around the world. You'll learn how to get access to the powers-that-be, how to get non-technical people interested in the subject, and how to align your policy proposals with existing policies. While some of the political reasons for wanting open standards and open-source in government IT will be touched upon, the focus of the talk will be mainly on how to get results.
Port Knocking and Single Packet Authorization: Practical Deployments - Michael Rash (YouTube)
- Port Knocking and its big brother, Single Packet Authorization (SPA), can provide a robust additional layer of protection for services such as SSH, but there are many competing Port Knocking and SPA implementations. This talk will present practical usages of fwknop in Port Knocking and SPA modes, and discuss what works and what doesn't from a protocol perspective. Integration points for both iptables and ipfw firewalls on Linux and FreeBSD systems will be highlighted, and client-side support on Windows will be demonstrated. Finally, advanced functionality such as inbound NAT support for authenticated connections, sending SPA packets over the Tor anonymity network, and covert channel usages will be discussed. With SPA deployed, anyone scanning for a service with Nmap cannot even tell that it is listening; let alone target it with an exploit (zero-day or not).
Postal Hacking - CypherGhost (YouTube)
- A review of the United States Postal Service discusses numerous mail-related issues. What is the heaviest thing that you can send in a flat rate box? What happens if you mail a sphere? What are the mysteries of digital postage meters? A look at how modern automation allows you to send a letter 3,000 miles for only 42 cents and what security vulnerabilities might exist in that infrastructure. How the new "PLANET" barcode will track all mail in the future. It's all 100 percent legal, but sure to make the mailman wonder. Postal inspectors welcome.
Programming Your Mobile Phone for International Calling - The Cheshire Catalyst
- Many people are not aware of the nuances of setting up their mobile telephone for use in telephone networks overseas. Whether they plan to call their correspondents before they leave the states, or if they plan to call friends back home once they are there, The Cheshire Catalyst will explain how to program telephone numbers in the Contact List of a mobile phone so they will work no matter where the call is placed.
Project Telephreak - Da Beave (Champ Clark), Slestak, Notkevin (Kevin Reilly), Gid, R0d3nt, and Jfalcon (YouTube)
- Telephreak was a group that was never meant to be. That is, it wasn't started as a "group" or "club" for dorks. It just ended up that way. It started as a conference system that could be used to talk with other like minded individuals around the world. This club of dorks now encompasses several projects, mostly due to the members' diverse interests. These include OpenVMS clusters (public access) and VoIP related projects (Asterisk add-ons) to X.25 networks. This panel will also be discussing "Project Telephreak" that's located in the Mezzanine area. They will also discuss other projects currently being worked on, such as iWar, the Deathrow Project, various Asterisk projects, and non-VoIP projects.
Pseudonymization Methodologies: Personal Liberty vs. the Greater Good - Jon-Michael C. Brook (YouTube)
- Think of four facts that can separate you from the rest of the general populous: name, address, date of birth, or Social Security Number perhaps. They are all likely what's currently referred to as Personally Identifiable Information (PII). In the data privacy realm, PII disclosure is the CSI trace evidence that corporations are increasingly finding themselves as silhouettes within blood splatter patterns on the wall. These PII disclosures may be avoided through the use of anonymization, or more importantly, pseudonymization. This talk will focus on the history, methodology, benefits, risks and mitigations, and current players, as well as provide a demonstration of the technology.
REAL ID Act and RFID: Privacy and Legal Implications - Tiffany Strauchs Rad (YouTube)
- Radio Frequency Identification (RFID) is a practical and useful technology for locating items without the requisite close proximity as needed with older technology, such as bar codes. However, new technologies such as RFID "powder," internal and external pre-crime detectors, and insertion into children's clothing and other personal items have pros and cons associated with the practicality of its use. In addition, RFID use in access control, identification documents, and banking cards, while convenient and illegal to jam, may lack important security features to prevent unauthorized scanning and usage of the data contained. The REAL ID Act mandates using RFID in ID cards that most Americans should carry for domestic airline travel and must carry for international travel. This discussion will examine current RFID technology and security concerns as well as how the RFID technology implemented in REAL ID Act cards and passports may pose privacy and security risks.
Reprimand Panel - Gonzo DeMann (Michael J. Ferris) and I-baLL
- One would think that, after being online for six years, an e-zine would have a few stories to tell, and the Reprimand does. There will be nothing technical on this panel. It will be a lighthearted look back over those six years, the beginnings of the zine, and some of the adventures that were had. Come listen to the culture jam, and be with friends talking to friends.
RIAA Litigations: How the Tech Community Can Help - Ray Beckerman and Zi Mei (YouTube)
- This talk will be an update on RIAA litigations against ordinary individuals based on allegations of p2p file sharing. It will focus on the RIAA's legal theories and how they threaten the Internet, the RIAA's reliance on "junk science" to make its case, and what the tech community can do to help.
Safe-Cracking - Eric Schmiedl (YouTube)
- Despite many appearances in film and television, fairly little is widely known about how safes can be opened without the proper combination or key. This talk will attempt to address some of the questions commonly asked about the craft, such as is it really possible to have a safe open in a minute or two using just a stethoscope and some clever fingerwork? (Yes, but it will take a bit more time than a few minutes.) Are the gadgets used by secret agents in the movies ever based on reality? (Some of them.) The talk will cover several different ways that safes are opened without damage, as well as the design of one lock that is considered completely secure.
Sharing Your Love of Technology with Normal People - Prometheus Radio Project Tips - pete tridish and Steph99
- Prometheus Radio Project, based in West Philly, builds radio stations with farmworkers' unions, civil rights groups, neighborhood associations, and others who want to free the media from corporate control. They have built radio stations in Guatemala, Kenya, Mexico, and Tanzania, as well as all over the United States. In Greek mythology, Prometheus was the one who stole fire from the gods, who had been hoarding this powerful technology, and taught humanity to use it. Representatives from Prometheus Radio will discuss their work building radio stations and fighting to change the laws so that more groups can have access to the airwaves. In this talk, they will particularly focus on their practices in demystifying technology with groups that lack prior technical training. Prometheus has built 11 stations in "radio barnraisings," where over 200 volunteers converge to build a full operating radio station over a three day weekend, with most participants having never touched a soldering iron before in their lives. While focusing on Prometheus' experience with radio, this presentation can be helpful to any nerd who has tried to explain a technical subject to people who lacked technical knowledge or skills. Are there things that geeks can do that can help normal people share our fascination with technology? It's magical when someone who thinks they know nothing about a technology suddenly realizes that they understand it and can use it just as well as the rich and powerful can! Prometheus will share the tricks of popular technical education they've learned over the years.
Simulating the Universe on Supercomputers - Mark Vogelsberger (YouTube)
- This talk will describe recent progress in the field of cosmic structure formation and will mainly focus on computational problems and methods carrying out such large simulations on the fastest supercomputers available today. It will also present very recent results on a new simulation of the Milky Way dark matter components. There will be a discussion of virtual maps of gamma-ray annihilation radiation seen by a NASA satellite. If this satellite can discover dark matter by its annihilation, this would mark a new very large step in science.
The Singularity: Focus on Robotics and Hackers - Ben Sgro (mr-sk)
- The 1970s was an era of technological breakthroughs. Exciting projects and groundbreaking discoveries were made by hackers, government, and commercial entities. Today we should consider ourselves lucky to be sitting in the front row for the birth of the robotics industry. Nearly 40 years after the birth of the computing industry, our lives are merged with the Internet. Similar to the 1970s computing industry, early robotic developments are complex and their practical applications are rare. Less than 40 years from now, our bodies and minds will be merged with the robotics and technologies we are creating today. In our lifetime, we will see software merged with robotics that mimic humans, surpass them, and proceed to yield creations of their own. There will be no distinction between human and machine or between physical and virtual reality. AI, robotics, and other emerging technologies will result in the Singularity; a fundamental paradigm shift for human kind. This presentation will dive into the Singularity, current and emerging robotics, and discuss where hackers fit into all this. Various robotic platforms will be on display as well.
Social Engineering Panel - Emmanuel Golddigger and Friends (YouTube)
- In a tradition that began at the very first HOPE conference, the art of social engineering will be discussed and demonstrated against random hapless victims over the telephone live for your entertainment.
Spy Improv: Everything You Ever Wanted to Ask and Did Not Know Who to Ask - Robert Steele (YouTube)
- The recovering spy and ass-kicking critic of everything stupid will range wild, interspersing comments on 9/11, Dick Cheney, Rudy Guliani, and other misfits, with straight-up, no bullshit answers to any question.
- MP3 - 1, MP3 - 2
Starting Your Own Con for Fun and No Profit: A How-to - Paul Schneider (Froggy) and Jodie Schneider (Tyger)
- One of the core values of the hacker scene is the concept of DIY. If you don't like something, whatever it is, get busy, do-it-yourself, and do it better! In this presentation there will be a discussion of the experiences in starting Notacon in Cleveland from the ground up with little to no experience. A look at some of the problems and pitfalls encountered, as well as some of the things Jodie and Paul did to save themselves tons of headaches. Along the way they will touch on the concepts of taxes, law, organization, human nature, and even some of the stupid shit people have done at previous events. This will be a discussion about what's possible in the future at other events and an inspiration for those who have an idea to throw a con to just go ahead and do so!
Strengths and Weaknesses of (Physical) Access Control Systems - Eric Schmiedl and Mike Spindel (YouTube)
- Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available - card readers, biometrics, or even posting a guard to check IDs - each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. This talk provides a comprehensive overview of 20 different access control technologies that focuse on weaknesses (particularly little known or not-yet public attacks) and other points that a buyer would not likely get from a vendor. Also presented will be a model for thinking about access control systems in general that will provide a useful framework for evaluating new or obscure technologies.
Technical Surveillance Countermeasures - A Brief Primer on the Arcane Art and Science of Electronics Surveillance and "Bug" Detection - Marty Kaiser (YouTube)
- The spooky world of covert electronic surveillance and countermeasures by governments, corporations, and individuals is veiled in secrecy, intrigue, and myth. Few people are well qualified to speak authoritatively about it, and fewer still are willing to. Hear firsthand from one of the most legendary and respected wiretap and bugging experts in the United States about some of the methods and technologies used, some case studies, and the future of privacy and surveillance from an insider's viewpoint.
- Higher Resolution Video (YouTube)
Undoing Complexity - From Paper Clips to Ball Point Pens - Matt Fiddler and Marc Tobias (YouTube)
- This talk will be a systematic approach to dissecting and disabling multiple layers of physical security in locks. In this presentation, the focus will be on embedded design defects in high security locks, and how their discovery translates into security vulnerabilities and the disclosure of such flaws. The attack methodology for high security locks will be reviewed. Demonstrations will include case examples, examining tolerance exploitation, code design analysis, and leveraging the interaction of internal components within a locking system to achieve different types of bypass. The application of this program in the development of covert, surreptitious, and forced methods of entry will be examined. Also discussed will be the concept of responsible disclosure upon the discovery of security vulnerabilities, and how this concept applies to both those who discover flaws and to the manufacturer that produces them, and why the same concept becomes a technical, logistical, legal, and financial minefield for manufacturers.
VLANs Layer 2 Attacks: Their Relevance and Their Kryptonite - Kevin Figueroa, Marco Figueroa, and Anthony L. Williams (YouTube)
- Proper network infrastructure configuration is a crucial step in a successful in depth defense strategy for any organization. The fact that the network fabric is susceptible to these attacks years after their initial discovery is alarming and disgusting at the same time. This discussion revisits these attacks using contemporary techniques and tools and also offers equally contemporary solutions to mitigate or foil these malicious network attacks as the case may be. Networking professionals will be able to walk away from this presentation with solid remedies to these issues and with a reinforcement that they actually still exist and are pertinent to a network security strategy that will function now and in the future.
VoIP (In)security: Italians Do It Better - Alessio L.R. Pennasilico (YouTube)
- Various VoIP vulnerabilities will be described here using some real case histories. There will be a detailed explanation of how a small group of annoyed Italian VoIP hackers used the Chaos Computer Club phone network during the 2007 hacker camp for fun and profit. Also, the story of a disgruntled employee, ways to fool bosses, how a stupid joke can turn into a social engineering attack, and what the implications might have been had the group been malicious. Italian grappa will also be a subject of discussion.
Warrantless Laptop Searches at U.S. Borders - Decius (Tom Cross) (YouTube)
- U.S. customs agents have begun randomly searching the contents of laptops carried by individuals across U.S. border checkpoints. Personal laptops contain increasingly vast and intimate collections of information about their owners, and cannot be easily sanitized for government inspection prior to travel. The privacy implications of this policy are obviously tremendous. There is presently a debate in the U.S. court system about the constitutionality of these searches. This talk will cover the developments so far, explaining (and criticizing) the basic legal framework in which this debate is occurring as well as the reasoning employed by the courts that have heard this issue. Related topics will also be discussed, such as recent controversy over the Fifth Amendment right to refuse to reveal an encryption password to the police and the Anti-Counterfeiting Trade Agreement. Attendees will be armed with a deeper understanding of these present threats to our fundamental rights.
What and Who is "Anonymous?" - Alex Vanino (DeMiNe0), Dusk, Little Sister, Mike Vitale (Sethdood), PokeAnon, Atkins, and Ryan Hannigan (Dr3k) (YouTube)
- Anonymous is an anti-group which takes nothing too seriously and values free speech in the extreme. The self-styled Anonymous (used as a mass noun) is a label and Internet meme adopted within Internet culture to represent the actions of Internet users acting anonymously toward a given agenda. In this sense, Anonymous is "all of us, yet none of us." The term is used in phrases such as "We are Anonymous. We do not forgive. We do not forget." More recently, in 2008 specific actions were undertaken by specific group, groups, or organizations, also self-named as "Anonymous," and often associated with websites and chat systems on the Internet. The general public's introduction to the group began with Project Chanology, a protest against the Church of Scientology. The most visible element of the protest was mass protests of many Church sites worldwide, the first being held on February 10, 2008. Anonymous, as a protest group, lacks a visible hierarchical structure or leaders, instead relying on individuals to contribute to the group on their own.
Wikipedia: You Will Never Find a More Wretched Hive of Scum and Villainy - Virgil Griffith (YouTube)
- Not only the world's largest text-based MMO, Wikipedia is a staple of the Internet user's information diet. Because of this, Wikipedia is also laden with manipulation, forgery, and the downright unscrupulous. In a never before seen presentation, Virgil will mine deep into the bowels of Wikipedia to unearth nefarious deeds whose perpetrators never thought would see the light of day. New software will be released at this talk. If you liked WikiScanner, you will like this more.
YouTomb - A Free Culture Hack - Oliver Day, Dean Jansen, Quentin Smith, and Christina Xu
- YouTomb scans sections of sites where popular videos pop up (Digg, Technorati, YouTube, etc.) and adds these videos to a database. This growing database is continually re-scanned and all the metadata is logged. When a video from the YouTomb database (about a quarter million right now) goes down, it is featured on the YouTomb website. The future of YouTomb may include: tracking geographic blocking, caching the videos themselves, tools for bloggers and people embedding YouTube clips, a search function(!), and more. YouTomb was born at Free Culture MIT. This session will begin as a presentation, but should quickly become an interactive discussion.
The Zen of the Hacker - Joshua Ginsberg
- An inquiry into the conditions under which hacker culture thrives, the curiously American quality of hacker culture, and the evolving challenges for preservation of the hacker ecosystem.
The Next HOPE
- The Next HOPE took place on July 16-18, 2010 at Hotel Pennsylvania in New York City.
- Post-The Next HOPE Analysis From Off The Hook, July 21, 2010.
- Bios of Speakers
- The Next HOPE on Twitter
- The Next HOPE - Pictures 1 Flickr set by Laughing Squid.
- The Next HOPE Geiger Counter (Hack-a-Day Entry)
- The Next HOPE: WikiLeaks Ballet (YouTube)
- Cool Stuff at The Next HOPE 2010 (YouTube)
- Go Null Yourself at The Next HOPE Audio, video, and pictures.
- The Next HOPE Pictures From David Richard Larochelle
- Hacker News Network Goes to The Next HOPE in NYC Part 1
- 2600 Meetings: Yesterday, Today, and Tomorrow - Rob T. Firefly (Rob Vincent), Grey Frequency, Gonzo (Michael J. Ferris)
- In this panel, longtime attendees and website admins of New York City's 2600 meeting will explain how an event that began in the 1980s as a simple way for local hackers to meet each other in person has grown into a major and vital part of the worldwide hacker community. The panel will recap the history of 2600 meetings, and explain the basics for those interested in getting involved with an existing meeting or starting a new one. Issues involved in operating a 2600 meeting's web presence will also be addressed. There will most certainly be a recounting of some favorite meeting stories and experiences, and the lasting effects the meetings have had on all sorts of lives.
American Bombe: How the U.S. Shattered the Enigma Code - Shalom Silbermintz (YouTube)
- Many people know the story of Alan Turing and his work at Bletchley Park in designing the British bombes, the machines used to crack the German Enigma codes. What most people don't know is what happened afterward. When the German military added a fourth rotor to the Enigma, a new type of machine was needed in order to crack the codes and keep Allied intelligence out of darkness. These American bombes were the first multifunction computers ever built, and are an important part of the history of modern computing. It's the incredible, gripping story of an enterprise that rivaled the Manhattan Project in secrecy and complexity, and ultimately led to the first modern digital computer.
Arse Elektronika: Sex, Tech, and the Future of Screw-It-Yourself - Johannes Grenzfurthner
- We may not forget that mankind is a sexual and tool-using species. From the depiction of a vulva in a cave painting to the newest Internet porno, technology and sexuality have always been closely linked. New technologies are quick to appeal to pornography consumers, and thus these customers represent a profitable market segment for the suppliers of new products and services. Currently, all factors show that high-tech developments owe a great deal of their success to the need for further sexual stimulation. One could cite the example provided by the science fiction concept of a full-body interface designed to produce sexual stimulation. But it isn't science fiction anymore. It's DIY. As bio-hacking, sexually enhanced bodies, genetic utopias, and plethora of gender have long been the focus of literature, science fiction and, increasingly, pornography, this year will see us explore the possibilities that fictional and authentic bodies have to offer. Our world is already way more bizarre than our ancestors could have ever imagined. But it may not be bizarre enough. "Bizarre enough for what?" you might ask. Bizarre enough to subvert the heterosexist matrix that is underlying our world and that we should hack and overcome for some quite pressing reasons within the next century. Don't you think, replicants?
Bakeca.it DDoS - How Evil Forces Have Been Defeated - Alessio L.R. Pennasilico (mayhem)
- What if your infrastructure was attacked by a skilled and powerful organization, able to control many zombies all around the world? A real case history will be analyzed, with a long trip through sleepless nights, finishing with a DIY solution using OpenBSD based servers and a bit of cleverness, all of which eventually led to a happy ending.
Behind the Padlock: HTTPS Ubiquitous and Fragile - Seth Schoen
- HTTPS is finally getting adopted all over the place - including Gmail, Twitter, Facebook, Google Search, and Wikipedia - as people realize that packet sniffing is easy and credit cards aren't the only sensitive information we send over the Internet. At the same time, a new series of attacks and scandals have shown that TLS is rather fragile. SSL stripping lets attackers bypass sites' HTTPS-only policies; a series of scandals over the past two years has renewed skepticism of certificate authorities' role and the security of the global public-key infrastructure. More and more people are wondering who those strange organizations are, what they're doing in our browsers, whether anyone knows if they're doing a good job, and even how to pronounce some of their names. And recent evidence suggests some CAs may be inept - or cooperating with national governments. Seth will explain the push to increase HTTPS deployment to protect privacy and fight Internet censorship, but also make its protections more meaningful and robust. He'll describe the work on Firefox plugins that change the browser security model, and ideas on information sources that can supplement the certificate authorities. The talk will also include a look at SSL Observatory, which aims to collect data to catch rogue CAs in the act.
The Black Suit Plan Isn't Working - Now What? - James Arlen (YouTube)
- The suit plan isn't working. At The Last HOPE, James told you all about the awesomeness of The Black Suit. But you're finding that it's not really working out... maybe it's possible to lower the goal? Can we take advantage of the Econopocalypse, the fact that two years have gone by, and infiltrate the upper echelons without having to leave the Black Hat behind? With cyber humor, blistering criticism, and awesometastic possibilities, spend some time in a discussion about ways to get to the place we all want to be - employed and happy.
Botnet Resistant Coding: Protecting Your Users from Script Kiddies - Peter Greko, Fabian Rothschild
- Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus' availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.
"Brilliants Exploits" - A Look at the Vancouver 2010 Olympics - Colin Keigher (YouTube)
- With the 2010 Winter Olympics having come and gone, it's not too late to look back at what an event it was. From a technology standpoint, CCTV cameras and ticket sales will be looked at, and from a social standpoint, matters involving intellectual property as well as the police will be examined.
- Brilliants Exploits - My Talk at The Next HOPE
Build Robots and See the World - Jonathan Foote
- Computing and electronics parts are inexpensive enough these days to allow amateurs to build surprisingly sophisticated machines on a budget. Jonathan will talk about his experiences building kinetic artworks like Chassis the Drink-Serving Robot and SWARM, the collection of six spherical orbs that roll without wheels. He will discuss how it got started, how the robots work, and how knowing what you are doing is not always the best approach. Although they haven't quite achieved world domination, he and his collaborators have exhibited robots at the Coachella Music Festival, the International Festival of Cocktail Robotics in Vienna, as well as the Techkriti Festival in Kanpur, India. The interested beginner will wind up with a bunch of tips and sources for getting started in robotics.
Building and Breaking The Next HOPE Badge - Travis Goodspeed (YouTube)
- This lecture describes the design of The Next HOPE badge's hardware and firmware, as well as the security of the same. Attendees will learn how to add a USB chip, how to reflash a badge with new firmware, and how to write new software for the device. Additionally, attacks against which the badge is - or is not - defended will be explored in detail. Topics will include the design of the Open Beacon firmware, forced firmware extraction, and the repurposing of badges into packet sniffers, radio jammers, Morse code beacons, and a dozen other things
- Hacking The Next HOPE Badge (Badge Schematic)
Burning and Building Bridges: A Primer to Hacking the Education System - Christina "fabulous" Pei
- Public education today consists of underpaid, overworked, and generally dissatisfied teachers who are tasked with force-feeding students overwhelming amounts of information, perfectly regurgitated onto multiple-choice exams. State exams, for their part, are written by people who understand neither content nor students. Over the years, we have successfully created an education system that stifles creativity, stymies logical reasoning, and stunts learning. Long gone are the days of self-motivated learning, when children used their hands and their heads, piecing the world together with all their senses. Fortunately, we have hackers and hackerspaces. Makerspaces and art spaces, music spaces and theater spaces. Here are the last vestiges of true education, where individuals still take objects and learn from them - observe, break apart, analyze, fix, and piece back together. If we can accept the productive and creative capacities of such spaces, and use them as community centers for learning, we have the potential to become the next big force in public education. This talk will be about hacking education as we hack anything else. That is, break the existing system, throw out what gets in the way (tests, outdated formulas, teacher-centric classrooms), reconstruct the pieces conducive to learning (inquiry, manipulatives, the outdoors, the real world, use of tools), and piece back together an education system that works for us, rather than against us.
Buying Privacy in Digitized Cities - Eleanor Saitta (YouTube)
- As new sensing technologies appear in our cities almost overnight, what does it mean to be visible or invisible? What happens when socioeconomic categories determine when, where, and how you're seen? The asymmetry in who is visible, and where, is a long-standing urban problem, but it is now being built into our technologies and our cities. The worlds of advertising, city planning, and law enforcement are each creating their own inconsistent visions. Privacy is not dead; rather, it is being selectively vivisected. What can we do to fix this? In this talk, a lot of problems and a few solutions will be covered, including the announcement of a new competition for the development of tactical countersurveillance tools.
Cats and Mice: The Phone Company, the FBI, and the Phone Phreaks - Phil Lapsley
- Ever since the first blue box arrest in 1961, the telephone company, the FBI, and the phone phreaks engaged in a long-running game of cat and mouse. This talk explores the moves and countermoves between the two sides from 1960 to 1980, covering advances in phreaking - new ways to hack the phone system and evade detection - as well as advances in finding and prosecuting those pesky phone phreaks. Based on exclusive interviews with phreaks, FBI agents, and telephone company security officers for his forthcoming book on the history of phone phreaking, Phil will focus on some of the more dramatic battles between the two sides that occurred during the heyday of analog phone phreaking, including the 1962 Harvard "spy ring," a certain well-known phone phreak's wiretapping of the FBI in 1975 (yes, you read that right), and the hacking of the military's AUTOVON telephone network in the mid-1970s.
Circuitbending - Jimmie Rodgers
- A general overview of circuit bending, as well as its history, and some examples of really cool bends. An assortment of bent toys will be displayed. This talk will cover a good deal on the basics of bending, and some of the techniques used to coax the sounds out of a variety of toys. You'll learn what to look for in bendable toys, as well as techniques that are least likely to destroy toys. There will also be a basic workshop on circuit bending where people can build their own bent toy.
Content of the Future - Michael S. Hart, Greg Newby
- There are billions of cell phones and other mobile devices, computers, and dedicated readers in the world that can be used for reading eBooks and accessing other digital content. They may also be used for sharing, editing, annotating, and authoring. Is the future what the inventors of the digital revolution dreamed of? Yes and no. While digital content can be liberated and liberating, it is also being used to turn the masses into complacent consumer zombies. These wondrous tools for creating and sharing our own content might, at the same time, de-emphasize our ability to use the written word and logical thinking. In this session, the father of eBooks will share his thoughts on these topics and more. Despite corporate control and other negative forces, the liberation and proliferation of digital capabilities and content is changing the world for good, and will continue to do so. The session will discuss how software, creative thinking, and contributed labor have created the free digital content of today. More importantly, it will point the way to a future of content that achieves our dreams, and more.
Cooking for Geeks - Jeff Potter (YouTube)
- Are you interested in the science behind what happens to the food in your kitchen? Do you want to learn what makes a recipe work so you can improvise instead of simply following a set of instructions? In this talk, Jeff Potter, author of the forthcoming O'Reilly book Cooking for Geeks, will share the key insights into what happens in the kitchen from a geek perspective so that you can improvise and create your own unique dishes.
- Cooking for Geeks author Jeff Potter on the Today Show
CV Dazzle: Face Deception - Adam Harvey
- As CCTV camera networks proliferate worldwide, so do automated face detection/recognition systems, which can rapidly identify faces in crowds and covertly log individuals' movements. CV Dazzle is camouflage from face detection. It's based on the original Dazzle camo from WWI and thwarts automated face detection/recognition systems by altering the contrast and spatial relationship of key facial features. Developed as a challenge to the growing prowess of computer vision, CV Dazzle undermines the capabilities of visual capture systems under the guise of high-fashion aesthetics.
Design of a Wireless EMG - Konstantin Avdashchenko
- This talk is a summary of all the steps taken in designing a wireless EMG. Such a device is capable of using the faint electrical signals that muscles give off when used in controlling other systems. Konstantin's current design is a combination of power supply circuitry to run off a lithium-ion battery, a nRF24l01+ chip for wireless capability, a PIC18F4550 as the brains of the device, and an amplification board to amplify EMG signals. This presentation will show how each of these elements come together to create a wireless EMG. The talk will cover the sections of design, manufacture, testing, coding, and future work.
Detecting and Defending Your Network from Malware Using Nepenthes - Marco Figueroa (YouTube)
- Security analysts have a tendency to believe they are safe because the red alert light hasn't blinked on their IDS/IPS device. This remains true even when organizations have invested the time and budget to deploy a myriad of different tools to defend against the overwhelming number of network defense issues we all tend to face. A key pain point among these issues is keeping malware and the subsequent bot herders who spread it off of your corporate network. Nepenthes is an open-source honeypot that allows for the collection of malware "in the wild." It emulates known vulnerabilities and will download and capture the malware when it is attempting to compromise the honeypot. This collection process allows for further analysis and understanding of the malware in question. This presentation introduces this powerful and flexible tool and will discuss malware collection techniques attendees will immediately be able to take home and implement within their network environment and add another layer to their "defense in depth" strategy.
Digital: A Love Story - Christine Love, Jason Scott (Jason Sadofsky) (YouTube)
- Earlier this year, author Christine Love released a computer game called Digital: A Love Story, an interactive adventure based about BBSes, hacking, and science fiction. Taking place in 1988, Love created a game that took place one year before she was born, utilizing textfiles.com as a research source for historical fiction. Textfiles.com's Jason Scott will interview Christine about the inspiration and creation of this game, what the BBS era offers as a story background, and a glimpse into how future generations will look at the hackers of today.
The DMCA and ACTA vs. Academic and Professional Research: How Misuse of This Intellectual Property Legislation Chills Research, Disclosure, and Innovation - Tiffany Rad, Chris Mooney
- Fair use, reverse engineering, and public discussion of research encourage innovation and self-regulates industries. However, these principles which define our vibrant and creative marketplace are fading. If a professional cannot constructively critique another's research online without being burdened with takedown notices until the critique is obscured or functionally removed for long periods of time, we do not have a society from which we can learn from others' mistakes and improve our trade. Attendees will gain a greater appreciation about how the Digital Millennium Copyright Act (DMCA) is increasingly being used in ways that chill free speech, disclosure of security vulnerabilities, and innovative research. Using hypothetical examples and discussing case law, this talk will outline procedures for counterclaiming and alternatives to removal of allegedly infringing materials, including discussing why data havens (some in anticipation of enactment of the Anti-Counterfeiting Trade Agreement) are becoming more popular.
Easy Hacks on Telephone Entry Systems - Davi Ottenheimer (YouTube)
- Telephone entry systems are practically everywhere in the city. An investigation after a series of break-ins uncovered several shockingly simple bypass techniques currently used by criminals. This presentation explains how the common keypad box will grant full access to a building in under ten seconds using only basic tools. The presentation will also give details on a series of countermeasures that can significantly reduce the vulnerabilities.
Electronic Take Back - John McNabb
- Discarded electronic products contain many toxic substances which can pollute the environment and threaten human health. Many countries in the world require the manufacturer to be financially responsible for the collection and recycling of their discarded products, which provides an economic incentive to make the products less toxic and more recyclable. More and more U.S. states are adopting electronic take back laws. This talk will review the concept and practice of electronic take back, its track record in the E.U. and in the U.S., and why IT pros and IT security practitioners who want to support good environmental practices should support it.
Electronic Waste: What's Here and What's Next - Stephanie Alarcon
- Electronic waste is a problem that dogs technology buyers, system administrators, electronics manufacturers, and especially people who engage in informal - and often dangerous and toxic - disassembly. This talk will outline the history and scope of the problem, the environmental justice implications, the regulatory environment, industries that may be poised to face or prevent similar issues, and what we as technology workers can do to turn the tide.
Examining Costs, Benefits, and Economics in Malware and Carding Markets - Dr. Thomas J. Holt
- Much has been made of the growth of online black markets in Russia and Eastern Europe that facilitate the sale and distribution of tools and information designed to subvert and compromise computer networks and users. Specifically, web forums allow individuals to purchase access to sophisticated malicious software to victimize vulnerable systems and individuals, and sell the data they illegally obtain for a profit. While it is clear that malicious actors can acquire myriad resources to facilitate criminal activity, it is not clear what the return on investments is like relative to the costs of buying goods and services through these markets. This qualitative study examines this issue through an economic analysis of a sample of threads from ten active publicly accessible web forums that traffic in malware and personal information. Specifically, this talk will consider the costs of trojans, botnets, iframes tools, spam, DDoS services, and credit card information for victims and offenders to estimate dollar losses for victims relative to the economic gains for offenders who utilize and provide these resources. The findings will give significant insight into the role of malware and carding forums in the problem of cybercrime and the prospective economy revolving around computer intrusions and compromises. In turn, this talk can benefit computer security professionals, law enforcement, and anyone interested in better understanding cybercrime from the offender perspective.
False Domain Name Billing and Other Scams - Cheshire Catalyst (Robert Osband)
- Telex directories have moved on. In ancient history (the 1970s), scammers would send "invoices" to companies listed in the telex directory, billing them for listings in their "telex directory." Fax machines were killing telex, and e-mail and FTP provided the death knell. Now those people are showing up again, sending out invoices for "domain name services." They are not invoices, and you don't have to pay them. A look at some of the more infamous scams of technology that people have been taken in by.
For Its Own Sake and to Build Something Better: A Primer on Neuroscience, Bat Echolocation, and Hacker Bio-inspiration - Scott Livingston (YouTube)
- This talk will introduce bat echolocation, in both behavioral and neuroscientific contexts, demonstrate relevance to engineered (sonar) systems, and provide a description of and results from Scott's effort to study spatial aspects of bat sonar beams. There will also be an outline of ideas for improving ultrasound range finders (e.g., as common in robotics) and time for discussion.
Free Software: Why We Need a Big Tent - Deb Nicholson
- There's been a lot of talk about diversity in free software lately. This talk will cover why that's important and introduce some of the tactics from the political organizing world that can be used to build a successful free software project and by extension a successful free software movement. Expect references to Saul Alinksy and Cesar Chavez as well as a bit of an introduction to free software and what it means for our increasingly technology-dependent world.
The Freedom Box: How to Reclaim Privacy on the Web - James Vasile
- The world has finally realized that "spying all the time" is too high a price to pay for social networking platforms like Facebook. Now it's up to the hacker community to respond and build a free software social networking distribution to empower end users and help them reclaim their privacy. Software Freedom Law Center attorney James Vasile will talk about the progress of the "Freedom Box" box project and how the hacker community can get involved.
From Indymedia to Demand Media: Participation, Surveillance, and the Transformation of Journalism - Chris Anderson
- In the late 1990s, advances in digital content creation and distribution raised hopes that journalism and the media were becoming radically democratized. While these hopes have been borne out to some degree, old hierarchies and fissures are reasserting themselves as new forms of journalism become normalized. What's more, digital technology affords more than just participation; it affords surveillance and algorithmically driven visions of consumption. This conversational talk will address these issues, with a jumping off point being a comparison of different journalistic "visions of their audience."
Geo-Tagging: Opting-In to Total Surveillance - Paul V (YouTube)
- Many social networks allow users to expose geo-locational data. For example, Twitter allows each tweet to be tagged with the GPS location of the user. While perhaps harmless individually, once aggregated, these geo-tagged tweets can be used to build a profile of the user, revealing far more personal information than intended. A tool that aggregates tweets and helps visualize and classify where people are tweeting from will be demonstrated and the implications discussed.
Get Lamp Screening and Discussion - Jason Scott
- In the early 1980s, an entire industry rose over the telling of tales, the solving of intricate puzzles, and the art of writing. Like living books, these games described fantastic worlds to their readers, and then invited them to live within them. They were called "computer adventure games," and they used the most powerful graphics processor in the world: the human mind. Rising from side projects at universities and engineering companies, adventure games would describe a place, and then ask what to do next. They presented puzzles, tricks, and traps to be overcome. They were filled with suspense, humor, and sadness. And they offered a unique type of joy as players discovered how to negotiate the obstacles and think their way to victory. These players have carried their memories of these text adventures to the modern day, and a whole new generation of authors have taken up the torch to present a new set of places to explore. Get Lamp is a documentary that tells the story of the creation of these incredible games, in the words of the people who made them. Director Jason Scott has previously created BBS: The Documentary, partially filmed at HOPE, and will be on hand to introduce and show the documentary, as well as talk about the production of Get Lamp and his filmmaking, including lessons learned, trivia and stories told, and how exactly one goes about minting a commemorative coin.
GPS - It's Not the Satellites That Know Where You Are - Cheshire Catalyst
- There are a lot of misconceptions surrounding GPS technology and how it enters into our daily lives. Cheshire will spend this hour addressing some of this and answering all manner of questions on surveillance, new and old technology, and all sorts of other related topics.
- Notes & Software Links
Grand Theft Lazlow - How Hacking is Both the Death and Future of Traditional and Interactive Publishing, Journalism, and the Media - Lazlow Jones (YouTube)
- Writer, producer and director Lazlow, who has worked on titles such as Grand Theft Auto and Red Dead Redemption, discusses how the war for net neutrality will be lost. This talk will touch on how the battle between content creators and consumers is threatening journalism and democracy, and discuss the threats that both small publishers like $2600 Magazine and large interactive companies face in an online media landscape that expects everything for free.
Hackers for Human Rights - Adrian Hong
- There are tremendous humanitarian and human rights problems throughout the world today. While technology is generally seen as a force for good, plenty of closed societies have used technology to clamp down on their citizens and stifle human rights. Already the fight over Internet freedom and data security has cost the lives or liberties of dissidents in countries like Iran, China, Vietnam, and Russia. Citizens have been sentenced to long jail terms and hard labor for a critical blog posting, or accessing foreign news sites. Creative technological efforts can combat oppressive forces, protect dissidents, journalists, and activists, and save lives. There are some really exciting ways folks with all sorts of talents can get involved in the global effort for human rights and humanitarian improvement. Come hear about some of the efforts that seek to help the oppressed worldwide, and how you can help.
Hackers Without Borders: Disaster Relief and Technology - Smokey, Elena, Dennison Williams (YouTube)
- An hour long, multimedia presentation examining the past, present, and future roles that digital and wireless technology can play on the ground during natural and manmade disasters. This discussion will examine why government (FEMA and the National Guard) and big relief organizations (Red Cross and Salvation Army) have gotten the basic premises of disaster relief wrong, using Katrina and 9/11 as examples. Ingenious, informal technological innovations emerging during disasters that promoted effective self-organized relief efforts will be focused upon. The panel will also look at how the hacker communities can create novel and powerfully effective technologies to aid people, and support grassroots self-organizing during disasters.
Hackerspaces Forever: A Panel Presented by Hackerspaces.org - Nick Farr, Mitch Altman, Sean Bonner, Johannes Grenzfurthner, Markuss "fin" Hametner, Alexander Heid, Nathan "JimShoe" Warner, Matt Joyce, Carlyn Maw, Far McKon, Psytek
- Part 2
- We called your excuses invalid at The Last HOPE and you proved us right! Since launching Hackerspaces.org at The Last HOPE, there's been phenomenal worldwide growth in the hackerspaces movement. Continuing to build on progress, this panel discussion brought to you by Hackerspaces.org will focus on strategies to help avoid drama, grow your hackerspace, and connect with your community.
Hacking for an Audience: Technology Backstage at Live Shows - John Huntington (N3DZJ
- Working behind the scenes at live shows, you will find people with titles like Master Electrician, Audio Engineer, Automation Carpenter, or Technical Director. These people won't likely call themselves hackers, but that's what they do: take technologies and techniques from larger industries, and appropriate, adapt, and extend them to the high-stakes, high-pressure world of live shows, where the failure of a two dollar part could cause the loss of a show and hundreds of thousands of dollars of ticket revenue. In this industry, every night all over the world, hundreds of technicians with nerves of steel do their best to anticipate the inevitable failures which all hackers encounter, and accommodate them gracefully, preferably in a manner which the audience never even notices. This session will cover who does what on live shows, give an overview of the technologies, and introduce some of the strategies used to ensure that the show goes on.
Hacking Our Biochemistry: Pharmacy and the Hacker Perspective - Jennifer Ortiz
- We are complex biochemical machines. With advances in science and medicine, we have taken to pharmaceutically hacking ourselves. Hackers are in a unique position to understand the way we design and use drugs to manipulate disease states and to hack microorganisms that are attempting to hack us. With drugs we send chemical instructions to biological processes to change what they do. How do these instructions work? How can we tweak them? With thought-provoking examples, a pharmacy student shows how the hacker perspective is applied to our biochemistry to improve our quality of life.
Hacking Out a Graphic Novel - Ed Piskor
- Having a completely different perception of hacking, cartoonist Ed Piskor discovered Off The Hook, $2600 Magazine, and many other sources related to the history of the scene. Feeling a strong link between the minds of many cartoonists and the hackers he was reading about, he has decided to create a comic book merging these two interests. Piskor will be talking about his creative process, the reaction that he has received within the community, and the experience of self-publishing this effort, aided by visuals from the books.
Hacking Terrorist Networks Logically and Emotionally - Hat Trick, Mudsplatter (YouTube)
- This presentation will touch upon broad aspects of forensics, encryption, and social engineering, and how they relate to the tracking of extremists. Hat Trick has over seven years of experience in this very unique field, and has put together one of the world's largest open-source databases of extremist multimedia. Topics covered include common vulnerabilities of extremist sites, the unique behaviors of extremists, how to get terrorist IPs and passwords, and what to do with them when you've got them. Mudsplatter will discuss the psychology of manipulation, and how to gain access to even the most secure networks using simple tricks of social engineering. Topics include how to lie with confidence, getting the paranoid to trust you, using trolling to your advantage, and some of the most common liabilities of social networking.
Hacking the Food Genome - Gweeds (Guido Sanchez)
- Cooking's pretty awesome, but meatspace is such a drag! Can't you just write a shell script to figure out what's delicious? What would the programming language for the Star Trek Food Replicator look like? Join Gweeds and the Food Hacking team for an in-depth demonstration of the Food Genome - an open-source culinary informatics platform used for designing menus, disassembling recipes, and visualizing the planet's taste gestalt.
Hacking Your GPS - Cass Lewart
- There is more to a GPS than a pleasant voice telling you to turn right on Cedar Street, and showing a color display of adjacent ramps and intersections. This talk will focus on the technical implementation of the current GPS system, and how the user location is derived from precise clocks on satellites. You'll see how to capture, send, and analyze NMEA data streams exchanged between your computer and GPS. Privacy issues, geocaching, and secret key codes required to manipulate GPS base maps will also be discussed.
Hey, Don't Call That Guy a Noob: Toward a More Welcoming Hacker Community - Nicolle "Rogueclown" Neulist (YouTube)
- The hacker community strives to develop and exchange cutting-edge ideas. A key component of achieving that goal is continuing to involve new people in the community, since they can add fresh perspectives from which to view all types of hacking. However, either because of the perception of the hacker community as something secretive or nervousness about interacting with people who are supposedly more knowledgeable, it can be a daunting experience for someone new to not only get involved, but also to want to remain involved in the community. This talk aims to make people in the hacker community aware of the concerns that people new to it face, and provide concrete steps for building a culture of making new people feel welcomed and valuable.
The HOPE Network -
- At every last one of our conferences, something epic happens with the network we put together. Sometimes it involves international headlines, government investigations, and emergency corporate board meetings. Other times something spectacular happens. Either way, we're setting aside an hour at the end of the conference to explain just what happened and how it all came to be.
How to Bring Your Project from Idea to Reality: Make a Living Doing What You Love - Mitch Altman
- Mitch has brought his personal pet projects (including TV-B-Gone universal remote controls) from idea to reality, and is fortunate to make a living doing what he loves. Mitch will outline the practical steps he took to bring his projects from a mere idea, through the steps of research, development, manufacture, sales and distribution, leading, finally, to collecting checks while in the comfort of his home (and while traveling the world). This talk will also show some of the pitfalls of running one's own business.
How to Run an Open-Source Hardware Company - Limor "Ladyada" Fried, Phillip Torrone (YouTube)
- In this session, open-source hardware pioneers Limor "Ladyada" Fried of Adafruit Industries and Phillip Torrone of MAKE Magazine show how anyone can start their own open-source hardware business. The talk will show how Adafruit runs its open-hardware business, top to bottom - from choosing a PCB (printed circuit board) manufacturer to selecting which open-source online shopping cart works best for selling electronics online. Limor and Phil will also give a detailed overview of the top ten open-source hardware businesses, what they do, and what you can learn from their projects and products. If you're considering turning your electronics hobby into a full-fledged business, this is a talk not to miss.
Informants: Villains or Heroes? - Adrian Lamo (YouTube)
- We've all seen the headlines and know that much of the controversy has a presence right here at HOPE. For those who don't know, or who just want a summary, one of our keynote speakers, Julian Assange, the main force behind whistleblower site wikileaks.org, became a marked man after one of his sources was allegedly identified by someone within the hacker community. The leaker had reportedly boasted to hacker Adrian Lamo (after seeing his name in a Wired article) about sending 260,000 U.S. State Department classified documents to wikileaks.org. According to Lamo, that claim was enough to make him decide to call the authorities and become an informant. The U.S. government became extremely interested in finding out whether Assange had these documents at wikileaks.org and it became abundantly clear that his appearance in the States to speak at HOPE would lead to interrogations, detainment, and possibly worse. At press time, the alleged leaker (an Army intelligence analyst), was being held incommunicado in a U.S. Army brig in Kuwait pending charges.
- Our community has been thrust into the middle of this global controversy due to the multiple connections to the various players. There are a number of contentious questions and issues that we're all dealing with right now. Was the leaker a hero for releasing information, including a widely sought video of U.S. troops killing unarmed Reuters staffers? Was Lamo a hero for turning someone in who was leaking classified information? Is wikileaks.org a vital resource or a threat to society? How should we as a community deal with this? And is this story being reported accurately and fairly?
- Join us for what will be a most fascinating and enlightening panel discussion where you'll hear firsthand perspectives on the issues of leaking information and turning people in, subjects that have always been of great interest to those in the hacker world. If you made plans to go home Sunday afternoon, this is worth rescheduling your trip and paying any penalties involved. Trust us.
Injecting Electromagnetic Pulses into Digital Devices - Paul F. Renda
- This talk is not about someone on the ground firing a ray gun at a jet and bringing it down. This talk is about someone on the jet injecting EMP into the wiring system and causing great problems with the aviation and the black box. This talk will have at least ten video demos of device pulses and one of a surge protector, along with explanations of a Marx generator and a MOSFET charging circuit. Going green, fly by wire airplanes, robotic control trains, densely integrated systems' these are all realities of our daily environment. One problem is that all of these make our lives more susceptible to an EMP disruption. Other topics will include TWA 800, Tesla coils, Byzantine faults and the power grid.
- Injecting EMP into Digital Devices Video of his Defcon 17 presentation. (YouTube)
Interaction with Sensors, Receivers, Haptics, and Augmented Reality - Pan, Ryan O'Horo, Micha Cardenas, Azdel Slade, Elle Mehrmand, TradeMark G. (Mark Gunderson)
- Electronic sensor technology has been increasing in resolution while decreasing in cost. The ubiquity of GPS receivers has created the ability to obtain location-based information on demand. At the same time, Augmented Reality interfaces are becoming more popular in the consumer market. From the micro-level of delicate touch sensors in haptic interfaces to the macro-level of GPS positioning, these trends make physically interactive computing more and more accessible. This session will provide an overview of motion/light/heat sensors, GPS receivers, haptic interfaces, and other interactive electronics. Along with an explanation of how they work, several projects that utilize these technologies in the consumer, creative, and social realms will be covered. There will be an audience participation section where users will get a chance to explore sensors and electronics themselves.
Into the Black: DPRK Exploration - Michael Kemp
- North Korea scares people. Allegedly, the DPRK has a super l33t squad of killer haxor ninjas that regularly engage in hit and run hacks against the Defense Department, South Korea, or anyone else who pisses off the Dear Leader. The DPRK also has no real Internet infrastructure to speak of (as dictators don't like unrestricted information), although it does have a number of IP blocks. This talk examines some of the myths about the DPRK, and some of their existing and emerging technologies. Some of the available infrastructure associated with DPRK (funnily enough, some of which is in South Korea and Japan) will be discussed and the potential technical threats posed by a pernicious regime analyzed.
Introduction to the Chip Scene: Low Bit Music and Visuals - Don Miller, Peter Swimm, Joey Mariano (YouTube)
- This talk will focus on the global chip scene, an ever growing group of electronic artists that use low-bit and hacked computer and video game consoles to create music and video. Peter Swimm of True Chip Till Death will give an overview of the chip scene past and present. True Chip Till Death is the leading news site of the scene, providing thousands of fans with the latest news on releases, hard- and software, and live events. Joey Mariano and Don Miller will focus on the creation of music and visuals. Mariano, better known as Animal Style, is a musician from Philadelphia who creates music on the Nintendo Game Boy and Sega Genesis. He will give an introduction to various trackers, the tools most chip musicians use to create low-bit music. Miller, also known as NO CARRIER, will be discussing real-time visuals. He'll show you how to use your Nintendo Entertainment System, the Commodore 64, and other classic hardware to create live video for chip music events.
IPv6 Playground: New Hope Update - Joe Klein
- IPv6 Internet is expected to reach over 40 percent of all Internet traffic within the next four years. With this level of growth, expectations are that many new security problems will surface, as they did with IPv4. This presentation is an update to The Last HOPE discussion on the basics of IPv6. The topics will include updated methods of connecting to the IPv6 Internet, an update to the protocol, new attack vectors, new defenses, and a few new vulnerabilities.
Keeping Your Job While Being a Hacker - Alex Muentz
- Hackers are curious above all other things. While we all think this trait should be rewarded (or at least not punished so much), sometimes employers don't agree. As a lawyer, Alex has had more phone calls than he'd like from employees who were fired once they reported a security hole - or even showed an interest in hacking. This talk will discuss a few case studies, U.S. law, and some recommendations on how to protect your job while remaining an active hacker (or merely a curious person).
Dan Kaminsky Keynote - Dan Kaminsky (YouTube)
- Friday keynote address.
Wikileaks Keynote - Jacob Appelbaum (YouTube)
- Saturday keynote address about the Wikileaks propaganda website.
- The Next HOPE and Wikileaks are Wrong About Bradley Manning Good blog post by Michael Schearer debunking Eric Corley's and Wikileaks propaganda.
- Wikileaks Co-Founder John Young: 'Whoever Leaks Something Leaks it with an Agenda' A co-founder of WikiLeaks tells CNN's Jim Clancy people should be cautious of Wikileaks document dump.
- Judge Napolitano of FOX says WikiLeaks asked Obama Admin to Review Docs for Redactions First Eric Corley said boogiemen were after Julian Assange, now we learn he was in contact with the White House. Hmmm...
- Wikileaks is Israel - Like We All Didn't Know by Gordon Duff
- Something Smells Funny and It's Not Wikileaks
- Hidden Intelligence Operation Behind the WikiLeaks Release of 'Secret' Documents?
- The WikiLeaks Hoax (Additional Info)
- Will the Real Bradley Manning Please Stand Up? Or do something. Anything?
- Gordon Duff: WikiLeaks, A Touch of Assange and the Stench of AIPAC "... recent admissions that the Israeli lobby, AIPAC, routinely receives masses of classified information makes them suspect #1 for being the source of Wikileaks"
- Glenn Beck: Why This? Why Now? WikiLeaks Explained A look at the supporters of WikiLeaks.
- "WikiLeaks is Not One Person" Hacker Magazine Editor Eric Corley propaganda interview on Democracy Now! (Part 2) (YouTube)
'Knock Knock Knock... Housekeeping' - The Ins and Outs of Hotel Locks - Deviant Ollam, Babak Javadi
- Hotels have some very unique requirements for locks. Their systems must support many mastered levels of access, accommodate frequent turnover and reissuing of keys, enforce duration limits for access, and do all of this with relatively low cost. For this reason, most hotels around the world have moved away from purely mechanical keys and instead rely on magstripes, perforated cards, etc. These systems are still hackable, however, and other bypasses abound in hotel rooms... so don't think that simply locking the door after hanging a "Do Not Disturb" sign on it can provide all the privacy needed when you invite someone back to your room later!
Light, Color, and Perception - Jonathan Foote
- The phenomenon of color has fascinated great minds from Newton to Picasso, and its complexities are still being unraveled. To understand light and the perception of color, you need physics, biology, psychology, and aesthetics - and this talk will cover a little about all of them. Along the way, topics will be touched upon like non-spectral colors, different color spaces, why laser light looks "speckled," color-based optical illusions, and an intuitive explanation of the mysterious CIE chart. This material is rarely covered in either art or science classes and is a fascinating intersection of both.
Lisp, The Oldest Language of the Future - Adam Tannir
- Being the second oldest high-level language still in widespread use (after Fortran), Lisp is often considered solely as an academic language well-suited for artificial intelligence. It is sometimes accused of having a (very (strange syntax)), only using lists as data types, being difficult to learn, using lots of memory, being inefficient and slow, as well as being dead, an ex-language. This talk, focusing on Common Lisp, aims to show that it is actually an elegant, unique, expressive, fast, extensible language for symbolic computation that is not difficult to learn and may even change the way you think about programming. Lisp is primarily a functional paradigm language, but supports object-oriented, imperative, and other programming models natively. Rapid prototyping, iterative development, multiprocessor development, and creation of domain-specific languages are all facilitated by Lisp. There will be a discussion of the origins and history of Lisp, followed by a demonstration of the language, features that migrated to and from other languages, and concluding with a look to what may be in store for the future.
Locational Privacy and Wholesale Surveillance via Photo Services - Ben Jackson
- With the plethora of third party services that allow folks to post photos to their Twitter account, how hard would it be for someone to stalk a person's location via the GPS metadata tagged in their images? Mayhemic Labs did the research and it turns out the answer is - not very. Over the past few months, Mayhemic Labs has amassed a sizable database of people using these services - and what geographic information has been encoded on their publicly available photos. This presentation will cover the basics of how and why this research was done, why sharing such information is bad, why privacy is hard to get right, attempts at public outreach at ICanStalkU.com, how you can replicate such a system, and various instances of privacy fail. Also, tools will be released that will allow you to test your own (or other people's) photo streams.
Lock Bypass Without Lockpicks - Dan Crowley
- You train as hard as you can, picking lock after lock, learning about all the different picks, different picking techniques and styles, anti-picking features, and how to manipulate them... then some guy with a screwdriver takes the hinges off the door faster than you can pick the doorknob. That's right, there are ways to bypass locks which don't involve direct manipulation of the pins, and they not only tend to be easy, but fast. This talk follows the story of Waldo, one hard-to-find hacker trying to wrestle the truth from the jaws of a shady corporation peddling suspicious medication. Waldo, having been captured and stripped of his picks, must escape using only his wits, and whatever he can find on his way out.
Memory Fun 101 - Memory Training for Everyone - Chester Santos (YouTube)
- A powerful memory can be an invaluable asset in life. Memory is absolutely fundamental to learning, so improving one's memory can have a profound positive impact on both academic and job performance. This seminar will entertain and educate attendees, while helping them to develop valuable memory skills that will enrich their lives. In this fun and entertaining program, 2008 USA National Memory Champion Chester Santos will teach attendees the basics of memory improvement. Attendees will learn a number of memory boosting methods that will exercise their imagination and awaken their creativity. Participants will be shown how to utilize both sides of their brain in order to make information stick and become unforgettable. Attendees will participate in enjoyable exercises and will actually be able to feel their memory ability improving throughout the seminar. Everyone will leave this seminar with sharper minds and a solid foundation in exercises and techniques that will benefit them throughout their lives. Talk about providing HOPE!
Modern CrimeWare Tools and Techniques: An Analysis of Underground Resources - Alexander Heid (YouTube)
- This talk will highlight the features, functions, availability, and impact of modern crimeware tools. The talk will have a specific focus on the Zeus payload and command/control application, and will touch upon other leading banking malware. In addition to detailed technical information, the talk will highlight the history and evolution of this particular trojan and the underground economy that drives it. Furthermore, there will be discussion of other tools that are often used in conjunction with the payload, such as remote exploit kits. The talk will also highlight mitigation techniques and basic design principles for web applications and server configurations that can help reduce the impact of crimeware on individuals and organizations.
Monkeysphere: Fixing Authentication on the Net - Daniel Kahn Gillmor, Jameson Rollins
- Most modern public key infrastructure is built around notions of centralized authority, which is troublesome for those of us who want decentralized secure communications on the global network. Monkeysphere is a project to extend the OpenPGP Web of Trust into as many domains as possible, effectively supplanting hierarchical certification infrastructure like X.509, and restoring control over authentication and identification to the communications peers themselves and their own legitimately trusted introducers. Functional tools for authenticating peers over the World Wide Web and SSH have been introduced, with plans for more protocols. Come learn how the tools work, how you can take advantage of the Web of Trust in your own projects, and how you can contribute to building a more autonomous and decentralized global network.
Much Ado About Randomness - Dr. Aleksandr Yampolskiy
The Need for a Computer Crime Innocence Project - Joe Cicero, Alex Muentz, Seth Schoen
- High profile computer forensic cases like those of Julie Amero and Michael Fiola, where innocent people were falsely charged with downloading illegal files, illustrate the need for professional forensic standards for determining whether a user, or malware infecting their computer, downloaded suspect files. Joe Cicero discusses his experiences dealing with his college administration, attorneys, and the EFF over the problematic research issues that willful installation of malware brings about. He will discuss his project outline and testing protocols and procedure, detailing why certain decisions were made. Audience feedback will be requested on how to create an innocence project designed specifically for computer crime cases. Tech-savvy criminal defense attorney Alex Muentz and EFF's Seth Schoen will round out the panel with their insights.
Net Wars Over Free Speech, Freedom, and Secrecy or How to Understand the Hacker and Lulz Battle Against the Church of Scientology - Gabriella Coleman, Finn Brunton
- Following a brief lecture on Project Chanology, the question will be posed: how can we harness the power of lulzy virality, of pleasure, of trickery, of spectacular trolling for purposes above and beyond sharing the wisdom of Advice Dog? It'll start with a brief look at great activist media in the past, from Guernica and the picture of the whole Earth to projects by The Yes Men - how they spread ideas and helped people get informed, organize, and act. What makes the creation of lulzy memes different? Learn about how to create exploitable forms and rapid variations, and mechanisms for bringing the best stuff forward. Can we make media memes with goals beyond lulz, and teach activists who've never heard of 4chan to make them too? Part lecture, part workshop, this will feature cameos by Rageguy, Pablo Picasso, V, alt.pave.the.earth, Kathe Kollwitz, Courage Wolf, Stewart Brand, Sarah Palin, Batman, Goya, Philosoraptor, Adolf Hitler, Trollface, Shepard Fairey, Joseph Ducreux, David Cameron, lots of Spartan warriors, and lots and lots of (trollish) cats.
No Free Lunch: Privacy Risks and Issues in Online Gaming - Don Tobin, Lyndsey Brown
The OpenAMD Project - Aestetix, Travis Goodspeed, Echo, Mitch Altman, Far McKon, cpfr (YouTube)
- The badge for The Next HOPE is the result of a collaboration of several people over the last 11 months. Hardware, software, social interactivity, and more. This panel will cover how the badge works, how we keep track of where you are at the conference, what cool games you can play, and perhaps some clues to a few of our kule s3cr3ts.
Own Your Phone - TProphet (Babu Mengelepouti)
- Ever wonder what makes your phone work... and how to make it work in ways that were never intended? You might be a phreak! Phreaking is one of the most exciting and fastest-changing scenes in the hacker landscape. Join TProphet and phriends for a phun look at some of the newest innovations.
Privacy is Dead - Get Over It - Steven Rambam (Steven Rombom) (YouTube)
- This will be a wide-ranging lecture covering databases, privacy, and "computer-aided investigation." This talk will include numerous examples of investigative online resources and databases, and will include an in-depth demonstration of an actual online investigation done on a volunteer subject. Emphasis will be placed on discussing the "digital footprints" that we all leave in our daily lives, and how it is now possible for an investigator (or government agent) to determine a person's likes and dislikes, religion, political beliefs, sexual orientation, habits, hobbies, friends, family, finances, health, and even the person's actual physical whereabouts, solely by the use of online data and related activity. The final half hour of the talk will be devoted to Q&A.
- MP3 - 1, MP3 - 2
PSTN-Based Cartography - Da Beave (Champ Clark), Jfalcon
- Sun Microsystems use to say, "The network is the computer." This talk will focus on that "other" computer. The neglected computer. The PSTN (Public Switched Telephone Network) "computer." Throwing VoIP into the mix, it's never been easier to "map" that neglected "computer." This talk will discuss how to map the "Human Network" as well as new techniques in automated PSTN network scanning including more X.25 network goodies. This is the second part of "Hacking International Networks using VoIP" from The Last HOPE.
Radio Reconnaissance in Penetration Testing - All Your RF Are Belong to Us - Matt Neely
- Tired of boring old pen tests where the only wireless traffic you see is 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring, and exploiting a wide array of radio traffic with real world examples illustrating how these techniques have been used to gather information on a target's physical security, personnel, and standard operating procedures.
Reach Out and Touch Face: A Rant About Failing - Johannes Grenzfurthner (YouTube)
- Hackers love knowledge. They try to find out how stuff works. And that's great. Experimentation is a major part of hacking. It is in the most philosophical sense a deconstruction of things. A specific use is never inherent to an object, even though technical demagogues like to claim that it is. Just compare the term "self-explanatory" and the term "archeological find." It's a pretty hard task to find out what technology is and what it should do if you don't have a clue about the context. Usually the use is connected with the object through definition ("instructions for use"). Turning an object against the use inscribed in it means probing its possibilities. Science and Technology Studies (especially Langdon Winner and Bruno Latour) have convincingly demonstrated that the widespread inability to understand technological artifacts as fabricated entities, as social and cultural phenomena, derives from the fact that in retrospect only those technologies that prove functional for a culture and can be integrated into everyday life are "left over." However, the perception of what is functional, successful, and useful is itself the product of social and cultural, and, last but not least, political and economic processes. Selection processes and abandoned products (developmental derailments, sobering intermediary results, useless prototypes) are not discussed. Well. What can we do? We can fail. Beautifully.
A Red Team Exercise - Tom Brennan
- Shall we play a game? This talk will focus on full scope security assessments and stealing intellectual property in five easy steps. It will take the form of a game that divides the audience into attack and defend teams for a builder vs. breaker educational workshop. Included in the discussion will be physical, electronic (network, application, wireless, telecom, and cellular), and intelligence gathering techniques used for offensive projects.
Risk Analysis for Dummies - Nick Leghorn
- We all get that "gut feeling" about what is risky, but how do we communicate that to managers or other people in a meaningful way? And how can we determine what risks are worse than others in a justifiable manner? How do you even define "risk?" In this talk, you'll learn about the most up to date methods of identifying risk, evaluating risk, and communicating risk to others, as well as some models used by the U.S. government and others to identify attack targets, evaluate building security, diagram attacks, and more. And no math problems harder than simple addition, guaranteed.
Rummaging in the Government's Attic: Lessons Learned from More Than 1,000 Freedom of Information Act Requests - Phil Lapsley, Michael Ravnitzky
- Phil and Michael will conduct a guided tour through GovernmentAttic.org, a website that has (legally!) obtained and published hundreds of interesting government documents obtained via the Freedom of Information Act (FOIA). Based on extensive interviews with the site's creators and through a half dozen examples they will describe some of the clever FOIA tools and techniques (hacks, in other words) that the site has employed to obtain informative, valuable, and sometimes even amusing documents and datasets from government agencies. They will also highlight similarities between the mindsets and approaches of hackers and successful FOIA requesters.
Saturday Night Hacker Cinema
- At press time, there were all sorts of rumors flying around about leaked hacker films and other brand new presentations that few have seen. While we can't say with certainty what we'll be showing, we most definitely can say that it'll capture your attention and be a unique window into the wonderful world of hackers.
SHODAN for Penetration Testers - Michael "theprez98" Schearer
- SHODAN is a computer search engine unlike others. Instead of scouring the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well known services. For penetration testers, SHODAN is a potential game changer as well as a gold mine of potential vulnerabilities.
Simpsons Already Did It - Where Do You Think the Name "Trojan" Came From Anyway? - Sandy Clark (Mouse), Matt Blaze, Bill Cheswick
- SMS blockers, ransomware, licenses for trojans, factory installed malware... every day the news is full of accounts of innovative threats altering the landscape of the security arms race. But are these attacks really new? A quick glance at history shows us that these same attacks and defenses have been around for as long as there have been humans. Come hear about the ancient Greek firewalls (and firewall bypasses), about Roman security-by-obscurity, ancient port-scanning, and about Mozart's "rights amplification" against the Pope. This will be a trip through the ages as the security arms race is analyzed. You'll discover how we got where we are today and learn that even in security, history is always repeating itself.
Sita Sings the Blues: A Free Culture Success Story - Nina Paley
- "If it's free, how do you make money?" One year after the Copyleft release of her animated musical feature Sita Sings the Blues, Nina Paley presents the latest round of hard data from the project. Contrary to MPAA propaganda, the more the audience freely shares the film, the more they purchase DVDs, theater admissions, and merchandise. In this talk, witness the numbers that prove it.
Smartphone Ownage: The State of Mobile Botnets and Rootkits - Jimmy Shah
- Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC? This talk will cover the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.
Snatch Those Waves: Prometheus Radio and the Fight for Popular Communications - Pete Tridish, Maggie Avener
- The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations, and over the years has sued the FCC to stop media consolidation, built stations in places like Venezuela and Tanzania, and experimented with using off-the-shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands for. This panel will help bring you up to date on the political debates in Washington about low-power FM, open spectrum, and IBOC digital radio. They will talk about epic radio barnraisings where hundreds of people are brought together to build a new radio station over the course of a single weekend - and their plan for the next barnraising in the Hudson Valley.
Social Engineering Panel - Emmanuel Goldstein and Friends (YouTube)
- People have been known to come to HOPE just for this panel, in which the history, stories, and demonstrations of social engineering are laid out for all to see - and hear. Something will invariably be revealed over the telephone by someone who really should know better in our traditional live demonstration that never fails to entertain.
Spy Improv on Steroids - Steele Uncensored - Anything Goes - Robert Steele (YouTube)
- Steele has gotten past the anger and is now offering up icy-cold straight public intelligence in the public interest. A recovering spy, founder of the modern Open-Source Intelligence (OSINT) movement, #1 reviewer of nonfiction as rated by readers at Amazon, and now practicing what he preaches deep in the jungles of Central America, Steele, who reads in 98 categories and is down to his last of nine lives, will answer any question on any topic for as long as it takes. The record is four hours. He may die soon, so he wants to try for six hours.
- MP3 - 1, MP3 - 2, MP3 - 3, MP3 - 4
The State of Global Intelligence - Robert Steele
- Our first speaker at our first conference back in 1994 is back to once again presents an overview of global intelligence. Smart Cities, Smart Corporations, Smart Nations are the ideal. The "tribes" of intelligence - academic, civil, commercial, government, law enforcement, military, and non-governmental - are almost catatonically stupid as well as corrupt in their information pathologies. There will also be a brief overview of his new book, Intelligence for Earth: Clarity, Diversity, Integrity, and Sustainability, which, like all of his books, is free online and for sale at cost at Amazon.
Surf's Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation - Daniel McCarney (YouTube)
- Web application security has progressed by leaps and bounds since first being discussed in the early 2000s. XSS, SQLi, Directory Traversals, and other traditional attacks are becoming more widely understood by a greater demographic of developers. Unfortunately, we are just scratching the surface. There still exists a great number of attack vectors that are ignored. Cross Site Request Forgery is a prime example of this. It is a simple technique with powerful implications ranging from denial of service and firewall bypass to full blown site compromise. The theory of CSRF will be presented here in simple to understand terms. An example of a virulent exploit of a real-world social networking site (Vampirefreaks.com) using CSRF will also be shown.
T+40: The Three Greatest Hacks of Apollo - Stephen Cass
- Forty years ago, manned exploration of the moon was in full swing. The three greatest hacks of the Apollo program occurred on Apollo 12, 13, and 14, in two cases saving the mission, and in one case saving lives. Drawing on personal interviews with the engineers involved and archival records, this talk will look at the technical aspects of each hack, including largely overlooked, but critical, details of how the lunar module was prepared for lifeboat mode during the Apollo 13 crisis.
- Apollo 13, We Have a Solution
The Telephone Pioneers of America - Kyle Drosdick (YouTube)
- The Telephone Pioneers of America is an organization of mostly retired employees of the Bell System and affiliated companies. They remain active in the community as an organization that promotes their history and industry. You can find them in many communities across the nation, often in the very cities and neighborhoods they spent their careers working in. The pioneers have amassed lifetimes of wisdom working on the telephone system and intimately understand the technology and politics of it. The telephone company will never be what it was when they were employed there and they know that the next generation of pioneers may not ever actually work for "the company" as they did. Using photographs, recordings, and artifacts, this unique treasure will become accessible to members of the audience, especially younger individuals who may not ever have used what is now vintage telephone equipment - like rotary dial phones. There will be a selection of functional and historically significant equipment for attendees to learn about and enjoy thoroughly. This talk is intended to help bridge the gap between hacker and pioneer.
Tor and Internet Censorship - Jacob Appelbaum, Seth Schoen (YouTube)
- The Tor project has seen an increased focus on Internet censorship as many more users adopted Tor to get around blocking. In the past year, Tor was a popular means of bypassing censorship in Iran, China, and around the world. Firewall operators have been noticing. Tor has also had to contend with new organized efforts to block access to the network, and has rolled out the "bridges" blocking-resistance system in earnest. Alongside the perpetual need to get more Tor nodes, it's become important to get users to run bridges - and to experiment with ways of communicating bridge addresses to users affected by censorship. The current censorship landscape will be explored, along with the bridge mechanism and efforts to recruit more bridges. There will also be an update on how Tor developers are responding to the growing pains and dealing with scaling challenges associated with Tor's popularity. You'll also hear about the challenge of counting the number of users on an anonymity network, and how client software can force the use of encryption to protect users from some attacks after their traffic leaves the Tor network.
Towards Open Libraries and Schools - Gillian "Gus" Andrews, Jessamyn West, Ellen Meier (YouTube)
- You can wear your "No, I won't fix your computer" shirt, or you can try to make progress with the bureaucrats, teachers, bosses, and other tech n00bs who make maintaining the systems in your life utterly frustrating. In this panel, organized and moderated by Off The Hook participant Gus Andrews, two veterans of the battle to wire under-served areas talk about what works and what doesn't when helping the uninitiate learn about the Internet, privacy issues, security, and proprietary software. Jessamyn West, blogger at librarian.net and a MetaFilter manager, will talk about her efforts to educate librarians and patrons about the PATRIOT Act and digital literacy, and her technology advocacy with the American Library Association. Ellen Meier, a professor at Columbia University Teachers College who presses for greater access to the Internet and more pervasive use of technology in classrooms, will talk about what works and what doesn't when working with educators and with administrators in Albany. The panel will welcome discussion, questions, and frustrations from audience members dealing with similar problems.
TrackMeNot: Injecting Reasonable Doubt in Everyone's Queries - Vincent Toubiana
- TrackMeNot is a lightweight Firefox extension that helps protects web searchers from surveillance and data-profiling by search engines. It does so, not by means of concealment or encryption (i.e., covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. Because any query can plausibly be artificial, everyone's search history ownership is now subject to a reasonable doubt. The challenge that TrackMeNot encounters is to search as a human. The adversary, a search engine capable of mining billions of user queries, should not be able to filter the artificially generated queries. Ideally, even a human should not be capable of filtering the queries that have been injected. This talk will also detail the motivations in developing TrackMeNot: lack of transparency of search engines' use of data and ambiguity of the privacy policies. Key elements of TrackMeNot implementation will be described and evidence will be revealed proving that a major search engine profiling algorithm is influenced by the use of TrackMeNot.
Video Surveillance, Society, and Your Face - Joshua Marpet
- Video surveillance is pretty simple. Point a camera at something, watch the stream. But the technology has been integrating into our daily lives. From Makeababy websites, to "change your race" kiosks, facial recognition and the technology spawned from video surveillance is creeping into our lives. The police have taken notice of this, and are starting to interpret laws that make it difficult to photograph them legally. Do these technologies and laws imperil your privacy, your rights as a photographer, or even your life? This is a talk about where these technologies are going, how to stay out of jail, and how to keep your face out of official databases.
Vintage Computing - Evan Koblentz, Bill Degnan (YouTube)
- Many people believe Silicon Valley is where the most significant early developments in computers occurred. But the New York/New Jersey/Pennsylvania area was home to many major developments in microcomputer history. See and hear amazing historical and technical achievements of the computing pioneers of our region in the context of how we use computers today. Presenters will also present a comprehensive working exhibit of several early microcomputers all day Saturday.
Why You Should Be an Amateur - Ben Jackson
- Lots of people think the "maker culture" is a relatively new phenomenon. However, one group has been doing it for close to 100 years: amateur radio operators. While some dismiss amateur radio as an aging artifact from decades ago, today's radio amateurs are putting together wide area wireless networks, developing digital protocols that use the tiniest amount of bandwidth, and building radios from scratch. This presentation will review the basics of amateur radio, the advantages over unlicensed devices, and areas of interest you can apply to your existing projects.
Wireless Security: Killing Livers, Making Enemies - Dragorn (Michael Kershaw), RenderMan (Brad Haines)
- The message that wireless is unsafe has permeated the IT zeitgeist, however people still forget client devices. This talk by Dragorn and Renderman moves away from guarding the access points to guarding the clients. Considering the fun that is continually had by the authors at airports and public networks, this is a message that needs to get out. Attacks targeting client devices are becoming more sophisticated. Kismet Newcore makes breaking WEP a passive action. Airpwn has received a facelift and is now capable of more unspeakable actions over open links (hotels, airports). Karma as well is flypaper for clients running wireless without any thought to protection. Recent vulnerabilities in browsers and other protocols that are often dismissed as "too hard to exploit to be useful" are suddenly very possible and dangerous when wireless is involved, and attacks crossing from layer 2 directly to layer 7 vulnerabilities will be shown.
- This is really worth sticking around for, as so many people do. Sure, there are those who leave early on Sunday because they have to get back to whatever it is they do in the real world bright and early Monday morning. But if you fancy something a bit more celebratory and different, we suggest you stick around as the conference truly winds down. This is where you hear some of the back story of the conference, get a chance to win some prizes, and hopefully help us put the hotel back in the state in which we found it. Maybe even a better state.
- Speaking of the hotel, at press time it appears that a major public hearing will be taking place the day after HOPE concerning the proposed demolition of the hotel where public opinion will be sought. If this remains the case, there will never be a better opportunity to show those in charge how important the Hotel Pennsylvania is to the world. You don't have to be from New York to participate - in fact, the more people from all parts of the globe who speak up, the better. We will have updated information on this throughout the conference.]
- We hope to see even more people than the usual huge mob for this special closing.
HOPE Number 9
- HOPE Number 9 took place on July 13-15, 2012 at Hotel Pennsylvania in New York City.
- Bios of Speakers
- HOPE Number 9 on Twitter
- 3D Printing: Making Friends in DC Before People Start Freaking Out - Michael Weinberg
- This talk is about protecting 3D printing from industries that are not excited about disruption. It will begin with an overview of the technology behind 3D printing and how the industry is developing and diversifying. It will then cover how Intellectual Property (IP) relates to 3D printing, and highlight the opportunities that 3D printing gives us to rethink the permission culture that has developed alongside the growth of digital copyright. The talk will end with a description of current IP conflicts connected to 3D printing and examples of steps being taken today to win allies among policymakers in Washington, DC.
- 3D printing has the possibility of being a widely disruptive and beneficial technology, and the last 15 years have taught us that not everyone embraces widespread disruption. It is possible that industries disrupted by 3D printing will react along the lines of those disrupted by the Internet (negatively). Fortunately, today we have the opportunity to consider what could have been done in the early days of the Internet to insulate it from some of the legal and policy attacks in DC. HOPE attendees and the hacker community at large will benefit from beginning to think through these issues today - before a problem occurs.
Activist DDoS Attacks: When Analogies and Metaphors Fail - Molly Sauter
- What are we talking about when we refer to activist Distributed Denial of Service (DDoS) attacks? Digital sit-ins? Juvenile bullying and censorship? Something completely different? The rhetorical framings by both advocates and critics of activist DDoS attacks have ultimately fallen short of successfully defining DDoS as an activist tactic. Metaphoric characterizations have failed to describe the reality of activist DDoS attacks, and new analysis is needed if we are to fully understand the tactic's potential. In an effort to come to this new analytical understanding, this talk examines the history of DDoS attacks in activism in general, culminating with the case study of the Anonymous Operation Payback attacks. The discussion will show how the population participating in DDoS attacks has shifted from a professionalized activist core and their peers (such as those participants in the Electronic Disturbance Theater's actions in the 1990s and 2000s) to the diffuse, less professionalized, and less conventionally politically active population that participated in the Anonymous actions. The role the media has played in past activist DDoS actions will also be explored. Evidence will be presented to show that DDoS attacks have shifted in their tactical nature from electronic direct action to a form of media manipulation.
Advanced Handcuff Hacking - Ray
- Handcuffs always have been a special kind of challenge to lockpickers. This talk will cover advanced manipulation techniques including improvised tools, hidden and 3D-printed keys, and exploiting design weaknesses of various handcuff models. Also, the newest handcuffs produced in the United States and Europe will be shown and explained, some of which haven't even been introduced to police forces yet.
Advancements in Botnet Attacks and Malware Distribution - Aditya K. Sood, Rohit Bansal
- Third Generation Botnets (TGBs) have circumvented the normal stature of the World Wide Web. These botnets harness the power of the HTTP communication model to complete their stealthy operations. To automate the exploit distribution mechanism for infecting users on a large scale, TGBs are collaborating with Browser Exploit Packs (BEPs). TGBs include Zeus, SpyEye, and the present-day botnet ICEX that are explicitly using BEPs such as BlackHole and Phoenix for insidious infections. Several cases of large scale infections have been seen in the recent past. Additionally, TGBs are designed with sophisticated attack techniques such as form grabbing, Ruskill, Web Injects (WI), Web Fakes (WF), DNS tampering, and other custom plug-ins to steal information. These attack techniques are heavily relied upon in the Man-in-the-Browser (MitB) paradigm. The infection strategies include programs such as spreaders that infect other software to conduct drive-by-download/drive-by-cache attacks. This talk delves deep into the design of present-day malware and advancements in attack techniques and infection strategies and is an outcome of real-time case studies. Several demos will be shown to back up the arguments.
An Aesthetic Critique of Fictional Media - Sean Mills, Syl Turner
- This survey of visuals used in motion pictures explores their design implications. Motion pictures play a unique role in constructing how we use terminals, interfaces, and graphic design itself. Highlights will include a tour of multiple screen arrays as found in Star Trek, Brazil, The Truman Show, and Iron Man; a collection of simulated environments from Johnny Mnemonic, Tron, Hackers, and The Matrix; as well as a suite of metamedia from The Final Cut, Brainstorm, and Minority Report. This presentation catalogs the digital artifacts of the past and present, while asking: What are limitations on graphic design?
Anti-Censorship and Anti-Surveillance Tools - Improving the Landscape - James Vasile
- Every day, world news informs us of more and greater threats to free communication. Nations increasingly restrict network traffic at their borders. Surveillance is omnipresent in almost every country and also via companies who defend ubiquitous spying as "best practices." This mass privacy intrusion has spurred development of a number of open-source tools even as that development has revealed a need to address common obstacles faced by circumvention tools projects. This talk describes some of those common obstacles and current work to fix them on a community-wide basis.
Anti-Censorship Best Practices: How to Make Keeping It Up Easy and Taking It Down Hard - maymay
- What do bananas have to do with censorship? What do polyamorous people have in common with fax machines? How can you help your ideas have cyber-sex? In today's age of postmodern warfare, information itself can be a "weapon of mass destruction." As corporations and repressive governments track, monitor, and ultimately crack down on their own citizens, employees, and independent publishers, information depicting everything from political speech to cartoon drawings of religious icons is becoming increasingly rationed and ever more tightly controlled. But nowhere is this more apparent than the realm of sexuality, where even basic health and safety information such as STI prevention is barricaded by dragnet-style filtering tools. The online spaces once heralded as among the safest and most valuable for sex-positive publishers like sex bloggers, public health professionals, librarians, and relationship educators have become hostile to the free flow of information while governments from China to Australia to the United States censor the Internet and companies like Facebook, Amazon, and PayPal arbitrarily enforce vague Terms of Service policies.
- In this far-reaching seminar, you'll learn the fundamentals of how to build anti-censorship techniques directly into your publishing process using nothing more technologically complex than copy-and-paste. Whether you're a non-technical individual or a savvy multinational organization, you'll discover how you can put data portability, distributed publishing, and censorship circumvention tactics to use right away in order to stay one step ahead of those who would call you "obscene."
The ARRIStocrats: Cable Modem Lulz - Chris Naegelin, Charlie Vedaa
- The ARRIS TG852G is a DOCSIS 3.0 cable modem/router that's being deployed en masse by Time Warner and Comcast. If you're a customer with this hardware, then you may be saddened to find that your service provider won't give you a login to configure the box. This talk will walk you through two different methods to gain access to the device by exploiting weakly implemented authentication mechanisms on it. You'll see how a three-year-old documented "feature" designed to keep customers out can quickly become a provider's worst security nightmare. The talk will also go a step further and show you how aggregating some publicly available datasets would allow an attacker to use the vulnerability to quickly and effectively build an army of thousands of routers.
The Autism Spectrum and You - Mary Robison, Alex Plank, Jack Robison, Kirsten Lindsmith
- As a kid, were you considered precocious? Considered eccentric (or just plain weird) by other kids? Have you ever thought that your sensory perceptions are different from other people? Were you (are you still) the "little professor," intent on teaching everyone about your unique interest(s)? Do you possess unusual interests? Were you bullied? Did you (do you still) live in your own world with restricted interests? As a child, did you accumulate facts but not really understand them? Do you often assume a literal meaning for metaphorical or ambiguous language? Do you make naive or embarrassing remarks with surprising frequency? Do you often fail to comprehend unspoken modes of communication? Have special routines that cannot be altered? Have unusual facial expressions, vocalizations, or posture? Are you, in fact, bewildered by proper behavior? Are you "face-blind" - unable to remember what the people you encounter every day look like, or to recognize them when you encounter them? If you answer many or just some of these questions affirmatively, congratulations!
- You, like many of your fellow attendees at HOPE, may have an alternate configuration for the wiring of your brain, now called an Autism Spectrum Disorder (it used to be called Asperger's Syndrome). At HOPE, we're the majority; neurotypicals are the rest of the world that do not understand us and may even be afraid of us. Most on the spectrum are male, but there are a lot of females flying under the radar. This panel will discuss the spectrum and how we fit on it, and how we interact with the world at large.
Brain Chemistry: How Psychoactive Chemicals Hack the Central Nervous System - Jennifer Ortiz
- People have been using chemistry to hack their bodies and their brains since antiquity. In the past several decades, we have come to understand much more about the processes involved. How is it that certain molecules cause profound alterations in perception? How do they alleviate physical and psychological pain? How do they get people high? Why are some drugs psychoactive and not others? Why are some toxic? This presentation explores the answers to these questions and more.
Building Radios to Talk to the Dead - Wil Lindsay
- Apophenia is the human ability to perceive patterns and meaning in completely random data sets. The effect is often explored by "ghost hunters" who use electronic tools to find patterns in the environment around us and exploit them as a way to communicate with spirits of the deceased. This discussion will cover the radio-based and electromagnetic technology commonly used for the reception of EVP or "Electronic Voice Phenomena." These devices are often modified radios or home constructed circuits which follow a mixture of basic engineering, empirical results, metaphysical concepts, and, in some cases, pure hucksterism. This talk will look at several of these devices, their underlying circuits, their design philosophy, and the culture that surrounds them.
Cell Site Location Data and Nontrespassory Surveillance after U.S. v. Jones - Hanni Fakhoury
- With the rise of smartphones, the government's use of cell site location data to pinpoint our exact location has grown more widespread (and precise) over time. For years, courts permitted the government to get this location data without a search warrant. And judges that fought against the government's attempts at getting this data were met with an unfortunate reality of Fourth Amendment jurisprudence: we don't have any privacy in data we turn over to third parties, like cell phone providers. The U.S. Supreme Court's recent decision in U.S. v. Jones however, presented a "sea change" in the law of warrantless surveillance, calling into question the future viability of the third party doctrine. This talk will review the law of location data, go in depth into how Jones calls this law into question, and conclude with the steps we need to take in the future in order to safeguard our privacy.
- Don't even think of leaving early on Sunday. This is where you get to celebrate the end of another HOPE conference and start looking forward to and planning the next one. (Maybe we'll even tell you what the next one will be called if you stick around.) You'll also hear a lot of the story behind what it took to put this event together. Oh yes, and did we mention that we give away prizes during this final gathering? Well, we do, and they're awesome. You now have all of the reasons you need to stay into the evening on Sunday and get the most out of HOPE. Monday will wait.
Combat Robots Then and Now - David Calkins, Simone Davalos
- Fighting robots have been around since the first gearhead figured out that it was really fun to smash thousands of dollars worth of metal and electronics together in the name of sport. This talk will cover the brief but intense history of combat robotics, how the technology has evolved, where it's going, and where combat robots happen around the world. This presentation will include video, backstage photos, and insights from the organizers of the only large scale combat robot shows left in the United States: RoboGames and The ComBots Cup.
Community Fabrication: Four Years Later - Far McKon
- One hacker's view of the last four years in 3D printing and the expansion of DIY culture. It will cover the state-of-the-art then, the state of the art now, and where we imagine we will be in four years. Far will review what technologies succeeded, what failed, and how 3D printing has grown, warts and all. He'll also talk about the growth of hackerspaces in that time and how the changes in these topics tie together to show the growing pains of both hacker-centric movements. He'll also make another round of predictions and discuss where 3D printing and hackerspaces are going next.
Computer Forensics: Possibility, Probability, Opinion, and Fact - Joe Cicero
- How easy is it to end up with illegal content on your computer? How expensive is it to prove you didn't know about it? What is it like for someone who is arrested for a computer crime? How long do these cases go on for? What does the prosecution provide your attorney and forensic examiner with? This presentation will cover these questions and more, based on experiences as a defense forensic expert.
Countermeasures: Proactive Self-Defense Against Ubiquitous Surveillance - Lisa Shay, Greg Conti
- From governments fighting terrorists to companies hawking products to free online services where you are the product, it seems that everyone wants a piece of you and your personal information. This talk begins with the current state of our surveillance society and delves deeply into countermeasures you and society at large can employ to maintain and protect your right to privacy. Lisa and Greg will deconstruct a surveillance system and examine techniques for defeating or degrading each component. They'll cover technical countermeasures, but also present techniques for influencing policy, law, and the incentives underpinning surveillance activities. Left unconstrained, the problems of the emerging surveillance society will only get worse as more and more sensors and tracking applications invade the physical and digital worlds. You'll leave this talk with a clear understanding of how to protect yourself and with strategies to deflect the trajectory of our surveilled future.
Crimeware Tools and Techniques of 2012: Past, Present, and Future - Alexander Heid
- Much has evolved in the brief 24 months that have passed since the last presentation on this topic, which included a comprehensive overview of the Zeus and SpyEye trojans, popular exploits being used in the wild, and cash out methodologies of the digital crime actors at the time. Today, new digital currencies have emerged, vulnerabilities in popular crimeware kits have been made public, black market credit card trades have become automated, popular crime forums have been hacked and dumped, and the industry based around digital crime analysis and counterintelligence has grown exponentially. In spite of recent arrests of a few individuals, malicious actors are still numerous and able to keep ahead of the law by adapting to the changing environment and hardening their operations. This presentation will go over these developments, as well as the latest digital crime tools, techniques, and methodologies that are currently in use during the present day. The talk will also assess where the current trends will be heading in the future.
Cryptome Tracks the NYPD Ring of Steel - Deborah Natsios, John Young
- Cryptome's digital multimedia presentation of original cartography, animations, video, and architectural documentation will explore the urban implications of the NYPD One Police Plaza Security Plan - a.k.a. Ring of Steel - which locked down Lower Manhattan after 9/11, transforming its Civic Center into a threatscape centered on NYPD headquarters. With its militarized jurisdiction mobilizing through technologies of command, control, communications, intelligence, surveillance, and reconnaissance, the Ring of Steel has declared itself an iconic public space for our time.
DARPA Funding for Hackers, Hackerspaces, and Education: A Good Thing? - Mitch Altman, Psytek, Willow Brugh, Fiacre O'Duinn, Matt Joyce
- Mitch Altman caused a stir this spring when he publicly announced that he would not be helping U.S. Maker Faires this year, after it was publicly announced that they received funding from the Defense Advanced Research Projects Agency (DARPA). So, what's the controversy? DARPA, an agency of the U.S. military, has funded many famous projects over the past several decades, including GPS and the Internet. People in DARPA are now making large amounts of grant funding available for hackers and hackerspaces to do projects of their choice, as well as funding for education through hands-on learning, which MAKE Magazine is using to help schools. Does it matter that DARPA is responsible for the development of new technology for the U.S. military with an annual budget of $3.2 billion? What are the ethics of using funds from people or organizations that may or may not be aligned with one's own goals? What are the ramifications for the hacker/maker movement? Is DARPA funding overall a good thing? There is no simple answer. Explore the ethics and ramifications with Mitch, as moderator, and the panelists, as they give their perspectives on this complex set of issues.
Dead in a Pool of Blood and Millions of Dollars of Net Art - Jeremiah Johnson (Nullsleep), Don Miller (NO CARRIER)
- 0-Day Art is a warez group for art, focusing primarily on digitally represented works. The project was born in response to situations where takedown notices, pay walls, and practices of "taking it offline" threaten the distribution and availability of art online. 0-Day Art seeks to put net art back on the net. Using BitTorrent to package and distribute "art warez" within 24 hours of its initial availability, whenever possible, and social networks to quickly spread the word, the project has received attention from Today and Tomorrow, The Verge, GalleristNY, and ArtInfo, who referred to the project as, "the free-data pirates of the new media world." This is just the start. 0-Day Art exists at the intersection of art critique, hacktivism, and open culture, and manifests itself in many different ways. This talk will cover the history of 0-Day Art, as well as a brief history of "The Scene" (warez, demo, and art). Past projects, current projects and challenges, and the future of 0-Day Art will be discussed.
Declassifying Government and Undermining a Culture of Insecurity - Ivan Greenberg
- It is critically important to obtain and publicize declassified government intelligence documents in order to demystify official narratives of domestic security. Over the last decade, Ivan received about 60 FBI files by using the Freedom of Information Act and by initiating a lawsuit, while writing two books on civil liberties and surveillance. He will discuss his experiences getting government documents and show how new information about surveillance practices can help the American people make better informed judgments about how surveillance systems are developed and deployed. Is it possible for popular democratic participation in the operation of surveillance systems? Whose security is really at stake? How can we counter the creation of a top-down, official "culture of insecurity?"
Designing Free Hardware: Scratching Your Own Itch with a Soldering Iron - Matthew O'Gorman, Tim Heath (crashcart)
- So you have played with free and open-source software? Time for things to get real. Learn how to go from a simple idea like "I need some electronic dice" or "wouldn't it be insanely great if I could control my TV from my phone" to a simple breadboard prototype, on to a custom schematic and then laid out in PCB, sending your Gerber files to China for fabrication, and then carefully soldering it together to scream "it's alive" as your LED glows brightly for the first time.
Destroying Evidence Before It's Evidence - Hanni Fakhoury
- Covering your tracks out of fear of getting caught with your hands in the digital cookie jar can sometimes get you in more trouble than whatever crime the feds think you may have committed in the first place. This presentation identifies three specific scenarios where the act of trying to cover your digital footprints - oftentimes in innocuous and legal ways - can get you into trouble: the nebulous crime of "anticipatory obstruction of justice," which can cover something as mundane as deleting an email before you're even suspected of committing (let alone charged with) a crime; the ever-expanding Computer Fraud and Abuse Act, which has been stretched to cover things that are neither fraudulent nor abusive; and the potential problems with encryption. The presentation will conclude with some ways you can protect yourself that can help minimize claims that you obstructed justice.
Digital Security in Health Care Institutions - Jorge Cortell, Alvaro Gonzalez
- Health care institutions usually have a large number of digital devices, networks, and databases. Lots of data goes through them, but are you aware of how much data that is? And how secure is it? How easily can this data be captured? How easy is it to access those medical devices? Can this be done without being detected? After six years of involvement in health care IT projects, Jorge and Alvaro have some stories and details to share.
DKIM: You're Doing It Wrong - Quincy Robertson
- DomainKeys Identified Mail (DKIM) is the most effective, widely deployed email forgery countermeasure available today... if implemented correctly. Many of the world's largest and most trusted companies, including some of those driving the standard, have fatally flawed deployments. When the first standard for SMTP was published in 1982, the Internet was a much smaller and safer place. Ever since the first spammers, we've been trying to fix email with various hacks such as callout verification, forward confirmed reverse DNS, PGP, S/MIME, SPF, Sender ID, DomainKeys, DKIM, and an ever-changing collection of filters. All of them have serious flaws. This talk will cover several common mistakes made when deploying DKIM and how they can be exploited to achieve the holy grail of email forgery.
DUI/DWI Testing - A Hacker's View of the Technology and Process Behind the BAC and Standard Field Sobriety Test - WJ, Alex Muentz
- This talk will look behind the process, techniques, and technology (or lack thereof) used by law enforcement to identify suspected intoxication. What most people don't know is that there is little in the way of scientific process or technology that is used during the testing of intoxication. The process relies on a strategy of behavioral cues and coercion often geared towards leading an individual to admit wrongdoing. The technology and instruments used by law enforcement for determining sobriety has changed little over the years. Some of these technologies are inherently flawed or misleading. This presentation will take a closer look at the most common techniques and equipment including the Breathalyzer, Horizontal Gaze Nystagmus (HGN), and the instruction led Standardized Field Sobriety Test (SFST). There will be a discussion of how each of these processes works and an enumeration of potential flaws or tactics one should be aware of to ensure fair and unbiased treatment.
Electric Bodies and Possible Worlds - Jaime Magiera, Micha Cardenas, Cayden Mak
- Though there are many expensive, mainstream solutions for wearable computing, augmented/virtual reality, and alternate reality gaming, there is also a burgeoning community of DIY projects in these areas that focus on self-expression, empowerment, and community building. This panel will provide an overview of several important projects for wearable computing, augmented/virtual reality, and alternate reality gaming. In particular, the session will relate how these projects allow individuals to explore the many possible worlds and identities available to us.
The Emergence of Hacker as Artist and Artist as Hacker - Andrew Cameron Zahn, Katherine Bennett, William Cromar, Chris Thompson
- The new direction and emergence of hackers working like artists and artists working like hackers brings up a wealth of questions pertaining to these new mediums. How do the practices of "hackers" differ, if at all, from those of "artists?" Should we question when or how a hacker project falls between the lines of art, design, or hacking? The panel will discuss how their work bridges the gap between hacking, new media, and art. Their skills and interests vary quite a lot, but they all use technology to make a statement.
Exploiting ZigBee and the Internet of Things - Travis Goodspeed
- Now that ZigBee is finally appearing in the wild, Travis will take a look back at all the nifty ways of exploiting it. (ZigBee is a low-cost, low-power, wireless mesh network standard.) This fast-paced lecture features as many practical, real-world exploits as can fit in the time slot. Learn how to extract firmware from a locked Freescale MC13224 by grounding pin 133, how to extract keys from a Chipcon CC2530 by erasing it first, and how to hijack control of other radios with a few hypodermic syringes. You'll also learn how Certicom's proprietary crypto library caused multiple ZigBee Smart Energy Profile stacks to remotely expose private ECC keys and why none of this matters because cleartext traffic is easily found in most major cities.
Explosive Steganography - Eric Davisson (XlogicX) (YouTube)
- Encryption makes information secret, steganography hides the information in plain sight. We fancy hiding it in a "pile" that most people would avoid. This talk explores hiding steganography in mediums such as archive exploders, file carving exploders, and virus files. There will be a release of the open-source tools eZIPlode/asour, magicbomb/-asour and hivasour/hivsneeze.
- Tools and Presentation
Geeks and Depression - Robin DeBates, Mitch Altman, Meredith L. Patterson, Jimmie Rodgers, Daravinne
- Many of us in the geek community suffer greatly from serious depression. Enough so that several notable hackers have committed suicide over the past couple of years, including the 22-year-old co-founder of Diaspora. Moderated by Robin, a professional geek therapist, the panelists in this session will share their personal histories with depression in hopes of showing that none of us in the geek world need to be isolated with our feelings of being alone, depressed, or suicidal. Is it O.K. to talk about depression and suicide in the hacker community? This panel thinks it is important to make it so.
Hackers and Media Hype or Big Hacks That Never Really Happened - Space Rogue (YouTube)
- Media will often report "hacks" that either never actually happened or have extremely flimsy evidence. They then become major news stories through media hype while the reality is seldom reported at the same level. This talk will closely examine several instances of such stories and compare the hype with the reality. Examples will include Kevin Mitnick's compromise of NORAD, the use of steganography by al Qaeda, the electrical blackout in Brazil, the failure of a water pump in Illinois, and others. Close attention will be paid to the media's role in presenting these stories and how they morphed from purely circumstantial to quoted facts. The structure of a hyped story will be examined so that it can be easily identified and methods of combating the hype will be discussed.
Hacking Mindsets: Conceptual Approaches to Transmission Art, Improvisation, Circuitbending, and Gaming Technology - Tamara Yadao, Nicole Carroll, Joshua Kopstein
- In Richard Stallman's "On Hacking" from 2000, he addresses the stigma attached to the notion of "hacker," while clarifying the act of hacking as a creative mindset that encourages playful/clever exploration of established cultural forms, from eating utensils to practical jokes, as opposed to methods for security breach. Beyond the more obvious examples of hacking, Stallman applies this mindset to two specific music compositions: "Ma Fin Est Mon Commencement" by 14th century French composer Guillaume de Machaut and "4'33" by 20th century American avant-garde composer John Cage. The former is a palindromic music composition important to the development of polyphonic music and the latter is a composition written without musical notes. By referring to these two innovations as hacks more then music compositions, Stallman makes a cultural connection between hackers and artists - that hacking is innately creative. This presentation/demonstration will examine the notion of hacking and its connections to composer John Cage, music improvisation, and re-purposed instrumentation including radios and transmitters as instruments, circuitbent instruments, and the DIY aspect of software and hardware instruments in the demo and chip music scenes.
Hacking the Cosmos via Crowdsourced Particle Astronomy - Ray H. O'Neal, Jr.
- The Cosmic Cube is a proposed "desktop" astroparticle or cosmic ray detector enabling ad-hoc formation of cosmic ray telescopes between cube operators. The speaker will address the use of peer-to-peer networks of detectors for investigating the nature of the flux of high energy cosmic rays and how the random nature of detection events might also be applied to information security.
Hacking the Spaces - Johannes Grenzfurthner, Sean Bonner
- In 2009, Johannes and Frank Apunkt Schneider published their critical pamphlet "Hacking the Spaces," causing a shitstorm in forums and mailing lists. The publication of the text on BoingBoing was even called a "PR disaster for the hackerspaces movement" by various members of the scene. Three years later, the discussion is still raging. Are hackerspaces the inclusionist paradises that their members want them to be, or are they just White middle-class boys' clubs generating nothing more than a few more streamlined members of "Generation Self-Exploitation?" This talk is an invitation to look at the debate and analyze its potential and drama. We promise dramatic potential and the potentially dramatic!
Hack the Law - Brendan O'Connor
- Recent bills such as ACTA, COICA, and SOPA in legislatures worldwide demonstrate that there exists a fundamental disconnect between hackers and politicians. Worse, the people charged with dealing with law on the ground, the lawyers, rarely have any significant technical background obtained within the last few decades. This must change. It's all well and good to write your congressperson or donate to the EFF, but it's not enough; we need hackers to go to law school. Lawyers - whether they work as attorneys, or bring their knowledge of the law back to other fields - are uniquely situated to effect direct change on politics, social issues, and the law on the ground (where they arrest poor hackers) and, unlike many fields, it's not enough to be self-taught. This presentation will focus on the utility of the hacking ethos within the law, as well as the "law school experience," technical bits about actually getting in, and how to keep yourself from going nuts while spending three years surrounded by those who can't tell their megabytes from their overbites (and are terrified by Wireshark, let alone the more subtle tools in existence). Expect stories, humorous anecdotes, and terrifying lapses in judgment.
Hacktivism, Tools, and the Arab Spring - Peter Fein, Meredith L. Patterson, The Doctor
- During the Arab Spring of 2011, agents of Telecomix, members of Anonymous, and a multitude of independent hackers took direct action to aid dissidents by helping to circumvent censorship, disseminating photographs and video footage of violence against peaceful protesters, redeploying dialup modem pools, and using DNS hijacking to warn people of online surveillance. During this time, some interesting discoveries were made by Telecomix, namely, man in the middle attacks with forged SSL certificates and the installation of deep packet inspection hardware in the networks of a number of Syrian ISPs for the purpose of Internet censorship. The activists used logs from Blue Coat web gateway devices to reverse engineer the rulesets Syrian authorities were using, so as to better advise protesters on methods of evasion. Telecomix was also instrumental in tracing where the Blue Coat DPI devices were sourced from and how they were delivered to Syria in violation of United States export regulations. The presenters (all agents of Telecomix) were among those active during the Arab Spring, and will discuss what surveillance measures they encountered, some of the threats against protesters in Syria and Egypt, and how strategies for supporting protesters evolved in response to the changing situation on the ground.
HIDIOUS Methods of Keystroke Injection - JP Dunning
- It's amazing what can be accomplished with just a few keystrokes. Changing user passwords, formatting disks, and scanning a network are each one command away in most modern operating systems. What if you had two minutes of access on a system? Is this enough time to accomplish information gathering or exploitation on even the most hardened system? It just might be. Through a combination of software and hardware, hundreds of keystrokes a minute can be flawlessly injected into any computer to gain control of system resources. The HIDIOUS (HID Injection Over USB Suite) allows for easy configuration of keyboard/mouse injection attacks through USB.
Historic Hacks in Portable Computing - Bill Degnan, Evan Koblentz
- "Portable" computing began with handheld calculating aides such as the abacus and slide rule, continued in the 1950s with mainframes mounted inside Army trucks, and emerged in suitcases, briefcases, and even pockets in the 1970s. All throughout this rich history, there were clever, funny, and security-themed hacks involved. In some cases, there were hacks needed just to construct the systems, and in others there were hacks in system usage. This talk will explain a dozen examples from which modern hackers can learn.
Hosting irc.2600.net - My Life with the Thrill Kill Cult - Andrew Strutt (r0d3nt)
- An overview of the history of 2600net for at least the last ten years. This talk will cover 2600net infrastructure and policies, why it is the way it is, along with how to communicate securely and build trust with users and friends. Who are the hosts and operators? Meet the crew! What other communities are around $2600 and the IRC network? How can you get involved? Special attention will be given to DDoSes, LulzSec, Anonymous, th3j35t3r syndrome, and all sorts of other challenges. Expect other staffers and channel operators to stop in for this talk.
How to Communicate with Your Car's Network - Robert Leale
- Modern vehicles are essentially mobile computers and controller networks. On average, there are around ten embedded controllers in a vehicle. These controllers are responsible for running the engine, locking and unlocking the vehicle, sounding the horn, and much, much more. These networks are very different from current computer networks. This talk will help you understand how to get started, what information is on the vehicle network, and how you can use this data to get information from and send commands to these controllers. Additionally, this talk will list the current tools available for communicating with vehicles and how to interpret the communications between the controllers.
How to Retrofit the First Law of Robotics - Eben Moglen
- We live with robots now, as we always knew we would. But they have no hands or feet. We carry them in our pockets. They see what we see. They hear what we hear. They always know where we are. But they do not work for us, and they are not programmed to obey the First Law. Profit made them, profit runs them, and they hurt us every day. Free Software can retrofit the First Law of Robotics into the robots we call cell phones, but those who control the robots don't want freedom inside. That's where we come in. This talk will discuss how.
ICANN's New gTLD Program: Implications on Security, Stability, and Governance - Alexander Urbelis
- The Internet is about to rapidly expand. Through ICANN's new Generic Top Level Domain (gTLD) program - for the first time ever - individual entities can customize the space to the right of the dot. While currently only 22 gTLDs exist (e.g., .com, .net, .org, etc.), on June 13, ICANN announced that it had received an unexpected 1,930 applications for new gTLDs, ranging from applications for .AARP to .ZULU. This talk will examine the security and stability concerns that arise from the rapid expansion of the Internet's root zone. Also included will be the current state of the new gTLD program, the security issues that plagued the application process in April, and how this new model of gTLD ownership (with large swaths of Internet real estate in the hands of private entities) will change our current model of Internet governance.
I'm Not a Real Friend, But I Play One on the Internet - Tim Hwang
- This talk examines the topic of socialbots - realistic, automated bot identities online that are optimized to reliably elicit certain types of social behaviors in groups of users on platforms like Facebook and Twitter. Deployed en masse, large swarms of these bots are able to subtly (and not-so-subtly) shape the ways in which communities grow, connect, and behave on these platforms. Insofar as people increasingly come to rely on these networks into the future, the bots hold the promise (and threat) of shaping not only the social universe of opinions and influence, but real world coordination and action among people as well. Ultimately, this talk will conclude by discussing how these bots suggest the evolution of classic social engineering into a broader social hacking - which approaches human networks as if they were computer networks and applies similar principles for their compromise and defense against the social influence of third parties.
Information Distribution in the Arab Spring - No Hacks Required - Griffin Boyce
- From pirate radio, livestreaming, and video-sharing apps, to asynchronous mesh networks, Bluetooth, SMS/MMS, i2p, and Tor hidden services, the ways that activists in the Middle East and North Africa get critical information out are far more varied than most people know. With so much attention given to leaks recently, it's easy to perceive the "liberation" of information as involving major hacks of critical systems. But reality is, as always, much more complex and interesting. This talk will show just how distribution channels in the Middle East are created and maintained, and the positive impacts they can have.
Infrastructure Mediated Sensing of Whole-Home Human Activity - John McNabb
- Devices are being developed to monitor what you do in your home. Even without Orwell's telescreen (which is under development), there is a lot of information that can be collected about your Activities of Daily Life. The beneficial goals of these devices include promoting positive things like water conservation, helping people improve their personal health, and monitoring people in assisted living environments. This talk will describe the technology of the devices used to collect and transmit this data, and discuss some of the social, ethical, political, economic, privacy, and legal issues raised. What could go wrong? Could these systems be used by governments to micromanage personal behavior? Could employers use these systems to regulate employees' off-duty behavior? Could such data be used to convict people in court? Could this data be stolen, abused, or falsified? The answer for each of these questions is "yes."
The Internet is for Porn! How High Heels and Fishnet Have Driven Internet Innovation and Information Security - Chris Kubecka
- A dark and seedy journey to explain the real driver behind Internet innovation: porn. How an economy built on the ultimate satisfaction just a click away has driven technological advances. Racy browsing habits involving our innermost secrets, vulnerable parties, and criminal syndicates have driven malicious code and subsequent security advances. Broad ranging censorship involving much more than pornography has been the end result in attempts to reign in such "unhealthy" habits by well-intentioned governments and organizations. This talk will include a timeline of pornography on the Internet, related security threats, an overview of industry economics (legal and illegal), and related censorship. Audience discussion and participation is welcome, but please, no BYOP.
IPv6 Now! What Does This Mean? - Joe Klein
- On June 6th, World IPv6 Launch Day occurred, another step in the replacement of the aging IPv4 Internet. Adoption of IPv6 as of June 17th is 6.9 percent in Romania, 4.5 percent in France, 1.4 percent in Japan, 1 percent in the United States, 0.58 percent in China, and 0.28 percent in Russia. This is up from less than 0.006 percent within the past two years. This presentation will answer the questions: "What is the risk of adopting IPv6?", "What is the risk of not adopting IPv6?", and "What are the new opportunities for hackers?"
Jason Scott's Strange and Wonderful Digital History Argosy - Jason Scott (Jason Sadofsky)
- With a few small seeds of facts, digital and computer historian Jason Scott will draw together a multi-medium presentation of events, terms, facts, and references to set you off on a journey of learning for the rest of the year. Combining material from his three in-production documentaries and years of research, attendees will be given the threads that pull massive airships of knowledge out of the sky and into your minds. Formal attire welcome but not mandatory - participation encouraged - paradigms blown - mysteries solved.
William Binney Keynote - William Binney
- Friday keynote address.
The Yes Men Keynote - The Yes Men (Mike Bonanno and Andy Bichlbaum)
- Saturday keynote address.
"Kill The Internet" - MemeFactory (Mike Rugnetta, Stephen Bruckert, Patrick Davison)
- As grassroots Internet culture grows and flourishes, pushing out into international mainstream recognition, top-down cultural models are threatened and fight back, while governments attempt to quash and chill dissent empowered and organized by the Internet. How are people from the Internet fighting back? What does that even mean? And will it be enough?
- MemeFactory is three guys that give tightly rehearsed performative lectures about Internet culture. Their talks document, explore, and critique the emerging culture of the Internet in a visually-focused, fast-paced style that mimics the experience of having ten browser windows open while talking on the phone and watching a YouTube video.
Legal Processes as Infrastructure Attacks - Alex Muentz
- Law enforcement and lawmakers have been showing much more of an interest in regulating the Internet. The hacker community needs to understand how certain legal methods work like IT infrastructure attacks. This talk will explain legal processes such as subpoenas, search warrants, and e-discovery as IT infrastructure attacks, as well as how to talk to lawyers. This is an evolving topic as the environment has been constantly changing and, of course, has become more complicated. Also included: a discussion on the recent Megaupload and other domain seizures, forced IP and search engine blocking, and a question and answer session on related matters.
Lightning Talks - Various Speakers
- A dozen talks over two days, each around five minutes in length. These were presented after the Friday and Saturday keynote addresses
Make Your Laws: Practical Liquid Democracy - Sai
- This talk will include background on the concepts of direct, representative, and liquid democracies; the tradeoffs inherent in different types of government; interesting problems for online voting and policy authorship; examples of similar systems in different countries; discussion of some legal context (e.g. electronic signatures and the democratized use of Super PACs); a practical road map to gaining full control over your legislature; and Q&A. Make Your Laws (makeyourlaws.org) is an open-source, nonprofit, practical project that aims to replace all existing legislatures with online liquid democracies. The aim is simple: to let you make your laws.
Manufacturing Modern Computer Chips - QueueTard
- Modern computer chips are using transistors with features as small as 22nm. They are produced in factories that are 10,000 times cleaner than an operating room that can think like Skynet. Combined, the chips they produce run everything from your cell phone to the Internet itself. While outsiders might see it as the realm of multi-billion dollar corporations, in reality, it has been achieved through a hardcore application of the hacker mindset. Each new advancement involves hacking the theories of electrical engineering, hacking waves of light, and sometimes hacking physics. This talk will go over how and why the design of a modern nanoscale transistor was developed, as well as discuss the processes used to build them, and the incredible equipment that makes it all possible. Plus some fun stories about what goes wrong.
Mastering Master-Keyed Systems - Deviant Ollam, Babak Javadi
- The world of locks is one in which, so very often, things old become new again. Master-keyed lock systems fall into this category. For years now, many people have shared advice and stories regarding methods of attacking master-keyed systems. This year, at HOPE Number 9, The Open Organisation Of Lockpickers will be running a contest in which attendees may attempt to decode a master-keyed system during the weekend. If you stop by this presentation, you'll be a few steps ahead of everyone else who is attempting this interesting and different lock picking game at HOPE Number 9 - and you'll learn about how master-keyed systems are often vulnerable to many surreptitious attacks.
Messing with Nmap Through Smoke and Mirrors - Dan Petro (AltF4)
- Reconnaissance on a network has been an attacker's game for far too long. Where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature-based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret documents. Why make it so easy? This talk will explore how to prevent network reconnaissance by using honeyd to flood your network with low-fidelity honeypots. Dan will then discuss how this lets us constrain the problem of detecting reconnaissance such that a machine learning algorithm can be effectively applied. (No signatures!) Some important additions to honeyd will also be discussed along with a live demonstration of Nova, a free software tool for doing all of the above.
"No Natural Resources Were Hurt Assembling This Sofa" - Per Sjoborg
- This talk is an introduction and overview of a new and exciting field in robotics called Self-Reconfiguring Modular Robotics (SRCMR). SRCMR is basically about modules, like LEGO pieces, that can assemble themselves into anything you want (self-reconfigure). You will hear how this makes a prosperous, growing, and environmentally friendly world accessible for all of us. This is possible because the stuff you need is assembled from the same modules, again and again, using no resources other than small amounts of energy. This drastically reduces the resources we use, and de-couples growth and environmental problems. Because the modules are programmable, SRCMR will also make the world completely hackable, introducing many interesting opportunities and challenges.
Nymwars: Fighting for Anonymity and Pseudonymity on the Internet - Eva Galperin
- The last year has seen an Internet-wide debate over real names, pseudonyms, and anonymity online, especially on social networks and in the comment sections of blogs and newspapers. Facebook has required users to use their real names from the very beginning and newspapers have increasingly embraced the same requirement for commenting on their websites. Proponents of real name policies cite increased civility and quality of content. But pseudonymity and anonymity have a long history in public discourse, and they are essential for privacy and speaking truth to power. This talk will examine the debate over anonymity and pseudonymity online, with a focus on Facebook and the Arab Spring, and Google Plus and Nymwars.
Occupy the Airwaves: Tools to Empower Community Radio Stations - Maggie Avener, Ana Martina
- The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations. Prometheus builds, supports, and advocates for community radio stations which empower participatory community voices and movements for social change. They are currently creating a number of tools to support community groups as they prepare for an upcoming once-in-a-lifetime chance to apply for low power radio licenses. RadioSpark is an online hub where applicants, engineers, lawyers, and other supporters can exchange knowledge and plan together. RFree is free and open-source software that applicants can use to find available channels and prepare their FCC applications.
Old-School Phreaking - Cheshire Catalyst, John Draper, Tom Santa Monica
- Members of the old-school will regale the assembled throngs with tales of "The Golden Age of Phone Phreaking." Those were the days of in-band signaling when anyone who could put out a tone of 2600 hertz could control the "Long Lines" network.
The Open Secure Telephony Network - Lee Azzarello, Mark Belinsky
- All of the necessary technologies and communications standards exist today for voice communications that are as secure as OpenPGP email. Both proprietary and open-source solutions exist for desktop and mobile devices that implement the necessary bits to provide a solution without dependence upon one global service provider. ostel.me provides both a service and an application for the Android OS that is only marginally more complex to use than dialing an existing phone number, while still based entirely on open standards like SIP and ZRTP. The app is experimental and is based on existing open-source client code provided by the CSipSimple, pjsip, and zrtp4pj projects.
The Original WWII Hackers - George Keller
- A look at some of the history of code breakers in the second World War. Bletchley Park in the United Kingdom was the home of the original WWII "hackers" and George will describe what goes on there today, as well as what Navy cryptologists managed to achieve during the war.
Patents: How to Get Them and How to Beat Them - Ed Ryan
- Patents are a distasteful reality for hackers, open-source programmers, and entrepreneurs alike. This talk aims to provide a working knowledge of how to read a patent, what is required to obtain patent protection, and how to defend yourself against patent lawsuits. This talk is an academic discussion of patent law and should not be construed as legal advice.
Phone Phreak Confidential: The Backstory of the History of Phone Phreaking - Phil Lapsley
- Five years in the making, Phil has finally finished Phone Phreaks, his book on the history of phone phreaking from the 1950s to the 1980s. In this talk, he will weave together the evolution of phone phreaking with the backstory of the writing of his book. From giving John "Cap'n Crunch" Draper a piggyback ride around his apartment in order to secure an interview, to cleaning out Joybubbles's apartment after his untimely demise, Phil's research took him through the maze of twisty little passages that wind through the history of this underground hobby. Some of the characters you'll meet include the phone phreak CEO of an electronic warfare company, a cell of Stony Brook students busted for blue boxing, and the mysterious and cantankerous head of the International Society of Telephone Enthusiasts. You'll also get a behind the scenes tour of the NSA and FBI's phone phreak files and the 400 Freedom of Information Act requests necessary to get them into the light of day.
Practical Insecurity in Encrypted Radio - Sandy Clark, Matt Blaze, Perry Metzger
- APCO Project 25 ("P25") is a suite of wireless communications protocols used in the United States and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This talk analyzes the security of P25 systems against passive and active adversaries. The panel found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. They found new "selective subframe jamming" attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. And, more significantly, they found that even passive attacks represent a serious immediate threat. In an over-the-air analysis conducted over a two year period in several U.S. metropolitan areas, they found that a significant fraction of the "encrypted" P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear - in spite of their users' belief that they are encrypted - and often reveals such sensitive data as the names of informants in criminal investigations.
- Aside from being important practical vulnerabilities in their own right, the problems in P25 secure radio represent an example of a class of problem that the security and cryptography community has largely ignored. Radio protocols typically do not fit the negotiated two-way communication model under which most security protocols are designed (and to which our community devotes most of its attention). One-way protocols, like P25, in which there is no negotiation or exchange between the transmitter and the receiver are actually rather unusual, and relatively little is known (or written in the literature) about robust design principles for them. In this talk, new approaches to protocol design will be suggested that might allow us to do better.
Printable Electronics and the Future of Open-Hardware - John Sarik
- Many open-hardware projects use Integrated Circuits (ICs), but these ICs are literal black boxes because the manufacturers do not provide the silicon source code. There's also no way for makers to cost effectively modify and recompile this source code to fabricate custom ICs. But there is hope! Printable electronics based on novel materials and low-cost fabrication techniques have the potential to enable open-hardware at a whole new level. This talk will provide an overview of current printable electronics technology and discuss the issues that will arise as open-hardware moves beyond silicon. What happens to open-hardware when you can download and print an entire electronics project? How can we ensure that the materials used are open, widely available, and safe? How can we make IC design accessible to non-engineers? What should a Thingiverse for printable electronics look like? What are the legal issues surrounding printable electronics?
Privacy - A Postmortem (or Cell Phones, GPS, Drones, Persistent Dataveillance, Big Data, Smart Cameras and Facial Recognition, The Internet of Things, and Government Data Centers Vacuuming Google and Facebook, Oh My!) - Steven Rambam (Steve Rombom)
- With a few keystrokes, it is now possible for an investigator to determine a target's location, activities, finances, sexual orientation, religion, politics, habits, hobbies, friends, family, their entire personal and professional histories... even accurately predict what they will do and where they will go in the future. Without leaving the office, a government agent can surveil a subject and "watch" their activities 24/7/365: where they drive, when they walk down the street, if they attend a church or synagogue or mosque or a demonstration or visit an abortion clinic or a "known criminal activity location" or meet with a "targeted person" or a disliked political activist. There is no longer any place to hide.
- Since the very first HOPE conference, private investigator extraordinaire Steven Rambam's lectures on privacy have kept attendees ten years ahead of the curve regarding surveillance technologies, investigative techniques, and the assaults upon personal privacy by government's Big Brothers and private industry's even bigger Big Sisters. His lectures described cell phone "pinging" eight years before it was used by the FBI and "Google Glasses" four years before they were announced. The past two years have seen the largest expansion of surveillance technologies ever and, in a wide ranging three hour lecture packed as always with dozens of real-world examples and case studies, Steven will provide a terrifying update on our absolute loss of privacy. His lecture is not for the weak of heart - or for those afraid of drones.
- Part 2
Privacy by Design - a Dream for a Telecommunications Provider That Uses Strong Cryptography to Ensure Your Privacy - Nick Merrill
- This is a talk about launching a nonprofit organization that has some unique and disruptive ideas which challenge some of the basic assumptions about how modern communications systems work and that have the potential to transform the telecommunications and ISP industries with regards to privacy and freedom of expression. The seemingly dueling concerns of cybersecurity and privacy can both be addressed to some degree by the promotion of ubiquitous and opportunistic encryption, which would allow for an important political consensus between parties interested in either of those two issues. This topic and content is relevant to the hacker community and to HOPE attendees because of the implications of dragnet surveillance that has become commonplace in recent years, fueled in part by advances in technology and due to a shift towards more and more communication happening in the digital domain.
Privacy Tricks for Activist Web Developers - Micah Lee
- Do you care about the privacy of your website's visitors, but also depend on social media to get your message out? Do you want to protect your visitors' anonymity in case you or a third-party service you use gets subpoenaed? Do you want to be able to get meaningful and pretty analytics without third-parties tracking your visitors? Can some kid in a coffee shop really hijack your users' accounts that easily? Chances are Google, Facebook, and Twitter know as much about your website's visitors as you do, IP addresses and user agents are sprinkled about your server's filesystem, Google Analytics is watching everyone's every move, and some kid in a coffee shop is already pwning your users. But it doesn't have to be this way! This technical talk will cover tricks that web developers and sysadmins can use to minimize the privacy problems that plague the modern web.
Project Byzantium: An Ad-Hoc Wireless Mesh Network for the Zombie Apocalypse - The Doctor, Haxwithaxe, Sitwon
- Project Byzantium (a working group of HacDC) is proud to announce the release of Byzantium Linux, a live distribution which makes it fast and easy to build ad-hoc wireless mesh networks. Due to the actions of certain governments (such as those of Egypt, Tunisia, and Syria), alternative data networks are becoming more and more important as a means to communicate, organize, and coordinate. Project Byzantium aims to help support (and in some cases, replace) damaged or compromised Internet infrastructure and services with commodity WiFi-enabled equipment and a flexible, improvisable architecture. The presenters will discuss some of the engineering challenges faced and solutions that were developed to overcome them, including automatic network configuration and interaction with mobile clients that have limited capabilities.
Protecting Your Data from the Cops - Marcia Hofmann
- What should you do if the police show up at your door to seize your computer? If they ask for passwords or passphrases, do you have to turn them over? Can they search your phone if they arrest you during a protest? What about when you're crossing the border? Your computer, phone, and other digital devices hold vast amounts of sensitive data that's worth protecting from prying eyes - including the government's. The Constitution protects you from unreasonable government searches and seizures, but how does this work in the real world? This talk with help you understand your rights when officers try to search the data stored on your digital devices, or keep it for further examination somewhere else. The constitutional protections that you have in these situations, and what their limits are will be discussed, along with technical measures you can take to protect the data on your devices.
Pwn the Drones: A Survey of UAV Hacks and Exploits - Trevor Timm, Parker Higgins
- Drones are no longer a scary possible future of surveillance and remote force - they're here. Internationally, drones are being deployed for military action and observation. At home, police departments, border patrols, and others are acquiring UAVs and developing programs to fly them; there's even talk about adding "less lethal" arms to these domestic drones. Think TASERs and rubber bullets shot from the sky. But a series of alarming events over the past few years have demonstrated that many of these unmanned vehicles are dangerously vulnerable to exploits, leading to intercepted data, flight failures, and even remote takeovers. In this talk, Parker and Trevor will explain the privacy and security implications of some of the most sensational drone exploits and the weaknesses that enabled them. They'll also go over the work of communities and individuals that have been hacking drones from scratch, and what their efforts mean for our future understanding and regulation of drones.
Real Advances in Android Malware - Jimmy Shah
- Attackers are starting to move on from simple attacks, mainly because users are beginning to figure out that the free adult entertainment or chat app shouldn't be sending SMS messages to expensive numbers. They're leveraging techniques from PC malware like server-side polymorphism, vulnerability exploits, botnets and network updates, and preemptive/direct attacks against security software. It's not all that bad. Attackers aren't going out of their way to discover their own vulnerabilities or writing their own exploits. They're happy to re-purpose the work done by legitimate developers, security researchers, and the rooting community. If the malware has gotten trickier, what are those tricks? A look at portions of code and how earlier research is adapted by attackers.
Recent Advances in Single Packet Authorization - Michael Rash
- Single Packet Authorization (SPA) is a security technology whereby vulnerable services are protected behind a default-drop packet filter and temporary client access is granted via passive means. This talk will present recent advances in the open source "fwknop" SPA project, including clients for Android and the iPhone, support for the PF firewall on OpenBSD, the ability to seamlessly integrate SPA into cloud computing environments with the new FORCE_NAT mode, and deploying fwknop on embedded systems with limited computing resources. In addition, some discussion will be devoted to other SPA implementations and the various tradeoffs that must be made by any project that provides either port knocking or SPA functionality.
Re-wired: Hacking the Auditory Experience - Amelia Marzec
- Re-wired is a wearable device that translates ambient sound into haptic feedback using bone conduction technology. Amelia began the project when she lost hearing in one ear. She was inspired by her new experience of sound that combined tympanic hearing and vibrational resonance. Amelia began experimenting with less invasive methods for augmenting hearing, using vibration instead of surgery and implants. Re-wired considers the possibility of empowering patients to place their care into their own hands by building simple devices to take care of simple problems. This will be a participatory talk on DIY medical technology, including our comfort level with augmenting our own bodies.
SCADA/PLC Exploitation and Disclosure - Tiffany Rad, Teague Newman, Mike Murray
- Last year, a few groups of independent security researchers disclosed significant vulnerabilities in SCADA systems and PLCs. This panel brings together these security researchers to discuss their findings, initial goals for doing the research, disclosure processes, and difficulties and surprises encountered. These researchers, independently and without corporate or "nation state" funding, decimated the popular belief that "security via obscurity" works to protect critical infrastructure.
Sierra Zulu. Or How to Create a Feature Film About the Digital Age - and Why That's Pretty Hard - Johannes Grenzfurthner
- Movies are exciting. Things crash and burn. Bolts and fists fly. There are bangs and kabooms. People go to the cinemas in order to experience new worlds. But cinema is about to lose its prime source of narrative, having so far tethered to physical action that can be filmed. Cinema needs tempo. It needs speed. The "movement-image" (Gilles Deleuze) depends on physical action onto which the cameras can point. Yet, in contrast, the real world of non-cinema is losing physical action day by day. It is a time of abstract, optically unpresentable processes in networks and data systems. This regress of visual displayability is rather daft. Cinema has lived well on it for more than a hundred years. It's easy to create a feature film about a bank robbery, but that's anachronistic. Some of the most important crimes exist as electronic money movements between international stock exchanges. Hollywood cinema, on the other hand, still hasn't evolved beyond anything better than banal sequences straight out of an Errol Flynn movie. How can we accurately portray the stories of our (new) world? All those dramas and comedies? All those crimes and stories? The people at monochrom are working on a feature film called Sierra Zulu. This talk will discuss their challenges and hopes - and why they think you can help.
The Smartphone Penetration Testing Framework - Georgia Weidman
- As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. This talk will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. You will also learn how to use the framework through a command line console, a graphical user interface, and a smartphone-based app. Demonstrations of the framework assessing multiple smartphone platforms will be shown.
Social Engineering - Emmanuel Golddigger and friends
- Since the very first HOPE conference in 1994, the social engineering panel has been a huge draw. We basically round up a bunch of people who like to play on the phone, tell some stories, and make live calls to strangers who wind up telling us things they really shouldn't in front of a huge crowd of people who are trying very hard not to make any noise. It's all a lesson on how insecure information really is, and how you can avoid making the same mistakes that some unsuspecting person someplace will inevitably make when this panel randomly calls them.
Solving More Than #firstworldproblems - Johnny Diggz, Willow Brugh
- For the past two years, Geeks Without Bounds has been using technology to assist people in times of crisis and helping to build better tools to empower people to help themselves. Whether organizing Random Hacks of Kindness events, teaching app developers about data security, or helping humanitarian organizations engage with hacker communities, they've been bridging the chasm between technology and aid organizations. Johnny and Willow will present some real world challenges that have bubbled up to the surface and show how you can help us all solve more than #firstworldproblems.
Spy Improv: Reality Unfiltered - Robert Steele
- Several HOPEs ago, Robert Steele started doing separate Q&A sessions using his knowledge as a former spy, pioneer of open source intelligence, advocate of multinational sense-making, and #1 Amazon reviewer for nonfiction. At The Next HOPE (2010), with help from those who stayed with him, he set what may be the world record for Q&A, eight hours and one minute, from midnight Saturday to 0801 Sunday. This year will be strictly limited to two hours in open session, but the possibility of a roundtable thereafter will remain open. All questions welcome.
The State of HTTPS - Adam Langley
- Over the past couple of years, a flurry of developments and events have been happening in the world of HTTPS: from BEAST to HSTS to public key pinning and mixed scripting. Some of these are of abstract interest to technical users, and some require action on the part of webmasters. This talk will cover the broad brush strokes of these developments with a focus on how webmasters can take advantage of them and how to avoid silly configuration mistakes. In the latter part of the talk, a few expected future developments will be covered.
The State of Open Source Hardware - Dustyn Roberts, Catarina Mota
- In the last few years, open source hardware went from an obscure hobby to a burgeoning movement built on values and practices derived from open source software, hacker culture, and craft traditions. This increase is visible in the exponential growth of the community of developers and users, the increase in the number and revenue of open source hardware businesses, and the emergence of a large number of new DIY gadgets and machinery - from 3D printers and microcontrollers to soft circuits and tech crafts. The accessibility of hardware plans, along with the communities and collaborative practices that surround them, is lowering the barrier to entry and encouraging people of all ages and walks of life to create, hack, and re-purpose hardware. Taken together, hackerspaces, the increasing accessibility of digital fabricators, and these open and collaborative practices are leading to an explosion of creativity and innovation reminiscent of the golden years of the Homebrew Computer Club. This panel will go over the defining events of the last few years to draw a snapshot of the current state of the open source hardware movement and the impact it's having in hacker culture and beyond. Also included in the discussion will be the Open Hardware Summit: the world's first comprehensive conference on open hardware, and how it will serve as a venue to discuss and draw attention to the rapidly growing open source hardware movement.
Taking a Bite Out of Logs with Sagan - Da Beave (Champ Clark III)
- In protecting today's network infrastructures, organizations have a lot of shiny tools at their disposal. Firewalls, intrusion detection/prevention systems, network-based ACLs, two factor authentication, and much more. While these are great tools for detection and prevention of network intrusions, system and network logs are often overlooked. This talk will discuss using a fairly new open source (GNU/GPLv2) utility known as "Sagan" for real-time log analysis.
Technology to Change Society: What Not to Do - Chris Anderson, Gus Andrews, Matt Curinga, Christina Dunbar-Hester
- Many of us in the hacker/maker communities have a powerful desire to change society by sharing the technologies we're passionate about with those around us. We're convinced that our way of thinking can lead people to liberation, empowerment, and better lives. But it doesn't always work the way we hope. While some technologies support change in certain situations - Twitter and mobile devices in the Middle East and Africa, the printing press and democracy - history is littered with failed technology-driven plans to change the world. This is where programmers can take a page from social research and history. There is not, in fact, consensus in the research that "technology teaches itself" or "code is law." Society is a complex system (people are complex systems!) and overly simplistic beliefs that technology has one universal kind of impact on its users can doom well-intentioned efforts to help others use technology. What do we need to know about society and how technology changes it in order to be successful?
- In this panel, Gus will share some basic rules from research on education, political movements, and social change which everyone who wants to write code to change the world should know. Christina will share cases of activist technical interventions that illustrate the complexity of success or failure, and how inseparable social and technical elements can be. Chris will do a postmortem of some past projects to change journalism with technology, including the Independent Media Center, discussing their successes and failures. And Matt will talk about his work to develop a degree in open technology and education at Adelphi University: what he's doing to convince administrators that FOSS technology is important enough to merit its own program, what challenges he faces in talking to educators, and the things in his plan of study which he thinks are most important for politically conscious tech developers to know.
Testing the Two Party Tyranny and Open Source Everything: The Battle for the Soul of the Republic - Robert Steele
- Robert was the opening speaker at the first Hackers On Planet Earth conference in 1994 and he's been back every time since then. In this talk, he will speak about his six week formal campaign as a Reform Party candidate for the presidency in 2012. He communicated with every presidential candidate less Romney and Obama, and will outline what he learned about "the system," the personalities running for President, and several specific recommendations he has made to the Occupy movement and others about how to reboot the Republic. His campaign website remains live at bigbatusa.org.
Twitter Revolution Meets Surveillance State: Now What? - The Prophet
- In the past decade, authoritarian governments have witnessed political upheaval ranging from the Orange Revolution to the Arab Spring movements. Many governments around the world have responded by more closely monitoring and even censoring telephone, Internet, and mobile communications. Join TProphet for a detailed and technical look at this censorship and surveillance, how it's being implemented in various countries, the present and future risk to your communications freedom, and what you can do to protect yourself.
Using a Space Camp Model for Next Generation Security Training - Marc Weber Tobias, Tommie R. Blackwell, Matt Fiddler
- Marc Tobias says the U.S. intelligence community lacks imagination because it doesn't have any kids. Would an immersive, space camp-type environment ignite kids' interest and be the best way to train them in the art and science of physical, cyber, and electronic security? Marc and his colleagues need your input on a training model where the world's foremost physical security professionals and cyber-wizards would teach via sophisticated gaming, high-tech tools, cyber-type Hogan's Alleys, advanced techniques, and simulators. The panelists will engage the HOPE audience in an interactive discussion about how to improve America's low "security intelligence" by training young people more effectively.
Using Browser-based Tools to Open Up the Web - Ben Combee
- In this talk, Ben will show how to use tools already included in the popular web browsers Firefox and Chrome to learn what's really happening when you browse the web. He'll show how to find hidden values in forms, watch AJAX transactions, and manipulate the data you send out into the cloud, as well as touch on extensions like AdBlock and Greasemonkey and see how they can automate much of this for you.
The Weather is Not Boring! Forecasting, Following, and Photographing Storms - John Huntington
- In recent years, real-time weather data and numerical forecast model information has moved from proprietary systems and closed distribution methods to the Internet, and huge amounts of taxpayer-funded weather data in easy to understand formats is now free for all to use. This has made it easier than ever for anyone to get a good forecast anytime and anywhere, while also allowing storm chasers to leverage their meteorologic knowledge and use mobile Internet technologies and GPS location tracking to chase tornadoes, hurricanes, lightning, and other severe weather. The presentation will give an overview of weather data gathering methodologies, from ground stations and radar to satellites and weather balloons; give an overview of free or cheap web resources and forecasting models; explain the difference between a "watch" and a "warning;" and show some results from both urban and rural storm chasing.
We Will Be Legion: Decentralizing the Web - Deb Nicholson
- The popularity of massive centralized services presents challenges for collective privacy, a full diversity of viewpoints, and customized online identities. Decentralized or federated services are gaining popularity as the answer for users concerned about the one-size-fits-all web. There is significant work to be done on both the technical and social aspects of federation. Deb will discuss current alternatives, near to ready projects, and the ones we might want to start thinking about building.
When the Founder is Gone: Longevity for Open Projects - Greg Newby
- A single visionary is often credited with shaping innovation and leading to success in open source and open content projects. This success doesn't come from that person alone: he or she leads a corps of willing volunteers, admirers, workers, and others who will turn vision into reality - often with some sort of organizational structure, and across a span of years. This presentation will focus on how to maintain the health and sustainability of such organizations with strong well-known leaders in the event the founder is lost. The presenter will draw upon personal experience with the recent loss of Michael Hart, founder of Project Gutenberg and inventor of eBooks. Every organization is different, and every leader is different. Yet, there are many common characteristics in efforts that started with a single visionary, who led formation of what became a large and successful organization. The presentation will point out some of these similarities and identify some of the promising strategies that have been effective for continuity.
Why Browser Cryptography is Bad and How We Can Make It Great - Nadim Kobeissi
Why Names Matter: How Online Identity is Defining the Future of the Internet - Aestetix
- As the Internet becomes more public and universal, the world is beginning to have an identity crisis. Some big questions are coming up: who are we, and how should we be represented online? Originally inspired by having his Google Plus account suspended twice during the nymwars fiasco, aestetix will explore the deeper nature of how we identify ourselves and each other. The talk will look at issues both from a technology and social perspective, asking questions like why hacker handles are important, and how our notions of privacy have changed in the greater scheme. It will also cover the ways in which current online social networks try to build upon existing social relationships and discuss suggestions for improvement in the future.
Why You Shouldn't Write Off Higher Education, Young Grasshopper - John Linwood Griffin
- This talk is addressed to that kid in the back who's wearing an Utilikilt and a black t-shirt that says "I Hack Charities," who asks, "Why would I bother going to grad school? I'm self-taught, college was a waste of my time, and universities only exist to train wage slaves." John will draw from personal experience to describe how in graduate school you get to do what you love, you get to make larger and more structured contributions to the community, you experience personal growth while surrounded by amazing people, you're part of a meritocracy and a close-knit social circle, and the door is open for interesting opportunities afterward. Included will be a discussion on how hackers can get in.
WikiLeaks, Whistleblowers, and the War on the First Amendment - Ben Wizner, Catherine Crump, John Reinstein
- The Director of ACLU's Speech, Privacy, and Technology Project will provide an overview of the Espionage Act and the other statutes that the government has employed to prosecute leakers and threaten publishers. Ben will discuss the ACLU's litigation on behalf of WikiLeaks supporters whose Twitter records have been subpoenaed and whose laptops have been seized by government agents, and will place the Obama administration's unprecedented campaign against leakers in legal and historical context.
Your Cell Phone is Covered in Spiders! (An Overview of Mobile Device Security) - Cooper Quintin
- Smartphones have changed the world. Your calendar, photographs, private documents, and communication with your entire social sphere is now just a swipe away. We are carrying exponentially increasing amounts of highly personal data around with us in our pockets. But are we doing enough to safeguard this data? Mobile devices are also becoming an important tool for social change, but with this they also become a more important target for governments and corporations. With so many attack vectors on mobile devices, it is important to know the ways that your mobile device can be compromised and how you can protect against these attacks. This talk will focus primarily on the security of the Android operating system. You will hear about how to protect your phone against warrantless search and seizure by law enforcement, as well as how much damage malicious apps can actually do and how to protect yourself from becoming the victim of malware.You will hear about password security concerns on Android and how to protect yourself, along with some of the many great security-related apps that Android has to offer. This talk will examine the question of whether you can protect yourself from the greatest of all threats to your phone: The Phone Company.
Return to $2600 Magazine Information Return to GBPPR Main Page