1. Defcon 1  (1993)
2. Defcon 2  (1994)
3. Defcon 3  (1995)
4. Defcon 4  (1996)
5. Defcon 5  (1997)
6. Defcon 6  (1998)
7. Defcon 7  (1999)
8. Defcon 8  (2000)
9. Defcon 9  (2001)
10. Defcon 10  (2002)
11. Defcon 11  (2003)  Under Construction
12. Defcon 12  (2004)  Under Construction
13. Defcon 13  (2005)  Under Construction
14. Defcon 14  (2006)  Under Construction
15. Defcon 15  (2007)  Under Construction
16. Defcon 16  (2008)  Under Construction

• Defcon  Main conference website
• Anti-Defcon Flyer: Top Ten Reasons Not To Give Defcon $50
• Anti-Defcon Flyer: Reject Hacker Exploitation
• Defconpics.org - Defcon Memory Repository
• HOPE Conference Audio  Direct MP3 downloads from $2600 Magazine's HOPE conferences.

Defcon 1

  June 9-11, 1993 at the Sands Hotel & Casino

• Picture Archive for Defcon 1
• Defcon 1 Audio  Textfiles.com Mirror
• Defcon 1 RSS

1. Ray Kaplan - To Hack or Not to Hack, That is Not the Question  (7.4 MB MP3)  (M4B)
2. Judi Clark - Computer Privacy, 1st Amendment, Gender Roles, and Discrimination  (2.2 MB MP3)  (M4B)
3. Dan Farmer - Sun Microsystems: Future Developements in UNIX Security Software, General Q&A on UNIX Security  (6.5 MB MP3)  (M4B)
• Announcement of his idea for SATAN.
4. Gail Thackeray - Liablity  (8.1 MB MP3)  (M4B)
• Computer law overview.  BBS operator rights, computer search warrants, printing k0dez is not freedom of speech.
5. Gail Thackeray - Liablity Q&A  (4.8 MB MP3)  (M4B)
• Question and answer session.
6. Dark Druid - Getting Busted Sucks!
• No audio available.
7. Mark Ludwig - Virus Developements and Concerns  (14.8 MB MP3)  (M4B)
• Virus and bug tracking databases.
8. Dead Addict - The Future of the Underground  (3.2 MB MP3)  (M4B)
• In light of the "new" Internet, Windows, and networking, what is the scene coming to?
9. Curtis Karnow - The Law, and Its Intersection with Virtual Reality, and Liability in "Simulated" Environments and Worlds  (4.6 MB MP3)  (M4B)
• Notes

Defcon 2

  July 22-24, 1994 at the Sahara Hotel & Casino

• Picture Archive for Defcon 2
• Defcon 2 Audio  Textfiles.com Mirror
• Defcon 2 RSS

1. Mr. Upsetter & Damien Thorn - Impromptu Cellular Workshop  (1.4 MB MP3)  (M4B)
• An impromptu cellular workshop covering cloning, call tracking, etc.
2. Phil Zimmermann - PGP Keynote  (5.1 MB MP3)  (M4B)
• Philip R. Zimmermann is a software consultant specializing in cryptography, authentication, and data security, and is a leading advocate for public access to strong cryptography.  He is the author of PGP (Pretty Good Privacy), a free public key encryption software package that has become the worldwide de facto standard for the encryption of email.  The publication and wide dispersion of this software and its extensive use on the Internet worldwide has led to export control problems and conflict with the National Security Agency's desire to restrict the general use of high quality encryption, and has triggered a U.S. Customs criminal investigation.
3. Gail Thackeray - Privacy and Wiretapping Laws  (5.4 MB MP3)  (M4B)
• Deputy county attorney with the Maricopa County attorney's office in Phoenix, Arizona.  Her duties include the prosecution of communications and computer related crimes.  Recently she participated in "Operation Sundevil," a nationwide computer crime task force.
4. Curtis Karnow - Recombinant Culture: Crime in the Digital Network  (3.6 MB MP3)  (M4B)
• Curtis Karnow is a partner at the San Francisco law firm of Landels, Ripley & Diamond, and chairs the firm's Competitive Practices Group.  His practice emphasizes intellectual property litigation and computer law.  He is a faculty member with the American Arbitration Association, a former federal prosecutor, and serves as temporary judge with various Bay Area courts.
• Curt Karnow has lectured and widely on the intersection of the law and rapidly advancing technology.  At last year's Defcon, he spoke on legal problems associated with complex computing and synthetic realities.  These days, he's engaged in advising clients in the multimedia industry in Japan and the U.S., conducts patent litigation, and helps out Phil Zimmermann on intellectual property issues associated with encryption.
• Notes
5. Judi Clark - Round Table Discussion: Social Elements in Networking  (4.4 MB MP3)  (M4B)
• The treasurer for the CPSR has organized a round table discussion.  She will briefly talk about the CPSR white paper on the NII.  Mara is active in Nexus-Chicago, a diverse group committed to virtual community.  She will talk about the concept of virtual communities.  Karen is the CPSR Berkeley chair and steering committee and librarian of note.  She will talk about her Cyber-activist's top ten list.  "Ask not what the Net can do for you.."  Marianne, who does not speak for Sun Microsystems, will talk about Hacker Barbie: The net's not just for guys anymore.  Fen, an information anarchist and cofounder of Broadcast Technologies, will discuss how capitalistic market driven forces drive a Guerilla Information Network (GIN) to create beneficial social anarchy.
6. Theora - Privacy & Annonminity on the Internet  (6.6 MB MP3)  (M4B)
• Do you have a right to privacy and/or anonymity?  Does the technological means exist to provide it to you?  Should you expect it?  What are your responsibilities?  (there's always a catch....)
• This roundtable discussion, moderated by Theora, will center around identifying problems associated with privacy and anonymity on the Internet.  Design of anonymous mailers, sniffers, PGP and anonymous networks will be some of the things discussed by the panel.  Phil Zimmermann, creator of PGP, M_Strata.Rose, UNIX consultant and designer of Virtual City Network, Mark Aldrich from strategic systems group of GRC, and one as yet unnamed hackers/lamers will present their views on these issues.  There will be ample time for question and answer.  The session will go either technical or social, depending on the interest of the people.  You can write down questions in advance if you want.
7. Chris Hall - Private Investigator: Excellent War Stories from Past Investigations  (6.0 MB MP3)  (M4B)
• Chris Hall is the Chief Operating Officer of Executive Protection Associates, Inc.  EPAI is a worldwide provider of executive and celebrity protection, general and SUBROSA investigations, privacy protection stategies, counter-stalking operations, electronic de-bugging, and off-shore services to the Fortune 500, celebrities and the high-technology industry.  Chris is the Senior Field Investigator with EPAI's affiliate Professional Executive Investigations, Ltd. (a licensed California Private Investigative Agency).  Chris has managed a team of up to 10 bodyguards, investigated complex high-technology cases, and (as an FCC licensed technician), has performed TSCM (de-bugging) for industry, celebrities, and diplomatic missions.  Chris will be speaking on the art and science of physical and electronic surveillance/counter-surveillance, and will be demonstrating a fully equipped $20,000 surveillance/counter-surveillance van at Defcon 3.
8. The Jackal - Radio Communications Overview  (6.4 MB MP3)  (M4B)
• Jackal is a Computer Science major, and studies electronics, ham radio, and security issues on the side.  He is a licensed amateur operator, and is a member of REACT, a volunteer community service radio organization.  Other hobbies include martial arts, chess, and other strategy gaming.  The Jackal has been working on computer, electronics, and security projects and issues, and is active in ham radio and community service radio.  He'll be talking about radio, giving an overview, and covering the technical, security, legal, and ethical issues involved.
9. Steven Dunnifer - The Founder of Radio Free Berkeley  (7.3 MB MP3)  (M4B)
• The state of pirate radio and on battling the FCC.
10. Winn Schwartau - Overview of TEMPEST and van Eck Shielding and Radiation  (2.4 MB MP3)  (M4B)
• Overview of van Eck phreaking techniques.
11. Padgett Petrson - Anti-Virus Programming, or, "Cleaning Up After Other People's Messes"  (5.6 MB MP3)  (M4B)
• Padgett played Tic-Tac-Toe on a Univac in 1957 and hasn't stopped playing since.  Part of the sixties were spent in the USAF where he almost received a reprimand for writing letters home via computer/satellite except the engineers stated that it couldn't be done.  In the early '70s GM gained a program for the IBM 360 to calculate various suspension effects on a Corvette during high-gee cornering (Padgett has held FIA, IMSA, and SCCA/National licenses.  Another very complex program led to a "magic" Rochester fuel injection that looked completely stock yet flowed half again as much air as the factory unit (and with enough air a small blo ck will wind to the moon.
• After setting a record for sustained flight in a Corvette (460+ feet), he turned to more plebeian interests such as designing the first full authority multiple redundant flight control computer for the F-16 (1979).  In 1988, while design team lead for the FAA National Airspace Communications Topology, he encountered his first virus and a new hobby began.
• Mr. Peterson is a registered professional engineer and is currently employed as Information Integrity Manager by the Martin Marietta Information Group somewhere north of Disney World.  Since encountering the Brain virus in 1988 he has written a number of anti-virus programs (FixUtil, DiskSecure) for the PC that he gives away as FreeWare.  Anti-virus work is done at home where he has seven computers and seven Pontiacs (the perfect number).
12. Mark Lottor - Hacking Cellular Phones  (3.7 MB MP3)  (M4B)
• Mark has been hacking OKI cellular phones for over 3 years and his company sells a cellular telephone experimenters kit.
13. Winn Schwartau - High-Energy Radio Frequency (HERF) and Electromagnetic Pulse (EMP) Weapons and Technology  (5.7 MB MP3)  (M4B)
• Overview of HERF and EMP techniques.
14. Torquie - The European Hacking Community and 'Scene'  (2.7 MB MP3)  (M4B)
15. Dr. Mark Ludwig - The First Annual Virus Creation Awards, and "What To Do When The Feds Come"  (5.7 MB MP3)  (M4B)
• Dr. Ludwig is the owner of American Eagle Publications.
16. Peter Buruk - What the Software Protection Agency (SPA) Does, its Charter, and What its Member Companies Want  (4.8 MB MP3)  (M4B)
• Peter Beruk is the Litigation Manager for the Software Publishers Association (SPA), the principal undo group of the personal computer software industry me Washington, DC-based organization represents over 1,100 software publishers, developers, distributors and all those affiliated with the software industry, SPA Europe located in Paris, France, represents over 150 European software companies.
• As Litigation Manager, Mr. Beruk Is responsible for coordinating the SPA's anti-piracy efforts.  This includes investigating and following up on reports received through the SPA's toll free anti-piracy hotline as well as responding to inquiries from corporations throughout the country regarding software and the law.  In addition, he was responsible for the development of the SPA Self-Audit Kit and the software program SPAudit, the initial elements of the SPA's anti-piracy awareness campaign over 100,000 copies of these materials have been distributed to date.  Prior to joining the SPA Peter was a researcher for the U.S. Department of Agriculture Economic Research Service.  Mr. Beruk received his B.S. degree from Cornell University.
17. White Knight - White Knight Reveals Illegal FBI Wire Tap Activity  (4.5 MB MP3)  (M4B)
• Also has many interesting war stories about electronic surveillance and the work of being a private investigator.
18. Computer Warriors! - Commercial Audio  (150k MP3)  (M4B)
• Listen to the excitement as the "C0mput3r Warri0rz" save your computer from evil virii attackers!  Very funny stuff.  From some unknown video tape promoting anti-virus awareness.
19. Damien Thorn - Cellular Programming Overview  (5.0 MB MP3)  (M4B)
• Damien is a Nuts & Volts writer.
20. The Dark Knight - Hackers in the U.K.  (6.8M MP3)  (M4B)
21. Artimage - Closing Comments  (1.4 MB MP3)  (M4B)
• Artimage closes down the convention.  Artimage reads a letter to the audience from Co/Dec, who is in jail, encouraging everyone to not give up.  Then it's goodbye to everyone and see you next year!

Defcon 3

  August 4-6, 1995 at the Tropicana Hotel & Casino

• Picture Archive for Defcon 3
• Defcon 3 Pictures  From route.
• Defcon 3 Audio  Textfiles.com Mirror
• Defcon 3 RSS

1. Bruce Schneier - Issues Surrounding Cryptography, Digital Authentication, and Digital Cash  (6.9M MP3)  (M4B)
• Bruce Schneier is president of Counterpane Systems, an Oak Park, Illinois consulting firm specializing in cryptography and computer security.  Clients include Compaq Computer, Hughes Data Systems, Intel, MCI, Merrill Lynch, Mitsubishi Electronics, National Semiconductor, and Oracle.  He is the author of Applied Cryptography (John Wiley & Sons, 1994).  Applied Cryptography has sold over 25,000 copies world-wide, is being translated into four languages, and is the seminal work in the field.  Other books include Protect Your Macintosh (Peachpit Press, 1994) and Email Security (John Wiley & Sons, 1995); he has also written dozens of articles on cryptography for major magazines.  He is a contributing editor to Dr. Dobbs Journal where he edits the "Algorithms Alley" column, and a contributing editor to Computer and Communications Security Reviews.  He serves on the board of directors of the International Association for Cryptologic Research, is a member of the Advisory Board for the Electronic Privacy Information Center, and is on the program committee for the New Security Paradigms Workshop.  He is a frequent lecturer on cryptography, computer security, and privacy.
2. Winn Schwartau - Information Warfare, the Year in Review  (6.3M MP3)  (M4B)
• Winn Schwartau is one of the country's leading experts on information security and electronic privacy.  As the Executive Director of Interpact, Inc., Winn provides services to industry and government on encryption, enterprise information security, policy, information warfare, van Eck radiation, HERF guns & EMP/T bombs (non-lethal magnetic weaponry) hackers, U.S. and International policies and standards, electronic privacy and related issues.  He is also a partner and Vice President of Business Development, Secure Systems Group International.
• His recent non-fiction book, Information Warfare: Chaos on the Electronic Superhighway (Thunder's Mouth Press, NY.) is a successful and compelling non-technical analysis of personal privacy, economic and industrial espionage and national security.  He calls for the creation of a National Information Policy, a Constitution in Cyberspace and an Electronic Bill of Rights.
• Mr. Schwartau is also the author of Terminal Compromise, a fictionalized account of a computer terrorism based war waged on the United States.   After selling well as a bookstore book, Terminal Compromise was placed on the Global Network as the world's first novel-on-the-net shareware and has become an underground classic.  This prophetic book predicted a number of cyber-events, including the Clipper Chip, chipping, magnetic assaults, hardware viruses, to name a few.  Former Architectural Security Consultant to Hughes STX on Enterprise security network architectures, design and implementation.
• Mr. Schwartau may be reached at Interpact, Inc., 11511 Pine St., Seminole, FL, 34642.  813-393-6600, fax 813-393-6361, Email: winn@infowar.com.
3. Robert Steele - Why Hackers Should be Considered a National Asset  (5.5M MP3)  (M4B)
• President of Open Source Solutions, Inc.  A former spy, experienced bureaucrat, radical visionary.  Tofflers call him the "rival store" to CIA.  Robert will explain why hackers should be considered a national asset.
• Robert David Steele is the bureaucrat's worst nightmare: a highly educated and skilled bureaucrat himself, now a successful businessman, who has seen the light and been quoted around the world--including the notorious Singapore Straits Times saying "hackers are a national resource."  He means it, and people are starting to listen.
• Steele spent 18 years as a Central Intelligence Agency spy and Marine Corps intelligence officer.  He has done three overseas tours recruiting traitors, participated in signal collection operations, helped program funds of overhead imagery satellites, and been the senior civilian responsible for establishing the new $20 million Marine Corps Intelligence Center.
• He holds graduate degrees in international relations (predicting revolution) and public administration (strategic and tactical information management for national security), is a distinguished graduate of the Naval War College, completed the Harvard Executive Program (Intelligence Policy), and spent two years at CIA expense learning about artificial intelligence.
• Steele was introduced to cyberspace by Howard Rheingold and John Perry Barlow, and he's never been the same.  His article in the Whole Earth Review, "E3i: Ethics, Ecology, Evolution, and Intelligence" established for the first time the concept of a citizens intelligence agency (cia) and an "open books" approach to national intelligence.
• Do *not* make the mistake of thinking Steele is anti-establishment--on the contrary, he *is* the establishment--of the future--and his contemporaries in the halls of power are just starting to figure that out.  Where Steele makes a different, is in understanding that the communications and computing industries have been criminally negligent (or maybe just stupid), the government has been out to lunch, and hackers have something important to say about making cyberspace a safe place to work and play.
4. Jim Settle - Ex-FBI Computer Crime Investigator  (6.5M MP3)  (M4B)
• Spot the Fed Contest is made easy.  Jim is the former head of the FBI's National Computer Crime Squad.  Having been spotted as a "Fed", he left the FBI and now works with I-NET helping customers improve security on their networks.  Jim can offer a perspective on the government's position on various issues (intruding, crptology, export controls) and why industry and the user community are doing very little to secure networks.  Having appeared in several forums as the "loyal opposition" his views might suprise you.
5. Curtis Karnow - Agents in the Telecommunications Context, and "Smart" Software that We "Trust" to do the Right Thing  (6.5M MP3)  (M4B)
• The specific issue is legal liability and responsibility for the actions of intelligent agents, and then spinning off to chat about the liability for artificial intelligence generally.
• Curtis E.A. Karnow is the coordinator of the Communications and Technology Group at the San Francisco law firm of Landels, Ripley & Diamond.  A former federal prosecutor and currently judge pro tem for various courts in the San Francisco area, Mr. Karnow specializes in intellectual property litigation, high-tech and computer law.  His clients include a worldwide telecommunications company, software developers including Phil Zimmermann (PGP), distributors and users, and global home video game and multimedia manufacturers and publishers.  He is the author of numerous papers in the fields of computer law and virtual reality, litigation, and arbitration, and serves on the board of Leonardo, the Journal of Arts, Technology and Sciences published by MIT.
6. Susan Thunder - Social Engineering and Psychological Subversion of Trusted Systems  (7.9M MP3)  (M4B)
• Suppose you want to gain access to the computer files of a given company?  How would you go about planning an attack on that company's data when you know nothing about the company except it's name and location?  I will explain the method whereby you can gain access to whatever data you want using another more than social engineering / psychological subversion techniques.  At no time will actual physical access or even dial-up access to the companies computers be required.  At no time a password will be needed!
• If you have an interest in how to design an attack, from beginning to end, you don't want to miss this remarkable theoretical discussion concerning the hypothetical "XYZ Insurance Company" and their data.
7. Theora - Survey of IRC Girrrlz, Including Vamprella, "Don't You Hate it When That Happens?"  (2.7M MP3)  (M4B)
• I was going to talk about all the really bad things that have happened to me and a lot of other people in the past year.  You know, like having your shoe stolen while you're eating at Taco Bell.  That happened to me.  Or your house catching fire.  Or getting stuck in a dumpster.  Or having your head shaved when you are asleep.  Or having someone impersonate you on IRC and then finding out that your friends actually think the impersonator is nicer and cooler than you.  I was going to write about stuff like having your uninsured new laptop computer stolen, like.. yes this really happened to me before someone stole my shoe and my NIN CD.  But then I thought, hey, why not talk about something happier.  So I asked all the people I could find 'what is happy' and they said "LOVE."  Well, some of them said some variations of it, but generally it involved male and female interaction.
• So, thinks me, this is a perfect thing to talk about.  I already studied and released a linguistics study on how males and females talk differently on IRC in hacking channels.  (Females are more technically inclined, vocabulary wise).  But that wasn't really about 'love.'  So, I decided to just ask people 'What are you like.. if some guy wants to find a girl that he could actually really 'love,' what kind of girls would you say are in this scene.'
• My little talk is entitled females of #hack -- not 'female hackers' and not 'females in search of hackers,' but females of #hack.  A more appropriate title would be "what are women who are into the hacking scene and who hang out on IRC and who don't have anything better to do than answer these dumb questions really like like?" but this little talk is as it is.  females of #hack.  All lower case.  The reason I'm going to be talking about this is because lot of guys ask me where they can meet girls.  Girls who know about computers.  Girls who know what hacking is about.  Girls who understand those late nights at the lab.  So come see what the IRC hacker femmes have to say, complete with slides.  Ok, so I drew them with crayons.  But so what.  If you're nice, I bet they will send you GIFS.
• Females of #HACK - Paper
• Females of #HACK - Pictures
8. Karen Coyle - Computer Professionals for Social Responsibility Panel  (6.8M MP3)  (M4B)
• Karen Coyle is chair-unit of the Ber[zer]keley chapter of Computer Professionals for Social Responsibility, also known as "Nerds Without Social Skills."  But she can spell.  (http://stubbs.ucop.edu/~kec)
9. John Q. Newman - The Paper Trail of Identity Documents and What You Can Do About It  (6.5M MP3)  (M4B)
• General Q&A.
• John Q. Newman is the most prolific and respected author of false identification books in the country.  His titles include: Understanding U.S. Identity Documents, Reborn in the USA, Reborn in Canada, Reborn with Credit, Reborn Overseas, Heavy-Duty Identity, and Be You Own Dick.  Many of these books are used by the FBI and the Royal Canadian Mounted Police as reference material for their agents.  Mr. Newman is continuing his research in this area and will have three new books published this year.
10. Attitude Adjuster - Virii Talk  (2.9M MP3)  (M4B)
• Extremely technical machine language discussion on polymorphic computer viruses, with a side note on cryptography uses.  Invalid Media talks about his UPT system and invites people to join.
11. Mr. Evil - Magnetic Stripe Readers/Writers Overview  (2.4M MP3)  (M4B)
• A short talk on mag stripe reader/writers and concerns surrounding credit card fraud.
• Handout Page 1
• Handout Page 2
• Handout Page 3
• Handout Page 4
12. Glenn Campbell - Overview of Governmental Activities and Stuff Surrounding Area 51  (7.8M MP3)  (M4B)
• Glenn Campbell, 35, is the principal local activist seeking greater government accountability at "Area 51," a secret military base 90 miles north of Las Vegas.  Formerly a successful computer programmer from Boston, Campbell moved to the remote town of Rachel, Nevada, in Jan. 1993 to investigate the many strange stories emanating from the base.  His carefully researched book, The Area 51 Viewer's Guide, helped bring mainstream attention to a story that had been dominated by UFO and conspiracy buffs with little concern for facts.
• Campbell declares himself "seriously interested" in some of the UFO tales emanating from Nevada's military restricted zone, but he dismisses most of the lights-in-the-sky stories reported in Rachel, 25 miles north of the base.  "This place is a circus," says Campbell.  "Anyone can make any claim they want here and get away with it.  Commerce, not truth, seems to be the primary motivation here."  Campbell points out that the area above Rachel is an "intense war games area" where exotic looking lights are produced by conventional military hardware.  Campbell himself says he has never seen a UFO in his 2-1/2 years living in Rachel.
• Campbell is a bitter enemy of the owners of the Little A'Le'Inn, the well publicized bar, motel and restaurant in Rachel that caters to UFO believers.  They consider him a government agent who has been sent to debunk the UFO sightings here and "muddy the waters" in favor of the military.  Campbell, in turn, considers the owners profiteers who are equally obscuring the truth by endorsing all UFO sightings as real.  Campbell is also not on good terms with Ambassador Merlyn Merlin II from the planet Draconis, a claimed "alien-in-human-form" who is frequent visitor to Rachel.  "The Area 51 story has become a magnet for every nut case on the planet," says Campbell.  "This is a shame, because whatever the truth may be at Area 51, it is being overwhelmed by the noise."
• Glenn Campbell supports himself through his personal investments and his mail-order business.  He maintain a major presence on the Internet with a free monthly email newsletter (circulation: over 3,000 copies) and a popular World Wide Web page.  Campbell is widely respected for his Area 51 research because he sticks to the facts and a rarely engages in the kind of baseless speculation that dominates the UFO field.  "I am fighting primarily for less secrecy and greater government accountability, which are goals I think everyone can agree with regardless of their view on UFOs," Campbell says.
• Campbell's email address is psychospy@aol.com.  Requests for subscriptions to his newsletter should be directed to area51rc@aol.com.  A catalog of publications sold by the Area 51 Research Center is available upon request.  The mailing address is Area 51 Research Center, HCR Box 38, Rachel, NV 89001.
13. Oscar Meyer - Carefully Consider Your Intentions Before Embarking Down the Road of Serious Hacking  (2.0M MP3 broken)  (M4B)
• How far are you willing to go?
• Oscar Meyer?  Well, he's a real wiener.  He is affectionately known to some of his friends as a corn-ball geezer.  He's been more or less successful at hacking most everything that he has comes across for most of his nearly 50 years.  He thinks that hacking might just be a way of life, holds unconventional views, and generally flounders about trying to make things work better.  Although he believes that anything and anyone can be hacked, he is often less successful than he'd like to be.  However, he keeps on trying.
• Getting past the front door is challenging, interesting and fun.  However, once you are in, what do you do?  Rummaging around, deleting things, screwing things up, or crashing things simply won't do.  This session talks about what to do after you have you've attained access that is not specifically authorized in the context of your broader hacking goals.
14. Mark Lottor - Internet Domain Survey  (2.0M MP3)  (M4B)
15. Stephen Cobb - The Party's Over: Why Hacking Sucks  (5.9M MP3)  (M4B)
• Stepehen intends to play "devil's advocate" and suggest that "hacking should not be tolerated in any shape or form as it serves no useful purpose and is a menace to society."
• Stephen Cobb, an employee of the National Computer Security Association, is Co-Chair of the Computer Ethics and Responsibilities Campaign.  He is also, by birth, a Libra, and thus given to weighing both sides of everything.  He has been using a modem since 1983, but has never attempted unauthorized access.  He believes in gun control but practices target shooting.  He doesn't believe in income taxes, but pays them anyway.  He is British by birth, but holds an American passport.  A former Rugby player, he is an ex-member of Mensa and the National Organization for Women.  In 1970, while still in high school, he charged police lines in protest at the all-white South African Rugby tour.  In 1995 he cheered the multi-racial South African victory in the Rugby World Cup.
• A fifteen year computer industry veteran, Stephen Cobb is an international consultant and best-selling author who has written more than twenty computer related texts, translated into more than ten languages, with total worldwide sales in excess of one million books.  A frequent contributor to industry publications such as BYTE and Personal Computer World (U.K.), he has written extensively on security related issues and was recently appointed Director of special Projects at the National Computer Security Association (NCSA).  His column on communications is a regular feature in Personal Computer World.  A former tax auditor, petroleum accountant, and IBM classroom instructor, Cobb is an experienced public speaker who has made presentations to numerous industry gatherings, including the Windows Developers Conference, the Virus Bulletin Conference, and Networks Expo Boston.  Now a resident of Florida's Space Coast, he holds a First Class B.A. Honors degree from Leeds University, England.
16. Koresh - Hacking a Job and Common Tools of the Trade
• No audio available.
17. Peter Shipley - Security Auditing  (6.7M MP3)  (M4B)
• Panel of Oscar Meyer, Mel, Bin High?  This group talks about various aspects of auditing clients, the problems with reporting, and war stories and advice from a variety of perspectives.
18. Dead Addict - Revolution, a Look at Society and Where it is Leading Us  (7.6M MP3)  (M4B)
• Out of the hacking scene when all his friends got visited by unhappy beurocratic law enforcement, out the pirate scene when he realized that the social dedication to stay 'in' wasn't worth the software, Dead Addict is now a bum.  Unemployed, a Win95 testing refugee, D.A. is now working on many projects that will eventually get him the hell out of this wonderful country.  For the third year in a row, D.A. bullied himself into the opportunity to speak here; and to his bewilderment his previous speeches resulted in much positive feedback.
19. Deth Vegetable - Why the Media Sucks and Why it Doesn't Pay to Mess with Mr. T  (5.0M MP3)  (M4B)
20. The Dark Knight - Hackers in the U.K. Update  (1.8M MP3)  (M4B)
• European hacker scene update.
21. Hacker Jeopardy - Saturday Night Final Round  (5.5M MP3)  (M4B)
• Hacker Jeopardy Questions  Those recovered, at least.

Defcon 4

  July 26-28, 1996 at the Monte Carlo Hotel & Casino

• Defcon 4 Pictures  From Plexor.
• Defcon 4 Pictures  From Speck.
• Defcon 4 Pictures  From Pluvius.
• CNet Segment on Defcon 4  (5M WMV)  (YouTube)
• Defcon 4 Audio  Textfiles.com Mirror
• Defcon 4 RSS

1. Eric Hughes - Digital Banking and Currency issues
• Founder of Cypherpunks List.
2. Yobie Benjamin - The Java Session is an Overview of Java's Security
• The Java session is an overview of Java's security --- both its strength and weaknesses.  It will cover Java's security architecture and also talk about Java's future from a H/P perspective.  This session IS NOT a technical session or a "Introduction to Java" class.  Technical sessions may be held off-line depending on the parties going on @ Defcon.
• Yobie Benjamin is an Associate Director and Strategic Technologies Consultant with Cambridge Technology Partners (CTP), an international professional services firm that specializes in the development information technology solutions.  Previous to CTP, Yobie has worked for and consulted with a number of firms including Lotus Development Corporation, Bank of America, GTE Information Systems and the American Automobile Association.  Yobie specializes in large scale information systems/application architecture and emerging technologies.
3. The San Francisco FBI Computer Crime Squad
• No audio available.
4. Mike Peros
• I have some great war stories to share with every one about some illegal Japanese intelligence bugs that I found at a DOD contracting facility which was working an U.S. Air Force contraction involving the F-18 fighter jet.  U.S. Government illegally wire tapping innocent american citizens and how I caught them.  Data tapping through the switch.  Compromising the sub-frame rooms, cross-connect boxes, and the many uses of liquid solder.  The use of a cell phone as an eavesdropping device.
5. Dave Banisar - Tales From Inside the Beltway
• Truly scary stories on privacy, censorship and watching Congress and the President work (sort of).
• Dave is a policy analyst at EPIC and previously at CPSR and has been working on fighting big bro for about 5 years now.  I could talk about what things are going on in DC.
6. Bootleg
• No audio available.
7. Carolyn Meinel - Jobs are for Lusers
• The oppressive potential of employers and the diversified marketplace results in self-employment.
8. David Brussin
• No audio available.
9. Mudge
• The system administrator and all around stud coder from the L0pht reveals problems with One-Time Password (OTP) schemes, and the TCP/IP drinking game.
10. Dan Veeneman - Hacking Satellite Systems
• Current notes, revisions, and links to other sites.  An excellent overview of how satellites are controlled, the economies of operation, design considerations, and the security strengths and weaknesses of different generation satellites.  "Satellite Vulnerabilities: Present and Future", will talk about controlling satellites, jamming and spoofing, GPS systems, future LEO systems, etc.
• Notes
11. Netta Gilboa - Sex, Lies and Computer Crimes: The Truth Behind the Indictment of "Computer Genius" Christopher Schanot
• On March 25, 1996 Christopher Schanot was arrested based on an 11 day old warrant which stemmed from an indictment in Missouri for five counts of computer and access fraud involving Bellcore, SRI, Sprint and Southwestern Bell.  Although he was not indicted for crimes involving the Internet Libertaion Front, the FBI lied and claimed in print that Schanot supposedly confessed to this.  The prosecution also claims Schanot cost Southwestern Bell $500,000 damage to secure themselves after Christopher entered their system and that Southwestern Bell is supposedly now hacker proof.  They claim Schanot was a co-conspirator in crimes against Southwestern Bell involving people Christopher never knew or even spoke to and involving over a dozen hackers and phreaks who haven't been arrested and others who haven't even been raided or questioned.
• At the time of his arrest Schanot, 19, was living with the woman he was dating, Netta Gilboa, 38, who is the publisher of Gray Areas magazine (http://www.gti.net/grayarea - Christopher designed the web page and also wrote reviews for it).  The FBI has admitted both in court and in press reports that Schanot committed no crimes during the time he lived with Gilboa, but the bust was a result of Schanot's father calling in the FBI to supposedly help find his runaway son.  Although Gilboa was not questioned, raided or arrested, Gray Areas magazine as well as Gilboa's life and character have been the subject of both court testimony and dozens of erroneous media reports.  Gilboa and Schanot have not spoken out until today and although the case is still ongoing which restricts many juicy details, as much as possible will be said to try to correct the media reports, expose the father, Mike Schanot, for stalking, and to condemn everyone involved from the prosecution to the feds to fellow hackers.  Extensive presence of both federal agents from *every* possible agency and media is expected at this particular speech as the case is both sensational and ongoing.  For this reason, in order to protect Christopher Schanot's legal rights and privacy, as well as to prevent more charges or accusations against him, there will be no questions or comments allowed from the audience during this speech.  Persons wishing to have a specific question answered about the case can either ask Gilboa in advance or after the speech.  On the bright side, this expected abundance of feds will result in many more opportunities to win an infamous "I Spotted The Fed" T-shirt.
• Christopher is requesting that hackers do not speak to the media about him and is asking that donations to help him be sent care of Gray Areas Inc. (PO Box 808 Broomall PA 19008).
• Netta Gilboa is arguably the person who has gotten the furthest in the computer underground without ever committing crimes herself.  She is also possibly the person in the scene questioned the most times ever by law enforcement simply for the crime of talking to hackers.  Gilboa is the publisher of the award winning publication Gray Areas and is the author of "Elites, Lamers, Narcs and Whores: Exploring The Computer Underground" which recently appeared in the Seal Press book Wired_Women: Gender And New Realities In Cyberspace.  She has also been published in Phrack, Computer Underground Digest, Cult of the Dead Cat, Empire Times, Dupree's Diamond News, and many other paper magazines and electronic publications.  Gilboa holds an M.S. in Advertising and an M.A. in Sociology from Northwestern University and a B.A. in Journalism from State University College of New York at New Paltz.
• Hated by some, loved and respected by others, Gilboa seems to polarize the 1200+ hackers she has interacted with.  Gilboa is one of the few journalists to ever take the time to get to know hackers before writing about them and to continue to try to work with them despite severe harassment of both herself and other people associated with Gray Areas magazine.  Gilboa's boyfriend, Christopher Schanot, is presently incarcerated without bail for computer crimes he allegedly committed before meeting her.  It should be noted that Christopher trusts Netta with both his life and with his story.  According to the prosecution he was certainly in a position to check her out thoroughly and decided to be with her regardless of the consequences.  The couple are now collaborating on a book tentatively titled Computer Genius which will reveal the real inner workings of the hacking subculture and raise questions about the feds, informants and security experts who are often equally dirty and who allow it all to continue while they gather "information," hack themselves, and stay employed.  Numerous Internet providers will be evaluated for their roles in these events.  It is also expected that manycurrent, defunct and prank groups in the warez, ANSI, hacking, virus and phreaking scene such as ACID, BOW, DPAK, ICE, IIRG, ILF, INC, LOCK, LOD, MOD, NSA, PHALCON/SKISM, NUKE, POSSE, R00T and WNOC will be explored as well.  One intention is clearly to clear the couple's names.  Another is to help Christopher gain recognition as an expert in the field.  The combination of their different perspectives of various events they each witnessed separately and together over the years is expected to be way more powerful than any book written by either of them alone or by some reporter who simply profiled hackers but did not participate in the events themselves.
• Although Netta Gilboa has previously spoken everywhere from HoHoCon to PumpCon to Computers, Freedom and Privacy, her Defcon speech will be long remembered for its guts, candid revelations and for some of the shocking and chilling facts as well as the glaring questions behind the "Computer Genius" case itself.  Few people arrested choose to reveal their stories so publicly.  Don't miss it!
12. Richard Thieme - The Symbiotic Relationship Between Networked Computers and Humans  (5.6M MP3)  (M4B)
• A dialectic constituting a rising spiral of mutual transformation.
• Richard Thieme has lived in Chicago, Madrid, London, Salt Lake City, Lahaina (Maui), and now Milwaukee.  Taught literature at the University of Illinois, wrote fiction.  Worked as an Episcopal priest for sixteen years in three cultures.  Now speaks, consults, and writes about the human dimension of computers.  His focus is transformation -- individual, organizational, global -- and the transformation of spirituality online.
• Hacking redefines how we think of ourselves.  Redefines how we understand out possibilities for action in the world.  It's also a metaphor for new opportunities available to human beings now and in the next century.  Hacking is one way to practice living in transplanetary society.  That's why hackers are pathfinders for the next generation.  Spirituality is simply the way getting connected online translates into new kinds of community life.
• Thieme consults on change, technology, and diversity for banks, insurance companies, law firms, schools, associations, government, etc.  "The Stock Market, UFOs, and Religious Experience" is done frequently for investment and financial people.
• He writes about all this for magazines in many countries. Last four pieces (during last two weeks):
• "Stalking the UFO Meme" - in Virtual City - when you're trafficking in symbols of symbols of symbols, the Net becomes a ten-dimensional dog chasing its own tails/tales.  How do you know what's real code when you're lost in a simulation of a hall of mirrors?
• "The Future of Networks/the Future of the World" - in LAN (Australia) - the transformation of human consciousness -- spirituality, community,organizational life, art -- in a networked world.
• "Japan On-Line" - in Computing Japan - the interaction of Japanese culture with Net culture and how it changes both.
• "lost" - scheduled for Wired (August 1996) - what it means for the human psyche to lose the possibility of being lost -- or found -- an archetypal dimension of consciousness for as long as we can remember.
13. Ira Winkler - Tips on Getting Professional Hacking Jobs  (6.8M MP3)  (M4B)
• Ira Winkler has performed penetrations that rival the best of the hacker community.  He is in the very enviable position of being paid to hack into some of the largest companies in the world.  While he holds the unpopular opinion that hackers should be prosecuted for their actions, he believes that hackers can "outgrow their ignorance and be valuable members of the information security community."  His advice for wannabe computer security professionals is that, "If you want to do what I do for a living, you have got to stop what you are doing."  Come and see what he means.
• Ira Winkler is the Director of Technology for the National Computer Security Association.  He runs the NCSA laboratories, Firewall and Anti-Virus Product Certification programs.  He also investigates information-related crimes.  He is considered an expert in social engineering, industrial espionage, penetration testing, and information warfare.  For samples of his penetration work, look at http://all.net/journal/csi/xsocial.html, the June 3, 1996 Forbes ASAP (p.80), and the May/June 1996 issue of InfoSecurity News.
14. Hack the Lies - Overcoming Media Lies  (2.7M MP3)  (M4B)
• "Hack the Lies" was created to give a voice to the once-silent hacker community.  Over the years, popular misconceptions have arisen about the hacking community and its motives, which are now taken as fact by the general populace.  "Hack the Lies" is here to dispel this misinformation and to educate the public on who we are, what we do, why we do it, and more.  Come join us for discussion during Defcon IV and make your views known.
15. John Q. Newman - How to Get Private Information on People  (7.4M MP3)  (M4B)
• John Q. Newman is the most prolific and respected author of false identification books in the country.  His titles include: Understanding U.S. Identity Documents, Reborn in the USA, Reborn in Canada, Reborn with Credit, Reborn Overseas, Heavy Duty Identity, and Be You Own Dick.  Many of these books are used by the FBI and the Royal Canadian Mounted Police as reference material for their agents.  Mr. Newman is continuing his research in this area and will have three new books published this year.
16. Stephen Cobb - What to do with Ex-Hackers  (3.2M MP3)  (M4B)
• Stephen Cobb, an employee of the National Computer Security Association, is Co-Chair of the Computer Ethics and Responsibilities Campaign.  He is also, by birth, a Libra, and thus given to weighing both sides of everything.  He has been using a modem since 1983, but has never attempted unauthorized access.  He believes in gun control but practices target shooting.  He doesn't believe in income taxes, but pays them anyway.  He is British by birth, but holds an American passport.  A former Rugby player, he is an ex-member of Mensa and the National Organization for Women.  In 1970, while still in high school, he charged police lines in protest at the all-white South African Rugby tour.  In 1995 he cheered the multi-racial South African victory in the Rugby World Cup.
• A fifteen year computer industry veteran, Stephen Cobb is an international consultant and best-selling author who has written more than twenty computer related texts, translated into more than ten languages, with total worldwide sales in excess of one million books.  A frequent contributor to industry publications such as BYTE and Personal Computer World (U.K.), he has written extensively on security related issues and was recently appointed Director of Special Projects at the National Computer Security Association (NCSA).  His column on communications is a regular feature in Personal Computer World.  A former tax auditor, petroleum accountant, and IBM classroom instructor, Cobb is an experienced public speaker who has made presentations to numerous industry gatherings, including the Windows Developers Conference, the Virus Bulletin Conference, and Networks Expo Boston.  Now a resident of Florida's Space Coast, he holds a First Class B.A. Honors degree from Leeds University, England.
17. Emmanuel Goldstein - Buy My Magazine!  (1.7M MP3)  (M4B)
• The editor of $2600 Magazine.
18. Mike Roadancer - Hackers Defense Fund
• The purpose behind starting the Hackers Defense Fund at www.hackers.org, information about what you can do to help, and a request for information.
19. Attitude Adjuster - Windows 95 Viruses and Security  (2.5M MP3)  (M4B)
• Extremely technical machine language discussion on polymorphic computer viruses, with a side note on cryptography uses.
20. The Joker's Joke  (540k MP3)  (M4B)
• Fuck you clown!
21. The Institution - Old School Hacking Overview  (10.1M MP3)  (M4B)
• Calling for the creation of the Institution.

Defcon 5

  July 11-13, 1997 at the Aladdin Hotel & Casino

• Picture Archive for Defcon 5
• Defcon 5 Pictures  From Speck.
• broken.net's Defcon 5 Pictures - Misc
• broken.net's Defcon 5 Pictures - Day 2
• Picture Archive for Defcon 5  By TDYC!
• Picture Archive for Defcon 5  By Cult of the Dead Cow
• Cyber Babes of Defcon 5
• Hacker Lessons  By Sharon Machlis.
• Spycatcher  By Steve Ulfelder.
• Hackers Turn Up Heat at Defcon 5  By Holly Knox.
• Fear and Hacking in Las Vegas  By Joel Deane.
• Hackers Invade Vegas  By Robert Lemos.
• Hackers Do Vegas  From The Australian.
• Defcon 5 Review  By The Vominator.
• Defcon 5 Review  By Lockheed.
• Crooks Hook Clueless Hackers  By Joel Deane.
• Plucky's Review of Defcon 5
• Rev. Krusty Review of Defcon 5
• Defcon 5 Review  By Soul to Squeeze.
• Defcon 5 Comic  From Computerworld
• Defcon 5 Audio  Textfiles.com Mirror
• Defcon 5 RSS

1. James Jorasch - Hacking Vegas
• How to games the gamers.  From someone who used to deal with hotel casino security.  What really goes on?
2. Bruce Schneier - Why Cryptography is Harder Than it Looks  (6.7M MP3)  (M4B)
• Author of Applied Cryptography, the Blowfish encryption algorithm and President of Counterpane Systems.  Why cryptography is harder than it looks.
3. Mudge & Hobbit - Microsoft Security  (11.1M MP3)  (M4B)
• The system administrator from the L0pht and the author or netcat in action!  Watch Mudge and Hobbit explain why CIFS is a load of CACA, random SMB CIFS stuff in Microsoft products, and all you ever wanted to know about cracking passwords.
4. Cyber - An Overview and Explanation of Publically Available Crypto Tools  (4.2M MP3)  (M4B)
• Website
5. Sameer Parekh - Why Cryptography is Harder than it Looks, Part Two  (3.8M MP3)  (M4B)
• President of c2.net.  A look at implementation and production problems facing people and companies wishing to develope and distribute strong encryption.
6. Se7en - What the Feds Think of us Hackers.  (4.7M MP3)  (M4B)
• In his experience talking with federal agents Se7en has gained an understanding of the perception hackers have in the government and industy.
• NOTE:  Se7en has since been found out to be full of crap.
7. Ken Kumasawa - Teledesign Management: Phreaking in the 90s  (5.7M MP3)  (M4B)
• The perspective from the industry.
8. Dan Veeneman - Low Earth Orbit Satellites  (4.9M MP3)  (M4B)
• Low Earth Orbit (LEO) satellites are nearing the launch stage, and this talk will cover the different systems that are planned and some of the services they'll offer.  A bit on GPS that wasn't covered last year as well as the ever popular question and answer section.
• Dan Veeneman has served in various management and technical positions in the computer industry since 1980.  He has developed financial programs for the banking, investment and real estate industries, as well as software for a variety of companies including A.C. Nielsen, McDonalds, Reuters and Baxter-Travenol.  Dan has installed and supported many local and wide area networks, including a nation-wide data delivery network. He also has experience supporting Internet connectivity, including Motorola's world-wide Network Information Center.  Dan has provided data security and encryption services for a number of government and civilian clients, encompassing video and data delivered over telephone, satellite and the Internet.  He also edits a quarterly newsletter concerning cryptography.  Dan holds an engineering degree from Northwestern University.
9. Ira Winkler - Lamer Test  (3.9M MP3)  (M4B)
• Author of Corporate Espionage.  Ira contends that there is so much lameness among hackers that even an eliteness of 10% would be amazing.  Take his "Lamer Test" and see if you pass!
10. Clovis - Issues with Security and Networked Object Systems  (6.5M MP3)  (M4B)
• From the Hacker Jeopardy winning team.  He will discuss issues with security and networked object systems, looking at some of the recent security issues found with activeX and detail some of the potentials and problems with network objects.  Topics will include development of objects, distributed objects, standards, ActiveX, corba, and hacking objects.
11. Wrangler - Packet Sniffing  (7.3M MP3)  (M4B)
• He will define the idea, explain everything from 802.2 frames down to the TCP datagram, and explain the mechanisms (NIT, bpf) that different platforms provide to allow the hack.
• Notes
12. Carolyn P. Meinel - Happy Hacker Discussion Panel
• Moderator of the Happy Hacker Digest and mailing lists.  She will preside over a seperate Happy Hacker discussion pannel that will cover the topics of wether or not "newbies" should have information handed to them, or should they learn for themselves?
13. Cult of the Dead Cow - CDC Live Performance  (1.5M MP3)  M4B)
• Live performance and drink creation with Swamp Rat, Deth Veggie, Lady Carolyn, A.J., and an unidentified "herd."
14. Voice of Mercury - Speech & Update  (326k MP3)  (M4B)
• Live pirate radio update and announcement.
15. Dark Tangent - Beer Contest Update  (660k MP3)  (M4B)
16. Dark Tangent - Capture the Flag (CTF) Contest Results and Closing  (733 MP3)  (M4B)

Defcon 6

  July 31-August 2, 1998 at the Plaza Hotel & Casino

• Picture Archive for Defcon 6  By Black Cat
• Picture Archive for Defcon 6  By Snowdog
• Picture Archive for Defcon 6  By Mushin
• Picture Archive for Defcon 6  By Pinguino
• Defcon 6 Review  By Tananda
• Defcon 6 Review  Very detailed review by TJ Barrett.
• Defcon 6 Party Video Clip  From Mike The Monkeyboy  (3.8M AVI)
• AT&T Network Security Bulletin About Defcon
• Rev. Krusty's Review of Defcon 6
• Boogah187's Defcon 6 Review
• The Top 14 Things Prof. Feedlebom Learned at Defcon 6.0  Many inside jokes.
• Defcon 6 Program  (1M PDF)
• Defcon 6 Announcement  (73k PDF)  (Text Version)
• Defcon 6 'Media Whore' Poll  (Results)
• Stolen Defcon 6 Sign  Spotted at a party.
• Hackers: the Good, the Bad, the Ugly
• Defcon 6 Audio & Video  Textfiles.com Mirror
• Defcon 6 RSS

1. The L0pht - TCP/IP Drinking Game  (6.1M MP3)  (M4B)
• Old Website Mirror
• New Website
2. Dark Tangent - Secret Scientology Update  (735k MP3)  (M4B)
• Only partial amount was recorded.
3. Dark Tangent - Capture the Flag Contest Update  (423k MP3)  (M4B)
• Rules
4. Winn Schwartau - Hacker Jeopardy [Friday]  (12.7M MP3)  (M4B)
• Video  (269M RealMedia)
• Questions
5. Winn Schwartau - Hacker Jeopardy [Saturday]  (10M MP3)  (M4B)
• Video  (216M RealMedia)
• Questions
• Bad Kitty as 'Vinyl Vanna'  (Alternate)
6. Gurney Halleck & *hobbit* - Lockpicking Demonstration
• This talk includes a discussion of the different kinds of locks, and an indepth look at the pin-tumbler type.  *Hobbit* has disected a lock with power tools, and will show visually each stage necessary to open up a lock.  Also there is a lock demonstration board with several locks from easy to hard.  Pick the hard one and win a free beer!
• Slides
7. Richard Thieme - The More Things Change The More They Don't: Soft Destruction and the Ancient Wisdom of Hacking  (3.5M MP3)  (M4B)
• Video  (104M RealMedia)
• What works?  What does it take to be an expert?  To know how to see desirable goal states just before they become visible?  Instead of hoping the doors you blow open have something inside besides a smiling Fed?  DefCon has everything you need, right here right now, if you know how to use it.  The ancient wisdom lives here but you have to know what it looks like.  Hacking is the serious exploration of complex systems.  It's not about using somebody else's tools or the latest equipment.  Hacking is about knowing how to know how to hack.  This talk gives you meta-rules, not rules.  It's the truth about why the ancient wisdom of real hacking still applies.
• Richard Thieme is a business consultant, writer, and professional speaker focused on the human dimension of technology and the work place.  His creative use of the Internet to reach global markets has earned accolades around the world.  "Thieme knows whereof he speaks," wrote the Honolulu Advertiser.  He is "a prominent American techno-philosopher" according to LAN Magazine (Australia), "a keen observer of hacker attitudes and behaviors" according to Le Monde (Paris), "one of the most creative minds of the digital generation" according to the editors of Digital Delirium, and "an online pundit of hacker culture" according to the L.A. Times.
• Thieme's articles are published around the world and translated into German, Chinese, Japanese and Indonesian.  His weekly column, "Islands in the Clickstream," is published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine as well as distributed to subscribers in 52 countries.  Recent clients include: Arthur Andersen; Strong Capital Management; System Planning Corporation; UOP; Wisconsin Power and Light; Firstar Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company; Allstate Insurance; Intelligent Marketing; and the FBI.
• Homepage
8. Bruce Schneier - Tradecraft on Public Networks  (5.7M MP3)  (M4B)
• Video  (121M RealMedia)
• Dead drops, semaphores, cut outs, telltales...the tools of spying.  In a world of continuous communications and ubiquitous eavesdropping, is there any hope for covert communications?  Learn about some old tricks of the trade, and some new ones.
• Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm.  He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center.  He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.
9. Ian Goldberg - Cryptanalysis of the GSM Identification Algorithm  (7.3M MP3)  (M4B)
• About 80 million digital cell phones worldwide implement the Global System for Mobile communications (GSM) protocols.  Recently it was announced that COMP128, the cryptographic algorithm that protects the "identity key" in the majority of these phones, was extremely weak, thus allowing GSM phones to be "cloned."  In this talk, we will examine how COMP128 is used in the GSM protocol, describe the algorithm itself, and demonstrate how to break it.  We will also discuss the implications this result has for the security of of the voice privacy features of GSM.
• Ian Goldberg is a graduate student researcher and founding member of the Internet Security, Applications, Authentication and Cryptography (ISAAC) research group at UC Berkeley.  His research areas include cryptography, security, privacy systems, and digital cash.
10. Jennifer Granick - A Review of Several Major Computer Crime Cases from the Past Year or Two  (6.7M MP3)  (M4B)
• A review of several major computer crime cases from the past year or two.  (Salgado A.K.A. Smak, Kashpureff and one other.)  This review will describe the hack (in relatively non-technical terms), what laws applied to criminalize the hack, how the hacker got caught, the prosecution that ensued, and the result of that prosecution.  Through these case studies, audience members should be able learn what not to do, and why.
• Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California.  She defends people charged with computer-related crimes, as well as other offenses.  Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
11. Ira Winkler - Technical Hacking  (3.9M MP3)  (M4B)
• As I have often said, most hackers display skills that can be picked up by a monkey in a few hours.  Hacking is mindless the way the clear majority of hackers seem to be practicing it.  In this presentation, you will learn tasks that require real technical skills and abilities.  Not only will this provide you with more of a challenge, it will provide you with real marketable skills.  If you "really" want to challenge your abilities and stay out of jail, you won't want to miss this session.  Otherwise go play with the other Tools Kiddies.
12. Lorenzo Valeri - Why Are We Talking About Information Warfare?  (5.1M MP3)  (M4B)
• Why are we talking about information warfare?  Lorenzo will try to assess the reasons of the growing fame of information warfare subject.  The world is changing but not that much.  He will speak at continuity and changes in information warfare in relation to military and strategic thinking.  Most of the ideas developed in relation to information warfare have been thought at the beginning of this century.  Moreover, there is the problem of intelligence requirements for performing information warfare.  The main argument of his speech can be that what has changed is the TIME and SPEED factors but not the strategic and military thinking behind.
• Mr. Valeri is a researcher in the information warfare programme of the International Centre for Security Analysis, which is part of the Department of War Studies, King's College London.  He is also a Ph.D. candidate at the Department of War Studies at King's College.  His research interests are information security policies, the impact of the Internet and other online services on military and strategic thinking and, in general, non-military threats to national and international security and stability.
13. Cult of the Dead Cow - Back Orifice Presentation  (3.9M MP3)  (M4B)
• The announcement of Back Orfice, DirectXploit, and the modular ButtPlugins for BO.  Last year it was an anniversary world domination party with the divinity of the bovinity + drinks from Lady Carolyn.  What will it be this time?!?!  The release of the Microsoft their Back Orfice Tool!  Read their announcement here, and cow-er in their presence.
• Homepage
14. Mike Peros - Massive Illegal Wiretapping Exposed  (4.0M MP3)  (M4B)
• View the evidence from over 65,000 illegal wiretaps from local, state and federal agents, and the ensuing coverup by prosecurits, judges, and even the FBI's Louis Freech!  Scanned original documents soon!
• Homepage
• 65,000 Illegal Local State and Federal Wiretaps and Bugs Exposed  From The Tampa Tribune, January 16, 1993.  (2.1M PDF)
15. Winn Schwartau - Introducing the Time Based Security Model and Applying Military Strategies to Network and Infrastructural Securitues  (4.9M MP3)  (M4B)
• As president of The Security Experts, Inc. & Interpact, Inc., he provides valuable consultation services to industry and governments on information warfare, enterprise information security, policy, hackers, U.S. and International policies and standards, electronic privacy and related issues.  His work and clients span three continents.  He created and still manages the two most popular www sites on the subject: www.Infowar.Com and www.Info-Sec.Com.
• Mr. Schwartau is also the author of Terminal Compromise which details a fictionalized account of an information war waged on the United States.  This prophetic book predicted a number of cyber-events, including the Clipper Chip, chipping, magnetic weapons' assaults, data and hardware viruses, to name a few.  He other popular writings include CyberChrist Meets Lady Luck and CyberChrist Bites the Big Apple, which cover underground hacker events, Firewalls 101 for DPI Press, Information Warfare, Mehrwert Information (Schaffer/Poeschel, Germany), for Introduction to Internet Security for DGI and MecklerMedia, several chapters for Auerbach's Internet and Internetworking Security Handbook and Ethical Conundra of Information Warfare for AFCEA Press.  He is currently writing two more books (to appear by the end of 1997) and is working on two major movie projects about information warfare and privacy.
16. Paul Kocher - The Designing and Production of the First Dedicated DES Cracker  (4.7M MP3)  (M4B)
• Designer of the EPIC DES cracker.
17. Austin Hill & Ian Goldberg - Internet Privacy  (5.9M MP3)  (M4B)
• Zero-Knowledge Systems will release the first complete Internet privacy utility for consumers in September 1998.  Using full strength, fully exportable encryption technology developed by some of the worlds leading cryptographers this product allows Internet users to become completely anonymous on the Internet, using digital pseudonyms and public key cryptography to establish and authenticate digital identities.  The Zero-Knowledge Systems development team includes Ian Goldberg who achieved international recognition for his part in breaking the Netscape encryption scheme as well as the development team of the Archie Internet protocol.  Forrester Research has estimated that 9 million people will have purchased an Internet privacy solution by the year 2000.  There are currently very few Internet privacy tools on the market making this one of the highest growth areas of Internet business.
• Previous to starting Zero-Knowledge Systems, Mr. Hill was the Chief Technology Officer for TotalNet Inc., which was one of the 3 largest Internet Providers in Canada.  This company was sold in March 1997 to MPACT Immedia which is Canada's largest E-Commerce company.
• Homepage
18. John Q. Newman - The Lastest in Paper Tripping, False Identity, and How to REALLY Not Be Found  (3.9M MP3)  (M4B)
• Homepage
19. Dan Veeneman - Future & Existing Satellite Systems  (5.3M MP3)  (M4B)
• Video  (105M RealMedia)
• Several low earth orbiting satellite systems are already in orbit, and commercial service is just around the corner.  Global wireless voice and data services will be available from handheld terminals.  Dan Veeneman will bring us up to date on existing and future systems and answer questions from the audience.
• Dan Veeneman has served in various management and technical positions in the computer industry since 1980.  He has developed financial programs for the banking, investment and real estate industries, as well as software for a variety of companies including A.C. Nielsen, McDonalds, Reuters and Baxter-Travenol.  Dan has installed and supported many local and wide area networks, including a nation-wide data delivery network.  He also has experience supporting Internet connectivity, including Motorola's world-wide Network Information Center.  Dan has provided data security and encryption services for a number of government and civilian clients, encompassing video and data delivered over telephone, satellite and the Internet.  He also edits a quarterly newsletter concerning cryptography.  Dan holds an engineering degree from Northwestern University.  Dan also writes a monthly column for Monitoring Times magazine called PCS Front Line.
• Notes
• Homepage
20. Dr. Byte - The Security of Wireless Technology
• Dr. Byte will give a technical presentation on the security of wireless technology. Included in this talk include overviews of: wireless networks, protocols, systems, and access mediums such as AMPS, GSM, FDMA, TDMA, CDMA, CDPD, 802.11, Mobile-IP, and Ad-Hoc Networks  Current IP security technology (IPSEC) in IPv4 and IPv6 and overview of areas of research and exploration of security in wireless technologies.
• Dr. Byte is a Ph.D. candidate in Computer Engineering and an instructor of Computer Engineering at a major university.  He received his B.S. and M.S. in computer engineering in 1994 and 1997 respectively.  For his M.S., he worked with a real time bit error rate simulator, and developed a next generation real time hardware system for bit error rate simulations.  He has developed a 16-bit RISC microprocessor in VHDL in a Field Programmable Gate Array (FPGA) able to run compiled 'C' code.  His research interests include security over wireless networks, in particular ad-hoc networks using IPv6.  He has co-authored 3 papers on IEEE 802.11 and IPv6.
21. Peter Shipley - An Overview of a 2 Year Effort in Massive Multi-Modem Wardialing  (6.5M MP3)  (M4B)
• Security problems occur when obvious security problems are overlooked.  One commonly overlooked problem is alternative access methods to a corporate Intranet from an external machine.  Many if not most companies are overlooking their secondary vulnerabilities surrounding alternate methods of network access.
• Mr. Shipley will present research covering an overview of a 2 year effort in massive multi-modem wardialing.  His findings will include some personal observations and the results obtained from scanning the San Francisco bay area.  When Mr. Shipley started this project he noted that there were no published research references to wardialing or documented statistical results of the types of equipment and computer networks commonly found on the POTS (Plain Old Telephone System) network.  Mr. Shipley decided to change that through his research.
• Mr. Shipley is an independent consultant in the San Francisco Bay Area with nearly thirteen years experience in the computer security field.  Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground and hacker community.  He has extensive experience in system and network security as well as programming and project design.  Past and current clients include TRW, DHL, Claris, USPS, Wells Fargo, and KPMG.  In the past Mr. Shipley has designed Intranet banking applications for Wells Fargo, firewall design and testing for WWW server configuration and design for DHL.  Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training.  Mr. Shipley also performs post-intrusion analysis as well as expert witness testimony.  Mr. Shipley is currently concentrating his efforts on completing several research projects.
• Homepage
22. Prof. Feedlebom - Pirate Radio
• If you have ever been slightly interested in operating your own micropower radio station, this is it.  Why to, How to, and how to not get caught.  Will also discuss the potential of legal micropower radio in the future.  Kind-of a how-to, kind-of a demo, kind-of a "let's make the FCC real nervous" kind a thing.
• Prof. Feedlebom and Technopagan have operated "The Voice of Mercury" and the "Desert Crossing Radio" broadcasts for the last four years.  They are also responsible for strange radio emissions that have been heard in the Los Angeles area on 104.7 MHz.
23. Trask - Hacking the Big Iron: Security Issues in Large Unix Environments
• I will be using the Sun Ultra Enterprise 10000 and IBM SP/2 as examples of how some of the newer, bigger Unix systems (which are increasingly being used for jobs previously performed by mainframes) present some interesting challenges in the area of system security.  As you may know, the Ultra Enterprise 10000 is a SMP system that can be configured with up to 64 processors, which may then be partitioned into a maximum of 8 independent partitions.  The SP/2, on the other hand, is an MPP architecture that can be configured with up to 64 8-way SMP nodes.  These two architectures are different in almost every way, however both are extremely fast, and both have some security concerns not present in more traditional Unix systems.  What I have found is that the security problems are surprisingly similar between the two types of machines.
• By failing to consider all aspects of security when implementing the system management tools provided with these computers, the vendors are selling million-dollar-plus products that are less secure than typical end-user workstations.  I contend that as unix offerings start providing mainframe class computing power, they need to also look towards providing mainframe class security.
• Trask dropped out of high school about a month prior to graduation.  After working at Wendy's, Wal-Mart and Texaco for a few months each, he decided that he would rather be a Unix sysadmin.  He lives in 602 with his beautiful fiance (mgd) and is currently employed by American Express, where he gets to play with all sorts of expensive toys.
24. Security Panel - Securing Distributed Systems  (13.0M MP3)  (M4B)
• Members include Brian Martin, Gale Katz, route, Ejovi Nuwere, Mudge, Alhambra, *Hobbit*, and Anthony Eufemio.
• Q&A on Intrusion Detection (ID) system, NOS, protocol, and security utilities.
25. Super Dave - Copyright vs. Freedom of Speech  (4.8M MP3)  (M4B)
• Video  (103M RealMedia)
• As policy and the economics of a world-wide economy force us to attempt an information based economy, the manufactured concept of intellectual property becomes paramount.  Our preeminent corporations have shifted from GM and Ford to Disney and Microsoft; our government struggles to develop and globally enforce laws to protect the profitability of IP.  These laws are intrinsically at odds with the free and unfettered exchange of ideas which is central to the validity of democracy.  But IP law is built on a weak legal and moral foundation, and it is far from clear that an IP based economy is viable.
• David Gessel spent his childhood hammering steel in front of a coal-fired forge as a blacksmith's apprentice for seven years.  He then went to MIT to get a degree in physics where he focused on robotics and precision engineering.  Switching coasts, David joined Apple's Advanced Technology Group and worked on various things including pen-based computers, LCD technology, and digital cameras.  After ATG, David worked at Interval Research Corp, researching rapid design/prototyping technologies for mechanical systems.  David is now CTO of Spinner, Inc., a startup developing QTVR technology; VP of Engineering for Nebucon, Inc., a startup developing secure Internet services for small businesses; and contracts mechanical design services bicostally.
26. Marc Briceno - Smartcard Hacking for Beginners
• Smartcards are a marvelous tool for the security software developer.  Their small form factor and tamper resistant, though not tamper proof, packaging allows for numerous applications, such as secure key storage and encryption.  Unfortunately, many software developers still consider smartcards difficult to work with.  No doubt largely due to the fact that vendors have so far failed to provide sufficient information and development tools.  We will introduce SCARD, a free, cross-platform smartcard development, analysis, and integration tool.  No longer does the smartcard-curious individual have to learn obscure low level smartcard commands.  If you know how to use a UNIX shell or Windows NT, you can use smartcards.  There will be a demonstration of several cryptographic, electronic cash, and GSM cards.  The audience is encouraged to submit any smartcards in their possession for analysis.
• Marc Briceno is the Director of the Smartcard Developer Association, the only vendor-independent smartcard industry association.  The SDA's member base is comprised of smartcard and security experts in Europe, Asia, the Americas, and Australia.  The SDA distributes universal smartcard analysis and integration tools to software developers worldwide.
• Mr. Briceno coordinated the efforts leading to the discovery and break of COMP128, the GSM digital cellular telephony authentication cipher.  Mr. Briceno is a senior advisor on digital telephony issues to an international development effort engaged in designing low-cost phone encryption devices and a consultant to memory chip forensic data analysis teams at several major universities.
27. Krusty - Social Engineering Contest  (7.7M MP3)  (M4B)
• Social Engineering Contest Rules

Defcon 7

  July 9-11, 1999 at the Alexis Park Hotel & Resort

• Defcon 7 CD - Table of Contents
• Hack Canada at Defcon 7
• BCTelephone Internal Alert
• Tananda's Defcon 7 Review
• Defcon 7 T-Shirt
• Babes of Defcon 7
• Hackerz, Phreakerz and Fedz: Three Days of Fear and Loathing in Las Vegas  By Bronc Buster.
• Through the Looking Glass - Defcon 7  By Doug Mohney.
• My First Defcon  By Kevin Poulsen.
• Bitter Cyberspace Foes Make Nice at Convention
• Defcon 7 Pictures  From goapixie.
• Defcon 7 Audio  Textfiles.com Mirror
• Defcon 7 Audio RSS
• Defcon 7 Video RSS

1. Bruce Schneier - Cryptography  (12.9M MP3)
• Tradecraft on Public Networks.  Dead drops, semaphores, cut outs, telltales...the tools of spying.   In a world of continuous communications and ubiquitous eavesdropping, is there any hope for covert communications?  Learn about some old tricks of the trade, and some new ones.
• Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm.  He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center.  He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.
2. Swift - IPv6 Overview  (8.3M MP3)  (M4B)
• Video
3. Kevin Poulsen & Jennifer Grannick - The Legalities and Practicalities of Searches and Interrogations  (9.6M MP3)  (M4B)
• You all know who Kevin Poulsen is.  If you don't, please go learn.
• Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California.  She defends people charged with computer-related crimes, as well as other offenses.  Jennifer has been published in Wired and the magazine for the National Association of Criminal Defense Lawyers.
• Video
4. Gh0st - Phreaking and PBX Tricks - Part 1  (1.8M MP3)  (M4B)
• Part 2  (10.3M MP3)
• Video
5. Daremoe - The Firewall Appliance: Friend or Foe?  (9.2M MP3)  (M4B)
• An introduction to appliance firewalls.  What they are, how they work and what you can expect when you encounter them in the wild.  These "new breed" firewalls are popping up everywhere, so be prepared when you meet them...
• Daremoe is the Alpha-Dog of the WolfPak, a "614 based group of security minded individuals."  He is an independent computer security consultant with over ten years experience in e-commerce.  He has just completed a comprehensive evaluation of appliance firewalls and their market.
• Video
6. Gail Thackeray & Kevin Higgins - Legal Q & A - Part 1  (5.4M MP3)  (M4B)
• Part 2  (1.1M MP3)
• Part 3  (4.7M MP3)
• Each will do a brief thing on a topic near & dear to their hearts, and then open the session to an "ask the prosecutor" Q&A so people with burning questions can ask about whatever interests them.
• Gail Thackeray is a Maricopa Count prosecutor in Arizona and Kevin Higgin is with the Nevada Attorney General's office.
• Video
7. Mojo - Hacking Windows Registries and Shares  (15.9M MP3)
8. Vic Vandal - Hacking Oracle 101  (12.2M MP3)  (M4B)
• So you've hacked your way into your "test" O/S.  What are you going to do now?  All the really fun data is stored in a database, probably an Oracle database.  This talk will discuss some of the gory details of Oracle security and insecurity.
• Vic Vandal is a certified information security professional.  He has been providing enterprise-level security design and implementation for U.S. government and military entities for the past 10 years.  He currently works for a major consulting firm as a Senior Information Security Engineer.  His areas of expertise are; O/S security, database security, network security, application security, firewalls, encryption, VPN's, and digital signatures.
• Video
9. James Jorasch - Hacking Las Vegas - Part 1  (10.7M MP3)  (M4B)
• Part 2  (96k MP3)
• If you missed it last year, don't miss it this year.  Excellent.
• Video
10. Techno Pagan - Radio and Computers - Part 1  (9.0M MP3)  (M4B)
• Part 2  (3.4M MP3)
• Video
11. Panel - Meet the Fed - Part 1  (2.8M MP3)  (M4B)
• Part 2  (1.1M MP3)
• Part 3  (388k MP3)
• Part 4  (2.1M MP3)
• Part 5  (5.2M MP3)
• Video
12. Peter Stephenson - Introduction to Cyber Forensic Analysis  (15.8M MP3)  (M4B)
• This session will address the techniques used to investigate network-based intrusions, especially those originating from the public Internet.  Emphasis will be on techniques that provide an acceptable chain of evidence for use by law enforcement or in anticipation of civil litigation.  We will cover back-tracing, forensic tools, end-to-end tracing and evidence collection and preservation as well as the forensic use of RMON2-based tools for documenting the path of an attack.
• Peter Stephenson is a well-known writer, consultant and lecturer with an international reputation in large scale computer networks and information protection.  He has lectured extensively on network planning, implementation, technology and security.  He has written or co-authored 14 books (including foreign language translations) and several hundred articles in major national and international trade publications.  He is the principle consultant for InfoSEC Technologies division of Sanda International Corp.
• Mr. Stephenson has participated in investigations of computer system intrusions, Internet misuse and abuse and has performed forensic analysis of computer disk drives as well as backtracing analysis of intrusions coming from the Internet.  He has used forensic techniques to recover lost data from computer disk drives.
• Stephenson is a member of the Information Systems Audit and Control Association (ISACA), the Information Systems Security Association (ISSA) and the High Technology Crime Investigation Association (HTCIA).  He provides volunteer assistance on request to the Michigan State Police and other law enforcement agencies.
• Video
13. Angus Blitter - Fear and Loathing in Cyberspace: The Art and Science of Enemy Profiling - Part 1  (10.4M MP3)  (M4B)
• Part 2  (3.7M MP3)
• Quickly identifying your opponent, in any conflict, can mean the difference between success and failure.  Knowing their capabilities, resources and limitations can provide the tactical advantage.  The lack of this type of decision support is a serious deficiency in most information warrior's arsenals.  Relying on single source intelligence is pure folly.  Charlatans and carpetbaggers are salivating at the millions in government and corporate dollars earmarked for such a competitive advantage.  Our discussion will provide a working definition for "profiling", how it is used and why it effects everyone!
• Angus Blitter is the founder and Grand Poopa of HSK.
• Video
14. Punkis - Introduction to TCP/IP  (11.6M MP3)  (M4B)
• PowerPoint Slides
• Video
15. Rooster - Insecurities in Networking Devices - Part 1  (6.9M MP3)  (M4B)
• Part 2  (469k MP3)
• Part 3  (604k MP3)
• Routers and switches.  These devices make up the core of what is networking.  Devastatingly important, this infrastructure is key to a properly working environment.  Amazingly, many administrators don't know the weaknesses and holes that are being exposed to the Internet.  This talk will discuss the most common security issues in routers and switches, how they can be exploited, what a person gains from this, and how to prevent people from gaining access to your network equipment.
• Rooster has extensive knowledge of systems and networking.  his experience includes all manner of networking and systems including; ATM, BGP, GigabitEthernet, FDDI, etc.  Rooster is currently a network engineer at a Fortune 500 company where he maintains the Internet connectivity.
• Video
16. Michael Martinez - Hackers and the Media: A Love-Hate Thing  (10.1M MP3)  (M4B)
• For hackers, contact with the media is both exciting and frustrating.  Everybody loves to grab that 15 minutes of fame and set the record straight, but the media has this annoying habit of getting things wrong, at least from a hacker's point of view.  Mainstream reporters feel the same way -- hacking is cool, sexy, and guarantees readership.  But hackers are so evasive, way too full of themselves, and then there's this godawful technology to try to understand.  How can reporters and hackers work together, or at least understand each other?
• Michael J. Martinez reports on technology for ABCNews.com.  In addition to covering more mainstream issues, Martinez has written about hacker culture, the VX community, the Pentagon's "cyberwar" problems, and the Melissa virus.  His articles have been featured on Slashdot and the Hacker News Network.
• Video
17. Peter Shipley - Introduction to TCP/IP Exploits  (14.0M MP3)  (M4B)
• Video
18. Mr. Phillip & J. Loranger - The Ethics/Morality/Practicality/Patriotism of Hacking - Part 1  (3.2M MP3)  (M4B)
• Part 2  (3.2M MP3)
• Video
19. Ira Winkler - The Myths of Hiring Hackers  (9.6M MP3)  (M4B)
• While Ira Winkler is not an advocate of hiring your off the street hacker, he has come to the opinion that many of them are more useful than people who call themselves security professionals.  He believes that compounding the problems are bureaucrats who don't understand the problem, and try to form solutions without thinking.  For example, the Critical Infrastructure Assurance Office (CIAO), formed by a Presidential Directive to help protect the critical infrastructure, was considering a plan to recruit a group of teenagers who they would guide through their college careers to be the Info Warriors of the future.  Ira talks about the myths associated with hiring hackers and security professionals, as well as the problems with the efforts to supposedly protect the infrastructure.  An "Are you clueless?" test for "security professionals" is given.  Also recommendations to excel in the corporate world are given for hackers who are really skilled.
• Video
20. M0dify - Introduction to Scanning - Part 1  (3.3M MP3)  (M4B)
• Part 2  (4.9M MP3)
• Video
21. Dead Addict - Currency Systems, Credit Systems, and Associations  (10.3M MP3)  (M4B)
• After working for The Man (TM) for several years, DA is finally working for the little guy - implementing worldwide financial systems for multinational banking corporations.  He will speak on currency systems, credit systems and associations, SET technology, its message flow, crypto usage, implementation issues, and surrounding industry issues.  He will also briefly discuss security issues with current ecommerce implementations
• Video
22. Sarah Gordon - Viruses On (and Off) the Internet  (7.7M MP3)  (M4B)
• Computer viruses are currently freely available on the Internet, as well as via various mailing lists.  The recent Melissa virus incident has focused attention on some issues surrounding the public availability of viruses.  The panel (representing virus writers, antivirus product developers, open source advocates and academics) will represent a wide range of views on topics such as: "Is it cool to make viruses available via the Internet?  Is posting of viral source code to mailing lists as a 'necessary evil' which can force developers to improve products.  Should virus writing itself be illegal?"  We want to hear *your* views, too, so the session will end with Q&A Interactive.
• Sarah Gordon graduated from Indiana University with special projects in both UNIX system security and ethical issues in technology.  She currently works with the anti-virus science and technology R&D team at IBM Thomas J. Watson Research Center.  Her current research projects include development of antivirus product certification standards, test criteria, and testing models.  She has been featured in publications such as Forbes, IEEE Monitor, The Wall Street Journal, and Wired, and is published regularly in publications such as Computers & Security, Network Security Advisor and Virus Bulletin.  She has won several awards for her work in various aspects of computing technology, and volunteers in an advisory capacity to Virus Bulletin, The WildList Organization, and The European Institute for Computer Antivirus Research.
• Video
23. Cult of the Dead Cow - BO2K is Announced and Released  (21.1M MP3)
• What will we be doing?  R0xiN the HAU-aus, BIzaTch!!!@@!2121lf...  But that goes with out saying.  In addition to the rocking of the aforementioned house, we will also be releasing BO2k.  We won't reveal our sekrets of BO-Fu, but trust me when we tell you that it will make BackOrifice v1.0 look like LOGO for the TI99/4a.
24. Robert Lupo - Introduction to Computer Viruses - Part 1  (7.2M MP3)  (M4B)
• Part 2  (6.0M MP3)
• This class covers how different virus work and how to defend agent them, including: boot sector virus, file infecters, multi-part, macro, and fakes in the world.
• Video
25. John Q. Newman - Personal Privacy and Big Brother Databases  (14.4M MP3)  (M4B)
• Video
26. Freaky - Introduction to Macintosh Security  (9.9M MP3)  (M4B)
• From the author of Freaks Macintosh Archives, Freak will be hosting a topic this year at the con about macintosh security, the programs out there and their flaws.  Some new programs will be released for the macintosh platform to help secure your MacOS.  And more programs will be released to exploit your mac and many other platforms.
• Video
27. Dr. Byte - IPv6: Who/What/When/Where/How/Why - Part 1  (4.4M MP3)  (M4B)
• Part 2  (5.0M MP3)
• Part 3  (890k MP3)
• Part 4  (546k MP3)
• Part 5  (224k MP3)
• Part 6  (1.8M MP3)
• The Internet Protocol has undergone substantial changes in past few years from version 4 (Classical IP) to version 6 (Next Generation IP).  This presentation will overview who's using the new protocol, what the new protocol's features are, when it will become mainstream, where it's being deployed, how the transition from IPv4 to IPv6 is planned, and why we need a new fundamental protocol on the Internet.  This speech will contain many technical details and will assume the knowledge of the basics of TCP/IP.
• Dr. Byte is a Ph.D. candidate in Computer Engineering and an instructor of Computer Engineering at a major university.  He received his B.S. and M.S. in Computer Engineering in 1994 and 1997 respectively.  For his M.S., he worked with a real-time bit error rate simulator, and developed a next generation real time hardware system for bit error rate simulations.  He has developed a 16-bit RISC microprocessor in VHDL in a Field Programmable Gate Array (FPGA) able to run compiled 'C' code.  His research interests include developing a taxonomy of attacks and applying it to different network environments.  He has co-authored 3 papers on IEEE 802.11 and IPv6.
• Video
28. Cyber - How to Use BSD to Setup a Firewall/Gateway  (14.2M MP3)  (M4B)
• This talk will cover the basics of using free software to setup a firewall/gateway machine.  Basic concepts will be reviewed, and why certain things are important will be covered.  Ideal setups as well as practical solutions will be discussed.  Step by step instruction with examples will be given.  Q/A will be done time permitting, slides will be availible online.
• Erik has done computer security for a number of years.  He has added crypto layers to existing products, as well as designed and implementedthe security authentication and authorization model for an internal account control system for a major U.S. bank.  He currently works as a consultant for KPMG LLP.
• Video
29. Craig H. Rowland - How to Be Aware of Security Problems on Your Network  (11.7M MP3)  (M4B)
• A critical component of network security is being aware of what is occurring on your systems so you can spot security problems before they become a big headache.  The Abacus Project is a suite of free security tools that allows administrators to monitor critical aspects of system operations on a variety of Unix hosts to help increase their awareness.  This talk will detail why it is important to watch your systems closely for problems and how these and other free security tools can help bolster your site security using a variety of simple techniques.
• The core components of the project attempt to address the more common indicators of an attack such as: 1) Strange messages in audit files indicating errors or invalid input that indicate security problems.  2) Port probes that are a pre-cursor to attack and compromise.  3) Compromised user accounts and suspicious user activity.
• The three currently released tools address the above issues using generic techniques that work on a number systems.  These tools are: Logcheck, PortSentry, and HostSentry.
• This talk will detail why it is important to watch your systems closely for problems and how these and other free security tools can help bolster your site security using a variety of simple techniques.
• Craig H. Rowland is a security software developer and consultant currently working for Cisco Systems Inc.  His area of focus falls into network attack tool programming and intrusion detection systems.  He is the author of several free security tools on the Internet and maintains the Psionic Software website to distribute security tools, papers, and advice.
• Video
30. Winn Schwartau - HERF Guns, EMP Bombs and Weapons of Mass Disruption  (9.6M MP3)  (M4B)
• At Defcon 3, Winn Schwartau talked about high-energy radio frequency guns, electromagnetic pulse bombs and assorted nefarious weapons.  Trouble is, the government doesn't admit to a thing.  However, through constant research, he has found more than the government would like.  The August issue of Popular Science, due out on or about July 15 will feature Schwartau's article on these emerging devices - but you will get an early peek at Defcon 7 on Saturday afternoon.  Russian HERF and EMP devices for sale world wide.  Some are even on the Internet!  Terrorist level weapons made in a garage for less than $500 and put out an E-field in excess of 1MV/meter.  A video of real HERF at work.  Be ready with your questions and Schwartau, as usual, will have answers.
• Slides
• Video
31. Windmann - The Defcon Proxy Server  (5.5M MP3)  (M4B)
• Windmann will give an overview of the Defcon Proxy Server - what it is, how it came to be, and how to access and use it.  Don't want your boss to know where you're surfing to on his dime?  Would you like to anonymously view your artwork after the fact?  If this is you, don't miss this informational talk.  It will cover new features and access policies.
• Windmann started out in life as a BBS operator in 1989.  After setting up Unix boxes to provide Usenet and Email via UUCP for his customers, he gave out shell accounts on the same machines - and after cleaning up that mess, he was a security expert!  He also authored the first Windows based email application and roaming code for American Mobile Satellite Corporation and the Trimble C/GPS transceiver, and was head of Network Security for Telegroup, Inc.
• Video
32. Ian Goldberg - Using the Internet Pseudonymously: One Year Later - Part 1  (7.2M MP3)  (M4B)
• Part 2  (5.9M MP3)
• Last year we told you about the plans for the Freedom network from Zero-Knowledge Systems: user-trivial, strong-crypto, pseudonymous use of the Internet.  See how far we've gotten now.  We will present the current status of the network, and discuss the challenges and obstacles we've encountered along the way.
• Video
33. Tom - Security Problems Associated with Client-Side Scripting in Popular Web-Based Services - Part 1  (7.0M MP3)  (M4B)
• Part 2  (3.5M MP3)
• This info will also be appearing in Wired Magazine around the same time as Defcon so it's good timing, and extends the 'shorts' in Business Week (May 17, p8) and N.Y. Times (Thursday of same week).  See this link for the story..
• Homepage
• Video
34. Jonathan Wignall - Extra Border Hacking - How a Company Can Be Hacked Without the Hacker Ever Picking on That Companies Machine - Part 1  (13.5M MP3)  (M4B)
• Part 2  (45k MP3)
• Companies may defend themselves from hacking attacks from the Internet by using firewalls and other defences, but what about their defences beyond their site's boundary?  Can attacks here cause damage?  Or enable an intruder to break into their sites?  This presentation will outline what tricks can happen on the Internet and how you can defend yourself outside your normal area of control, without resorting to illegal measures.
• An experienced college lecturer despite being under thirty years of age.  Is well used to public speaking and his research interest is in the field of Internet security.  Head of programme for higher education courses in computer networking at St Helens college, he is also actively tring to establish simular courses on information security.
• Video
35. V1ru5, Stephen Wadlow, Gurney Halleck, and *Hobbit* - Lock Picking Demonstration  (19.3M MP3)  (M4B)
• Lockpicking demonstration.  This talk includes a discussion of the different kinds of locks, and an indepth look at the pin-tumbler type.  *Hobbit* has disected a lock with power tools, and will show visually each stage necessary to open up a lock.  Also there is a lock demonstration board with several locks from easy to hard.  Pick the hard one and win a free beer!
• Notes  From Defcon 6.  (2.9M PDF)
• Video
36. Jason Scott - TEXTFILES, G-PHILES AND LOG FILES: Remembering the 1980's through ASCII  (17.2M MP3)  (M4B)
• In the 1980's, life started to move online, bringing with it all the wonder, terror, and breadth of human nature.  Most markedly, an entire generation of teenagers turned their energies and efforts onto this growing culture and turned the world of Bulletin Board Systems into a combination street corner and clubhouse, sharing their knowledge, lying and bragging into infamy, and creating a shared experience that lasts in their hearts and minds to this day as they become the foundation of the Internet Society.  While the unique forces that combined to make BBSes the experience they were have since shifted and formed other cultures in the years since, a feel for the 1980's can be found in the Textfiles (also known as g-files or 'philes') that nearly every self-respecting BBS traded, offered, or created as a matter of gaining notoriety (and more importantly, callers) in a sea of similar voices.  In these textfiles, readers can reminisce or learn anew about what the BBS experience meant to those who lived through it, and easy parallels can be drawn to the 'scenes' that are now thriving online today.  This talk will attempt to give historical perspective and narrative to the BBS 'scene' of the 1980's, presented by a user who was around for a good portion of it and took notes.  Expect shouted refutations from the audience and eerily familiar battles waged across the message boards to live again.
• Jason Scott (Formerly The Slipped Disk) has been an observer and participant in the world of BBSs since about 1982, cutting his teeth on Boards such as OSUNY, Sherwood Forest II and III, Milliways/Outland, The Dark Side of The Moon AE/BBS, as well as hundreds of others.  His experience in BBS culture of the 80's ranges from Compuserve and The Source to Deversi-dials, AE Lines and anything else that gave a carrier when you called it.  He is best known as the SysOp of The Works BBS, a textfile-only board that he ran from 1986-1988 before switching to SysOp-At-Large from 1989 to the present.  Realizing an entire generation's shared lore was being diluted and lost, he has started the site www.textfiles.com, dedicated to preserving all things ASCII from the 1980's.  This web site is slowly killing him.
• Video
37. A.J. Reznor - How To Use BO2K - Part 1  (483k MP3)  (M4B)
• Part 2  (9.0M MP3)
• Part 3  (546k MP3)
• Part 4  (1.0M MP3)
• Part 5  (4.7M MP3)
• Homepage
• Video
38. Professor Feedlebom - Follow Up on Micropower Radio  (9.0M MP3)  (M4B)
• Last Defcon, Prof. Feedlebom led a discussion on micropower radio that kinda glossed over a lot of the technical details.  This year, he returns to discuss in more detail some of the things required to place a micropower station on the air.  Will also include a short synopsis on the current state of Micropower Radio, including the effort to legalize it in the United States.  Handouts from last year's session will be available for those who did not recieve them in the mail (sorry).
• Prof. Feedlebom has operated "The Voice of Mercury" and the "Desert Crossing Radio" broadcasts for the last five years.  While he's taking the year off this year from the big broadcast, he has been responsible for strange radio emissions that have been heard in Los Angeles and Kern Counties on a variety of frequencies.  He also acts as the chief engineer for Radio Invasion, a former micropower station now broadcasting through Real Audio.
• Video
39. Parekh - Crypto Tales  (7.1M MP3)  (M4B)
• Video
40. Steven Alexander - Firewalls: Trends and Problem  (13.4M MP3)  (M4B)
• This talk will cover some of the new firewalling trends and how many of them are detrimental to security.  The focus of this talk will be on how the discussed trends work and how they can be used by an attacker to defeat security, and how security problems can be avoided.  The discussion will not cover specific products in order to allow anyone to apply the subject matter to their current configuration.
• Steven works for a small ISP, attends his local college as a math major and spends his free time studying cryptography
• Video
41. Deanna Peugeot - Embedded Systems Hacking  (12.1M MP3)  (M4B)
• Embedded systems can often go where the average hacker cannot.  They don't reside on the server to be detected by a vigilant sysop, nor do they need the dedicated resources of a computer.  But no one in the hacking community seems to be taking advantage of this arena.  This will cover the possible uses for a custom embedded system and how to go about creating it.
• Video
42. Steve Mann - Inventor of The So-called "Wearable Computer"  (13.6M MP3)  (M4B)
• Steve Mann, inventor of the so-called "wearable computer" (WearComp) and of the EyeTap video camera and reality mediator (WearCam), is currently a faculty member at University of Toronto, Department of Electrical and Computer Engineering.
• Dr. Mann has been working on his WearComp invention for more than 20 years, dating back to his high school days in the 1970s.  He brought his inventions and ideas to the Massachusetts Institute of Technology in 1991, founding, what was to later become the MIT Wearable Computing Project.  He also built the world's first covert fully functional WearComp with display and camera concealed in ordinary eyeglasses in 1995, for the creation of his award winning documentary ShootingBack.  He received his Ph.D. degree from MIT in 1997 in the new field he had initiated.  He is also the inventor of the chirplet transform, a new mathematical framework for signal processing.  Mann was both the founder and the Publications Chair of the first IEEE International Symposium on Wearable Computing (ISWC97).
• Mann has chaired the first special issue on wearable computing in Personal Technologies Journal, and has given numerous keynote addresses on the subject, including the keynote at the first International Conference on Wearable Computing, the keynote at the Virtual Reality Conference, and the keynote at the McLuhan Conference on Culture and Technology, on the subject of privacy issues and wearable computers.  He can be reached via Email at mann@eecg.toronto.edu.
• Video
43. David Sobel - Internet Anonymity Under Assault: The 'John Doe' Lawsuits  (20M MP3)
• Several recent court cases around the country highlight an increasingly popular litigation tactic: the use of civil discovery to unmask the identities of anonymous Internet posters.  In the last few months, a growing number of corporations have issued subpoenas to Internet Service Providers (ISPs) and operators of online message boards seeking to identify and locate individuals who posted material that the companies, for one reason or another, find objectionable.  A spokesman for Lycos recently told Salon Magazine that the firm receives subpoenas on "pretty close to a regular basis."  The underlying allegations in these cases include defamation, misappropriation of trade secrets and securities law violations.  Many observers worry, however, that the legal tactic can easily be used to intimidate potential critics into silence and destroy the anonymity that has contributed to the Internet's explosive growth.  David Sobel will discuss these cases and efforts to protect online anonymity.
• David Sobel is General Counsel to the Electronic Privacy Information Center in Washington, DC, where he has litigated numerous cases under the Freedom of Information Act (FOIA) seeking the disclosure of government information on cryptography and privacy policy.  Among his cases are those involving Operation Sun Devil, the Clipper Chip, the FBI's Digital Telephony wiretap proposal and the Secret Service's Pentagon City $2600 raid.  David served on the Association for Computing Machinery's Special Panel on Cryptography Policy, which produced the report "Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy."
• David also served as co-counsel in ACLU v. Reno, the successful constitutional challenge to the Communications Decency Act decided by the U.S. Supreme Court in 1997.  He has been profiled as a "Newsmaker" by CNET's NEWS.COM for his work on Internet liberties issues.
• David has a longstanding interest in national security and civil liberties issues and has written and lectured on these issues frequently since 1981.  He was formerly counsel to the National Security Archive, and his FOIA clients have included Coretta Scott King, former Ambassador Kenneth Rush, The Nation magazine and ABC News.
44. Jericho - Fakes Walk Among Us
• The recent explosion of the security industry has found itself littered with newcomers, all 'experts' in the field.  Unfortunately, many of these 'experts' are nothing more than self proclaimed windbags that are no more qualified to help you with security than your local 6 year old.  How do these charlatans manage to find work?  Why are they accepted?  More important, how do you distinguish legitimate security professionals from the fakes?  These are valid concerns in today's security community.  Answers to follow?
• Jericho is a security consultant (read: not an expert) working almost full time these days.  His travel has taken him to standard corporate networks, to consulting for wacky spooks that everyone fears.  On top of run-of-the-mill consulting, he has participated in network analysis via penetration testing, computer forensics and more.  He hates crowds.  :)
45. Simple Nomad - Overview of Activities at the Nomad Mobile Research Center
• Simple Nomad will give an overview of activities at the Nomad Mobile Research Centre, provide status on several projects, and give a detailed overview of NMRC's latest Netware hacking tool, Pandora.  The new version of Pandora sports a "point, click, and attack" GUI interface, and works against Novell Netware versions 4.x and 5.x.
• Simple Nomad is the author of several FAQs on hacking, including "The Hack FAQ" which is a combined FAQ covering Netware, NT, Unix, and web technologies.  The Nomad Mobile Research Centre is a non-profit organization dedicated to independent computer security research, with a focus on corporate-deployed commercial file servers.
46. Christian Hedegaard-Schou - What is Open Source?
• This talk will focus on what open source is, what it isn't, debunking some myths, showing some examples, and giving reasons why open source is ready for the real world.  This talk is primarily aimed at government and corporate IS/MIS/IT staff and managers, but anyone who's curious as to what this "open source" thing is they've heard so much about in the past months are encouraged to attend.
• Christian Hedegaard-Schou is a private contractor and consultant who first embraced opensource about 5 years ago when he discovered Linux and installed it over his DOS partition.  He's never gone back.  Since he first discovered Linux he also played with FreeBSD and NetBSD on various architectures, and has been a proponent of Free software, GNU, and the newly defined "open source" movement.
47. Bennett Haselton and Brian Ristuccia - The "Anti-Censorship Proxy" and Technological Circumvention of Internet Censorship
• Brian Ristuccia's Anti-Censorship Proxy (ACP) is a tool for circumventing network-level Internet censorship.  It combines functionality of older software such as PGP, Anonymizer, and steganography software, enabling Internet users to bypass firewalls and proxy servers without detection.  ACP can be used to circumvent firewalls used by China and Saudi Arabia to block criticism of their governments, or to bypass software used in American schools to censor pages about contraception, animal rights, and many non-Christian religions.
• These countries and institutions are likely to crack down on the use of such software, provoking an "arms race" between ACP developers and their opponents.  (The use of strong encryption in ACP may even conflict with some countries' import/export regulations.)  This talk will describe the ACP and look at some of the directions that such an "arms race" might take, as well as describing real-world implementations of network-level censorship (in China, Serbia, the Middle East, as well as many U.S. schools), what kind of content is censored, and how the ACP could be used to bypass these restrictions.  More information at ians.978.org or www.peacefire.org/bypass/Proxy.
• Bennett Haselton has been publishing studies of Internet censorship software since 1996.  His reports have been used as evidence in First Amendment court cases filed by the ACLU and People For the American Way, and he has been invited to speak on Internet censorship at Computers Freedom and Privacy 99, the American Library Association national conference, the ACLU of Ohio annual conference, InfoWarCon 99, and Spring Internet World 99.  Peacefire's reports criticizing censorship software have been featured on CNN financial news, MTV, Court TV, and MSNBC.
48. Charles Faulkner - Hacking Human Minds
• Human expertise is not found in the sum of explicit practices or algorithms.  It's in the experience, mental models and heuristics of individuals.  Invisible to current Knowledge Engineering, psychology and (most) linguistics, these 'rules of thumb' are available (can be hacked) through specific pragmatic, syntactic, and semantic 'filters/handles' that can be detected, influenced, and transferred.  Applications / instantiations to humans achieved.  Computing and human/computer interface applications sought.
• Charles Faulkner is a hacker (modeler, in polite society) of human experience and expertise whose projects have included language acquisition, futures trading, metaphoric communication, and object oriented software testing.
49. Michael Peros - Detecting Wiretaps
• This year I would like to speak about how to identify body wires, recorders and government informants.  Also I have verified from a very reliable source that President Clinton passed a wiretap bill through executive order of the White House allowing the Federal Government to wiretap and intercept electronic-oral communication without a warrant.  This came into law as of January of 1999.  He did not have to go in front of Congress to bring this into law.
• Michael Peros can be reached via email.
50. Natasha Grigori - Anti Child Porn Militia Grand Announcement
• The Anti Child Pornography Militia (ACPM) will be making a showing at the 7th Annual Defcon Conference in Las Vegas, Nevada on July 9th - 11th.  The ACPM will be actively recruiting individuals sympathetic to our cause and willing to take an active role in the battle to eliminate child pornography from the Internet.
• "We have big plans for Defcon", says Natasha Gregori, founder of the ACPM, "Not only will we be recruiting from a Hospitality Suite at the Convention, and seeking sponsors and allies; Plans are in the works for ACPM to make a presentation during the three day event, and be introduced by a major personality in the community."  The Defcon Conference will also signify the commencement of operations for ACPM, after 5 months of preparation, organization, and amazing growth from its original one-woman cause.  "I feel confident that the kick-off will be a success," Lawless, Director of ACPM Education, "from there, we will begin entering the political arena, lobbying for tougher enforcement against child pornography online, while assisting in any way possible with current enforcement."
• The Anti Child Pornography Militia (ACPM) is an organization committed to removing child pornography from the Internet.  Child Pornography is readily available on the Internet from Usenet, web sites, and chat channels.  These photographs of children, used to feed the grotesque sexual desires of pedophiles, contribute to the rising numbers in child sexual abuse cases world wide by emboldening and enticing potential perpetrators into committing acts of child abuse.  The ACPM will be working to achieve its goal of Zero Child Pornography through legal, political, and legal technical means.  The ACPM in no way promotes or condones illegal attacks against individuals or computers connected to the Internet.

Defcon 8

  July 28-30, 2000 at the Alexis Park Hotel & Resort

• Rave Against the Machine  Defcon 2000: Hackers, Geeks, 'Script Kiddies' Party
• Defcon 8 Pictures  From the hektik.org crew.
• Defcon 8 Pictures  From the moloch.org crew.
• Defcon 8 Pictures  From dangergrl.
• Defcon 8 Pictures  From RBCP.
• Defcon 8 Pictures  From JustBill.
• Blackhat/Defcon 8 Pictures  From Dug Song.
• Defcon 8 Pictures  From Nirva.
• Defcon 8 Pictures  From Jason Scott.
• Defcon 8 Pictures  From the techfreakz.org crew.
• Defcon 8 Pictures  From the daimyo.org crew.  (Set 2)
• Defcon 8 Pictures  From the soldierx.org crew.
• Defcon 8 Pictures  From goapixie.
• Defcon 8 Audio & Video  Textfiles.com Mirror
• Defcon 8 Audio RSS
• Defcon 8 Video RSS

1. Arthur Money - Meet the Fed Panel  (15.1M MP3)
• Video  (46.6M RealMedia)
• Arthur L. Money was sworn in as Assistant Secretary of Defense for Command, Control, Communications and Intelligence (ASD (C3I)) on October 5, 1999.  Mr. Money served as the Senior Civilian Official, Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence) and Chief Information Officer of the Department of Defense from February 20, 1998 to October 4, 1999.
• He served as Assistant Secretary of the Air Force for Acquisition from January 1996 to May 1999.  He was President of ESL Inc., a subsidiary of TRW, before it was consolidated with TRW's Avionics and Surveillance Group, and Vice President and Deputy General Manager for the TRW Avionics and Surveillance Group.  The group is internationally recognized for airborne electronic systems and technologies, including reconnaissance and intelligence systems and advanced integrated avionics.
• Mr. Money has more than 35 years of management and engineering experience with the defense electronics and intelligence industry in the design and development of intelligence collection analysis capabilities and airborne tactical reconnaissance systems.
2. Eric Sinrod - Federal Computer Fraud and Abuse Act  (14.7M MP3)
• We are going to discuss the Federal Computer Fraud and Abuse Act and look at how various hacking, virus and denial of service attacks trigger different sections of the Act.  We will also discuss how intent and status affect levels of criminal liability.  We will further discuss recent Congressional proposals to the amend the Computer Fraud and Abuse Act.  Finally, we will look at international efforts to harmonize cyber-crimes laws.
• Eric J. Sinrod is a partner in the San Francisco office of Duane, Morris & Heckscher, LLP.  Mr. Sinrod's practice has covered a number of important Internet, technology, intellectual property, information, communications, commercial and insurance coverage issues.  He has represented domestic and international clients in major class actions and where hundreds of millions of dollars have been at stake.  He also has handled numerous matters for smaller companies and individuals.  Mr. Sinrod has had significant trial and appellate experience, including cases before the United States Supreme Court.  Mr. Sinrod has been quoted or his work has been profiled in Time Magazine, the National Law Journal, Cyber Esq. Magazine, Business Insurance Magazine, the ABA Journal, the California Lawyer and a number of other publications.
• Mr. Sinrod is an adjunct professor of law and has published many law review and other journal articles.  He is a frequent speaker on Internet, information and communications issues.  He is an advisor to the Cyberspace Law Seminar at Hastings College of the Law and teaches an Information Law Seminar at Golden Gate University School of Law.  Mr. Sinrod is on the Editorial Board of the Journal of Internet Law, is a member of the ABA Internet Industry Committee, and is a member of the Executive Committee of the Law Practice Management & Technology Section of the State Bar of California.  He is the author of a treatise entitled Intellectual Property and Unfair Competition in Cyberspace, to be published soon by CCH, Inc.  He writes a weekly Cyberlaw column for the online version of Upside Magazine, entitled "Upside Counsel", and he is a regular guest speaker covering Internet legal issues for Live Online News.
3. noise - Anonymous Remailers: The Importance of Widely Available Anonymity in the Age of Big Brother  (14.7M MP3)
• Video  (30.3M RealMedia)
• From the golden days of the Penet pseudononymous remailer, to Janet Reno's call to squelch Internet anonymity, anonymous remailers have played a vital and oft-hated role in making the 'Net safe from Big Brother.  People regularly use anonymous remailers to avoid spam, to speak their minds without fear (of peers, family, employers, or governments), and to stay out of search engine indices.  Like nearly any other technology, anonymous remailers can also be used by "criminals" to do "criminal" things.  Under this guise, the government wishes to outlaw or severely restrict access to anonymous remailers.  Remailers are not difficult to use.  They're not prohibitively difficult to run, either.
• "The only way the public remailer network will survive, is if more people start setting up remailers.  Even if all the current remailers never get shutdown by the Powers That Be [TM], people do tend to move, change lifestyles, pass on, lose their jobs or lose the time to run a remailer.  Remailers go away.  Change is the constant in life.  We need more remops if the system is to survive." -- Shinn Remailer Operator.
• History, current status, and known attacks on Type I/II remailers will be the focus of the talk.
• noise holds a BS in CS from some university and will be attending her second year of law school this fall.  She runs the noisebox anonymous remailer, helps the Electronic Frontier Foundation, and delights in holding heated debates with bureaucrats.  noise thinks the world would be a better place (tm) if it had more cypherpunk lawyers.
4. Jennifer Grannick & Grant Gottfriend - The Law and Hacking  (12.1M MP3)
• Video  (39.9M RealMedia)
• 4th & 5th Amendment, laws that relate to hacking.  A criminal and civil attorney talk, debate and answer questions.  While in some situation there my be no law against something, that does not mean you can be sued in civil court or charged on "related" charges.
5. John Q. Newman - 10 Steps You Can Take To Protect Your Privacy  (15.3M MP3)
• Video  (35.3M RealMedia)
• I will cover topics such as the legal rules regarding fake ID, when and where it can be safely used, how to determine if an Internet seller of fake ID is a scammer or legit, and finally the federal governments new interest in fake ID.  The ID shop, the place I recommended last year, was raided by the Secret Service 3 months ago, and I will also talk about this case.  If you remember, the owner was at last years convention making and selling ID.
• My second talk will be called "10 steps you can take to protect your privacy."  This will be the dry run for a presentation I will take on the lecture circuit when my big new book from Random House comes out on privacy.  This talk will give straightforward steps everyone can take to drop out and stay out of Big Brother's databases.
6. syke - Open Source Utilities and How To Use Them to Test IDSes and Firewalls  (12.9M MP3)
• Video  (42.2M RealMedia)
• This talk showcases free/open-source utilities and how to use them to test IDSes and firewalls.  There have been a few talks on the common weaknesses of both kinds of products, but no practical means by which to test for said weaknesses.  The point of the talk is to enable people to test vendor's claims (or their own products) themselves.  This talk would be of interest to developers, security admins, product reviewers, and white/blackhat hackers.  Knowledge of TCP/IP and programming are recommended.
• syke is a member of New Hack City, a hacker collective based in San Francisco.  He has 2 years of experience testing firewall and IDS products at a major vendor of security software.
7. Jason Scott - TEXTFILES.COM: One Year Later - Part 1  (5.5M MP3)
• Part 2  (2.9M MP3)
• Part 3  (6.7M MP3)
• Video  (46.2M RealMedia)
• Jason Scott gave you an overview of the many amazing things that happened in the BBS world of the 1980's at the last Defcon.  This time, he talks both about some pieces of history that he forgot to mention, and a wide selection of the most interesting events to happen to textfiles.com in the last year.  Hear about the legal threats, the newspaper articles, the links to the Trenchcoat Mafia(!), just how many times textfiles.com has come close to being declared illegal, and why history is so important and yet hated by hackers.  Jason will also pull out some nuggets of history about The Works BBS, which was at one point the largest textfiles-only BBS in his bedroom.  Specifically, the truth will finally be revealed about the once-dreaded "L00ZER-B-G0NE" button.
• A quarter million visitors and going strong, textfiles.com has expanded into not only a historical collection but a group of essays about all manner of cultural aspects about BBSes, and where they've brought people today.  There is also a new companion site, scene.textfiles.com, run by one "mogel," which covers the newest of the new of the textfiles "scene", which is still as active as ever.
8. jeru - Advanced Evasion of IDS Buffer Overflow Detection  (3.5M MP3)
• Video  (12.3M RealMedia)
• This is a technical talk which assumes the audience understands x86 or SPARC assembly, and buffer overflow methodologies.  It presents various stealth coding techniques that can be applied to preventing detection by most current generation IDSs.  The talk also includes a live demonstration of exploits written to evade IDS detection, source code of the examples included.  A paper documenting the techniques, and sample code will be available from New Hack City after the presentation.
• jeru is a member of New Hack City, a hacker collective based in San Francisco.  He has worked in digital design, and embedded programming.  He currently spends his time as part of an IDS development team, providing application level security assessment, and pickin' his fro.
9. Gregory B. White - The USAFA Cadet Hacking Case: What Both Sides Should Learn About Computer Forensics  (13.2M MP3)
• Video  (7.8M RealMedia)
• Basically, I'll discuss the case that went to trial in the spring of '99.  I was the Deputy Head of the Computer Science Department at the USAF Academy at the time and was asked by the cadet accused of "hacking" to help with his defense.  I testified at the trial as an expert witness for the defense.  I sat at the defense table throughout the trial serving as their "computer expert."  Basically the trial was a comedy of errors by the prosecution - law enforcement, and the cadet's attorneys alike.  The cadet was involved in IRC, but the law enforcement types and prosecution became convinced that he was the "hacker" (afterall, everybody KNOWS that IRC is nothing more than a place for hackers to trade information on how to break into computers - the actual sentiment expressed by the investigators).  I had up to that point spent the majority of my time in the Air Force trying to protect systems and to catch those who broke into AF systems.  This case really shook me as I saw the LE types latch onto the smallest of indicators and blow them into a full blown felony case (the cadet faced 15 years in Leavenworth had he been convicted of all counts).  What I will cover in the talk is:
• 1.)  Background of the case.  2.)  The "evidence" the prosecution thought they had.  3.)  The many possible areas where clues might have been found had either side known where to look (or asked anybody who knew anything about it).  4.)  What lessons can be learned from this case.  Those from the government and industry need to know where to look if they want to catch folks (and if they want to make sure they don't make fools of themselves) and those who might find themselves accused someday need to know how to help their attorneys find clues that could exonerate them.
• Gregory B. White, Ph.D. - Vice President, Professional Services.  Gregory White joined SecureLogix in March 1999 as the Chief Technology Officer. Before joining SecureLogix, he was the Deputy Head of the Computer Science Department and an Associate Professor of Computer Science at the United States Air Force Academy in Colorado Springs, Colorado.  While at the Academy, Dr. White was instrumental in the development of two courses on computer security and information warfare and in ensuring that security was taught throughout the computer science curriculum.  During his two tours at the Academy, he authored a number of papers on security and information warfare and is a co-author for two textbooks on computer security.
• Between his Air Force Academy assignments, Dr. White spent three years at Texas A&M University working on his Ph.D. in Computer Science.  His dissertation topic was in the area of host- and network-based intrusion detection.  Prior to his Academy assignments, Dr. White was a student at the Air Force's Advanced Communications-Computer Systems Staff Officer Course in Biloxi, Mississippi.  He was awarded both the AFCEA and Webb awards for student leadership and academic excellence and was a Distinguished Graduate of the course.  Before attending the course in Biloxi, Dr. White served as the Branch Chief of the Network Security Branch at the Cryptologic Support Center in San Antonio, Texas.  His first assignment in the Air Force was as a systems analyst at the Strategic Air Command Headquarters in Omaha, Nebraska.  Dr. White obtained his Ph.D. in Computer Science from Texas A&M University in 1995.  He received his Masters in Computer Engineering from the Air Force Institute of Technology in 1986 and his Bachelors in Computer Science from Brigham Young University in 1980.  He separated from the Air Force in 1999 and is currently serving in the Air Force Reserves at the Defense Information Systems Agency.
10. Tim Lawless - Saint Jude: Modeling, Detecting and Responding to Unauthorized Root Transitions  (10.5M MP3)
• Video  (34.3M RealMedia)
• The recent surge of interest in security has been a boon for those developing IDS systems.  Unfortunately, the IDS advancements have been disproportional in the realm of Network IDS - with host-based IDS lagging behind, only able to detect breaches after the incident.  This state of affairs offers administrators, faced with the looming threat of intruders gaining access to their systems via legitimate channels, little protection beyond hardening and continually patching their systems.  An intruder need only find one hole, the administrator - all of them.  During this session, the Saint Jude project will be presented.  Named after the patron saint of hopeless cases, the Saint Jude project is an IDS project that hopes to deliver a model and implementation able to stop a root compromise dead in its tracks, irregardless of the exploits method.
• Tim Lawless is a Systems Administer with the University of Souther Mississippi on the Stennis Space Center Campus.  After having spent many a night sleeping in the machine room after a security breach, he became REALLY interested in the topics of computer security and information warfare.  He is also a member of the ACPO (formerly ACPM), working to remove child pornography from the Internet.
11. Thomas Munn - Need for Home-Based Firewalls  (11.0M MP3)
• Video  (3.1M RealMedia)
• Email
12. Ron Moritz - Proactive Defense Against Malicious Code  (10.7M MP3)
• Video  (35.1M RealMedia)
• Anti-virus software is an important part of a well-devised security policy, but reactive virus detection is not versatile enough for the demands that will be made on businesses engaged in e-commerce.  The year 1999 began with the birth of the Happy 99 virus - a harbinger of things to come.  Happy 99, plus Melissa, PrettyPark and the Explore.zip worm are all examples of third generation of malicious replicating code, designed to exploit the Internet for their rapid proliferation.  A variant of Explore.zip, called MiniZip, managed to hide itself from antiviral utilities and spread at an amazing rate around the Internet at the end of 1999.  Such programs, which launch new malicious code attacks, create "first strikes" against systems and networks.  Allowing untrusted code to execute on the corporate network may not be suitable for your organization.  But corporate security policies that block network executables adversely affect the evolution of the Internet, extranet, and intranet.  While no security implementation is absolute, functionality is not achieved by disconnecting users from the network and preventing access to programs.  Therefore, proactive defense against first-strike attacks is required today.
• Almost all web sites today contain mobile code.  Many of the powerful business (e-commerce) applications you need and use are written with mobile code.  Consequently, net-enabled malicious software is likely to increase in prevalence and successful utilization.  The factors accounting for such a prediction are the ease by which users are duped into double-clicking on malicious Email attachments and, the ease by which the sources of those Emails are automatically spoofed to seem to come from a boss or from an Email or instant message friend.  Traditional pattern matching approaches are incomplete, out-of-date, and ineffective and were never designed in preventing a series of new generation attacks based on malicious mobile code and Trojan executables.
• Ron Moritz is the Senior Vice President and Chief Technical Officer at Symantec Corporation where he serves as primary technology visionary.  As a key member of the senior management team interfacing between sales, marketing, product management, and product development, Ron helps establish and maintain the company's technological standards and preserve the company's leadership role as a developer of advanced Internet security solutions.  Ron was instrumental in the organization of Finjan's Java Security Alliance and established and chairs Finjan's Technical Advisory Board.  He is currently chairing the Common Content Inspection API industry standards initiative.  Ron is one of a select group of Certified Information Systems Security Professionals.  He earned his M.S.E., M.B.A., and B.A. from Case Western Reserve University in Cleveland, Ohio.
13. Robert Graham - Evading Network-based Intrusion Detection Systems  (11.3M MP3)
• Video  (37.0M RealMedia)
• You've just spent $10,000 on network IDS from a trustworthy company (obviously trustworthy because the vendor spends beaucoup $$$ on marketing).  You are satisfied with the purchase because you're catching all these script-kiddies who think they are putting one over on you with their "stealth" scans.  But then something bad happens: your servers get hacked through your firewall, and that expensive IDS never utters a peep.  How did this happen?  The root of the problem is that most commercial IDSs are little more than anti-script-kiddy tools and cannot detect ueberhackers.  This talk will show how to evade these IDSs using popular tools like whisker and fragrouter.  It will also reveal for the first time additional secret techniques used by ueberhackers.
• Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker.  His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.  He is the author of several pending patents in the IDS field.  He is the author of well-regarded security-related documents (www.robertgraham.com/pubs) and is a frequent speaker at conferences.  IRL, he is the co-founder, CTO, and chief-architect at Network ICE.
14. Xs - LDAP  (8.6M MP3)
• Video  (28.2M RealMedia)
• Email
15. D-Krypt - Web Application Security - Part 1  (2.5M MP3)
• Part 2  (4.6M MP3)
• Part 3  (511k MP3)
• Video  (25.6M RealMedia)
16. Jon Erikson - Number Theory, Complexity Theory, Cryptography and Quantum Computing  (10.3M MP3)
• Mr. Erikson will talk about number theory, complexity theory, cryptography, and quantum computing.  The basics of number theory pertinent to cryptography will be covered, including modular math, the Euclidian GCD algorithm and Euler's totient function and theorem.  Complexity theory and tractability will be explained to give a feeling for what a 'hard' problem is (NP vs P) and algorithmic runtime and Big-O notation with respect of input size will be explained to show why factoring the product of two large prime numbers isn't trivial.  Then the RSA encryption/decryption algorithms will be derived from scratch, using modular math, GCD, and Euler's totient function.  A few factoring methods will be described, to emphasize the complexity involved in factoring the product of two large prime numbers.  Then the basics of quantum computation will be explained; superposition, EPR state, decoherence, controlled NOT gates, and entanglement.  The actual quantum mechanics will be skipped to focus on the algorithms.  Peter Shor's quantum factoring algorithm will be explained and demonstrated, breaking RSA in two steps.  Lov Grover's quantum search algorithm will be explained and it's ability to brute force anything in sqrt(N) steps will hopefully be apparent.  Since most conventional encryption will be shown to be insecure, a few quantum encryption techniques will be covered.  Q&A afterwards, time permitting.
• Jon Erikson was the product of a 6th grade science fair experiment in human genetics by little Snirk Cojeno on planet Vega 7 (His parents helped a little bit).  After the fair was over, Jon was sold as slave labor by the elementary school to the Orb Night intergalactic casting and modeling agency.  Due to his dashing good looks and human neck, Jon quickly found himself the poster boy for Zarlak's explosive human restraint collars; his likeness plastered all over space billboards and magazines.  The fame went to his head, and Jon soon attempted to join the unions, despite the strict regulations against human slaves working like the frees do.  He was sentenced to 160 years on the Prison Planet Earth.  As if exile to Earth wasn't bad enough, moments after landing, he was quickly carted away to Area 51 by the U.S. Government, only to be traded to a Japanese research group in exchange for some rare Pokemon cards by an agent named Jose Ronnick.  In Japan, the brilliant Dr. Kenji Cronos and a lab tech named Michelle began an experimental open-brain surgery procedure on Jon, hoping to teach him about human emotion.  Something went horribly wrong, and when the anasthetic wore off, Jon woke up in an empty operating room, with a giant hole his skull.  All the colors began to taste like blue again, and he panicked, plugging the hole with paper mache and running into the streets to forage for himself.  With 142 years left in his prison sentence, Jon began his own scientific research in the realms of cryptography, parallel algorithms and processing, artificial intelligence, and complexity theory, and has lived as a student, teacher, actor, director, writer, DJ, programmer, researcher, and entrepeneur.  And he's sorry that she has to miss out on so many grand adventures...
17. V1ru5 - More Lock Picking - Part 1  (621k MP3)
• Part 2  (6.2M MP3)
• Part 3  (819k MP3)
• Part 4  (5.6M MP3)
• Video  (42.4M RealMedia)
• Virus talk:  This will be an introduction to computer viruses.  Covering boot sector, file infector, multi-part, polymorphic, macro, Trojan, and script viruses.  We will talk about how they infect, types of damage, and repairing.
• Lock picking talk:  This talk will cover different kinds of locks, and handcuffs.  And how there opened!
• Robert Lupo (aka V1ru5) has several certifications in the security field, including CCSA, CCSE.  He currently works as a Network Security Administrator.  He is known for his lock picking, virus, and social engineering skills.  MCSE, CCSA, CCSE and SeaGate NerveCenter Certified.
18. Bruce Schneier - Panel Session - Panel 1  (211k MP3)
• Panel 2  (12.8M MP3)
• Video  (43.8M RealMedia)
19. Ian Vitek - Configuring Linux 2.0.* for IP Spoofing and Source Routing  (6.1M MP3)
• Video  (20.0M RealMedia)
• The speech will discuss hacking firewalls and filtering routers by spoofing IP and MAC-addresses.  Two different spoofing techniques will be presented.  Ian will first talk about what to eavesdrop (with siphon, dsniff, and tcpdump) and what kind of information one will need for these examples to work.  Secondly Ian will show how to setup a working source route (full connection) with netcat through a filtering router.  Then Ian will show how to setup the network on a Linux to be able to IP-spoof (with full connection) through a firewall if you sit on a untrusted network, U, between a trusted network, A, and the server, S.  Both examples will be explained step by step.
• Ian Vitek works as a full time penetration tester at Infosec, Sweden (The page is in swedish).  He is right now researching within Media Access level security and LDAP security (which is a big unexplored hole).  He also thinks that modems are underestimated hacker tools.
• PowerPoint Slides
20. Mr. Nasty - Using Tools to Obtain Recon on NT Networks  (7.0M MP3)
• Video  (23.2M RealMedia)
• I have worked in the field of computer security for the past seven years.  I test systems throughout the U.S. for various vulnerabilities and report to management how these vulnerabilities can be lessened.  No one listens!
• Email
21. Cult of the Dead Cow - Panel  (12.7M MP3)
22. Bennett Haselton - A Protocol that Uses Steganography to Circumvent Network Level Censorship  (14.3M MP3)
• Video  (47.0M RealMedia)
• Many trivial techniques are already available for circumventing firewalls and proxy servers that monitor or censor network traffic -- for example, if your firewall blocks CNN, someone could setup an unblocked site outside the firewall where you can type "http://www.cnn.com/" into a form and retrieve the page contents.  The problem with these "protocols" is that they make it easy to get caught, if the censors know what to look for -- for example, a GET or POST form field containing "http://" is trivially easy to detect.  Even an encrypted protocol would still be easy for censors to detect, without breaking the encryption -- just the fact that you're *using* a tool for circumventing the censors would often be enough to get you in trouble.
• What we have designed is a protocol that uses steganography to circumvent network-level censorship, so that the protocol is undetectable to censors.  We explain why some naive solutions to the problem -- such as hiding information in a long, dynamically-generated URL which is sent to an outside "friendly" site, or hiding information in cookies -- are not steganographically secure.  Our protocol hides information in "innocent-looking" text queries that pass through the censoring proxy undetected.  The page contents are encrypted and embedded in more "innocent-looking" content that is sent back to the browser.
• This sounds simple, but the mathematics of using steganography to make a protocol *undetectable* turn out to be infuriatingly complicated.  Much of the talk will be devoted to attacks against the system that we didn't consider the first time around, and why more naive solutions may fall to these attacks.
• Bennett Haselton has been the coordinator of Peacefire.org since its inception in 1996.  Peacefire opposes censorship that targets Internet users under 18, and maintains that profanity and smut on the Internet are not, in fact, "dangerous" to anybody, as most lawmakers and blocking software companies have made them out to be.  Peacefire publishes research into different Internet censorship programs and technologies, their shortcomings, possible misrepresentations by the companies selling them, and (most popular) how to get around them.
23. Legal Panel - Panel Discussion  (13.9M MP3)
• Video  (45.2M RealMedia)
24. David J. DiCenso - The Citizen Hacker: Patriot or War Criminal?  (9.4M MP3)
• Video  (30.4M RealMedia)
• When might international computer hacking become an act of war?  Some within the hacker community have felt that international hacking wasn't being done right by the DoD - it could be done much more effectively and efficiently if left to the experts - civilian hackers.  This position is interesting, but is it appropriate?  What ARE the international implications of electronic network information operations which target foreign actors or states?  How far can an operator go before his acts become an "act of war?"  What type of retaliation by a target country is permitted under international law and custom?  What are the rules?  Whose rules apply?  In a world where hacker groups are so bold as to declare war upon a nuclear-capable major world power, and countries take military action against non-state actors geographically located in a non-hostile state, these thorny issues attain paramount importance.  This presentation explores these issues in an effort to help shed light upon this "dark secret" of international relations.
• David J. DiCenso, JD - Director, Training Services at SecureLogix Corporation.  Before coming to SecureLogix, Mr. DiCenso was an Associate Professor of Law at the United States Air Force Academy in Colorado Springs, Colorado.  While at the Air Force Academy, Mr. DiCenso taught CyberLaw, Computer Law and Policy, as well as traditional general law topics.  He was also an occasional guest speaker in the Acadmey's Information Warfare course.  Mr. DiCenso's article on information warfare has been published in the Airpower Journal, and he has submitted an article on Information Operations for publication in another profesional journal this fall.  Mr. DiCenso became an attorney in 1988, and served as a JAG in the USAF for over a decade.  He joined SecureLogix Corporation in the Summer of 1999.
25. Greg Hoglund - Advanced Buffer Overflow Techniques  (13.0M MP3)
• Video  (42.9M RealMedia)
• This is a technical talk aimed at people who have already been exposed to buffer overflows and want to learn more.  The talk assumes the audience has at least some knowledge of CPU's and processes.  For those of you who already understand buffer overflows, this talk will be a refreshing discourse on technique.  We will show how the injection method can be decoupled from the payload.  We then explore the details and challenges of injecting code into a remote process.  We will also explore the payload, the encoding methods, and how to dynamically load new functions.  Lastly, we discuss the possible effects of a payload, including network worms, virus, and rootkits.
• Rootkit.com
26. Mike Scher - What is DNS Alternate Roots?  Why Does Internet Suck?  (7.7M MP3)
• Video  (25.5M RealMedia)
• Recently, the overlaping space among DNS, the design of browsers and search engines, international, national, and local trademark interests and law, have come to a head.  A sprawling organization dubbed ICANN has taken over what used to be a task that sat squarely on one man's shoulders.  The tensions are largely the result of ignorant (and purposeful) confusions of the purposes and functions of the various Internet name and resource locating systems.  In this talk, we will discuss what a DNS root fundamentally IS, and the factors that keep a unified name service root in place despite many pressures to decentralize DNS root services.  We'll then look at the ways in which decentralized or alternate roots could be (and have been) implemented, and their implications for trademark and software politics and design.
• Mike Scher is an attorney and network security consultant working on both the policy and technology fronts.  He has designed private DNS roots and TLD systems for international Fortune 500 companies, and worked with public alternative DNS root projects.  Most recently, Mr. Scher has become infrastructure technology and policy manager for a fast-growing startup company in Chicago.
27. Ian Goldberg - Using the Internet Pseudonymously III: It's Alive!  (12.2M MP3)
• Video  (40.1M RealMedia)
• The Freedom Network from Zero-Knowledge Systems allows users to maintain their privacy while on the Internet (WWW, email, IRC, etc.) by giving them cryptographically-protected pseudonyms ("nyms").  Not even Zero-Knowledge knows the identities behind the nyms (hence the name).
• Freedom has been up, running, and available for download since December.  In this session, I will talk about the privacy-enhancing technology behind Freedom, what we've learned in deploying it to the world, and how various other groups have reacted.
• Ian Goldberg is Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, a Canadian company producing Internet privacy software for consumers.  He is simultaneously completing his Ph.D. from UC Berkeley in the field of Computer Security and Privacy.  Ian has in the past been known to find security holes in Netscape's SSL implementation, to break cryptographic algorithms used in GSM cell phones, and to throw a lot of parties.
28. ghandi - Dot-Com Smashing: Buffer Overflows on the SPARC  (10.8M MP3)
• Video  (35.4M RealMedia)
• The talk/demonstration is intended for audiences familiar with assembly language and/or stack-based buffer overflows on other architectures (most probably Intel).  The topics aren't really anything new, I would just like to present them with the focus on a different processor/paradigm than Intel to better define the concepts in use.  I will be covering SPARC assembly language on a fairly low level.
• Introduction to SPARC assembly, RISC, LOAD/STORE architecture; Register windows; Allocating space on the stack, SPARC subroutine calling conventions; How the code we're attacking will look; Leaf procedure optimization; How to write optimized assembly; Unix system calls from assembly language, overview of traps; Hand assembling instructions, conversion to hex, testing hex-encoded instructions in C __asm__ blocks
• Using GDB (GNU Debugger) and ADB (Absolute Debugger), disassembling compiled code, assembling instructions to hexadecimal (faster than by hand), patching executables, examining the stack of a running process, altering the stack/return address.
• Hand-crafting shellcode, basics, basic shellcode, intermediate shellcode, advanced shellcode; Delivering the payload; Bonus topics (time permitting).
• ghandi is a a Computer Science student beginning work on distributed, interactive environments (ala FreeNet or Stephenson's Metaverse) for an departmental honors project.  I also work as a System Administrator at a web startup managing Sun clusters, FreeBSD servers, and Linux workstations.
• Notes
• PowerPoint Slides
29. DDT - What PGP and Crypto is and How to Use (and not use) It  (13.0M MP3)
• Video  (42.5M RealMedia)
30. John Q. Newman - Fake I.D. by Mail and Modem - Part 1  (4.7M MP3)
• Part 2  (11.1M MP3)
• Video  (46.5M RealMedia)
• I will cover topics such as the legal rules regarding fake ID, when and where it can be safely used, how to determine if an Internet seller of fake ID is a scammer or legit, and finally the federal governments new interest in fake ID.  The ID shop, the place I recommended last year, was raided by the Secret Service 3 months ago, and I will also talk about this case.  If you remember, the owner was at last years convention making and selling ID.
• My second talk will be called "10 steps you can take to protect your privacy."  This will be the dry run for a presentation I will take on the lecture circuit when my big new book from Random House comes out on privacy.  This talk will give straightforward steps everyone can take to drop out and stay out of Big Brother's databases.
31. Mythrandir - Penetrating B1 Trusted Operating Systems - Part 1  (5.6M MP3)
• Part 2  (4.6M MP3)
• Part 3  (3.6M MP3)
• If you have attended the Newbie B1 talk, or have previous experience with B1 systems then you will find this talk enlightening.  Typically, B1 systems can only be penetrated due to misconfigurations.  We will take a whirlwind tour of all of the areas to check for security misconfigurations and develop a methodology for attacking B1 Trusted Operating Systems.  You are going to find B1 Trusted Operating Systems in increasing use, and you owe it to yourself to understand how to penetrate these systems and how to lock them down.
• Mythrandir, Software Evangelist and Visionary, Argus Systems Group, Inc.
• PowerPoint Slides
32. Sinster - Radio Energy Weapons  (17.4M MP3)
• Email
• Webpage
33. Ender - Demonstration and Presentation of the Autonomous Nodes  (6.7M MP3)
• Video  (22.0M RealMedia)
• I am working in conjunction with them on this project and plan on a lengthy on site demonstration of the nodes' functions and AI.  It's purpose mainly to demostrate that the theory of these nodes is highly functional in both network research, for exploitation and protection.  To give you a quick surmise.  A small LAN will be setup.  NodeH (node hacker) will be inserted and printed documents of the timing and actions that NodeH will take, will be passed out to the crowd.  The node will perform actions and an oversight of its AI will be presented to the crowd describing the reasons and purposes behind its decisions.  Automated exploitation with an attack tree backbone (Bruce Schneier's idea from Dr. Dobb's Journal) are some of the main features.  I have currently a 13 page overview which I am working on with Caezar.  I have already begun development, the first run being MS compatible, with a Linux port possibly before Defcon.
• Ender is an embedded system software coder and tester for 4+ years.  He has coded in solutions engineering group for customers world wide, he specializes in C and x86 assembly.  Interests include prime number theory, cryptonalysis, DSPs, music, and ruling the world.  Motto: Be good, be bad, just be good at it.
34. Evil Wrangler - Building a Backdoor Binary  (8.2M MP3)
• Video  (27.0M RealMedia)
• Featuring SSH 2.0.13.
35. Jim McCoy - Majo Nation: Building a Next Generation Distributed Data Service  (14.8M MP3)
• Video  (49.5M RealMedia)
• Jim McCoy is a long-time cypherpunk and who decided long ago that cypherpunks may talk about writing code but it takes Evil Geniuses to really get the job done.  After helping Steve Jackson build Illuminati Online using the money from the Secret Service raid he was convinced that the best way to bootstrap a start-up was to antagonize the government, since then he has learned that there are easier ways...
36. Aaron Grothe - Tunneling and Firewalls  (4.8M MP3)
• Video  (16.0M RealMedia)
• A firewall is the first line of defense for almost every LAN connected to the Internet.  Using a firewall many System Administrators restrict privileges to services they do not want to allow access to such as Telnet and FTP.  Using tunneling software, people can re-enable those services by establishing virtual data paths through allowed protocols such as HTTP.  The talk will provide an overview of how tunneling may be used, how to combat it, and when to use it.  There will be a demonstration of how tunneling works using the httptunnel software.
• Aaron Grothe is a System Administrator for a small startup based in Omaha, Nebraska.
37. Chris Goggans - Lotus Domino Vulnerabilities  (13.8M MP3)
• Video  (45.4M RealMedia)
• This session will cover security vulnerabilties and common misconfigurations in Lotus Notes and Domino servers.  The presentation will contain exploit demonstrations and discuss work-arounds for the problems.  This session will also announce the results of research into new vulnerabilties.
• With Kevin McPeake, Wouter Aukema, and Patrick Guenther, all from Trust Factory.
38. Freaky - Macintosh Security  (12.5M MP3)
• Video  (40.9M RealMedia)
• Freaky will be presenting his second speech this year.  Last year he covered the basics of Macintosh security and answered questions.  This year he will be going over security/hacking of the MacOS and details of OSX and the security it offers.  Macintosh security is a topic not well known, so he is willing to take questions early to cover in the topic.
39. Mr. Mojo - Windows 2000 Security  (13.4M MP3)
• Homepage
40. Adam Bresson - PalmOS Security and Data Protection  (12.1M MP3)
• Video  (39.5M RealMedia)
• My talk will focus on protection of info and device via encryption/decryption, PalmOS/hardware architecture, and the structure of a Palm application.  Techniques for implementing security for information, accessing Palm system modes and understanding code will be covered.
• My Background: I'm a three year veteran of the Palm scene affiliated with PDAZone, PalmWarez, and PalmOlive.  I am dedicated to understanding the system and operational functions of the world's first usable PDA.  I believe a Palm can do a whole lot more than just store numbers and appointments.  My discussion will share my deep knowledge of this device.
41. Pyr0 - FAQ the Kiddies  (10.1M MP3)
• Video  (33.2M RealMedia)
• Every year the attendance at Defcon grows.  It was apparent this last year that many of the kiddies (W@r3z d00d5, script kiddies, and lamers) had come with the intention of learning something.  Problem is, upon arrival these groups think that the only way they will be able to benefit from Defcon is if they "PROVE THEMSELF" to everybody they come across.  By the end of Day 1 they have successfully burned any bridge they had the chance of building.  This speech will give newbies some of the info needed to get on "the right track."  Some of the highlights are:
• Dangers of being a script kiddie; Learning vs. Compiling; What your local library has to offer "Follow the rainbow booked road"; "Hacking without going to jail"; "Shutting your mouth and opening your ears"; There will be many URL's and book titles given so please bring a pen and paper.
• Homepage
42. Phillip J. Loranger - Army Biometrics  (12.4M MP3)
• Video  (40.3M RealMedia)
• GS-14, Director of Army Biometrics
43. Phil King - 8-bit Redux: Microcontroller Hacking  (9.2M MP3)
• Video  (30.1M RealMedia)
• In days gone by, microprocessors dealt in units of 8-bits at a time, and names such as Commodore, Atari, and Apple (as in "Apple ][") ruled the land.  Intrepid hackers of amazing skill and talent worked their magic with limited resources, producing code that was a thing of beauty.  The days of the widespread 8-bit desktop computer are past, but the 8-bit processor itself is not gone.  It has gotten faster, added some peripherals and picked up some of the architectural features of it's larger later siblings, largely lost it's external memory, and gone into hiding as the ubiquitous microcontroller at the heart of embedded systems too numerous to count.  Microcontrollers offer an excellent opportunity to recapture that spirit of the late 70's when 1K of code was a lot, while working with modern day technology.  In this one hour talk, Phil King will describe how to setup a microcontroller development environment on a hacker budget and use it to learn and develop nifty 8-bit embedded system toys.  The talk will be framed by descriptions of building an embedded keyboard sniffer with an Atmel AVR family microcontroller.
• Phil King is a hardware design engineer with 8 years of experience in various Silicon Valley hardware and software jobs.  He received his BSEE from Stanford University in 1992, and an MSEE with an emphasis in computer networking (also from Stanford) in 1998.  He is currently preparing to teach EE-281, the Embedded System Design class, at Stanford University this fall.
44. Thomas Munn - How to Make a Linux Firewall with IP Chains  (12.5M MP3)
• Email
45. Simple Nomad - A How-To Regarding Network Mapping  (9.7M MP3)
• Video  (31.8M RealMedia)
• A how-to regarding network mapping that covers some interesting techniques not commonly used.
46. John S. Flowers - Network IDS - Do Not Bend, Fold, Spindle or Mutilate  (13.9M MP3)
• Video  (45.5M RealMedia)
• All modern Network Intrusion Detection Systems (NIDS) are succeptable to not only Ptacek and Newsham style attacks, but a variety of other problems that have not yet been addressed.  This talk is meant to shed some light on why many NIDS today are referred to as "Network False-positive Recorders" and why current IDS technology cannot handle monitoring high-speed network traffic.  This discussion is meant to be a direct and straightforward analysis of why the current generation of NIDS will ultimately fail and how we can start taking proactive, not reactive steps in creating the future of intrusion detection technology.  This discussion will also include examples of bypassing current intrusion detection systems and how the creation of a high speed, hybrid IDS will address many of the problems outlined in this talk.
• Mr. Flowers is the founder of Hiverworld and leads the Core R&D team in creating the Ansible, Swarm and upcoming IDS product.  Prior to Hiverworld, Mr. Flowers was the chief architect of Inquisit's individualized news filtering service.  He has also held positions as the Chief Security and Internet Architect at Utilicorp, Chief Architect of Neurosoft (later became Moviefone); and architect of the interactive voice response system that was the prototype of Wildfire.  In the early 1990's he worked as an engineer for Microsoft.  John was also on the first team to ever win Capture the Flag at Defcon.
47. V1ru5 - Updated Computer Virus Class  (13.5M MP3)
• Video  (45.5M RealMedia)
• Virus talk:  This will be an introduction to computer viruses.  Covering boot sector, file infector, multi-part, polymorphic, macro, Trojan, and script viruses.  We will talk about how they infect, types of damage, and repairing.
• Lock picking talk:  This talk will cover different kinds of locks, and handcuffs.  And how there opened!
• Robert Lupo (aka V1ru5) has several certifications in the security field, including CCSA, CCSE.  He currently works as a Network Security Administrator.  He is known for his lock picking, virus, and social engineering skills.  MCSE, CCSA, CCSE and SeaGate NerveCenter Certified.
48. Richard Thieme - Social Engineering at Defcon: Games Hackers Play - Part 1  (8.0M MP3)
• Part 2  (537k MP3)
• Video  (25.7M RealMedia)
• Defcon has changed dramatically from Defcon 1 - when sixty real hackers met in face-time for the first time to Defcon 8 when thousands crowd into a hotel for a hacking "event scene."  Richard Thieme has been called a "shrewd observer of hacker attitudes and behaviors" and sometimes he is.  You be the judge.  In this talk he reviews *very subjectively* the way truth is invented, perception managed, and media manipulated in the many rings of Defcon.  It's all here - the familiar icons of good and evil, enemies of the people, Feds in disguise, happy and unhappy hackers, and his take on the truths, half-truths and outright lies that we exchange as currency in this looking-glass world.
• Thieme's predictions at Defcon 4 in "Hacking as Practice for TransPlanetary Life in the 21st Century" have all come to pass.  But what's next?  Hear how to position yourself for the Next Big Thing, depending on your hacking generation and the degree of real larceny in your heart.
• Richard Thieme is a writer and professional speaker focused on "life on the edge," in particular the human dimensions of technology and work. He is "a father figure for online culture," according to the (London) Sunday Telegraph and "one of the most creative minds of the digital generation" according to the editors of CTHEORY.  He has spoken for OmniTech; Strong Capital Management; System Planning Corporation (SPC); UOP; Alliant Energy; Firstar Bank; MAPICS; Influent Technology Group; Navy Federal Credit Union; Arthur Andersen; the Conference of State Legislatures; the Society for Technical Communication; Association for Information Management and Research; the FBI; the Black Hat Briefings, Defcons 4, 5, and 6; PumpCon, Xmas Con, RootFest and RubiCon.  He writes for Information Security, Village Voice, Forbes Digital, Wired, South Africa Computer Magazine, CTHEORY, and LAN Magazine.
49. Blanu - Freenet  (11.8M MP3)
• Video  (38.8M RealMedia)
• This is an original presentation unrelated to the paper being presented in Berkeley.  That paper was "Freenet 101 + Why We're Anonymous."  This presentation is "Freenet 101 + Various Attacks on Freenet + Spiffy Animations I Made with Crayons and Photoshop."
• Email
50. Daremoe - System Profiling: Target Analysis or How Crackers Find You  (8.3M MP3)
• Video  (27.3M RealMedia)
• This presentation will walk through profiling and target selection from an attack point of view.  I will demonstrate techniques, commands and tools used to remotely identify systems, services and possible vulnerabilities for exploit.  The presentation should teach newbie hackers how to identify potential targets while explaining to system administrators how their systems are targeted for attack.
• Email
51. Sarah Gordon - Virus Writers: The End of the Innocence  (8.3M MP3)
• Video  (26.9M RealMedia)
• Earlier research has empirically demonstrated the cyclic nature of virus writing activity: As virus writers age out, new virus writers take their places; enhanced connectivity amplifies the existing problem and various technical factors result in new types of virus writers surfacing and the cycles repeat.  However, a new variable has recently been introduced into the cycle: legal intervention.  The virus writing community now has experienced visits by concerned law enforcement; there have been arrests and sentencings.  New laws are being enacted, and acted upon.  Thus, the virus writing scene is no longer a casual game of kids on local BBS.  What has been the impact (perceptually and operationally) of these visits, arrests, and most importantly, the (yet to be imposed) sentencing of David Smith.  In other words, as the virus problem gets more and more attention, where are we actually going in terms of shaping acceptable behavior in our virtual communities and what, if any, impact are these legal interventions having on the impact of viruses impacting users?  In order to produce a scientifically meaningful answer to this question, this pre- and post-test study examines pre-sentencing opinions of the impact of the visits/arrests/sentencing and compares these findings with those from post-sentencing opinions.  Opinions are interesting and must be considered, as we know the opinions of today shape how people behave in the future.  However, we are also concerned with immediate impact.  To this end, impact will be examined in terms of viruses found both ItW and on the WWW, as a function of time with parameters being pre/post sentencing.  In particular, we are interested in any discontinuity noted in the graph of viruses both ItW and on the WWW, and in online references to legal concerns.
• The conclusions will obviously depend on the actual results, but there appear to be essentially one of two scenarios:
• 1.  The pre- and post-tests studies will demonstrate significant differences.  Thus, proponents of tough police follow-up of virus writers will have some hard evidence that this actually has a financial value, as well as a societal impact.
• 2.  The pre- and post-test studies will demonstrate no appreciable difference.  This means that we need to re-evaluate the worth of pursuing virus writers as a useful way of curbing the problem and evaluate the wisdom of spending large amounts of public funding to pursue this avenue of defense.
52. Kent Radek - Designing An Anonymous Network  (13.8M MP3)
• Video  (45.5M RealMedia)
• Mr. Radek began life as a satellite communications engineer, decided that sucked, and went to work on a computer science degree.  After a few years (better not discussed), he began life over as a software engineer with a defense contractor.  It took him five years to discover that also sucked, but in the meantime, he designed a pretty cool encryption system for military communications.  Recently, he began his third incarnation as a Linux developer, who, in his spare time, decided to combine the best features of Gnutella, Freenet, and Publius in order to make the world a better place for people who enjoy privacy and free speech.  His interests (which are none of your business) include photography, running, cycling, SETI, penguins, and (unfortunately) DVDs.  Sites to see: www.puzzlenet.net, www.radek.org, and www.grasshoppertakeover.com.
53. Natasha Grigori - Hacktivists to Activists - Make the Transition  (8.9M MP3)
• Video  (19.3M RealMedia)
• In 1999 the ACPM was formed with the goal of removing child pornography on the Internet via any means possible.  After an initial announcement on HNN, and recruitment at Defcon 7, we began the daunting task of shutting down child porn sites.  Initially successfully, we found that the sites we took down would come back up after a few days or weeks.  Not only would they return, but it became increasingly more difficult to take them down.  We were not effectively removing sites, just making them stronger.  A change in tactics was necessary, and so the transformation to ACPO began.  The transformation into a "legit" activist group from our beginnings in the H/P/A community did not occur without its own pains.  Some felt we were becoming "soft" on child pornography and left.  Others joined, not deterred by our history.  We have come to form strong bonds with law enforcement internationally, and have had success at identifying both those that traffic and receive child pornography.
• Recent articles in apbnews.com, cbsnews.com, and wired.com have focused on ethical "hacker" groups fighting child porn have featured ACPO and Condemned.org, who is currently in the process of "going legit".
• In my talk Natasha Grigori (and possibly Rloxy of condemned.org) will present the problems which convinced us that hacktivism was not the appropriate path, the transition process into an activist group, and the benefits the transition has has brought us.
54. Subterrain Security Group - The Impact of Passive Network Mapping in Distributed Environments  (9.7M MP3)
• This new approach to information gathering is the latest in stealth target aquisition technology.  This lecture will discuss dynamic routing protocol internals, network mapping methodology, vulnerability analysis techniques, and OS identification procedures.  Come prepared for an in-depth compare/contrast session between active and passive network information gathering heuristics.  We make informed target aquisition notoriously fun and difficult to detect.  The portable tool to do this will be released on Sunday afternoon.
• Subterrain Security Group releases solid, portable, and freely available open source tools for performing computer and network security related tasks.
55. Octil - CHaven  (7.6M MP3)
56. O'Donnell - Network Management  (10.2M MP3)
57. Rooster - Windows 2000 Security  (8.1M MP3)
58. Shaffner - Ask the Fed - Part 1  (11.3M MP3)
• Part 2  (437k MP3)
• Part 3  (13.3 MP3)
59. Spot the Fed
60. Wyatt - Radio Hacking
61. Lee Johnston - Demonstration of Software That Allows the Construction of an Enterprise Network Inside a Single Computer
• Based on RedHat Linux, users can accurately simulate an enterprise network populated with real servers and workstations on a SINGLE COMPUTER (the system literally runs several real networked operating systems simultaneously inside one computer).  It also runs multiple firewalls, gateways, routers, VPNs, or any other network device.  Security experts (or hackers) can create a virtual network, populate it with Windows systems and then attack them with the latest exploits.  In addition, all packet traffic can be (sniffed) sent to a file or displayed in real time.  This provides security experts with detailed information about the nuts and bolts exchanges between networked computers.  Thus, software-programming flaws can be identified and exploited.  In addition, the system is a outstanding platform to create and test the most twisted of viruses.  The kicker is you can build a virus, instantly infect a networked OS, and then rapidly see the results.  If it doesn't work correctly, within seconds you can restore the infected windows OS to a virgin state, modify the virus, and try it again.
• A California native, Lee Johnston is a Senior System Analysis with Computer & Network Associates (CNA).  He holds a bachelor's degree in Management Information Systems from the State University of New York.  He has over 12 years of experience in computer security.  Prior to his move to CNA, Lee was a System Administrator for the Air Force in Biloxi, Mississippi.  On behalf of the Air Force, he authored several articles and textbooks on military networks and security.  Currently, he leads the CNA's network security development team.
62. Dan Danknick - Fighting Robots
• If you saw the BattleBots pay-per-view show on R/C fighting robots, you heard Dan Danknick giving technical commentary during the fights.  He was hired to do this as a builder of six robots himself in the past five years, as well as having written for numerous magazines on this topic.  To further broaden his claws into this sport he designs and sells electronic radio interfaces to the international market as well as the SFX industry in Hollywood.
• Dan will bring a few working robots and explain their designs and how that fits into the various fighting styles developing within the sport.  Time and interest permitting he would also like to discuss the developing security implications for popularized R/C robots and how they are shadowing the military construction of pocket-sized war machines.  Lastly a giant box of parts and raw materials will be available for the audience to inspect and examine following the session.

Defcon 9

  July 12-15, 2001 at the Alexis Park Hotel & Resort

• Defcon 9 Pictures  From Jason Scott.
• Defcon 9 Pictures  From goapixie.
• Defcon 9 Pictures  From Gothchick.
• Defcon 9 Pictures  From Teklord.
• Defcon 9 Pictures  From Echo23.
• Defcon 9 Pictures  From Threatlab.
• Defcon 9 Pictures  From DC2600.
• Defcon 9 Pictures  From Czarina.
• 'Bed Jumping Mafia' Defcon 9 Picture Collection  (5.7M ZIP)
• Defcon 9 Program - Page 1  (Page 2, Page 3, Page 4, Page 5, Page 6, Page 7, Page 8)
• Defcon 9 Audio & Video  Textfiles.com Mirror

1. Biing Jong Lin, Chieh Chun Lin, & Jan Che Su - Survey of Country-Wide Web Server Security  (9.7M MP3)
• This presentation describes how we did the country-wide web server security evaluation in 1999 and 2001.  It covers methodology and results.  Also, we compared the difference between these 2 surveys, make some conclusion on current status and advisories to the government.  Vulnerable web servers by type and percentages as well as trends are covered.
• Biing Jong Lin established TW-CERT (Country CERT in Taiwan) and worked there from 1997 to 2000.  Now he works in the Science and Technology Infomation Center in National Science Council.  Biing John Lin is also a consultant of nCERT, a government sponsored CERT after the cyberwar between China and USA in May, 2001 began.
• Co-author is Chieh Chun Lin and Chan Che Su.  They work at Internet Security Solutions, Intl. in Taiwan.  They are senior security experts and consultants, specialized in security assessment and penetration.
2. Freaky - OS/X and Macintosh Security  (10.8M MP3)
• Macintosh Security has gone unnoticed by the public for many years, only recently it has become a topic due to the release of Apple's Mac OS X.  With BSD functionality there is a whole new realm of security issues to be discussed.  This years discussion will include the following, if there are other topics you would like discussed please email rnicholas@usa.net with the topics.
• Secure Installation of Mac OS X; Configuring the firewall functionality; SSH on Mac OS X; Mac OS X Virus/Protection; Mac OS X Security Bugs/Fixes; sudo security risk 101; Obtaining Root; Denial of Service attacks; Mac OS X Hacks & Cracks
• You will also learn about the latest Macintosh security / hacking tools and see demonstrations of new apps.  Plus Q&A at the end, and a guest speaker from the Macintosh Underground group Team2600 have a special announcement!
3. Jason Peel - Cypherpunk Grade Covert Network Channels  (11.1M MP3)
• Two parties, both operating in hostile network territory, need to communicate covertly via an internetwork.  They need to do so in a manner such that a well-resourced attacker cannot gain knowledge of the content of their transactions, nor even gain evidence beyond plausible deniability that discrete communication is taking place.  The assumptions made are extreme; it is understood that lives may be at stake.  Is the creation of such a clandestine network mechanism technically feasible?  Absolutely.  Should you be concerned about the implications of undetectable traffic?  Most definitely.  An initial R+D implementation in library form as well as proof-of-concept code built upon it will be presented.  By taking advantage of peculiarities in many fielded protocols, steganographic techniques applied to the network layers, and using dynamic polymorphism based on local traffic patterns and cryptographic control, the channel is effectively able to resist detection and attack.  Discussion concerning the theory, implementation, and political ramifications is welcomed.
• Jason Peel is a Senior Network Architect with Network Thought Co.  Recent research+development efforts have covered wireless infrastructure auditing (including marsupial-in-the-middle attacks), PKI, anti-promisc-detection, managed enterprise lockdowns, and IPv6 vulnerabilities.
4. Bruce Schneier - Bruce Schneier Answers Questions  (13.2M MP3)
5. Sharad - Security & Privacy - An Introduction to Some Interesting Concepts  (12.4M MP3)
• The typical netizen is blissfully unaware of the dangers that lurk each time he or she gets connected.  Others consider security to be a "black art," too complex to understand - and therefore studiously avoid anything to do with it.  This session serves as an introduction to the dangers that abound in today's networked existence.  Besides presenting an overview of various attacks, the talk tries to demystify them by explaining the "how it works" of the attacks.  We move from basic to more sophisticated attacks, cover a "proof of concept" case study and consider the counter measures possible.  The session aims to serve as a starting point for all those interested in safe guarding their online existence, for those responsible for their organiztion's security issues and for just about anyone who is interested in security.
• Sharad Popli is the CTO and founding director of QuantumLink Communications Pvt. Ltd. (QLC), a five year old software company (based in Bombay, India), with a focus on Internet technologies and a specialization in Java.  Sharad, an old timer on the Net (more than 10 years now) is the chief architect behind PostMaster, a popular mailserver with more than 1,500 installations across the world.  A strong advocate of open source, he has been an early adopter of various open source technologies and software (including Linux since its 1.0 days and PHP when it was known as PHP/FI :))  Sharad writes from time to time (when persuaded enough!)  His articles have appeared in most publications in India and also on CNETs international sites.  He is an oft-invited speaker at various seminars and conferences and has addressed numerous conventions on subjects including: Java Technologies, Servlets, Linux, Email, Security issues, MTAs on Linux, Advertising on the Net, and other generic net-based topics.  When not ensnared by the Net, he enjoys reading, music and the great outdoors.
6. FX - Attacking Control, Routing, and Tunneling Protocols  (12.0M MP3)
• The protection of networked computers depends on the security and integrity of the underlying communication layers.  In the last years, many people invested time to research bugs and exploits on the application level and less interest was on the network layers.  We are going into the realms of protocols of ISO OSI layer 2 and 3.  The audience will get a quick refresher on what Layer 2 and 3 are about and which general attack approaches exist.  Layer 2 will be covered quickly and attacks using the well known ARP, CDP and some more will be explained.  The primary part of the session will be focused on the abuse of ICMP and interior routing protocols (RIP & IGRP), how to scan for autonomous systems and for IP protocols other then TCP/UDP.  Re-routing of packet streams for sniffing/interception will be covered as well.  The finale will explain and show how to attack VPNs using GRE and how tunneling can enable you to circumvent NAT.
• FX of Phenoelit is the leader of the German Phenoelit group.  His and the groups primary interests are in security implementations and implications of standards or less-known protocols.  FX currently works as field infosec engineer at Lucent Worldwide Services ESS where he is supported in doing the things he generally prefers to do.
7. James Bamford - Researching Secrets  (10.0M MP3)
8. Shatter - FAQ The Newbies: Information for People New to Security, Hacking or Defcon  (14.1M MP3)
• ETTIQUITE: How to approch people, talk with people, introduce yourself and how not to be a lamer.  Example will include real life anecdotes, stories from past cons, and even things that happened the night before.  PHILOSOPHY: Why are you here, and what are you doing?  What is your motivation to be here?  Why do you hack?  Also included in this section is the concept of ethics: How your actions effect yourself, others, and the net at large, responcibility for your actions, and the differences of white/grey/black hat hacking, and why real hackers don't wear hats.  LEARNING: Where to go to learn, proper steps to true knowledge, and how to avoid the trappings of being a script kiddie.  Knowing the difference from downloading a useful tool for your set and grabbing a script and wrecking havok.  REAL WORLD: What the media dosn't tell you, why hacking is easier on TV and the movies, and the you don't get 6-figure jobs by getting busted for hacking a .gov installation.  Debunking some of the myths that the gov't and private sector look for the best hackers to hire from the lists of convicted hackers.  WHERE TO GO FROM HERE: What you can get out of Defcon, what you can learn, and where to go after you nurse a major hangover.  This is the general idea of the lecture, same overall concept from last year, but the content is dynamic and updated to always remain current.
• Shatter has been involved on many angles of the computer genre for over 20 years, and has spent 15+ of those years in the online/hacking aspects of it.  Shatter has written many of the core '80s text files (under numerous nom de plumes) during the times when they were traded on variou BBSs.  Recent work has been in online data management and profiling (enough for an entire lecture on what's really happening) as well as side security projects, artwork, and 3D design work.  His next assignment is project manager on a building wide telemetry and control integration system with full accountability in real-time on a TCP/IP house net with full security implimentation, as well as physical buiding security.
9. Mark Grimes - TCP/IP Intelligent Agents: The Future of Electronic Warfare and Defense  (11.0M MP3)
• The study of artificial intelligence bring many treasures to the development of both offensive and defensive network tools.  Code can be designed to make "intelligent" decisions based on a presented data sample.  When rules are explicitly laid out by RFC to indicate proper connection handling, these rules can be mapped and recalled.  This would allow for an automated handling of network traffic with decision making enforced on next-packet injection.  The Defcon speech will focus on Intravenous.  Information will be shared with regard to overhead handling, event priority, as well as database and sensor/decoder optimizations.  Examples in logic considerations will be broken down for simple attack scenarios.  The IV specific design constraints and project goals will be discussed, a maillist will be announced for open discussion about the code that has been developed so far, and improvements of the overall design criteria.
• First, we will discuss what the word "intelligence" means and how it relates to source code.  Recent work has been in online data management and profiling (enough for an entire lecture on what's really happening) as well as side security projects, artwork, and 3D design work.  His next assignment is project manager on a building wide telemetry and control integration system with full accountability in real-time on a TCP/IP house net with full security implimentation, as well as physical buiding security.  We will explain the need for code that is not only self-aware, but aware of the environment it runs in.  We will briefly discuss the research conducted in the artificial intelligence field as it relates to TCP/IP networking and overall computer security.  Many developers are writing code with AI properties and fail to capitalize on it.
• Second, we will discuss the state of tools/exploits today, and where they are headed tomorrow, in lieu of current security tools being seperate and disjoint.  Packet sniffers seldom share information with packet crafters and IDS systems seldom share information with network scanners, for example.  We will explain the need for agent code to assist in data collection, storage, retrieval and analysis for use within the scope of any tool that either runs interactively or in daemon mode for long periods of time.  Discussion of toolsuite integration so that the network auditing and network detection are a more seamless process.  Most exploits can be classified in only a handful of categories, most of which the discovery are based on custom scripts and source code analyzers.  We will then explain the future of network assessment.  We will explain where "non-intelligent" code falls flat, and how introducing rule bases, knowledge bases and a back-tracking method (memory), can allow an application to deduce plausible scenarios based on the data collected.  This, in turn, will allow an application to be able to react to situations based on mathematical probabilities and/or metrics to hopefully choose the correct answer(s).  Even without correct answers, it can still present the user with empirical data that may lead to a plausible next event.  The Nemesis injection routines will be used in Intravenous.  The threat of Nemesis by itself will be discussed with examples sited from published sources, and then will be contrasted with the introduction of AI componsents, that will make up the overall study, Intravenous (an agent concept model).
• Mark Grimes is a network security researcher whose focus is primarily on enterprise wide, multi-layered network threat, the study of TCP/IP packet pattern analysis, and the interest of machine learning and expert systems.  Mark is best known for Nemesis, an eight protocol packet crafting tool suite.  There are a number of articles and misc. tools, as well as the concept slides/video of the initial Intravenous concept available at www.packetninja.net.  Mark Grimes is currently the Red Team Network Security and Forensics Lead for a Fortune 300 company.  He has been the security lead of many high profile commercial, government and military contracts.  Mark is also a developer for the ultra secure, multi-architecture OpenBSD Project led by Theo De Raadt.
10. Simple Nomad - Widdershins: De-evolution and the Politics of Technology  (9.8M MP3)
• PowerPoint
11. Dennis Salguero - The Business Side of Starting Your Own Consulting Firm and How They Can Succeed - Part 1  (3.6M MP3)
• Part 2  (99k MP3)
• Part 3  (488k MP3)
• Part 4  (2.5M MP3)
• I currently run my own computer consulting firm and I think that I can help others.  I don't specialize in security, but obviously, there are similar tasks that need to be done.  I would cover things like: - Incorporation - Taxes - Marketing - Keeping the client happy - Billing and getting paid.
• To find out more about me, I invite you visit my web site at www.beridney.com.  There, you will find out about the books I have written and other conferences that I have spoken at.
12. Tim Mullen - Windows NT Null User  (5.6M MP3)
13. Chris Goggans & Kevin McPeake - Falling Dominos - Part 1  (7.8M MP3)
• Part 2  (1.2M MP3)
• Part 3  (1.6M MP3)
• Part 4  (3.0M MP3)
• Part 5  (3.1M MP3)
• Part 6  (2.4M MP3)
14. Robert Graham - The Principals of Cyber-Anarchy.  (8.4M MP3)
• CTO/Network ICE
15. TechnoDragon - Hardware Mods: How to Look for Them  (11.0M MP3)
• Hardware mods.  Have you ever wondered what special features can be enabled is your hardware, or even crippled for security reasons?  Well, I will cover theory, fact and many designs covering identification and activation of hidden features wether they be hardware or software.  Topics will include: Identification of places to perform mods in hardware.  How to manipulate mods and features and settings to enable mods.  How to identify what extra features can be enabled in hardware.  List of what tools are required.  Theory behind future mods and placement of mods in advanced devices live demos will be performed on the platforms covered and tutorials on ways to go about discovering what mods can be performed on the hardware of your choice.
• Email
16. Barry J. Stiefel - NAT for Newbies and Not-So-Newbies: A Tutorial - Part 1  (4.5M MP3)
• Part 2  (64k MP3)
• Part 3  (1.7M MP3)
• Part 4  (2.0M MP3)
• Part 5  (205k MP3)
• Part 6  (203k MP3)
• Part 7  (2.1M MP3)
• Part 8  (914k MP3)
• Part 9  (2.6M MP3)
• Part 10  (1.8M MP3)
• Part 11  (321k MP3)
• Part 12  (431k MP3)
• Part 13  (196k MP3)
• Part 14  (149k MP3)
• Part 15  (186k MP3)
• Part 16  (91k MP3)
• Part 17  (136k MP3)
• Part 18  (62k MP3)
• Part 19  (358k MP3)
• Part 20  (131k MP3)
• Part 21  (109k MP3)
• Part 22  (202k MP3)
• Part 23  (178k MP3)
• Part 24  (93k MP3)
• Part 25  (1.2M MP3)
• Network Address Translation (NAT) is a cheap and simple method for boosting the effectiveness of your firewall.  Properly configured NAT can help hide your internal network structure from outsiders, enforce "outbound only" connections from internal hosts, and preserve scarce IPv4 addresses.  This tutorial moves quickly through the basics, discusses a typical NAT configuration, describes NAT in action, enumerates the benefits of NAT, explains several potential pitfalls and shows how to configure DNS to accommodate the translated addresses.
• Barry J. Stiefel ("Stee-ful"), B.Sc., MBA, CISSP, MCSE, CCNA, CCSA/E/I, A+, is the Chief Technical Consultant at Information Engine, Inc., a Silicon Valley networking and security consulting firm.  Previously, he was the founding Manager of Information Systems at Galileo Technology and was President of the Windows NT Engineering Association
17. Raven Alder - A Perl Script That Tracks DoS Attacks Across Cisco Backbones  (7.9M MP3)
• Denial of Service attacks are well known in the security field, but in recent years distributed Denial of Service attacks have become more of a worry and a priority to ISPs.  Recognizing when a DDoS attack is crossing your network is important, and being able to shut it down at your network's edge is even more so.  But due to the increasing ease of spoofing the source IPs of a DDoS attack, correctly finding where the traffic is entering your network becomes more difficult.  Rather than being able to traceroute via normal routing methods, most tracing of spoofed addresses has to be done hop by hop, one router at a time.  In a large backbone, this can take hours, particularly when you consider that many DDoS attacks come from hundreds of different IP addresses.  There aren't many tools out there to aid NOCs in tracing these sorts of attacks.  Indeed, many NOCs are still forced to trace attacks by hand.  To address this problem, I have written a Perl script to trace DDoS attacks backwards through a Cisco-router network.  The script can handle spoofed IPs, and will run both on Cisco's older routers (7500 series) and on their Gigabit Switch Routers.  This talk will present the script and provide a guided tour through the code to explain how and why it works.
• Raven Alder is a senior network engineer for a Tier 1 ISP, and hunts down DDoS attacks in the wild for fun.  In addition to supporting Cisco routers, Raven is also a Solaris/Linux/BSD sysadmin, and enjoys Shorin Ryu martial arts and particle physics.
18. Marcus Andersson - Firewalling Wireless Devices  (11.9M MP3)
• The different technologies today for providing IP-access over the air to handheld devices all pose some interesting questions about traditional security work.  How to firewall?  What is the physical differences of being on the "inside" versus the "outside" of the firewall?  How to implement prudent securitymeasures if there is no security on the physical layer?  Today, we can conclude that most base-stations used for radio LANs, regardless of technology (Bluetooth or IEEE 802.11) have coverage outside the building.  This means that if someone is in the parking lot, with a PC and a radio LAN connection, one is connected to the office LAN...
• The presentation suggests some architechtureal workarounds to some of these problems, namely for example to put all handheld devices on their OWN "demilitarized" network, and not on the "inside" of the firewall.  Other suggestions are made on how to implement some security on the handheld devices themselves, in order to protect them from compromising the whole network, as an unsecured "endpoint" in such a network would do.  The topic of personal firewalls and automated virus-scanners for handheld devices comes in at this level.
• Some issues regarding implementing cryptography in different layers of the OSI-model are discussed, as is both risks and verified securityholes with current cryptographical implementations on the link-layer (such as WEP).  A brief discussion on cryptographical protection and the impact on intrusion detection (the sensors can't see what happens if the traffic is encrypted) and virus-scanners (scanners can't scan encrypted mail) in included as well.
• It is not in the scope of the presentation to suggest a best practice, but rather to give some information on the threats of these new technologies, so that risk management can make their own decisions based on that.
19. Adam Bresson - Data Mining with PHP  (8.9M MP3)
• Adam Bresson has been programming in PHP, MySQL and HTML for over five years.  After his Defcon talk on Palm Security last year, he decided to explore security on a different, free platform.  With ten years of networking experience behind him, he created GNU methods for monitoring security and data mining in PHP.  He hopes you extend this foundation.  Ask questions!
20. Nick Farr - Designing Secure Interfaces "for Dummies"  (8.7M MP3)
• The old addage holds there is an inverse relationship between usability and security.  The more user-friendly the system, the less secure it is.  However, recent user heuristics research may lend insight into how to design more usable, more secure operating system interfaces -- independent of the underlying OS architecture, AND the gullibility of the user.  By highlighting the graphical and subtexual cues recently highlighted in popular OS interfaces, the speech will cover how users are betrayed by them, either into a state of paranoia or a false sense of security.  The speech will show how both states can be used to exploit the system through the user.  As well, five guidelines for future interface design will be presented, showing how increasing the security of the interface can actually be used to increase, instead of restrict usability.  While the talk is theoretical, each guidline will be applied as integrated into the design of a work-in-progress Kiosk package currently under development.
• Nick Farr recently graduated from the U of Michigan with a degree in Social Science, which included some graduate work at the School of Information in Human Computer Interaction.  He works as a developer for the School of Public Health at the University of Michigan.
21. CyberEthical Surfivor - The Game  (17.9M MP3)
• Ethics is that gray area between legal and illegal... and maybe your personal or corporate ethics are different that his or hers, or of someone from a different country or culture.  Yet, we all need to live in the same "space."  And that's the whole point of "CyberEthical Surfivor."  CyberEthical Surfivor is an interactive game that pits 18 brave souls on two teams against each other.  The object of the game is to be... duh... the last one standing: A true Surfivor.  How you get there is half the fun, but Da Judge (Jennifer Granick) and Da Time Keeper and the D'Audience will be heavily involved in who become the Surfivor!
• CyberEthical Surfivor: The Game
22. Optyx - KIS: Kernel Intrusion System  (6.8M MP3)
• This is the release of KIS.  KIS is a self-contained binary that when executed on a system installs itself so that it will be loaded on reboot and loads a kernel module.  This LKM hides itself, all of its subprocesses or desired processes, all of their files, directories, and network connections automatically.  The presentation will consist of demonstrating how to setup and use KIS as well as explain some of the basic design concepts.
• Optyx is a programmer, age 20, currently living in San Francisco, California.
23. Daniel J. Burroughs - Applying Information Warfare Theory to Generate a Higher Level of Knowledge from Current IDS  (12.2M MP3)
• The two greatest weaknesses of Intrusion Detection Systems (IDS) are the ease of which they may be evaded and their tendency to generate vast amounts of false alarms.  Sophisticated attackers are able to easily avoid detection, maintaining a low profile by spreading out the attack both in time and (network) space.  Meanwhile alerts are generated by normal user activity.  IDS have not yet reached a level where they can reliably detect and assess advanced attacks while being able to separate normal user activities.
• This presentation discusses the use of information warfare theory, combined with multiple target tracking algorithms to generate a higher level of knowledge from current IDS.  Instead of looking at IDS as the final stage in attack determination, it becomes the first stage.  The IDS are treated as sensors on our network gathering information that is fed into a data fusion engine.  By gathering information from different types of IDS and other sensors distributed throughout one or more networks, we aim to generate a higher level of knowledge, a situational awareness, that paints a much clearer picture of the activity on out networks.
• By combining and fusing data gathered from many independent networks, it is possible to move away from the traditional defensive posture of network security.  In its place we are given more of bird's eye view of the scene, and are able to see the activity of individual attackers spread out across many networks.
• This presentation is based on research being conducted at the Institute for Security Technology Studies (ISTS), a federally funded research institute housed at Dartmouth College.  A demonstration of the data fusion/target tracking system will be provided during the presentation.
• Daniel first became interested in computer security shortly after getting a 300 baud modem to connect his C64 to the outside world.  Since that time he has moved on to bigger and (somewhat) better things.  These have included work in virtual reality systems at the Institute for Simulation and Training at the University of Central Florida, high-speed hardware motion control software for laser engraving systems, parallel and distributed simulation research at Dartmouth College, and most recently distributed intrusion detection and analysis at the Institute for Security Technology Studies.  He is also the proud owner of a Defcon leather jacket won at Hacker Jeopardy at Defcon 8.
• Institute for Security Technology Studies and Investigative Research for Infrastructure Assurance.  The Institute and its core program on cyber-security and information infrastructure protection research serve as a principal national center for counter-terrorism technology research, development and assessment.  It is funded by the U.S. Justice Department's National Institute of Justice, Office of Science and Technology to which it will also provide technical support.  The Institute studies and develops technologies addressing counter-terrorism especially including counter-cyber terrorism issues in the areas of threat characterization and intelligence, threat detection and interdiction, preparedness and protection, response, and recovery.
24. Dr. Cyrus Peikari - An Open Source, International, Attenuated Computer Virus  (9.6M MP3)
• The unchecked proliferation of global information networks has left society vulnerable to a digital Armageddon.  Computer viruses can counter this vulnerability by stabilizing and strengthening information systems.  Using analogies from medicine, this paper demonstrates the pressing need for well-designed computer viruses.  This paper also proposes the design, implementation, and distribution of an open-source, international, attenuated computer virus.
• Dr. Cyrus Peikari is the Chief Technology Officer of VirusMD Corporation.  He is the author of Windows Internet Security: Privacy and Protection, being released this fall from Prentice-Hall publishers.  He is a former teacher of advanced mathematics at the Southern Methodist University Learning Enhancement Center in Dallas, TX.  In addition, Dr. Peikari speaks on the radio about Internet Security every Friday night as a correspondent for CBS affiliate A.M 1080 KRLD in Dallas, TX
25. Bruce Potter & Adam - The Captive Portal  (12.6M MP3)
• Adam and I have been doing research on wireless security from a practical perspective.  Basically discovering what's wrong with the current security models in 802.11 networking and how they can be fixed or worked around.  Adam has developed a system called the Captive Portal that will allow wireless networks to be setup that are resilent to problems with link-level authentication and encryption schemes.  The system is still in development, but will be "released" by conference time (as much as open source software gets released ;).  In the coming months we will be writing a paper on the Captive Portal; how it works, what it's strengths and weaknesses are, and instructions on getting one going.  I will give the first part of the talk, Adam will give the second part the part that deals directly with the Captive Portal.  We will also setup a wireless network at DC so folks can try and hack the portal.  We're always looking for ways to improve our idea.
• Bruce Potter is the founder of The Shmoo Group, an organization of security, crypto and privacy professionals.  He has done work as a network engineer, software security consultant, CTO of a failed startup, and a wire monkey.  Bruce posts daily security news to securitygeeks.com.
• In 1993 Adam started the first ISP in his home town of Dunedin, New Zealand.  Since then he has worked for several ISP's, small and large, in various capacities, mostly as a UNIX systems administrator.  His current project is Personal Telco which is trying to leverage consumer grade 802.11b gear to build internet accessible neighborhood communities
26. Dr. Ian Goldberg - Arranging an Anonymous Rendezvous: Privacy Protection for Internet Servers  (12.3M MP3)
• As the Internet grows in popularity around the world, we are beginning to see clashes between individuals and governments from different cultural backgrounds.  Corporations, organizations, and legislatures are using local laws in order to enforce their wishes on others worldwide.  Much work has been put into producing privacy-enhancing technologies that protect clients of online interactive Internet services.  In this talk, we present the "rendezvous server," a primitive which allows the transformation of any such technology into one which can equally protect the providers of those services.  It is our hope that being able to provide privacy for providers of online services, such as mailing lists, discussion groups, web sites, file servers, and chat rooms, they will be less susceptible to attack, and so will help prevent the Internet from becoming a place where the powerful can control the availability of content worldwide.
• Dr. Ian Goldberg is Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, a Canadian company producing Internet privacy software for consumers.  Having recently received his Ph.D. from UC Berkeley, Ian is recognized internationally as one of the leading cryptographers and cypherpunks.  In addition to developing many of the leading network software titles for the Palm Pilot, Ian is known for his part in cracking the first RSA Secret Key Challenge in three and a half hours, for breaking Netscape's implementation of the encryption system SSL, for breaking the cryptography in the GSM cellular phone standard, and for throwing lots of parties.
27. Lile Elam - Renagade Wireless Networks, Creating Connectivity on Demand  (12.3M MP3)
• A panel of wireless hackers will describe how adhoc open wireless networks have been successfully setup for various events and places.  From small/large happenings to local neighborhood access, learn how to create open wireless networks for all to use.  After all, what is hacking without connectivity!
• Lile Elam, a hacker artist residing in Silicon Valley, has managed various Un*x based systems and networks since the late 80's.  Founder of Art.Net (1994), Lile has always had an interest in sharing enabling technologies and creating networked communities.
28. Ofir Arkin - Introducing X: Playing Tricks With ICMP  (12.7M MP3)
• During my research with the "ICMP Usage In Scanning" project, I have discovered some new active and passive operating system fingerprinting methods using the ICMP protocol.  Methods that are simple, and efficient.  The active operating system fingerprinting methods were not correlated into a certain logic.  A logic that would allow us to have the ability to use any available method in order to, wisely, actively fingerprint an operating system.  In this talk I will be releasing a new active operating system fingerprinting tool using the active OS fingerprinting methods with the ICMP protocol I have discovered.  I will be explaining the tool's inner works and the various active OS fingerprinting methods with ICMP implemented and used with the tool.  The tool's limitations, ways to detect its usage, and how to defend our selves from its abilities will also be discussed.  Future plans and enhancements, which include a different approach to OS detection, will be presented as well.
• Ofir Arkin is the Founder of the Sys-Security Group, a free computer security research body.  Ofir is most widely known for his research about the ICMP protocol usage in scanning.  He has extensive knowledge and experience with many aspects of the information security field including: cryptography, firewalls, intrusion detection, OS security, TCP/IP, network security, Internet security, networking devices security, security assessment, penetration testing, E-commerce, and information warfare.  Ofir has worked as consultant for several European finance institutes where he played the rule of Senior Security Analyst, and Chief Security Architect in major projects.  Ofir has published several papers, the newest deal with "Passive Fingerprinting Techniques" and with the "ICMP Protocol Usage in Scanning."
29. Jay Beale - Attacking & Securing RedHat AKA: How Effective Has Bastille Linux Been?  (12.0M MP3)
• This talk will demonstrate each of the major (widely available) exploits against Red Hat 6.x, before and after hardening the system with Bastille Linux.  The idea is to show, very concretely, how Bastille Linux was effective at stopping/containing attacks, before the exploit was ever written.  This is not simply a "product demo" for an open source tool, though!  We'll describe exactly what hardening steps are taken to combat each attack and illustrate how these prevented/contained a compromise.
• Jay Beale is the Security Team Director at MandrakeSoft, makers of Mandrake Linux.  He is also the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux.  Jay is the author of a number of articles on Unix/Linux security, along with the upcoming book Securing Linux the Bastille Way, to be published by Addison-Wesley.  You can learn more about his articles, talks and favorite security links via www.bastille-linux.org/jay.
30. Len Sassaman - What is SSL, a CA, and FreeCert?  (10.8M MP3)
• The goal of FreeCertis to provide free or low-cost certificate authority services to individuals and organizations with limited budgets, as well as raise awareness of the services that CA's actually provide.
• Many users of the Internet today are unaware of what role a CA plays in the process of secure website viewing.  In my presentation, I intend to give a brief explanation of how SSL works and what it is that a CA does.  I will explain what the browser warning messages mean to the user, and what to do when encountering them.  I will discuss the dangers of trusting CAs, and methods of ensuring that certificates are valid when the CA cannot be ultimately trusted.
• Following this, I will present details about FreeCert: what it does and does not intend to accomplish, who can benefit from it, and how it will execute these goals.  Information on becoming involved in the development of FreeCert will be provided, and questions about FreeCert will be answered.
• Len Sassaman is a Systems Engineer for PDC Solutions, Inc.  His primary focus is information security, specializing in email security and anonymity services.  Len is an anonymous remailer operator, a member of The Shmoo Group, and a Crypto Rights Foundation staff member.
31. Robert Grill & Michael Cohen - Windows NT and Novell Host Based Intrusion Detection Using Native Logging and 3rd Party Log Reporting Tools  (9.0M MP3)
• Auditing is defined for this presentation as the process of examining operating system (OS) audit logs to assure information stored on computers is properly protected, and meets corporate security policies.  This presentation will cover the Novell NetWare 4.11 (NW) and Windows NT 4.0 (NT) operating systems.  NW is capable of auditing Novell Directory Services (NDS) and file system actions, and NT for domain and file systems actions, performed on a company's WAN.  Auditing tracks the following types of information: User Actions; Resource Usage; File System Security and Access Control; Login and Logoff Activity; NT and NW also includes auditing features to collect information about how a system is being used.
• These features monitor events related to system security, to identify any security breaches, and to determine the extent and location of any damage.  The level of audited events is adjustable to suit the needs of an organization.  This presentation illustrates the usage of NT and NW security monitoring separately; however, the concepts apply to any platform.
• The costs and benefits along with the weaknesses of such logging will also be addressed.  While these are two older platforms that the software vendors would love to see upgraded, they are both still used in many organizations.
• Michael Cohen is currently an Audit Project Team Leader at a large California based bank, specializing in network and Internet security.  He has over 5 years information security audit experience.  He currently holds the CISA and SSCP certifications, even though he has a great disdain for such things.  Previously, he worked as a big 5 security consultant and cut his teeth as network administrator holding together the worlds most poorly configured NetWare server and two of the most insecure Cisco routers.
• Robert Grill is currently an Audit Project Team Leader at a large California based bank.  He has an MBA in Management Information Systems and has over 10 years information security audit experience.  He holds the SANS GIAC; GSEC, GCIA, GCIH and GCFW certifications, as well as the CISA, CISSP, SSCP, CNA and CCNA certifications.
32. Thor - Grabbing User Credentials via W2k ODBC Libraries  (8.5M MP3)
33. Dario D. Diaz, Esq. - Digital Millenium Copyright Act  (11.6M MP3)
• A presentation of the DMCA, a discussion of the terms and meanings with specific reference to the technical aspect of the Act, a case law study of specific cases around the country (not many as the law is very new and untested), and the repercussions of specific "hacking" acts that may result in a violation of the Act.
34. Thomas J. Munn - Using OpenBSD, Snort, Linux and A Few Other Tricks To Setup a Transparent *ACTIVE* IDS  (18.2M MP3)
• Basically I will cover: How to setup Snort Sensor in OpenBSD.  How to use Perl & Rules to actively adapt rules to attacks, while keeping yourself from being 'DoSed.'  How to use ACID to make logs more easily accessible, and analyzed.  How to use database portion to look at historical attack trends and react appropriately.  How to setup "safe" management segment on your network that is both accessible to you, but hard for "them" to get into.
• Thomas J. Munn  Infosecurity analyst.
35. Bryan Glancey - Weakest Link  (15.9M MP3)
• Presentation and demonstration of attack attempts against common security software.  Highlighting use of common hacking tools to attack Boot Protection, File Encryption, and other misplaced ideas.  Seeking out the weakest section of security architecture and attacking based upon it.
• Demonstrations including: sector editors, Windows-based password attack programs (password grenadiers), Windows password broadcasting
• Bryan Glancey is the Director of Professional Services for Pointsec Mobile Technologies, the leading provider of mobile device security.  Bryan has worked extensively with the implementation of security systems for Fortune 100 customers for the last 10 years.  Bryan has spoken at a variety of industry conventions regarding information security, document management and control, and Internet technologies.  Bryan holds an degree in physics; during his research he worked on 1/f frequency signal analysis, computational analysis of astronomical data, and research into electron migration using 3D modeling.
36. The Defendant - So You Got Your Lame Ass Sued: A Legal Narrative  (13.0M MP3)
• "The Defendant" put up a website critical of his ex-employer, and within a week found himself in the center of a $120,000 lawsuit, facing some of the most powerful lawyers and largest firms in the country.  With a week to fight the restraining order put against him, he had to learn everything he needed to know about legal procedures, presenting a defense, and speaking to the press.  Through this, he kept the website up, answered many questions, and became the lightning rod for hundreds of angry, mistreated employees.  Come listen to what he learned, and get some ideas in case it's ever you in the courtroom.
37. Michael Wilson - Hacker Doctrine in Information Warfare - Part 1  (11.2M MP3)
• Part 2  (290k MP3)
• Part 3  (399k MP3)
• It is now an accepted fact that computer hackers, crackers, hacktivists, virus writers, and other politically-aware individuals in the computer underground are 'taking matters into their own hands.'  Whether through website defacementsor full-scale denial-of-service attacks, non-governmental, non-aligned individuals and groups are conducting what the military refers to as 'information operations' of increasing sophistication.
• What is clearly missing in these independent operations, however, is a complete and thorough understanding of how to think about attacks, how to undertake'mission planning,' and how to be truly effective.  Based on our own understanding of practical applications in information warfare, 7Pillars Partners will present educational material on information operations that canhelp fill in these 'gaps' in a hacker's comprehensive understanding.
• Michael Wilson is the Managing Partner of 7Pillars Partners, with 20 years field experience in military and intelligence operations.  He is an inventor, pioneer, and an acknowledged leader in infrastructural warfare, information operations, open-source intelligence, and next-generation intelligence.  He is the winner of the U.S. National Defense University's Sun Tzu Award in 1997, and the G2 Intelligence Professional Award in both 1997 and 1998.  Mr. Wilson can be reached at partners@7pillars.com, and a number of his professional papers are available at http://www.7pillars.com.
38. K2 - Polymorphic Shell Code API  (14.5M MP3)
• Polymorphism has been around for years in the form of virus attacks.  There is a wealth of information pertaining to this.  This presentation will concern itself with the implementation of an API designed to place some black-box code (probably shellcode) within an encoded structure and deliver it against a number of Architectures (SPARC, HP, IA32, more soon).
• This code has been tested thoroughly against a number of popular NIDS Sensors (ISS, snort, dragon, NFR,), and has proven that as of yet, the code itself can NOT be detected at all.  There are some possible methods of detection and that will be analyzed and future modifications to further evade these measures.
• K2 is a security consultant for a major multi-national company, personally located in Vancouver, Canada.  Spare time spent mostly investigating OS/network vulnerabilities and the exploitation there of :).  Years of assembly experience and a well developed cross-platform knowledge base.
39. Peter Shipley - 802.11b War Driving and LAN Jacking  (13.0M MP3)
• Peter Shipley will discuss his latest research concerning open WLANs in the corporate and home environment.  Early results will be presented along with maps illustrating the current threats showing that the current security models in 802.11 networking have set the state of network security back a decade.
• Mr. Shipley is one of the few individuals who is well known and highly respected in the professional world as well as the underground/hacker community.  With thirteen years experience in the computer security field he has extensive experience in system and network security as well as programming and project design.  Past positions and titles include "Chief Security Architect" at KPMG, Former and Chief Engineer for Network Security Assocates and Founder/VP at DNAI (a prominent Bay Area ISP),
• Mr. Shipley's specialties are third-party penetration testing and firewall review, computer risk assessment, secure systems design and security training.  Mr. Shipley also performs post-intrusion analysis as well as expert witness testimony.
40. Rob Shein - Evaluating VPN Solutions  (16.3M MP3)
• This session will detail a methodology by which security professionals may independently examine the security of a VPN.  We will cover basic concepts of key exchange and management, leading into a description of good and bad ways by which the two ends of a VPN connection arrive at the necessary shared secret.  We will discuss common mistakes such as improper random seeding or key exchange, and step through a checklist of things to check.  Finally, we will apply this methodology before the audience in the testing of a running VPN system, and demonstrate two vulnerabilities that exist.
41. Enrique Sanchez - Distributed Intrusion Detection System Evasion (DIDSE)  (7.2M MP3)
• A fast connection is the new era, but your IDS system can handle it?  Can your operating system can handle it?  Can you handle it?
• A DDoS is not the worse thing that an attacker can do in a distributed way.  A evasion attack can take place while your IDS is just dropping packets, while it is just there checking an innumerable amount of unused packets with unused connections.
• There is no tool such as this, or is it?  DIDSE distributes the attack ranging the amount of packets to be sent to the network to cause a flood to even modem connections in a timing and hidden way the is virtually impossible to hide it, combined with some accuracy in penetration an attacker could easily bypass the new era security systems.  He can bypass your IDS.
• nrique A. Sanchez is an Industrial Engineer wich previously worked as system administrator before becomming senior pen-tester in an European security firm.  Enrqiue A. Sanchez is involved in education, R&D and pen-testing.
42. Anders Ingeborn - Designing Small Payloads  (7.8M MP3)
• This talk presents how to use double-injection over an existing network connection to write small remote buffer overflow exploits.  A number of practical tips and code examples will be given.  It will also be explained how this design can be used to hide an attack from both network based and host based intrusion detection systems.
• Anders Ingeborn works with vulnerability assessment and penetration tests at iXsecurity in Sweden.  iXsecurity's clients during the last couple of years include government agencies, banks, nuclear power plants, and major corporations throughout Scandinavia.  Anders also holds a MS in computer security.
43. Richard Thieme - Hacking a Trans-Planetary Net: The Essence of Hacking in a Context of Pan-Global Culture, the Wetware/Dryware Interface, and Going to Europa  (14.1M MP3)
• When Richard Thieme spoke at Defcon 4, he said hacking was practice for trans-planetary life in the 21st century.  Well, guess what?  It was.  But a changing context has also changed what hacking looks like.  Context is content, and what was hacking at MIT on a PDP-6 just doesn't cut it any more.  The essence of hacking is the same, but the game is played differently.  When space war involves holographic image projection, cloaking devices, multispectral camouflage, micro-know-bots and the creation of synthetic environments that an adversary thinks are real... when cells are switched on to conduct heat and electricity... and the exploration of Titan and Europa make Mars and the moon look like inner suburbs... hacking means more than knowing how to spray paint a website or shut down a server.  Hacking means an artist's imagination, an obsessive hunger for knowledge, and a deep understanding of cyborg humanity. Thieme illuminates the topography of that weird landscape.
• Key concepts: Context is content (i.e. what makes sense in one context no longer makes sense in another) what is wise in one context is insanity in another; hacking in its essence is a way to approach life with identifiable qualities and characteristics - some are innate and some can be learned.  The ones that can be learned and how to learn them are spelled out; the attributes of hacking as it evolved in the sixties, if translated whole hog into the 21st century, make you look like a dork; it's not about being a script kiddie, doing DDoS attacks, or leaving graffiti - it is about the tools of imagination, the weapons of the mind, in a world of widespread deception; the practice of deception - the creation of illusion, the use of misdirection, the lethality of ridicule - are examined in relationship to hacking as the quest to know the truth; specific scenarios will be described, using the most current human resources, including war in space; the fusion of information war and space war through the "information web;" the changing definitions of humanity at the wetware/dryware interface, with emphasis on materials science and advances in brain enhancement; how life in space changes people and changes the species; and the bottom line - how the real attributes of hacking can be ported into this Borg world and used imaginatively, mischievously, and with a light touch to give real style to one's hacking and transform one's cyberlife into a work of art.
44. David Gessel - Intro to Quantum Cryptography  (12.6M MP3)
• The subject is quantum cryptography, and the scope of the paper will be targeted toward a lay audience with a basic understanding of physics (what is an electron, a photon, etc.), computers (that they deal with binary information), and cryptography (that combining data with noise makes the data unreadable unless the noise is removed).
• I will move quickly, and at a basic level through the quantum physics involved and the cryptographic principles, and leave the audience with an understanding of the state and potential of quantum computing and quantum cryptography.
• David Gessel (Super Dave of the DoC) spent seven years of his childhood hammering steel in front of a coal-fired forge as a blacksmith's apprentice.  He then went to MIT to get a degree in physics where he focused on fusion, robotics, and precision engineering.  Switching coasts, David joined Apple's Advanced Technology Group and worked on a wide range of projects including pen-based computers, LCD technology, and digital cameras.  David left Apple to join Interval Research Corp, researching rapid design/prototyping technologies for mechanical systems.  After a few startups, David is now a consultant to Teradyne, Inc. and holds positions at Delta-e, LLC; PicoStar, LLC; idbias; and Nebucon, Inc.
45. Robert Muncy - Securing Cisco Routers  (5.8M MP3)
• We will begin with basic IOS commands to secure a router, looking at unneed services and turning off seldom used protocols.  From there we will look at configurations for defeating basic attacks against your network, including DDoS, SMURF and other nasty things you can do to networks.  Next we will look at some simply access list and nifty tricks you can do with them!  I will also discuss the basics of encryption, RADIUS, and other security measures you can use when making connections to multiple sites.  For this talk I have assumed you have at least heard of TCP/IP ports, basic Cisco IOS commands, and the Internet and how it works!  This talk is geared to Cisco novices but who have done basic networking already.
• Robert Muncy is currently employed by a financial company as Network Security Engineer.  Previous to that I worked as a hired gun for several computer consultant companies.
46. Brenno de Winter - IPV6 Security  (7.2M MP3)
• What's new.  What are new risks?  What are new opportunities.
• CEO, DeWinter Information Solutions
47. Jennifer Granick - European Cybercrime Treaty - Part 1  (4.8M MP3)
• Part 2  (215k MP3)
• Part 3  (25k MP3)
• Part 4  (1.5M MP3)
• Part 5  (347k MP3)
• Part 6  (356k MP3)
• Part 7  (722k MP3)
• Part 8  (1.0M MP3)
• Part 9  (1.2M MP3)
• Part 10  (523k MP3)
48. Phil King - 8-Bits and 8-Pins: More Fun with Microcontroller Hacking  (14.2M MP3)
• "Microcontrollers" are microprocessors with additional peripherals, I/O controls, and memory, all built into one chip.  Last year, Phil introduced the wonderful world of 8-bit micro controllers and showed how to setup your own project development lab.  This year he looks at more fun, cute, and devious electronic devices you can build, this time focusing on microcontrollers with only 8-pins.  What can you do with 2k of code spaces and only a few I/O lines?  More than you might imagine!  We'll look at various tiny projects, and see what can be done in small space and on a small budget.  Bring your questions and project ideas.  The people with the best ideas will go home with a complete Atmel AVR micro controller hardware development package.
• This talk will have a fairly high fun-factor looking at cool electronic toys, but there will be talk about and examples of low-level code and hardware design.  Some programming experience and electronics vocabulary will definitely make the material more understandable.
• Phil King is a hardware design engineer in Silicon Valley with nine years of experience at various hardware and software jobs.  He is also a part time lecturer at Stanford University, where he co-taught EE-281, the graduate level Embedded Systems Design Lab course last fall.
49. Keith Nugent - Windows 2000 Security: How to Lock Down Your Win2k Boxes  (23.0M MP3)
• Windows 2000 provides a lot of new security features that were previously not available in earlier versions.  The NT line, however, has never been considered very secure right out of the box.  We'll be talking about how to use NTFS permissions, Default Security templates, Custom Security templates, and Group Policy to lock down a Win2k box.  We'll look at what level of security is applied by default on a Win2k box, how to analyze these settings against proposed settings, and how to apply identical settings across multiple boxes.
• Keith Nugent has been playing with computers since his father first brought home an Apple iic.  Being the youngest child, it thrilled him to no end to have something that would respond to HIS commands, as he was used to being the one who followed commands.  Keith toyed with Apples and PC's for the next few years while he did other things, like grow up, go to college, run a business, and drive a tractor-trailer around the country.  Then, a few years back, as tends to happen, he was the guy who was always fixing, operating, and training others on the computer.  So he gave in and became the network administrator.  Now years later, he's given up the pager and 3 a.m.-the-sky-is-falling phone calls of network administration to train full time.  Keith is currently the technical training supervisor for a large computer training center in Chicago, IL.
50. Ryan Lackey - HavenCo: One Year Later  (13.0M MP3)
• HavenCo provides secure colocation in the Principality of Sealand, in the North Sea, to a wide range of clients.  We've gotten a lot of press in the past year, still, we get a lot of questions:
• Why do people go offshore in the first place?  What can they gain?  Aren't they all just software pirates and pornographers?  Can existing companies restructure offshore after they get sued?  What is life like on Sealand?  Do you have photographs?  Can I visit?  Why don't you offer shell accounts?  Is Sealand really a country?  Is the U.K. going to invade?  Are you going to setup other datahavens?
• I will try to answer these questions, and will present a slideshow walkthrough of Sealand, information about our network and physical infrastructure, and information about current clients.  In addition, I'll discuss some of our current development projects, and how our services can be useful to pro-liberty forces around the world.
• Ryan Lackey is HavenCo's CTO and co-founder, living on Sealand full-time.  He has worked on electronic cash and software-based datahaven systems, and originally got involved with HavenCo when looking for a secure place to host central electronic cash servers.  In addition to Sealand, he has lived in Anguilla, considered wrongly or rightly as another possible datahaven location during the U.S. crypto export restricted period.  HavenCo has taught him how to deal with media, politicians, and large numbers of lawyers, while running an international multi-site network, living in a 10,000 square foot concrete fortress for 3 months at a time, and missing just about every worthwhile party in the world for over a year.
51. Dan Kaminsky - Gateway Cryptography: Hacking Impossible Tunnels Through Improbable Networks with OpenSSH and the GNU Privacy Guard  (10.9M MP3)
• 1. Theory of Gateway Cryptography.  2. Methods of securely connecting mutually firewalled hosts.  3. Turning any SSHD into a VPN termination point (without using PPP over SSH).  4. Dynamically Rekeyed OpenPGP.  5. PPTP over SSH.  6. Securely SUing to root.  7. Robustifying live-configuration of OpenSSH.  8. SFTP Compatibility Mode (implementing everything with cat, tar, and tail).
• Website
52. John L. Dodge & Bernadette H. Schell - Laurentian University Hacker Study Update  (13.3M MP3)
• Laurentian University's Hacker Research Team from Sudbury Ontario, Canada interviewed and surveyed self-professed hackers at Defcon 8 in Las Vegas and H2K in New York City in July 2000.  The objective of the study was an attempt to give a balanced view on hackers - including the "white hats" and the "back hats."  Its intent was to collect information that would give a realistic picture of the way hackers think, feel, and behave rather than some unbalanced and contrived picture based on the media or innuendo.  The 22-page questionnaire had five parts: (I) hacker demographics, (II) health and mind-body symptoms, (III) routine behaviors, (IV) respondents' likes and dislikes and (V) decisions regarding work and/or school.
• The media and academic writers have created many hacker myths based on their feelings or observations.  Are they supported by fact or are they just fiction?  Of the 20-hacker myths investigated we will present which are supported by the questionnaire data and which are not.  We begin to crack the myths with a balance view.
• John L. Dodge is a professor within the School of Commerce andAdministration at Laurentian University, Sudbury, Ontario, Canada.  As a partner in a management-consulting firm, he lectures and consults widely on e-commerce and organizational strategy issues.  Prior to his academic career he was President and CEO of a venture capital firm and Vice President Development for a mining and development company.  He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from the University of Western Ontario and a Ph.D. from the University of Bradford in the U.K. He is a Certified Management Consultant (CMC) and a Professional Engineer (P.Eng.).
• Bernadette H. Schell is Director of the School of Commerce and Administration, Laurentian University, Canada.  President of a HR consulting firm in Sudbury, Ontario, she lectures widely on stress management, executive stress, and stalking protection measures.  She is author of a Self-Diagnostic Approach To Understanding Organizational And Personal Stressors (1997), Management In The Mirror (1999) and Stalking, Harassment And Murder In The Workplace (2000) all published by Quorum Books.  She is the recipient of the Laurentian University research excellence award (2000).
53. Dmitry Sklyarov & Andy Malyshev - eBooks Security - Theory and Practice  (8.0M MP3)
• Security aspects of electronic books and documents, and a demonstration of how weak they are:
• "Standard" PDF encryption, ROT13 (used by New Paradigm Resources Group, Inc.), FileOpen (by FileOpen Systems), SoftLock (by SoftLock Services, Inc.), Adobe's Web Buy, Adobe's eBook Reader (GlassBook Reader), InterTrust DocBox plug-in.
• Documents publishing in electronic form have a lot of advantages against traditional on-paper publishing.  You could easily find list of such advantages on web server of any company, which provides eBook solutions.  But nobody perfects, and there is one big problem that related with eBooks.  Information in electronic form could be duplicated and transmitted, and there is no reliable way to take control over that processes.  There are several solutions from different companies that were developed to prevent unauthorized distribution of the electronic documents.
• My name is Dmitry Sklyarov.  I'm employee of the ElcomSoft Company.  As we have demonstrated in our speech on Black Hat Win2K Security (February 2001), encryption in Microsoft Office documents is very weak and password protection may be removed without any problems in most cases.  In this speech, I'll try to cover password protection aspects of electronic books and documents.  The most attention will be paid to documents in PDF format.
54. HC - NTFS Alternate Data Streams  (8.0M MP3)
• Windows NT and Windows 2000 have powerful graphical user interfaces that make the job of assessing the security condition of and securing these operating systems considerably easier.  Changing the bad logon limit is, for example, relatively easy to both understand and do in both of these Windows operating systems.  Providing adequate security does not, however, always involve working with mainstream features of applications, operating systems, and networks.  Alternate Data Streams (ADSs) are an example.  This little-known feature available with the NT File System (NTFS) in WNT 4.0 and Win2k (RICH98) has been available since the advent of NTFS in the first WNT release, WNT 3.1.  Although this feature is relatively unknown by the vast majority of WNT users and administrators, it provides a potentially very powerful attack mechanism for malicious individuals intent on compromising and exploiting WNT and W2k systems.
• What is an ADS?  How can ADSs be created and how can executables be run in them?  How can they be misused (e.g., by having malicious executables run in them)?  How can they be found?  This paper addresses these and other related issues concerning ADSs and security considerations.
55. Dan Moniz - The Impact of P2P on Security in the Enterprise  (6.2M MP3)
• Increasing democratization of the network means more and more users are finding interesting things to do with the resources at their disposal.  In the wake of watershed decentralized applications such as Napster, many commercial and open-source efforts are producing so-called "Peer-to-Peer" (P2P) or decentralized applications and computing frameworks.  The genesis of P2P, decentralization, and distributed computing as a fundamental architecture has serious implications for the way security is handled, not only in the wilds of public networks like the Internet, but also in closed enterprise environments.  Like it or not, users will be using these apps and participating in these networks.  It behooves every security administrator to become familiar with the nature of P2P systems and to understand both the potential threats and possible benefits of such systems, as well as to anticipate user adoption and related issues.
• Dan Moniz is a Research Scientist and Chief Security Architect at OpenCola, a leading developer of Distributed Computing Infrastructure (DCI) software, including peer-to-peer (P2P) applications and reliable multicast systems.  His primary work to date has been in the area of security architecture for generalized P2P applications, protocols, and frameworks.  Previous projects have involved Digital Rights Management (DRM) systems predicated on true electronic rights inside capability-based secure environments as well as analysis and design of authentication protocols for distributed media streaming applications.  Before joining OpenCola in September of 2000, Mr. Moniz worked as a Researcher for Viasec Limited, a crypto software development firm, and contributed to their flagship email encryption server Consus, as well as additional internal research projects involving Single Sign-On (SSO) technology, biometric identification systems, smartcard tokens, capability-based systems, and security for mobile devices.  Mr. Moniz supplements this experience with several years of exposure and participation in the public infosec community at large.
56. Dark Tangent - Defcon Awards Ceremony  (7.2M MP3)
57. Stephen Hsu - Triangle Boy: IP Spoofing and Strong Encryption in Service of a Free Internet  (16.3M MP3)
• SafeWeb is an encrypted (SSL) anonymous proxy service, used approximately 100 million times per month by hundreds of thousands of people worldwide.  Triangle Boy is an open-source program that lets volunteers turn their PCs into entry points into the SafeWeb network, thereby foiling censorship in countries like China and Iran.  Triangle Boy uses IP spoofing and innovative packet routing to minimize the load on volunteer machines.  I discuss SafeWeb's goals and technologies, its involvement with the CIA through In-Q-Tel (the agency's venture fund) and the Internet as a catalyst for social transformation in China.
• Stephen Hsu is the CEO and co-founder of SafeWeb.  He is currently on leave from his position as a professor of theoretical physics at the University of Oregon.  Previously, he was an assistant professor at Yale University, and a research fellow at Harvard.  His research specialty is quantum field theory and its applications to particle physics, astrophysics and cosmology.  He holds a PhD from UC Berkeley and a BS from Caltech.
58. White Knight - Internet Video Surveillance  (7.6M MP3)
59. D-Krypt - Web Application Security  (10.7M MP3)
60. Cult of the Dead Cow - Hacktivism Panel  (12.3M MP3)
61. Jim Christy - Meet the Fed Panel  (13.4M MP3)
• This years panel will build on last years format.  A brief introduction and statement from each of the panel memebers, and then right into audience questions and qnswers.  Jim Christy will be moderating.  So far the panel includes: OSD - Paul Smulian (Information Assurance), GAO - Keith Rhodes (Chief Tech Officer), Arizona State Representative Wes Marsh, NSA - Ray Semko, Interagency OPSEC Support Staff.
62. William Tafoya - Meet the Fed Panel  (10.5M MP3)
• For the past three years, Dr. Tafoya has been Professor of Criminal Justice at Governors State University.  Previously he was Director of Research, Office of International Criminal Justice, University of Illinois at Chicago.  He is a retired Special Agent of the Federal Bureau of Investigation.  For 12 months (July 1989 - July 1990), he served as Congressional Research Fellow for the 101st Congress in Washington, DC.  There he conducted research on police use of high technology as well as future crime.  He remains the only law enforcement officer ever selected to serve in this capacity on behalf of the U.S. Congress.  He has guest lectured at numerous universities and various venues internationally.  In 1991 he founded the Society of Police Futurists International.
• Prior to his retirement from the FBI in June 1995, he was assigned in Washington, DC, Quantico, Virginia, and San Francisco, California.  Dr. Tafoya served for 11 years at the FBI Academy as a senior faculty member of the Computer Crimes Training and Behavioral Science Units.  He was the first law enforcement officer to make investigative use of the Internet.  He created the UNABOMber web site in December 1993.  It was generated on a NASA computer because at that time the FBI did not have the capability to implement Bill's ideas on its own computer system.  Bill subsequently developed the FBI's Oklahoma City bombing web page in April 1995.
• At Governors State University, Dr. Tafoya teaches courses in Computer Crime Investigation, Research Methods and Statistics, as well as Strategic Planning.  His current research interests are in CyberTerrorism and the application of Virtual Reality for training of law enforcement officers.  His 1986 Ph.D. in Criminology is from the University of Maryland; it was a forecast of future of law enforcement.  He was recently appointed an advisor to the National Cybercrime Training Partnership of the U.S. Department of Justice.  Both the print and electronic media have interviewed him extensively nationally and internationally.  Twice he has been featured in U.S. News & World Report.  More recently he was featured in the April 2001 issue of Information Security.
63. Unknown - Credit Card Fraud  (11.3M MP3)

Defcon 10

  August 2-4, 2002 at the Alexis Park Hotel & Resort

• Defcon 10 Pictures  From Deviant Ollam.
• Defcon 10 Pictures  From the Hektik.org crew.
• Defcon 10 Pictures  From CHS.
• DefCon 10 Through the Eyes of Grifter
• Kampf's Defcon 10 Report
• Defcon 10 Pictures  From havoc.
• Defcon 10 Pictures  From DMZS.
• Random Footage from Defcon 10  (38M WMV)  (YouTube)
• Defcon 10 Program  (2.8M PDF)
• Defcon 10 Audio & Video  Textfiles.com Mirror

1. Dennis Mattison - Network Printers and Other Network Devices, Vulnerabilities and Fixes  (9.1M MP3)
• Like computers on large heterogeneous environments, networked printers and other peripherals have vulnerabilities that can lead to exposure of data, denial of service, and as a gateway for attacks on other systems.  Yet, while many organizations seek to protect their computers, they ignore printers and other peripherals.  We will discuss general attacks against printers and other peripherals, with specifics on known (and some newly discovered) vulnerabilities in several brands of printers, and propose possible solutions to keep both computers and networked peripherals from attack.  The talk is technical but not microcode technical, and the audience needs only to bring their brains, though familiarity with the various printers and other peripheral devices available on the market is a plus.
• Ltlw0lf (aka Dennis W. Mattison) is a consultant for both military and civilian organizations, primarily an instructor on information security and assurance classes for Solaris and other UNIX environments, as well as a security and penetration testing analyst, PKI engineer, policy designer, and systems administrator.  As a hobby, Ltlw0lf dabbles in vulnerability discovery, and has released several vulnerability reports involving printers and other network devices.  Ltlw0lf was the sysop of "The Programmers Connection BBS" in San Diego for 8 years, and has been involved with several Sysop and Systems Administrator organizations in the past.
• Paper  (741k PDF)
• Presentation  (609k Magicpoint)
• Printer Vulnerabilities & Exploits
• Source Code
2. Saqib A. Khan - Stealth Data Dispersal: ICMP Moon-Bounce  (8.8M MP3)
• This research is targeted at demonstrating that small amounts of data can be dispersed over IP based networks, utilizing the data payloads of existing protocols.  Such data is expected to be kept alive on the ether until one chooses to retrieve it.  The crux of the scheme is the fact that this type of data dispersal is expected to be extremely difficult to detect.  Such a scheme also raises some very interesting aspects regarding using Internet traffic itself as virtual mass storage system, etc.
• As an example, a specific technique created by the author, the "ICMP Moon-Bounce", will be presented that accomplishes our data dispersal goal.
• Khan is the Founder and CEO of SecurityV, Inc. a cutting edge Network Security Auditing startup.  Previous to SecurityV, Khan founded and ran Secure Networks Corporation, a succesful network security integration firm w/ offices in Harvard Square, Cambridge, MA.  Prior to Secure Networks, Khan performed brief consulting stints at MIT, Sun, Checkpoint, and Lucent(INS) on multiple security and programming projects.  Khan's primary interests lie in Network Protocol Vulnerabilities, Artificial Intelligence, and Cosmology.  Nowadays, Khan resides in Miami Beach and spends equal time on partying and Network Security research.  Khan has previously presented five techincal papers in various professional conferences.  Khan has a Masters in Computer Engineering and a Bachelors in Electrical Engineering from Auburn University, AL.
• PowerPoint
3. Ofir Arkin - XProbe, The Year After  (10.2M MP3)
• Xprobe, written and maintained by Fyodor Yarochkin & Ofir Arkin, is an active operating system fingerprinting tool based on Ofir Arkin's "ICMP Usage in Scanning" research project (www.sys-security.com).  Last year at the Blackhat briefings, July 2001, the first generation of Xprobe was released.
• The tool's first generation (Xprobe v0.0.1) relies on a hard coded static-based logic tree.  Although it has a lot of advantages (1-4 packets only, accurate, fast, efficient, etc.) the tool suffers from a major drawback - its logic is static.
• At Defcon 10 we will be releasing Xprobe2, a complete re-written active operating system fingerprinting tool with a different approach to operating system fingerprinting.  Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
• Ofir Arkin is the Founder of the Sys-Security Group, a free computer security research body.  Ofir has published several papers as well as articles and advisories.  Most known are the "ICMP Usage in Scanning," and "Trace-Back" research papers.  Some of his research was mentioned in professional computer security magazines.  He is an active member with the Honeynet project and participated in writing the Honeynet's team book, Know Your Enemy published by Addison-Wesley.
4. Aaron Higbee & Chris Davis - Dreamcast Phone Home  (11.1M MP3)
• DC Phone Home (DreamCast Phone Home, a pun on the well-known film ET: The Extraterrestrial) is a project that challenges conventional enterprise security models by showing the ease by which an attack to an organization's network resources and infrastructure can be performed from an internal perspective.  Simply put, once the DreamCast is deployed, it 'phones home' joining an organization's internal network with a remote network.  We show that this type of attack can be performed easily with a variety of available hardware and software and in such a way that is not easily discovered by an organization's employees or security resources.  Our presentation will include development descriptions and demonstrations of the attack tools that we have developed and are continuing to develop.  The attack tools are comprised of a SEGA Dreamcast, a Compaq iPAQ handheld device, and a bootable x86 CD-ROM which can perform the attack using any available PC.  Using open-source tools that we have ported to these platforms, we have created devices that 'phones home' over known protocols.
• Aaron Higbee has been working in information security for the past four years, getting his start at Earthlink Network as a Network Abuse Administrator.  In this position, Aaron became intimately acquainted with the tactics of spammers, hackers, and every kind of network abuse imaginable.  Later, while working as RoadRunner's Senior Security Administrator, Aaron learned and responded to the network abuse problems that plague broadband connections.  Working at two national service providers, Aaron was able to become an expert in the tactics of hackers and the mistakes that get them caught.  This experience made his transition from incident response to penetration testing a natural one.  Currently, Aaron works for Foundstone, Inc. as a security consultant.
• Chris Davis has been working in the field of information technology for eight years, with a concentration on information security for the past four years.  He has participated in secure systems development, information security consulting, penetration testing and vulnerability assessments, and information security R&D.  He is a contributing author to Newrider's recent publication Building Linux Virtual Private Networks (VPN) and continues to write and publish various papers.  He has developed and instructed a number of courses, the most recent of which was a 3-month course on software vulnerability discovery and exploit coding.  Currently, Chris is a Senior Security Consultant for RedSiren.
• PowerPoint
• ISO Image
5. Len Sassaman - Anonymity Services and the Law: How to Safely Provide Anonymous Technology on the Internet  (12.1M MP3)
• Anonymity technologies can be an essential life-saving tool for whistle blowers, human rights workers, political dissidents of oppressive regimes, and can provide a safe mechanism for the free-sharing of controversial ideas while protecting an individual's "true name" reputation.  Due to the possibility of abuse of these systems, however, anonymity services are often criticized by law enforcement agencies and ISPs.
• This presentation will examine some of the challenges that anonymity service providers face when their systems are used for controversial purposes, and will explore ways to mitigate the risk of operating an anonymity service.
• Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies.  Len is an anonymous remailer operator, and is currently project manager for Mixmaster, the most advanced remailer software available.  In addition, Len has contributed to the development of personal encryption software and standards.
• Source Code & PowerPoint
6. Fred Trotter - Operating System Fingerprinting Library  (8.7M MP3)
• This is a fingerprinting library designed to bring together the fingerprinting capabilities of NMAP, QueSO and X (at least version 1).  Using this library you should be able to add operating system sensitive code to your favorite Perl, Java, C or C++ code.
• At the same time the library will give you control over the execution of individual OS fingerprint tests.  If you are interested in writing OS sensitive code or researching OS fingerprinting then this talk (and the code) are for you.  Everything will be released GPL.
• In his first life, Fred Trotter worked at the Air Force Information Warfare Center, and was a spook.  But, while the Air Force let him work on cool stuff, which was good, it paid crappy, which was bad.  So, Fred quit working as a spook and went to work for Rackspace.  And there was much rejoicing.  At Rackspace Fred Trotter tried to protect the largest installed base of RedHat servers in the world, and often succeeded.  Then that contract ended abruptly and there was wailing and gnashing of teeth, for Fred had been paid well, and had gotten used to bank.  Then, Lo, exault was hiring, and Fred Trotter applied and was hired, and there was much rejoicing, and the people did feast upon the lambs and sloths, etc.  Then after 40 days (more or less) exault was bought by VeriSign.  Then 40 days (more or less) later the VeriSign stock price plummeted, and the beatings given it by Wall Street were not just, or holy.  But, Verily, though his stock options were worthless, he still had a cool job with a cool company in a crappy economy; and there was much rejoicing.
7. Jay Beale - Bastille Linux 2.0: Six Operating Systems and Still Going! - Part 1  (2.5M MP3)
• Part 2  Attacking and Securing FTP  (8.9M MP3)
• Bastille Linux is a security tightening program that has proven capable of thwarting or containing many of the vulnerabilities discovered in operating systems.  Originally written for Red Hat Linux, Bastille has now been ported to six operating systems, including HP-UX.  This talk will talk about what Bastille does, what we've done to it in the last year, and what we're working on next.  Most importantly, it will teach you something about hardening systems and beating worms, even if you're an old spacedog of a sysadmin.
• The Unix FTP servers have been called 'the IIS of the Unix world' for their frequent and potent vulnerabilities.  Each has provided remote exploits, usually at the root privilege level, on a consistent and frequent basis.  WU-FTPd is the most popular Unix FTP server by far, shipping by default on most Linux distributions, and even on Solaris, and being installed most commonly on the rest of the Unix platforms.  This talk will demonstrate working exploits on WU-FTPd, then show you how to configure WU-FTPd to defeat them.  While the talk will use WU-FTPd as the primary example, we'll also discuss ProFTPd, the other major FTP daemon for Unix.
• Jay Beale is the president and founder of JJB Security Consulting and Training, LLC.  He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX.  Jay is the author of a number of articles on computer security, along with the upcoming book Locking Down Linux the Bastille Way to be published in the second quarter of this year by Addison Wesley.  You can learn more about his articles, talks, courses and consulting via www.bastille-linux.org/jay.
• Secure FTP PowerPoint
• Bastille PowerPoint
8. Jennifer Stisa Granick - The USA PATRIOT Act & You  (11.6M MP3)
• This presentation will update attendees on changes to the law under the USA PATRIOT Act, with special emphasis on how the changes may effect political activists and the investigation and prosecution of computer crimes.
• Jennifer Stisa Granick is a Lecturer in Law and Director of the Litigation Clinic at Stanford Law School's Center for Internet and Society.  Ms. Granick's work focuses on the interaction of free speech, privacy, computer security, law and technology.  She is on the Board of Directors of the Honeynet Project, a computer security research group, and has spoken at the National Security Agency, to law enforcement officials and to computer security professionals from the public and private sectors in the United States and abroad.  Before coming to Stanford Law School, Ms. Granick practiced criminal defense of unauthorized access, trade secret theft and Email interception cases nationally.  She has published articles on wiretap laws, workplace privacy, and trademark law.
• Cyber Rights Now: 'Scotty, Beam Down the Lawyers!'
• PowerPoint
9. Dan Burroughs - Correlation & Tracking of Distributed IDS  (8.5M MP3)
• Standard approaches to intrusion detection and response attempt to detect and prevent individual attacks.  However, it is not the attack but rather the attacker against which our networks must be defended.  To do this, the information that is being provided by intrusion detect systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear.  By applying techniques from radar tracking, information warfare, and multisensor data fusion to info gathered from distributed IDS, we hope to improve the capabilities for early detection of distributed/coordinated attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks.
• Daniel Burroughs is a research engineer and Ph.D. candidate at the Institute for Security Technology Studies at Dartmouth College.  His areas of research have included mobile agents, distributed simulation, and distributed intrusion detection.  He is also the head of engineering for SignalQuest, Inc., which specializes in the development of embedded sensors.
• PowerPoint
10. Jon Miller (Humperdink) - Securing Your Windows Internet Server  (7.5M MP3)
• I will show people how to secure different Windows servers using common sense and a variety of different tools.  The fundamentals can be applied to any Windows server whether it is NT4/2000/.NET as well as IIS or Exchange.  I will also walk people thru many good security tools that are a must have for any Windows server.  I will actually secure a server at the talk that will later be placed on the CTF network.  I will anounce a FTP location at my talk where all of the tools I will feature can be downloaded from.
• PowerPoint
11. Ryan Lackey - Anonymous, Secure, Open Electronic Cash  (12.7M MP3)
• Electronic cash has been the lynchpin of cypherpunk software goals for decades -- yet, there is no viable electronic cash system in the marketplace.  We will describe the theory, applications, past attempts, politics, failures, and successes in the field.  We present a specification and implementation of a new system which is secure, open, extensible, free, and which will hopefully avoid the technical and strategy mistakes which plagued earlier systems.  We will solicit developer involvement in creating applications which use this infrastructure.  We hope this infrastructure is a first step toward limiting the power of governments and other oppressors vs. individuals and small groups throughout the world.  It is also an example of how to proivide a critical infrastructure application, in an open-source form, in the post-dotcom world, and a generally-applicable demonstration of how security hardware and software can be used in applications to win user trust.
• Ryan Lackey, founder and CTO of HavenCo, has been involved with electronic cash and other cypherpunk applications for years.  In addition to HavenCo and living full-time on Sealand, he works on several open-source software and hardware projects which are finally ready for public launch.  He has a great interest in seeing technology deployed in the service of individuals fighting against the State.
12. Ian Peters - Rubicon: An Extensible Gateway IDS  (5.3M MP3)
• IDSs have traditionally been seen as purely information resources, requiring human intervention in order to act on alerts.  Recently, support for modifying firewall rules and killing active connections have begun to appear in IDSs, but these suffer from shortcomings.  A desire has been recently expressed by many people for an active, 'Gateway' IDS (GIDS), allowing filtering and routing of traffic to be performed by a gateway computer using both traditional firewall-style rules, and also NIDS-style analysis.  Rubicon was developed to supply this functionality, and more, in an extensible manner.  This talk will discuss some shortcomings of current NIDS products, and hence the need for GIDS, the design and development of Rubicon, and the future for GIDS in general and Rubicon in particular.
• Source Code
13. Thomas Munn & tgr2mfx - Using Filesystem Crypto and Other Approaches to Protect Your Data/Privacy on BSD and LINUX - Part 1  (8.5M MP3)
• Part 2  (189k MP3)
• Part 3  (238k MP3)
• This talk will cover using the LOOP-AES package to encyrpt data on a removable, USB hard disk in Linux.
• The presentation will focus on using encryption to protect your data, via using GNUPG, removable keychain, and a removable hard disk, to encrypt your home directory.  It will focus on how to install the USB device, include a script for getting things going "automagically," and installing the LOOP-AES patch to both a stock and a custom kernel.  The BSD portion of the talk will cover the use of tightvnc, ssh tunnels, 802.11 and vnconfig to keep personal data personal in a business environment.
• Thomas Munn started security in 1997, working for Kellogg's on a now defunct firewall.  He has worked in the financial, health, and cereal industries.  He has spoken at the last three Defcons, on topics ranging from personal firewalls to automated intrusion detection ideas.  His outstanding accomplishments are: setting up a SNORT IDS box, integrating windows and NT via ssh, and getting a loopback device to encrypt his homedirectory.  His first computer was an Atari 800.  He enjoys meeting hacker types and learning from them.  He knows a little Perl, and is a Linux guru, with a smattering of OpenBSD.  He despises Microsoft Windows.
• tgr2mfx has been #!'ing in an Installshield world since the days of BSD/386.  He hails originally from Plessis, NY but streetraces in Denver now.  Wills current projects are writing fibonacci sequencers in Bourne shell, fidgiting with a Bourne shell SQL equivalent for /etc, a P2P file sharing system (using multicast-ip6, ssh and nfs) and an automagic src and ports installer for OpenBSD.
• Slides
14. Roger Dingledine - The Mixminion Anonymous Remailer Protocol  (12.0M MP3)
• Mixminion is a message-based anonymous remailer protocol intended to take the place of the old Mixmaster network.  Mixminion provides secure single-use reply blocks (Mixmaster provides no support for replies, instead relying on the older and less secure Cypherpunk remailers), and introduces nymservers that allow users to maintain long-term pseudonyms using single-use reply blocks as a primitive.  It also integrates directory servers that allow users to learn public keys and performance statistics of participating remailers.  I'll cover a variety of serious anonymity issues with Mixmaster and other deployed networks and published designs, and also describe some of the many surprising anonymity risks that come from adding these new services.
• As a cryptographer and network security expert, Roger Dingledine lives in that space between theory and practice.  He prefers to tackle the really hard problems so one day we can build real solutions.  Current interests include anonymous publishing and communication systems, censorship-resistance, attack-resistance for decentralized networks, and reputation.
• Slides
15. Jaeson Schultz & Lawrence Baldwin - Extreme IP Backtracking  (9.0M MP3)
• A prudent system administrator will review system logs.  While performing this log analysis, administrators may detect nefarious activity of various types (port probes, exploit attempts, DOS/DDOS).  Of course, what you receive in the system logs doesn't contain the offender's name and telephone number.  Rather, most firewalls and intrusion detection systems will log an IP address, or at best, a reverse DNS lookup of the IP address.  This presentation outlines several "Road-Tested" techniques for tracing IP addresses back to a responsible party.  Included are many real-world examples from our research; Step-by-step traces ranging from the trivial to the impossible.
• Jaeson Schultz is an independent security consultant specializing in log analysis and intrusion detection.  He has accumulated over 14 years experience programming and troubleshooting networks for various governmental and corporate organizations.  Formerly employed by Counterpane Internet Security, Jaeson spent the last two years monitoring the security of Fortune 1000 companies and performing security and software engineering.  While at Counterpane, Jaeson helped to identify the networks responsible for the thousands of alerts received at the Counterpane Secure Operations Center per day.
• Lawrence Baldwin is an independent Network Performance Consultant and author with over 15 years experience in deep protocol analysis and troubleshooting mission-critical networks and applications for Fortune 500 companies.  In 2000, Baldwin developed and deployed one of the first Internet "neighborhood watch" systems known as myNetWatchman (mNW).  mNW is a distributed IDS (dIDS) that uses the collective awareness of thousands of cooperating participants to identify compromised hosts and notify compromised machine owners.  In an average day, mNW processes more than 1,000,000 events from a global sensor network of more than 1,300 firewall and IDS systems in 40 countries.  mNW analyzes and back traces event activity from 50,000 unique hosts per day, identifying compromised hosts and sending Email notifications at a rate of approximately one per minute.  The data collected by mNW enables analysis of global attack trends, identification of DDoS bot assimilation activities, and signature-independent detection of new worm activity.
• PowerPoint
16. John Dodge, Steve S. Mautsatsos, and Bernadette H. Schell - Should Organizations Employ Hackers?  Implications Drawn From the Book Hacking of America  (10.3M MP3)
• This Defcon 10 presentation, while drawing from the study, will discuss the implications of employing hackers in the work place.  The book Hacking of America (Greenwood, 2002) reports on the Laurentian University study of the hacker community and in particular the conference participants of Defcon 8 and H2K.  The study data was collected though a 20 page self-report questionnaire completed by hackers at these conferences.  It was also supplemented by selected in-depth interviews.
• John L. Dodge is the Director of the Electronic Business Science Program and is a professor within the School of Commerce of Commerce and the Department of Math and Computer Science at, Laurentian University, Sudbury, Ontario, Canada.  As a partner in a management-consulting firm, he lectures and consults widely on e-business and organizational strategic issues.  Prior to his academic appointment, he was President and CEO of a venture capital firm, and Vice-President Development for a mining and development company.  He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from Ivey School of Business, University of Western Ontario and a Ph.D. from the University of Bradford in the U.K.  He is a Certified Management Consultant (CMC) and a Professional Engineer (P. Eng.).
• Steve S. Moutsatsos, LLB (Queen's University, Ontario), LLM (LSE), is a partner with the law firm of Weaver, Simmons, Sudbury, Ontario, Canada.  He has practiced as a commercial lawyer in the information technology field for over twelve years, acting as counsel for both multinational technology companies as well as various small software developers and Internet start-ups.  Steve is a part-time lecturer at Laurentian University, where he also serves on the Board of Governors.
• Bernadette H. Schell is Dean of Business Information Technology, University of Ontario Institute of Technology (UOIT), Canada and President of a HR consulting firm in Sudbury, Ontario.  She lectures widely on stress management, executive stress, and stalking protection measures.  She is also author of a Self-Diagnosis Approach to Understanding Organizational and Personal Stressors (1997), Management in the Mirror (1999), and Stalking, Harassment, and Murder in the Workplace (2000), all published by Quorum Books.  She is the recipient of the Laurentian University Research Excellence Award (2000).
• Overview
17. Christian Grothoff - GNUNet  (12.0M MP3)
• GNUNet is an anonymous peer-to-peer networking infrastructure.  GNUnet provides anonymity, confidentiality, deniability and accountability, goals that were thought to be mutually exclusive.  In GNUnet, users can search for files without revealing the query to anybody.  Intermediaries can not decrypt the query or the reply, but they can verify that the reply is a valid answer for the query.  This allows GNUnet to deploy a trust-based accounting scheme that does not require end-to-end knowledge about transactions and that is used to limit the impact of flooding attacks.
• Anonymity in GNUnet is based on the idea that it a host is anonymous if the perceived sender of the message looks sufficiently like a router.  Based on this realization, GNUnet nodes can individually trade-off anonymity for efficiency without affecting the anonymity of other participants.  GNUnet is written in C and licensed under the GNU Public License.  GNUnet is officially part of the GNU project.
• Christian Grothoff is a Ph.D. Student in Computer Sciences at Purdue University.  He is primarily working on OVM, a DARPA funded project to build a customizable real-time Java Virtual Machine.  Christian Grothoff started the GNUnet project, a secure peer-to-peer file-sharing network to protect privacy.
• PowerPoint
18. Steve Schear - GNU Radio  (8.4M MP3)
• Wireless communication devices have traditionally been exclusively hardware in nature.  Software has augmented and is now replacing basic functional elements of radio systems.  The conclusion of this process is a radio where almost all functions are performed by software.  GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software.  What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.
• Steve Schear is the CEO of Lamarr Labs.  He has led development of commercial spread spectrum radios and held engineering, business development and marketing positions at TRW, Citicorp, Cylink, Com21, Mojo Nation and Counterpane Internet Security.  Steve is currently the project administrator of GNU Radio.
19. Rich Bodo - It is Now Safe to Compile Your Phone System - Part 1  (7.0M MP3)
• Part 2  (7.7M MP3)
• The telephony industry was late to adopt open-source software and commodity protocols.  The open-source development community is rapidly correcting that problem.  Everyone from enthusiasts to Fortune 500 companies are now deploying open-source telephony software, from PBX's to voice messaging systems to VoIP gateways.  This lecture will focus on the practical.  We'll provide demos of the major open-source telephony systems, a brief tutorial on rapid application development, and a discussion of the effect these systems will have on the future the industry.  Special attention will be paid to Bayonne and other GNU projects, and their relationship to the more ambitious GNUComm and GNU Enterprise meta-projects.  Attendees should leave with an understanding of the general capabilities of the major existing open-source telephony projects and a working knowledge of basic application development with the GNU telephony subsytem.
• Rich is a regular contributor to the Bayonne project, and the coordinator of the GNUComm and Voxilla projects.  He worked as a software engineer at several silicon valley telephony companies, and one Linux company, before founding Open Source Telecom Corporation (OST).  OST has been deploying open-source telephony systems since 1999.  He has most recently spoken at the O'Reilly Open Source Convention and the Intel Communications Tech Summit.  He organizes the bi-annual Free Telephony Summit as well as the Telephony BOFs and GNUComm booths at LinuxWorld conventions.
• Source Code
20. Ian Clarke - Freenet: Past, Present, and Future Direction  (11.2M MP3)
• Freenet is a system designed to allow people to publish and read information on the Internet with reasonable anonymity for both producers and consumers of information.  To achieve this, Freenet uses a totally decentralized emergent architecture.  This talk will describe the interesting aspects of Freenet, the challenges we have faced, and what the future holds for the project.
• Ian Clarke is the architect and coordinator of The Freenet Project.  Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland.  He has worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division.  He is originally from County Meath, Ireland.
21. Agent OJ - Applescript (in) Security in OS X - Part 1  (2.5M MP3)
• Part 2  (893k MP3)
• Part 3  (1.9M MP3)
• AgentOJ, a Macintosh programmer for Team2600, will be speaking on Applescript in the OS X environment, covering both attack and defense tools using Applescript.  Topics covered will include: Applescript as an information gathering tool (system info, list of users, open services, etc).  Applescript as an attack tool (Applescript Trojans, destructive scripts, exploiting scriptable applications, and a proof of concept Applescript Trojan).  Applescript as a defense tool (log checking, locking down an OS X system, automating network security scripts, and a proof of concept Applescript defense suite).  General applescript security practices will also be covered.
22. John Q. Newman - Post-9/11 Privacy  (9.8M MP3)
• No bio or topic synopsis available at this time, however John is an exellent speaker and his lectures are always entertaining as well as informative.
23. Scott S. Blake - The Politics of Vulnerabilities  (12.2M MP3)
• The vulnerability reporting process is rife with competing interests.  Research is conducted by software vendors themselves, paid consultants, government agencies, professional and academic researchers, as well as people who make their living in other ways.  Each of these groups have particular interests in the process.  The vendor of the targeted software has their concerns.  The public at large has an interest in the process (and its results), but it is unclear what the public should be concerned with.  This talk explores vulnerability reporting from all angles, including that of the public good.  Atendees will learn a rudimentary cognitive framework for understanding the powers in play in vulnerability reporting and apply that to understand the present and the future of security.
• As BindView's Vice President of Information Security and an internationally recognized security expert, Mr. Blake is responsible for providing security expertise to BindView's corporate strategy and operations.  Before taking this role, he was the leader of BindView's RAZOR security research team.  Prior to joining BindView, Mr. Blake designed perimeter security, network security architectures, and developed security policies for several large companies including leaders in financial services and telecommunications, as well as several large hospitals and universities.  He has spoken at many security conferences, authored numerous articles on security topics and is frequently sought by the press for commentary.  He holds a B.A. in Social Sciences (International Relations) from Simon's Rock College, a M.A. in Sociology (Political Theory) from Brandeis University, and is a Certified Information Systems Security Professional.
24. David Endler & Michael Sutton - Web Application Brute Forcing 101 - "Enemy of the State (Mechanism)" - Part 1  (533k MP3)
• Part 2  (9.6M MP3)
• This presentation focuses on the ease with which many web application Session IDs can be brute-forced, allowing an attacker to hijack a legitimate web user's online session (e.g. Slashdot, Apache, Register.com, PHPNuke, etc.).  While a somewhat narrow area of web application security, the simplicity of the attacks and the prevalence of these vulnerabilities on the Internet make this an important topic.  Malicious users can easily try (usually automated) combinations of well-known usernames and passwords, or indeed attempt all possible combinations of the accepted Session ID character set.  However, the scope of a brute force attack can be greatly reduced when Session IDs are predictable in nature.  The presentation will include an overview of the issues involved in exploiting predictable or "reverse-engineerable" Session IDs in popular web applications, including a demonstration with several real-world exploitation examples.  It will conclude with a description of techniques both users and web developers can use to protect against these types of attacks.
• David Endler is the director of iDEFENSE's security research group, iDEFENSE Labs.  iDEFENSE is a global security intelligence services company that provides advanced warning and analysis of cyberthreats - from technical vulnerabilities to hacker profiling to the global spread of malicious code.  Prior to iDEFENSE, Endler served with Deloitte and Touche LLP in the e-business security and technology practice.  In previous lives, Endler performed security research for Xerox Corporation, National Security Agency, and Massachusetts Institute of Technology.  Mr. Endler holds a B.S. and M.S. in Computer Science, and is an active member of the Open Web Application Security Project (OWASP).
• Michael Sutton is a Senior Security Engineer for iDEFENSE Labs.  Prior to joining iDEFENSE, Sutton established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda.  The ISAAS practice is responsible for information systems auditing on both external financial audit engagements and internal audit outsourcing.  Consulting engagements included SAS 70 audits, attack and penetration tests, architecture reviews, computer forensics and designing security policies.  Sutton has also worked in the Ernst & Young ISAAS practice in New York.  He is presently pursuing a Master of Science in Information Systems Technology degree at The George Washington University and has a Bachelor of Commerce degree from the University of Alberta.
• Source Code & PowerPoint
• iDefense Session Auditor Tool
25. Brett Eldridge - Mobile VPN Vulnerabilities & Solutions  (10.4M MP3)
• A real life solution to the mobile VPN problem will be presented.  It uses OpenBSD on a laptop with an IPsec tunnel to a gateway.  The real benefit to the audience is that potential security vulnerabilities will be discussed (e.g., sending IKE ID in the clear, allowing udp/500 to the gateway from all IP addresses, the use of Aggressive vs. ID Prot mode in Phase 1).  In addition, potential solutions to those vulnerabilities will be presented.
• Brett recently joined NetScreen as the Director of Professional Services.  Prior to NetScreen, he was a co-founder at OneSecure and before that a senior technical security consultant at HP Consulting.  Brett has written numerous papers and presentations on security.
• Source Code
• Slides
26. Chris Hurley - Hardening Solaris Installs - Part 1  (1.9M MP3)
• Part 2  (3.4M MP3)
• Part 3  (5.7M MP3)
• A step-by-step guide to hardening a Solaris installation.  Focusing primarily on Solaris 8 but with concepts that apply to all Solaris/Unix installs, attendees will learn the steps that need to be taken to lock down a Solaris installation.  While recognizing the best practice of pre-deployment hardening, the concepts presented also apply to already live Solaris installations.  Rather than focusing on known attacks and reacting to them, this presentation will better equip system/security administrators to proactively reduce the risk of a successful attack against their systems.
• Chris Hurley is a Senior Information Security Engineer working in the Washington DC area.  Primarily focusing his efforts on vulnerability assessments, he also performs penetration testing, forensics and incident response operations.  He has spoken at the IATF Forums in Washington DC and has written numerous whitepapers for both print publications and online security sites.  Many of his papers can be found at his site SecurityTribe and also at Security Horizon.  He has worked as a Defcon Goon for the past three years which probably explains both the bags under his eyes and the rubber truncheon in his hand.
• Source Code & PowerPoint
27. Wilco van Ginkel - The Other Side of Information Security  (10.0M MP3)
• Until now, the focus of Information Security within organisations was mainly technical.  Organisations are becoming more and more aware of the fact that this technical side - although very important - is just one part of the total security solution.  Currently, organisations are increasingly changing their focus to the organisational side of Information Security.  In order to control the organisational issues of Information Security, an organisational oriented approach is needed.  Such an approach will be the subject of this talk and will give the audience an overview, ideas, references, hints & tips of this organisational side.  Items to be discussed are: Risk Management; Security Policies & Procedures; Security Standards; Security Awareness; Security Auditing & Monitoring; Where Organisational meets Technical.
• Wilco has University backgrounds in Business Economics, Business Administration, Computer Science and Information Security.  He has held positions as assistant teacher at the Erasmus University Rotterdam (NL), as Technical IT Auditor, as IT Security Architect, and as teacher Information Security at different business schools and universities.  Currently, he works as Senior Security Consultant for Ubizen, where he is also a teacher for Ubizen College.  When he is not working, you can find him under water (Scuba Diving), playing computer games, travelling or reading a book.
• Source Code & PowerPoint
28. FX & FtR - Attacking Networked Embedded Systems  (12.2M MP3)
• Servers, workstations and PCs are the common targets of an average attacker, but there is much more to find in todays networks.  Every device that has a processor, some memory and a network interface can become a target.  Using printers and other common devices as examples, we will show how to exploit design failures and vulnerabilities and use the target as an attack platform.  We will also release some tools, methods and sample code to entertain the audience and aid further vulnerability research in this area.
• FX is the leader of the German Phenoelit Group.  His and the groups interest is in less known or commonly ignored protocols, devices and techniques.  FtR of Phenoelit is the resident Perl guru and algorithm guy of the group.
• Slides
29. Bruce Potter, Tony 'Xam' Kapela, and Adam Shand - Wireless Networking  (9.3M MP3)
• Wireless networks have seen explosive growth in the last year.  Wardriving a city last July resulted in only a handful of access points.  Now there are hundreds if not thousands of access points in every city in the nation.  And during the same time holes have been shot in all major wireless security protocols.  People deploying wireless technologies are either unaware of the risk involved or have decided the productivity gain out weighs the risk.  We feel it is more of the former than the later.  This presentation will discuss contemporary issues in wireless network security.  While we will discuss some of the basic foundations of wireless security such as WEP, the talk will be more focused on the state of the art.  The speakers all have heavy backgrounds in community wireless networking using open standards and living in hostile environments.  They will draw upon their knowledge to give the audience an idea of where they can expect wireless security to go in the next year.
• Tony Kapela (aka Xam) -- Asside from being a full-time student in Madison, Wisconsin, Tony choses to spend part of his free time thinking about wireless systems and mesh networking.  His more recent projects include "MeshMadison" -- a network aimed at open-community transport, supporting transparent roaming in downtown Madison.  His other interests include Ethernet adultry, HPNA acrobatics, and playing drums.
• Bruce Potter -- Bruce is the founder of the Shmoo group of security professionals (www.shmoo.com).  He is also the founder of the NoVAWireless community wireless network group in Northern Virginia.  He has a soon-to-be published book on wireless network security with O'Reilly.
• Adam Shand -- Adam started PersonalTelco in November 2000 due to a happy series of coincidences.  He believes that information wants to be free despite the fact that people want to be paid.
30. Gingerbread Man - Lock Picking: Techniques and Tools for High Security  (8.2M MP3)
• The talk will cover current techniques used for picking locks such as mushroom pin tumblers, Medeco, Abloy, and tubular locks.  The talk will also cover how to formulate attacks on new locks.
• I am a self taught hobbyist.  I have five years experience in amateur locksmithing.  I am currently attending a Canadian University as a Computer Science major.
• Slides
31. Nicholas Fischbach and Sebastien Lacoste-Seris - Layer 2, Routing Protocols, Router Security & Forensics  (11.2M MP3)
• Our talk will cover the (in)security of layer 2 protocols (CDP, xTP, HSRP, VRRP, VLANs, etc) and its consequences.  We will also discuss routing protocols attacks and how to (try to) protect your infrastructure.  The architecture, security, secure management and forensics of routers and switches will also be covered.  This last part of the talk will be complementary to the presentation from FX of Phenoelit.
• Nicolas Fischbach is managing the IP Engineering Department and Sebastien Lacoste-Seris is the Security Officer and managing the IP Research & Development Department at COLT Telecom AG, a leading provider of high bandwidth data, Internet and voice services in Europe.
• Nicolas and his team are working on network, system and security architectures for the Swiss network.  Previously he was dealing with the Internet Solution Centre deployment and security processes/auditing for major financial institutes, insurance companies and large hosting/housing projects.  He worked for a French ISP and he's also teaching network and security courses in engineering schools and universities.  He has an Engineer degree in Networking and Distributed Computing.
• Sebastien Lacoste-Seris is leading the Research and Development department for COLT Telecom AG and is also in charge of the security for Switzerland.  His team is mainly working on the evaluation, integration and development of new IP based technologies.  He previously worked for several major European ISPs as a network and security architect, he also did consulting and software auditing (ITSEC) for a security company.  Sebastien holds a Degree in Computer and Network Engineering.
• Nicolas and Sebastien are co-founders of Securite.Org, a French speaking portal on computer and network security, and are frequent speakers at technical and security conferences.  You can reach them at webmaster@securite.org
• PowerPoint
32. Kevin Spett - SQL Injection  (12.1M MP3)
• SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first.  Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack.  The objective of this talk is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.
• Kevin Spett is a web application security expert and researcher.  His discovery new SQL injection attack techniques and frequent security mailing list postings have made him among the most respected web application security professionals in the world.  Kevin's responsibilities include maintaining the SPI Dynamics SecureBase and researching web application security concepts and software.  He has been a SPI Dynamics employee since its inception.
• Slides
33. Adam Bresson - Consumer Media Protections  (10.4M MP3)
• Did you buy "The Fast and the Furious" soundtrack only to find out you couldn't archive the songs to MP3s on your PC?  Companies including Vivendi Universal, AOL Time Warner and Sony employ different protection methods on DVDs, video games and CDs.  Many consumers argue that these protections abrogate their legal rights.  I'll be presenting a broad overview of these Consumer Media Protections (CMPs) and will conduct demonstrations of how to identify and bypass them.  I will focus on bit-level video game, video signal and audio CMPs.  Whichever side of the legal argument you fall on learn the law, learn your rights and speak-up.
• Adam Bresson owns GreentreePC, a Los Angeles-based on-site network consulting service.  At Defcon 8 and 9, he spoke on Palm and PHP security, respectively.  He founded and continues to develop two exciting Internet startups: Recommendo.com and GetAnyGame.com.
• Source Code
34. Cyrus Pekiri & Seth Fogie - Hacking .NET Server  (10.7M MP3)
• Windows .NET Server is Microsoft's new contender against Linux in the server market.  Scheduled for release in 2003, .NET Server (which was originally released for beta testing under the codename "Whistler") is re-engineered from the Windows 2000 Server codebase.  .NET Server's survival will probably depend on how users perceive its security.  Bill Gates himself realized this when he released his "Trustworthy Computing" memo in Jan. 2002.  His ultimatum echoed what hackers have been saying for years: get secure or fail.
• This speech will focus on the new security features in .NET Server -- and how to break them.  The purpose is to identify early weaknesses while the OS is still a release candidate so that developers and network administrators can make informed decisions before deployment.  This talk is technical, using live examples and some source code, but there will also be enough general information to benefit anyone interested in .NET Server security.  Coverage includes weaknesses and exploits in the following areas: Windows Product Activation (WPA) on .NET Server; New Encrypting File System (EFS) changes; .NET Server Smart Card support; Kerberos implementation; Wireless standard implementation; Remote Desktop Security; Death of the Microsoft Security Partners Program (MSSP); Microsoft security partners full disclosure "gag rule"
• Dr. Cyrus Peikari is Chief Technology Officer of VirusMD Corporation.  Seth Fogie is Director of Engineering at of VirusMD Corporation.  Peikari and Fogie co-authored the first book ever written on .NET Server: Windows .NET Server Security Handbook from Prentice Hall PTR (ISBN 0130477265).
• Slides
• TDAT .EXE File
35. Matthew Marsh - Replacing TripWire with SNMPv3  (9.0M MP3)
• This talk demonstrates how to use SNMPv3 software (specifically illustrated using Net-SNMP) both with minor custom configurations and also with specialized MIBs and Agents to provide file data and file hashes on demand over secure channels.  I also discuss the use of the "TCP Inform Trap" as a syslog-style message transfer mechanism.  I spend the majority of the time showing how the authentication and privacy features of SNMPv3 provide robust bi-directional security message transfers.  Along the way I demonstrate how to use the split between the authentication and privacy features to provide double blind random file hashes of a managed system.  Use of trigger settings to capture file changes will be discussed.  I provide the example MIBs and related Agent code for general Unix platforms running Net-SNMP and where possible discuss how to get the code working on Microsoft or other platforms.  Time permitting I will digress into ways to integrate these techniques into common Network Management platforms.
• Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix Systems, LLC, Author of Policy Routing Using Linux (SAMS), Creator of PakSecured Linux.  Working in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks.  Worked extensively with various SNMP platforms both as a user and as a vendor.  On NEAR & BITNET in 1984 (pre-Historic Internet) and addicted ever since.  As Chief Scientist of the NEbraskaCERT researching IPv4/IPv6/IPSec integrated security networks.  Developed the first (and currently still the only) SNMPv3 managable policy routing firewall system for Linux available under GPL at www.paksecured.com.  Actively researching management and design of integrated security networks.
• PowerPoint
• Source Code
36. Skroo & Grifter - Resurrecting the Scene Through Local 'Hacker' Meetings  (11.7M MP3)
• Many people are interested in bringing their local underground community closer together by organising meetings for those in the area.  While this is certainly a good idea, doing it successfully is not as simple as it sounds.
• Grifter (Salt Lake City 2600) and skroo (Los Angeles 2600) intend to cover the more relevant points of starting local meetings.  Topics discussed will include identifying if your area needs a meeting, setting things up, choosing a location, running the meeting, and keeping it going successfully.  This will be done in a Q&A session based on the speakers' experiences both attending and running $2600 and other meetings.  Questions from the audience will be actively encouraged.
37. Joe Burton & William Reilly - Dmitry Sklyarov and the DMCA: 12 Months Later  (11.6M MP3)
• Joe Burton will discuss the events that lead to Dmitry's arrest last July in Las Vegas for violating the DMCA.  Joe will also discuss the legal issues surrounding the case, the current status of the criminal proceedings in California and some thoughts on the future of the DMCA.  Joe has been one of the nation's leading critics of the aggressive civil and criminal application of the DMCA's anti-circumvention provisions.  Bill Reilly will discuss how non-U.S. software developers and others can avoid falling into US digital jurisdiction by analyzing how the Federal government brought charges against Dmitry.  Joe and Bill will also discuss how the DMCA, the USA Patriot Act and other recent legal developments are increasing the liability for network administrators and network security specialists.
• Bill Reilly is a California-based attorney who specializes in Network Security and Intellectual Property law.  He is a GIAC-certified Advanced Incident Handling Analyst and author of numerous articles on network security law.  He is also Managing Editor of the Journal of Internet Law and writing a network security law handbook for system administrators and CIOs.
• Joe Burton is a partner in the San Francisco office of Duane Morris LLP, a national law firm with approximately 500 lawyers.  Joe is the defense counsel for ElcomSoft Co., Ltd., Dmitry Sklyarov's Russian employer.  Joe also represented Dmitry in his initial court appearances last summer in Las Vegas and San Jose.  Joe practices in the area of complex civil, criminal and appellate litigation.  His practice includes trade secret and patent litigation with an emphasis in cybercrime and cybersecurity matters.  Joe was also former chief of the U.S. District Attorney's office in San Jose, where he initiated and supervised all federal prosecutions in the San Jose venue, reporting directly to the United States Attorney in San Francisco.
38. Ian Vitek - Citrix and Terminal Services  (8.8M MP3)
• Citrix and Terminal Services are becoming very popular.  Ian Vitek will speak about:
• Scanning and finding Terminal Services and Published Applications.  This will include statistics of open and vulnerable servers.
• Connection to Published Applications.  This can be harder than you think.  Most of the servers have Published Applications.  You can't just see them.
• Breaking out from the given environment and elevation of rights.
• Demonstration.  The way administrators setup their Citrix servers every so often the Citrix client can't enumerate Published Applications or connect to them from Internet.  Tools for enumerating and connecting to Published Applications will be released.
• Ian Vitek has been working for iXsecurity in Sweden as a Penetration Tester for seven years.  He is more a networking guy then doing assembly stuff.  He is the writer of "macof" and "briiis."
• PowerPoint
• Citrix Source Code
• Citrix READ ME
39. Ken Caruso - Community Wireless Networks: Friend or Foe to the Telecom Industry  (7.1M MP3)
• Ken will talk about different types/implementations of community wireless networks.  He will also discuss why companies in the industry like, dislike and do know what to make of the community wireless movement.  Most importantly he will tell you why this movement is important and what role it has promoting privacy, community owned infrastructure, and peer-to-peer communications.
• Ken Caruso is a co-founder of the Seattlewireless.net project.  Seattle Wireless is focused on enabling people to build public/open wireless MAN in the Seattle area.  He is a network engineer by trade and by night evangelizes community wireless networks.
• PowerPoint
40. Lucky Green - Trusted Computing Platform Alliance: The Mother(board) of all Big Brothers  (13.8M MP3)
• The Trusted Computing Platform Alliance, which includes Intel, AMD, HP, Microsoft, and 180 additional PC platform product vendors, has been working in secrecy for 3 years to develop a chip which will begin shipping mounted on new PC motherboards starting early next year.
• This tamper-resistant Trusted Platform Module (TPM) will enable operating system and application vendors to ensure that the owner of the motherboard will never again be able to copy data which the media corporations or members of the TCPA don't wish to see copied, or to utilize the TCPA's software applications without pay.
• Lucky Green will explain the history of the TCPA and the alliance's efforts, identify the dominant players in the TCPA and their objectives, discuss how the members of the TCPA will be able to limit and control a user's activities by remote, show how TPM's might permit a software vendor to exploit a bug in the GNU General Public License (GPL) to defeat the GPL, and detail previously unthinkable software licensing schemes which the TCPA enables.
• Lucky will then analyze the bill currently pending in the U.S. Congress (S.2048) that will make it illegal to sell PC hardware in the future that does not comply with the TCPA's specifications.
• Lucky Green has been a long-time activist in the Cypherpunks cryptography advocacy movement.  He is best known for his role in coordinating the reverse engineering and break of the GSM digital mobile telephony authentication and voice privacy systems, showing that the systems had been deliberately weakened in the interest of facilitating national intelligence collection.  Lucky also FedEx'ed, at his own expense, crates of PGP source code books to Europe, becoming the first person to legally export PGP from the United States.  Faced with a demonstration of its absurd position that it was legal to export books from the U.S., but not electronic copies of the source code contained within those books, the U.S. Government came under increasing pressure from industry and was forced to relax governmental controls on strong cryptography in January of 2000.
• Source Code
41. Michael Glasser CRL (aka Laz) - High Security Locks, and Access Control Products  (13.3M MP3)
• The topic of the talk will be covering both high security locks, and access control products.  The locks covered will be including, Medeco, Mul-T-Lock, Assa, Fichet, Concept, Miwa and others.  The access control technology will cover, Proximity cards, Mag stripe cards, Biometrics, keypad technology, and others.  Questions will be answered on other topics, such as safes, standard locks, lock picking, CCTV, computer security, and other security issues.
• Michael Glasser is an ALOA Certified CRL and a New York State Licenced alarm installer.  He is a member of both ALOA, and the North Jersey Master Locksmith Association.  He currently is working as a manufacturers rep for access control and security electronics.  The companies he reps are Bioscrypt, IEI, Recognition Source, Tatung, and others.
42. zSnark - Building Secure Wireless Networks - Part 1  (583k MP3)
• Part 2  (11.1M MP3)
• Wireless has become quite popular in network scenarios from the basic home network to the corporate LAN to the point-to-point backbone tying together offices or job sites.  Wireless security and security breaches have been getting lots of press as have various vendors' multitude of proposals for cute proprietary ways to solve some of the problems in currently available products (primarily 802.11) by retrofitting them with better encryption, better authentication, tightly integrated access control, etc.  What is lacking is a well-defined practical approach for the administrator in deploying (or the auditor in testing) a wireless network with currently available technology.  This talk will begin with an overview of my present threat model and the details of various attacks against typical wireless networks.  Following this I will give a walk-through of building a secure 802.11 LAN as well as the monitoring and auditing necessary to keep it secure.  Time permitting I will also bring up a guest or two to discuss several "theoretical" attacks and other things yet to be revealed.
• zSnark specializes in wireless networking and general UNIX tomfoolery.  He is a member of the GhettoHackers and supports his local 2600.  Among other things his alter ego spends most of his days working on wireless networks and various projects including SeattleWireless.  See openbs.org or ghettohackers.net for his infoz.
• Slides
43. Vic Vandal - Intelligence Gathering  (16.8M MP3)
• This comprehensive talk covers the tools and techniques used in corporate espionage, information warfare, and private investigation.  It also includes an overview of laws that one must be aware of before employing such tools and techniques.
• Vic has been employed as an "InfoSec Samurai" by various government entities for the past 13 years.  He was "drafted" (kicking and screaming) into the InfoSec discipline to develop proprietary security software for a specific government agency, and the rest is history.  Some of the sensitive federal data he has helped protect has belonged to the CIA, DEA, Secret Service, Treasury Dept, Commerce Dept, and every other federal agency in existence.  He has also done the same for the Department of Defense, Navy, Marines, and Army.  He has worked extensively in every area of information security.  Any more 411 and he'd have to kill you (heh).
• PowerPoint
44. Michael I. Morgenstern, Richard Schaeffer, Marcus H. Sachs, O. Sami Saydjari, Steve Lipner, Tom Parker - Disclosure: The Mother of All Vulnerabilities  (11.1M MP3)
• Michael Morgenstern will be leading a panel comprised of several individuals from the 'other side' of information security.  Panel highlights will include: An overview on vulnerability disclosure in the past; Potential impacts of irresponsible disclosure; New threats (Does cyber terrorism exist?); The vulnerability disclosure "food chain"; The issues involved in the handling of a new vulnerability, from the perspective of a commercial software vendor; What "responsible disclosure" means; The ideal disclosure metric, is it plausible?; Ways in which communities can work together to better the disclosure process.
• There will be time for questions during and after the presentation
• Michael I. Morgenstern (Global InterSec, Moderator), Richard Schaeffer (National Security Agency), Marcus H. Sachs (Office of Cyber space Security), O. Sami Saydjari (SRI International), Steve Lipner (Microsoft Corp.), Tom Parker (Global InterSec)
45. Philippe Biondi - Security at Kernel Level  (10.7M MP3)
• Security is a problem of trust.  Having a system that offers services to Internet and that can be trusted is very hard to achieve.  Classical security models focus on the physical limit of the machine.  We will see that it can be interesting to move the trust limit between user space and kernel space and that it is still possible to enforce a security policy from this trusted place.  We will also see some practical aspects with a review of some implementations that exist for Linux kernels.
• Philippe Biondi is a security consultant at Cartel Securite.  He is involved in the developpement of LIDS.  He does about everything that is related to computer security.
• Slides
46. Greg Miles (aka DOC) - Anatomy of Denial of Service Mitigation Testing - Part 1  (8.6M MP3)
• Part 2  (878k MP3)
• DOC has had the privilege of working on a project that was focused on looking at new product technologies relating to DOS and DDOS mitigation.  Several commercial companies were formed who's entire focus was to find solutions to DOS and DDOS issues.  Different types of detection were used in each product from pure rate analysis to statistical analysis and anomaly detection.  This talk will focus on the testing methodology, testing results, lessons learned, and thoughts on the direction that this technology will be moving.
• DOC has over 15 years of information technology and security experience in the USAF, Defense Information System Agency (DISA), commercial and manufacturing industries.  DOC is CIO for Security Horizon, Inc., a security professional services firm with HQ is Colorado Springs.  His focus there has been on Organizational focused activities to include security assessments, policy and procedure development, and project management.  He is also an authorized instructor of the NSA INFOSEC Assessment Methodology.  DOC has built and managed Computer Incident Response Teams (CIRT) and provided extensive technical and project management skills related to information security.  He has served as Director, CyberCrime Response, responsible for CIRT, Computer Forensics, and Training responsibilities.  He has served as an INFOSEC Program Manager, where he was responsible for establishing and supporting the worldwide security program for the U.S. Defense Information Systems Agency's Field Security Operations, to include Computer Emergency Response Teams (CERT) in 5 locations worldwide.  Greg also served as a Senior INFOSEC Engineer, supporting NASA's efforts with the Earth Observing System.  DOC served 6 years in the U.S. Air Force with a concentration in Information and Security.  He has authored articles for security periodicals and websites, to include The International CyberCrime Journal, DuckTank (now Security Horizon), and Small Business Marketing Ideas.  DOC has been a previous technical speaker at the BlackHat Briefings and APCO conventions.
• Power Point
47. Richard Thieme - 1992... 2002... 2012...  Hacking: The Next Ten Years  (14.8M MP3)
• Ten years ago hacking was a frontier; ten years from now, hacking will be embedded in everything we do, defined by the context in which it emerges.  Real hackers will be pushing the frontiers of information networks, perception management, the wetware/dryware interface, and the exploration of our galactic neighborhood.  Mastery means not only having the tools in your hands but knowing that you have them... and using them to build the Big Picture.  Richard Thieme illuminates how to do that.
• Richard Thieme is speaking for the seventh year at Defcon.  He is a contributing editor for Information Security and has written for Wired, Forbes, Salon, and Secure Business Quarterly.  He recently spoke for the FBI's Infragard Superconference, FS-ISAC and the Dept. of the Treasury as well as other hacker cons and numerous businesses and associations.  His column "Islands in the Clickstream" is at www.thiemeworks.com.
48. DJ Sweet Sensation - SNMP Attacks/Security - Part 1  (8.4M MP3)
• Part 2  (623k MP3)
• Part 3  (3.0M MP3)
• Part 4  (514k MP3)
49. Dan Kaminsky - Black Ops of TCP/IP: Work NAT, Work.  Good NAT.  Woof - Part 1  (2.8M MP3)
• Part 2  (11.3M MP3)
• Communication under TCP/IP networks has become extraordinarily popular; still, there remains significant problems that as of yet have remained unsolved within its layered rules.  So, lets break the rules, elegance (and possibly security) be damned.  Signficant new techniques and code will be unveiled to answer the following questions:
• A)  Instant Portscan - Is it possible to discover instantaneously what network services have been made available, even on massive networks?
• B)  Guerrila Multicast - Is it possible to send a single packet to multiple recipients, using today's multicast-free Internet?
• C)  "NATless NAT" - Is it possible to share a globally addressable IP address without translating private IP ranges a la NAT?  Is it possible to allow incoming connections to an IP multiplexed in this manner?
• D)  NAT Deadlock Resolution - Is it possible to establish a TCP connection between two hosts, both behind NATs?
• Various interesting uses of these new packet-level primitives should be discussed, and OpenSSH will trotted out as the method of bringing some degree of security unto the resulting chaos.
• Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems.  He recently wrote the "Spoofing and Tunneling" chapters for Hack Proofing Your Network: Second Edition, and has delivered presentations at several major industry conferences, including Linuxworld, Defcon, and past Black Hat Briefings.  Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit.  Finally, he is the founder of the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field.  He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.
• PowerPoint
50. Roelof Temmingh & Haroon Meer - Setiri: Advances in Trojan Technology  (12.1M MP3)
• The presentation will describe the inner workings of the Trojan "Setiri."  Setiri leads a new wave of Trojan horse technology that defeats most conventional security devices including personal firewalls, NAT, statefull inspection firewalls, IDS, proxy-type firewalls, and content level checking.  The presentation will focus on the setting up of a bi-directional communication stream in non-conducive environments, rather than describing the features of the Trojan.
• The presentation will include an online demonstration - a well-protected PC located inside a heavily protected environment will be Trojaned with Setiri.  The computer will be taken over by a controller that is situated outside of the network.  At the same time network traffic will be manually inspected.
• Roelof Temmingh is the technical director and a founding member of SensePost.  After obtaining his degree in electronic engineering in 1995, he helped to establish SensePost along with some of South Africa's leading IT security minds.  He is currently involved in the coding of proof-of-concept code, and the practical realization of complex security concepts.  Roelof has been a speaker at the 2001 Summercon conference and the 2002 Black Hat Windows conference.
• Haroon Meer joined SensePost as a Technical Security Specialist after over 7 years in the networking/security industry.  He has a wide background in security and networking from writing code to administration of large campus networks.  He is currently heavily involved in the development of additional security tools and proof-of-concept code and has been a speaker at the recent Black Hat Windows Briefings in New Orleans.
• PowerPoint
51. Mick Bauer - Stealthful Sniffing, Logging, and Intrusion Detection: Useful and Fun Things You Can Do Without an IP Address  (12.2M MP3)
• Centralized event-logging and automated intrusion detection are required tools for good network security.  But what can you do to prevent your loggers and IDS probes from falling victim to the same attacks they're supposed to warn you about?  As it happens, one cool thing you can do is run such systems without IP addresses.  In my presentation I'll describe the benefits and drawbacks of this technique, and demonstrate how it can be used in conjunction with Snort, syslog-ng, and other standard *nix tools to build stealthful loggers and IDSes.
• Mick Bauer is a Technology Counselor (information systems security consultant and engineer) for Upstream Solutions, based in Minneapolis.  His areas of expertise include firewall architecture and integration, security policy, network application security, and Unix and NT system security.  Mick is the author of Linux Journal's popular "Paranoid Penguin" security columns, and of the upcoming book Building Secure Servers With Linux (O'Reilly and Associates, October 2002).
• Slides
52. Error - Neuro-Linguistic Programming (NLP) - Part 1  (7.9M MP3)
• Part 2  (4.1M MP3)
• This talk is primarily about psychology and relates to typical programming in no way.  Neuro-Linguistic Programming (NLP) is best described as new age pseudo-science by some and the future of psychology to others.
• Through this talk on NLP you will learn about the ability to control and otherwise manipulate as well as teaching via "knowledge encoded linguistic algorithms."  You should also gain the ability to do a "cold read."  You will also learn about "NLP modeling."  Some should walk away with a greater understanding of human psychological patterns.
• About me: Happily spreading memes for years to come.
53. Michael Schrenk - Introduction to Writing Spiders & Web Agents  (10.7M MP3)
• You can have a lot of fun with the Internet by ditching your browser in favor of writing special purpose programs that look for - or do - very specific things on the Internet.  This session will equip you with techniques to extract and interact with data from websites without a browser, parse and filter data, follow links, deal with encryption and passwords, and manage terabytes of information.  You'll also learn why writing these programs is a useful activity, and walk away with ideas and abilities to write useful spiders or web agents of your own design.
• Michael Schrenk is a freelance Internet developer, instructor and writer.  Much of his consulting business revolves around the creation of spiders, which search the Internet for information of value to his clients.  He has also developed web strategies and online applications for Disney, Adidas, Nike and many others.
• Slides
54. Huagang Xie - LIDS  (9.8M MP3)
• The talk will discuss the backgroup, current architecture and use the LIDS.  And also will talk about what kind of attacks LIDS can detect and prevent and finally will get into details how to build a secure linux system with LIDS.
• Huagang Xie, the author of the open-source (GPL) LIDS project, is a kernel hacker and Linux enthusiast.  Gradudated from Tsinghua University and Insititue of Computing Techology of Chinese Academy of Sciences, he has extensive experience in Linux kernel, kernel security and host/network-based IDS.  He currently works as software engineer at IntruVert Networks.
• Slides
55. Rich Murphey - FreeBSD Exploits & Remedies  (9.3M MP3)
• This talk continues the review of system hardening and security management presented in the BlackHat talk, "Locking Down Your FreeBSD Install."  We walk though well-known exploits for the FreeBSD 4.5 release, showing the mechanisms and effects on the system.  We then discuss the way in which the vulnerability is assessed and monitored, and the ways in which the system can be hardened or access controls can be refined to reduce the risk of exposure.  For each of these, we show the key features of the bundled tools for monitoring and controlling access.
• Rich Murphey was a founding core team member of FreeBSD and XFree86.  He received a PhD in Electrical and Computer Engineering from Rice University, was on the faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies before joining NetIQ recently.  His main interests are development of Beowulf clusters and Intrusion Detection Systems.
56. FozZy - Advanced Shellcodes  (9.1M MP3)
• Shellcodes are tiny machine language programs designed to be injected inside a vulnerable process and executed with its priviledges.  They traditionaly do simple actions, like exec-ing a shell or writing to a file.  They can be easily defeated by host intrusion prevention and detection systems like filesystem ACL, kernel system calls ACL, non-privileged chrooted processes, etc.  Is it possible to bypass these security measures, or at least take advantage of what they permit?  In this talk, FozZy will present how to design small polymorphic shellcodes downloading encrypted modules or binaries and executing them directly in memory.  (Ever got a shell without running /bin/sh? ;)  Through live demos with HIDS and NIDS on, we'll see the limits of current security systems on open-source OSes.
• FozZy is the director of the French "Hackademy" and chief redactor of the newspaper Hackerz Voice.  Topics covered include computer and network security and intrusion, real social engineering attempts, French credit and phone cards hacking, and hardware hacking.
• Slides
• Source Code
57. Thomas Rude (aka Farmerdude) - Next Generation Data Forensics & Linux  (12.9M MP3)
• The field of data forensics ('computer forensics' as commonly referred to) is rapidly changing.  Historically data forensics was focused on the imaging, analysis, and reporting of a stand-alone Personal Computer (PC) hard drive perhaps 1 gigabyte (GB) in size using DOS-based tools.  However, due to a number of changes and advances in technology an evolution has begun in the field of data forensics.  So where do we stand today?  Increasingly, forensic examiners are faced with analyzing 'non-traditional' PCs, corporate security professionals are doubling as in-house forensic examiners and incident first responders, and critical data is residing in volatile system memory.  This is the 'Next Generation of Data Forensics.'  What is the Next Generation Data Forensics platform of choice?  Linux.  Why Linux?  There are a number of key functionalities within the Linux operating system environment that make it the best platform for data forensics.  Among them: Everything, including hardware, is recognized as a file; Support for numerous filesystem types; Ability to mount a file via the 'loopback driver'; Ability to analyze a live system in a safe and minimally invasive manner; Ability to redirect standard output to input, or 'chaining'; Ability to monitor and log processes and commands; ability to review source code for most utilities; Ability to create bootable media, including floppies and compact discs.
• "Farmerdude" is a security consultant for RedHat, Inc.  When not performing vulnerability assessments, penetration tests, or designing security technologies such as firewalls and VPNs, he can be found in the lab testing various security tools, applications, and operating systems for weaknesses and flaws.  Farmerdude has presented on topics ranging from steganography, data forensics, and social engineering, at various Cyber Crime and INFOSEC conferences.  In addition to serving as the current Vice President for the Atlanta Chapter High-Technology Crime Investigation Association (HTCIA), he is also a member of the Atlanta Metropolitan Crime Commission.
• PowerPoint
58. Nate Rotschafer - N-Stage Biometric Authentication - Part 1  (5.8M MP3)
• Part 2  (219k MP3)
• Part 3  (198k MP3)
• Part 4  (109k MP3)
• Part 5  (147k MP3)
• Part 6  (253k MP3)
• Part 7  (259k MP3)
• The topic will be about using biometric authentication as part of a multiple stage authentication mechanism.  This discussion will explore various applications and flaws with the technology along with some of my ongoing research into a replay attack on the devices by capturing what "goes down the wire."
• I am a sophomore at the University of Nebraska at Omaha working towards a degreee in computer science with a focus in information security along with a degree in computer engineering.  I've done research on the topic of biometrics for local conferences and was recognized by the university as a Scott Scholar.
• PowerPoint
59. Michael Rogers - Steganographic Trojans  (8.4M MP3)
• As anti-virus manufacturers develop more efficient techniques for stopping an infection, potential attackers must become more cunning and resourceful in their deployment methodologies; they must create "invisible" code... But how?  What are the possibilities of developing an invisible virus or Trojan?
• The purpose of this talk is to explain the research we have collected, and to identify potential distribution methods, including JPEG, MPEG, and MP3, which may utilize steganographic hiding techniques to obfuscate the source code of various programs such as viruses and Trojans.
• Michael has been working in the information security field for four years and is currently the Senior Security Engineer for Exceptional Software Strategies, Inc., located in Baltimore, Maryland.
60. Andrew Hintz - Covert Channels in TCP and IP Headers  (10.7M MP3)
• How would you communicate securely in a country where encryption is outlawed or where key escrow is mandatory?  How can you prevent the Feds from forcing you to turn over your encryption keys?  Simple.  Don't let your adversaries know that you're transmitting encrypted information.  Using covert channels you can completely hide the fact that you're transmitting encrypted information.  During this presentation we'll give an introduction to covert channels in TCP and IP headers, release a few vulnerabilities in current TCP timestamp covert channels, and demonstrate and release software that enables covert communication via TCP and IP headers.
• Website
• PowerPoint
61. hellNbak - Selling Out For Fun and Profit - Part 1  (2.9M MP3)
• Part 2  (1.8M MP3)
• Recent events in the security industry have caused multiple groups to cry foul and claim that many so called hackers have sold out.  A war of words has errupted between those crying foul and those who have apparently sold out.  Most recently, Gweeds presented a talk at H2K2 that touched on many nerves when he pointed fingers at specific people in the security industry.
• While the talk given by Gweeds was based mostly on made up stories and FUD, he touched on some points that deserve a bit of attention.  Additionally, the articles written in The Register by Thomas Greene points out that the media in general has a responsibility to verify facts - somthing does not seem to be hapenning.
• The talk presented by hellNbak will address these issues along with some of the dirty little secrets in the security industry.  In general, hackers hack for the quest of knowledge and the ability to be places that others cannot go.  Based on this, Hacktivism, cyberterrorism, and selling out is a myth and until hackers are hacking for a real cause it always will be.
• hellNbak has been around the IT security industry for 11 years and a member of NMRC for three of those years.  He has worked in a security related capacity for large companies such as IBM, BindView Development and Ernst & Young.  Up until this year, hellNbak has found it necessary to hide behind his NMRC nym but after Defcon hellNbak, now a self-employed security consultant, no longer needs the cover of a nym to protect himself from clueless managers and threatening venduhs.
62. Robert Lupo (aka V1ru5) - Introduction to Computer Viruses: Understanding the Fundamentals of How to Identify, Remove, and Defend Against Hostile Code  (14.6M MP3)
• This talk will cover: How different computer viruses work "boot sector, file infector, multi-parti, VBS, Java, the different OS viruses, etc..."; How to remove different computer viruses with and without anti-virus software; How to defend against computer viruses and hostile code; Computer viruses and different operating systems; The future of computer viruses and hostile code.
• Robert Lupo "V1ru5" currently works for Expedia.com as there global network security engineer.  He has several certifications in security including CCSA, CCSE, Internet Security Certified, and MCSE.  Robert has lectured at Defcon in the past plus H2K, H2K2, University of Illinois, North Dakota State University and others nation wide.
63. Sean Lewis - BSD Security Fundamentals  (10.4M MP3)
• FreeBSD security fundamentals will cover some security basics as well as advanced topics on FreeBSD host and network security.  Emphasis will be on hardening a FreeBSD machine from the inside-out, locking down ports, services, filesystems, network activity, etc.  Some of the material presented in this talk will be BSD-agnostic, and some will apply to an UNIX environment in general.  Review of several recent UNIX security vulnerabilities and valuable information on monitoring and safeguarding your system as well as your network.
• Sean Lewis has over six years of computer security experience, focusing mainly on UNIX systems - hardening, penetration testing and kernel-level lockdown of servers in various roles.  Sean has designed systems for various large organizations that assume critical network roles and must be among the top host-based secured machines on the network.  Using open-source technology, these systems are not only some of the most secure machines you can find, they are also some of the least expensive.  Sean is a Checkpoint Certified Security Administrator, and has in-depth knowledge of firewall installation and maintenence as well as penetration testing and evasion tactics with popular firewall products in use in corporate America.  Sean has also designed networks of varying scales, including a high-speed, high-availibility B2B e-business trading infrastructure that attracts millions of hits per month.  Sean also has experience with Windows NT and 2000 security, as well as a large deal of work with networking devices such as switches and routers.  He also has published several documents regarding Windows NT and IIS security, including 'quick checklists' for post-installs and ongoing maintenence currently in use by several large organizations.
• PowerPoint
64. GOBBLES Security - Wolves Among Us  (16.7M MP3)
• Video  (416M AVI)
• GOBBLES Security members will be giving a presentation called "Wolves Among Us," which will discuss the evil motivations of certain members and organizations of the security industry, the big companies that are underqualified for security and yet reap such incredible revenue for their services, the way the media is uninformed and further intentionally writes incorrect information concerning hackers, and more.  Concrete examples will be cited, and then discussion on the greater ramifications of those examples will be held.
• GOBBLES Security -- currently the largest active nonprofit security group in existance (that favors full disclosure).  GOBBLES Security consists of 17+ members, ranging from the age of 15 to 28.  Unlike some groups that make this claim, GOBBLES actually publishes advisories for the sake of security, and not as an opportunity to get some political vendeta aired - and also publish advisories at a rate greater than one every three years.
65. Dr. Walter C. Daugherity - Quantum Computing 101: How to Crack RSA  (4.9M MP3)
• The brand-new technology of quantum computers offers the prospect of exponential speedup, making heretofore infeasible problems like cracking RSA conceiveable.  The fundamentals of quantum computing are presented, and how a quantum computer could be used to crack RSA is described.
• Dr. Walter C. Daugherity is a Senior Lecturer in Computer Science and Electrical Engineering at Texas A&M University.  He received a bachelor's degree from Oklahoma Christian University, and master's and doctor's degrees from Harvard University.  His research interests include fuzzy logic, object-oriented programming, and quantum computing.  With David A. Church he created the first course in quantum computing at Texas A&M University, which will be offered for the third time in the fall semester this year.
• PowerPoint
66. Elonka Dunin - Cryptography and Steganography  (4.7M MP3)

Defcon 11

  August 1-3, 2003 at the Alexis Park Hotel & Resort

• Pinguino's Defcon 11 Writeup
• Picture Archive for Defcon 11  By Pinguino
• Picture Archive for Defcon 11  By WOWhacker
• Hacker Chicks at Defcon 11
• Defcon 11 Program  (4.4M PDF)

1. Phil Zimmermann - A Conversation with Phil Zimmermann  (6.3M MP3)
2. Paul Wouters - Deploying DNSSEC  (8.9M MP3)
3. Bruce Potter - Bluetooth  (5.8M MP3)
4. Leia Amidon, Omar Ahmed, David McLeod, Harry Regan - After Napster  (5.9M MP3)
5. Fyodor - Advanced Network Reconnaissance Techniques  (5.7M MP3)
6. Greg Conti - Interface Design of Hacking Tools  (5.5M MP3)
7. Lenard Kleinrock & Sally Richards - At Risk! Privacy  (5.3M MP3)
8. Michael Schrenk - Online Corporate Intelligence  (3.0M MP3)
9. Bryan Glancey - PDA Insecurity  (4.3M MP3)
10. Mystic - Mimicry  (2.4M MP3)
11. J0hnny Long - Watching the Watchers  (4.5M MP3)
12. OldSkoolS - Satellite TV Technology  (5.2M MP3)
13. Chung's Donut Shop - The Luna Correspondence Protocol  (5.3M MP3)
14. Paul Clip - Hacking From the Palm of Your Hand  (5.8M MP3)
15. Robert Imhoff-Dousharm - Credit Card Networks 101  (4.4M MP3)
16. Len Sassaman, Peter Palfrader, noise, Michael Shinn, Ryan Lackey - Behind the Remailers  (6.6M MP3)
17. Ofir Arkin - Revolutionizing Operating System Fingerprinting  (6.0M MP3)
18. ParanoidAndroid - Beat the Casinos At Their Own Game  (3.9M MP3)
19. Jaya Baloo - Government IP Tapping  (5.6M MP3)
20. Tony Kapele - Fashonably Late - What Your Networks RTT Says About Itself  (5.8M MP3)
21. Bill Scannel - Punishing Collaborators Redux  (4.5M MP3)
22. Daniel C. Silverstein & Damon McCormick - Increasing The Security of Your Election by Fixing It  (5.7M MP3)
23. Cat Okita - Aura  (4.2M MP3)
24. Joe Klein - Information Leakage -- You Posted What?!  (5.8M MP3)
25. Susan Brenner - Toward a Criminal Law for Cyberspace  (5.7M MP3)
26. SensePost - Putting The Tea Back Into CyberTerrorism  (5.3M MP3)
27. Roberto Preatoni - The Future Frontiers of Hacking  (5.6M MP3)
28. Eric Goldman - Criminal Copyright Infringement and Warez Trading  (3.6M MP3)
29. Spyde~1, AutoNiN & Mystic - The UPS (Undetectable Packet Sniffer)  (2.5M MP3)
30. Robert Sheehy - Theft of Service Attacks  (5.2M MP3)
31. Mikko Valimaki & Ville Oksanen - The Story of EFFI  (5.5M MP3)
32. Silvio Cesare - Opensource Kernel Auditing and Exploitation  (6.1M MP3)
33. tommEE pickles - Streaming Media Theft and Protection  (4.7M MP3)
34. Richard Thieme - Hacker Generations  (6.7M MP3)
35. Beetle & Bruce Potter - Airsnarf Tools  (3.2M MP3)
36. Brian Hurley & Ann Gabriel - Internet Radio Politics  (4.8M MP3)
37. Wendy Seltzer - The Internet's Private Cops  (5.3M MP3)
38. Seth Fogie - Embedded Reverse Engineering  (5.1M MP3)
39. Gregoire Gentil - Hack Any Website  (2.6M MP3)
40. Cindy Cohn - What Hackers Need to Know About Post 9/11 Legal Changes  (6.4M MP3)
41. Dan Kaminsky - Stack Black Ops  (5.3M MP3)
42. David Rhoades - Hacking Web Apps  (6.9M MP3)
43. Matt Shannon - _vti_fpxploitation  (4.1M MP3)
44. FX - More Embedded Systems  (6.2M MP3)
45. Tom Parker, Matt Devost, Marcus H. Sachs and Toby Miller - Adversary Characterization and Scoring Systems  (7.9M MP3)
46. Adam Bresson - Manyonymity  (5.9M MP3)
47. Daniel Roelker - HTTP IDS Evasions Revisited  (5.8M MP3)
48. Michael Sutton & Pedram Amini - Hacking the Invisible Network  (5.6M MP3)
49. Grifter - Dumpster Diving  (6.7M MP3)
50. Sean O'Toole - Metamorphic Viruses  (3.7M MP3)
51. Jay Beale - Locking Down Mac OS X  (5.6M MP3)
52. Jonathan Wignall - Network Worms  (2.8M MP3)
53. Mick Bauer - Self-Abuse For Smarter Log Monitoring  (5.9M MP3)
54. Criticalmass & Matt (404) - Social Engineering Fundamentals  (6.0M MP3)
55. Brett Neilson - Malicious Code and Wireless Networks  (2.0M MP3)
56. Inertia - Introducing nmrcOS  (2.4M MP3)
57. Jeffrey Prusan - Technical Security Countermeasures  (5.4M MP3)
58. Viki Navratilova - Today's Modern Network Killing Robot  (5.1M MP3)
59. Rich Murphey - Intrusion Prevention Techniques on Windows and Unix  (6.1M MP3)
60. Ryan Lackey - HavenCo  (7.5M MP3)
61. Michael D. Glasser - OSI Layer 1 Security  (11.2M MP3)
62. Chris Hurley - The WorldWide WarDrive  (11.4M MP3)
63. Simple Nomad, Inertia, jrandom, Weasel, Cyberiad, Sioda an Cailleach, HellNbak - Free Your Mind: The NMRC Info/Warez  (20.9M MP3)
64. Icer - Why Anomaly Based Intrusion Detection Systems Are A Hackers Best Friend  (8.7M MP3)
65. Abaddon, Dragorn, Anton Rager, Joshua Wright & h1kari - Abusing 802.11  (20.3M MP3)

Defcon 12

  July 30 - August 1, 2004 at the Alexis Park Hotel & Resort

• Defcon 12 Program  (2.8M PDF)
• Defcon 12 Audio RSS
• Defcon 12 Video RSS
• Defcon 12 Music RSS

1. Ian Clarke - Freenet: Taming the World's Largest Tamagotchi  (24.6M MP3)
• Since March 2000 the Freenet project has been the very embodiment of the 'release early, release often' mantra, gaining invaluable experience of the unpredictable challenges encountered when deploying a P2P architecture on a large scale.  This talk will discuss recent developments in the project including our 'next generation' routing algorithm, and a sophisticated but elegant new load balancing mechanism called 'adaptive rate limiting.'  Expect the talk to employ lots of real-world data to illustrate how theory translates to practice when looking after the world's largest Tamagotchi.  Ian Clarke is the architect and coordinator of The Freenet Project, and the Chief Executive Officer of Cematics Ltd, a company he founded to realize commercial applications for the Freenet technology.  Ian is the co-founder and formerly the Chief Technology Officer of Uprizer Inc., which was successful in raising $4 million in A-round venture capital from investors including Intel Capital.  In October 2003, Ian was selected as one of the top 100 innovators under the age of 35 by the Massachusetts Institute of Technology's Technology Review magazine.  Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland.  He has also worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division.  He is originally from County Meath, Ireland.
2. Peter D. Feaver and Kenneth Geers - The First International Cyber War: Computer Networks as a Battleground in the Middle East and Beyond  (4.5M MP3)
• This briefing addresses the world's first global Internet war: the cyber skirmishes associated with the Palestinian intifadah.  What started out as a localized conflict spread to battles around the globe as forces sympathetic to either the Israelis or the Palestinians joined the fray.  With the Middle East cyber war as a backdrop, this presentation will cover the ways in which people can try to affect the course of world history through coordinated action in cyberspace.  The authors first describe the globalized and asymmetric nature of modern warfare, the asymmetry of computer hacking, and the psychology of subcultures.  They outline the legal issues surrounding cyber warfare, from the perspective of a lone hacker to a massive government intelligence service, and discuss the problems inherent in cyber retaliation and in the prosecution of hackers.  On the technical side, this briefing discusses the targeting of Internet sites for attack, and the strategies used by hackers to bring them down or merely leverage them in more subtle ways to support their cause.  The primary focus is the means used by cyber commanders to accomplish political and/or social goals, in particular the creation of Web portals through which their foot soldiers are able to unite and rain network packets down upon their enemies.  Finally, this briefing examines the difference between the perception and the reality of cyber attacks.  We address the strategies that national governments are employing to combat the threat, the potential impact of cyber attacks on military operations, and the vexing problem of Denial of Service attacks, Web defacements, and free speech.  The authors assess the threat and the limits of the more powerful weapons in the cyber arsenal, and consider who might be the biggest target of cyber attacks in the coming years.  Peter D. Feaver (Ph.D., Harvard, 1990) is Professor of Political Science and Public Policy at Duke University and Director of the Triangle Institute for Security Studies (TISS).  Feaver is co-directing (with Bruce Jentleson) a major research project funded by the Carnegie Corporation, "Wielding American Power: Managing Interventions after September 11."  Feaver is author most recently of Armed Servants: Agency, Oversight, and Civil-Military Relations (Harvard Press, 2003),and co-author, with Christopher Gelpi, of Choosing Your Battles: American Civil-Military Relations and the Use of Force (Princeton University Press, 2004).  He is co-editor, with Richard H. Kohn, of Soldiers and Civilians: The Civil-Military Gap and American National Security (MIT Press, 2001); and author of Guarding the Guardians: Civilian Control of Nuclear Weapons in the United States (Cornell University Press, 1992).  Kenneth Geers (M.A., University of Washington, 1997) is a Computer Investigations and Operations analyst with the Naval Criminal Investigative Service (NCIS).  His career at the Department of Defense also includes work at the National Security Agency, the Defense Intelligence Agency, a SAIC nuclear arms control support team, the John F. Kennedy Assassination Review Board, and the U.S. embassy in Brussels, Belgium.  He is an expert in French and Russian, who finished first in a class of seventy at the Defense Language Institute at the Presidio of Monterey.  Mr. Geers is the author of training and testing software to prepare U.S. Army Major Commands for Russian strategic arms inspections, and he has designed multiple U.S. Army Space and Missile Defense Command websites devoted to arms control.
3. Jon Callas - How do we get the World to use Message Security  (23.4M MP3)
• The time has come for people to start using email encryption extensively.  There is enough threat from attackers as well as ignorant judges that email is not safe.  SSL isn't good enough.  But how?  How do we get people to do this?  How do you get people whose VCRs blink 12:00 to use encryption?  How do you get people to remember to encrypt?  This talk discusses both specific answers as well as open architectures to nudge people down the road of encrypting their email.
4. n0namehere - Real World Privacy, How to Leave Less of a Trail in Life  (22.3M MP3)
• Like leaving breadcrumbs in the forest, individuals leave a data trail throughout their day.  This talk will look at practical ways to leave a smaller data wake.  Privacy isn't dead.  Time, money and effort are needed to maintain and live outside the data collection mechanisms that are now part of society.  This is not a talk to look at the ways in which your data is shared, but a look at examples and methods by which one can minimize sharing the data in the first place.  Topics to be covered include communications, money, medical, travel, shopping, rubbish and major life events.  The key is to not leave any data, but, when one must leave data, leave it in a way which it won't trace back to you.  n0namehere started down the privacy route in the early 1990s after mistakenly hearing cell and cordless phone calls on his recently purchased scanner.  Realizing the ease in which others could listen in on his life, this event led to a re-evaluation of his behavior which changed his life.  He spreads the word among friends and family, encouraging many down the road to stronger privacy.  n0namehere is a big computer company survivor whose personal and professional work focuses on computer security and privacy issues ranging from running to designing to breaking systems, networks and applications.  n0namehere has worked for Fortune 500 companies, consulted on hundreds of system and network designs and worked security/privacy issues during the Summer Olympic Games.  n0namehere doesn't live in a cave but balances privacy and reality in his daily life.
5. Scott Fullam - Introduction to Hardware Hacking  (19.8M MP3)
• Interested in hardware hacking but were not sure where to start?  This presentation is for you.  I will show you how to get started with modifying equipment for fun and useful purposes.  I will show you the best ways for opening the enclosures for electronic equipment without destroying it, how to identify electronic components, how to solder together circuits, where to get parts, and will do a walk through of several hacks I have completed.  The talk is intended for beginners, but all experience levels will get a kick out of it.  Scott Fullam is the author of the O'Reilly book "Hardware Hacking Projects for Geeks" published in February 2004.  Scott Fullam has been hacking hardware since he was 10 years old with his first Radio Shack 100-in-1 electronic kit.  He built an intruder alarm to keep his sister out of his room.  Scott attended MIT earning Bachelors and Masters degrees in Electrical Engineering and Computer Science.  While and undergraduate he built a shower detection system so that he could see if the community shower was in use to allow him to sleep in a few extra minutes in the morning if it was occupied.  After graduating from MIT Scott designed children's toys and built close to 50 prototypes in 2 years.  He then went to work at Apple Computer in the Advanced Technology Group designing digital still cameras.  In 1995, Fullam co-founded PocketScience, which develops revolutionary mobile Email communications products and services.  As the Chief Technology Officer (CTO), Fullam personally developed all of the algorithms for the company's products.  He also led the team that developed PocketScience's products and reference hardware.  Scott now works as an independent consultant assisting consumer electronic companies design high quality products and manufacture them in the Far East.  Scott holds 15 U.S. patents.  Never satisfied with how the consumer electronics products he own work, he often takes them apart and enhances their capabilities.
6. Dead Addict - Hacking the Media, and Avoiding Being Hacked by the Media  (23.0M MP3)
• Hackers have been demonized and romantisized in the media.  Some hackers interactions with the media have caused their eventual incarseration, while others seem to pimp the media to promote their careers.  Dead Addict will provide a framework for manipulating the media and avoid being the victim of the media.  While this talk will be relavent to hackers, it is applicable to all that consume or are consumed by media.  Dead Addict will also discuss methods to improve the quality of reporting and influence the media without appearing in it.
7. Dark Tangent - Award Ceremonies  (6.1M MP3)
• The Dark Tangent acknowledges those who made Defcon 12 possible, contest winners and the techniques that were used to win.
8. Cameron Hotchkies - Blind SQL Injection Automation Techniques  (23.2M MP3)
• Due to improper software design and implementation practices, the number of web-based applications vulnerable to SQL injection is still alarmingly high.  Yet the actual steps used to exploit these applications remain very tedious and repetitive.  This presentation will focus on methods available to automate the task of exploiting blind SQL injection holes.  It will also feature a new tool, "sQueaL" and explain some of the research, used in the creation of this tool as well as ideas for expansion on the tool or other uses of the core libraries developed.  Cameron Hotchkies, a.k.a. nummish, is a member of the 0x90.org digital think-tank and head developer of the new blind injection tool, SQueaL.  In his non-free time, he works as a web-application developer and has witnessed (and had to repair) great atrocities in web application design.  This has left him a bitter and frail shell of his former self.  Some people have suggested he get out more.  He is currently struggling to write code to teach him how to properly pronounce the word "about."  This will be his first time speaking at Defcon.
9. Robert Imhoff-Dousharm and Jonathan Duncan - Credit Card Networks Revisted: Penitration in Real-Time  (21.6M MP3)
• Credit card authorization is the core to all major businesses, both on and off the Internet.  Yet an alarming number of businesses are not taking the right steps to insure that your credit cards are secure against fraud and theft.  In bringing this to light (Credit Card Networks 101, July 31, 2003 - DC 11), you were awed at the posibility, but were not provided with any real proof.  This year we, that's you and I, will walk through the process of identifying credit card traffic on a network, decyfering packets and propagated rouge credit card data to a host comeputer.  You will be provided access to a private WiFi network.  This networks will have credit card data streamming across it for you to sniff.  With your help, we will discover information about credit cards packets, and how to design our own packet to be sent.  Robert "hackajar" Imhoff-Dousharm in the last 2 years, Robert has worked for Shift4, a Credit Transaction Gateway.  As an analyst he insures best fraud practices, compliceny and security are meet at all clients sites.  He has worked with government agency's during fraud investigations.  He also works with new and potential clients to implement best practice in software design of credit card intigration software.  Robert has spoken at Defcon 11 (Credit Card Networks 101) about the potential risks currenly impeading on credit card networs.  He will demonstrate those risks this year with "Credit Card Networks Revisted: Penitration in Real-Time".
10. Ian Vitek - Exploring Terminal Services, The Last 12 Month of Research.  (Or, The Evil Admin and his Tools)  (22.8M MP3)
• Got shell?  On a Citrix or Terminal Services server?  The speech will demonstrate some common ways to explore terminal services.  Uploading files with the keyboard and elevate luser rights to SYSTEM.  How secure is it for a client to connect to a Citrix or a terminal services server if an evil admin owns the box?  Tools and exploits will be released.  If you approach Ian he probably wants to talk about privilege escalation or web application security.
11. Foofus - Old Tricks  (21.9M MP3)
• In September of 2003, a noted security consultant was terminated from his job over controversy surrounding a document that he co-authored.  One key focus of the document was the risk associated with operating system monocultures.  This idea was nothing new.  In fact, in 1989, the following passages appeared in a book that spent over four months on the New York Times best seller list: "Just like genetic diversity, which prevents an epidemic from wiping out a whole species at once, diversity in software is a good thing.  A computer virus is specialized: a virus that works on an IBM PC cannot do anything to a Macintosh or a Unix computer.  [snip] Diversity, then, works against viruses.  If all the systems on the Arpanet ran Berkeley Unix, the virus would have disabled all fifty thousand of them.  Instead, it infected only a couple thousand." -- Stoll, Cliff.  The Cuckoo's Egg, New York: Simon and Schuster Pocket Books, 1989.  Pages 51 and 347.  The point of this citation is not to cast any disrespect on the authors of "CyberInsecurity: The Cost of Monopoly" (on the contrary, in fact).  Rather, we wish merely to note that the risk of monocultures was identified at least fourteen years ago, and was widely published.  Why fuss if someone repeats it?  Foofus.net wants in on this kind of action.  In that spirit, we've looked high and low for a bunch of other old ideas so that we can breathe new life into them, and (in the famous words of a respected security research team), make "the theoretical practical," in an effort to tax the patience of those who would rather we kept our heads in the sand about ideas that are right there in the open, but inconvenient to demonstrate.  Until now.  Come to this presentation, and savor some exquisite fun.  We will demonstrate our tools and techniques, and we think you will find that they are interesting and useful.  But not new.  We promise that we have not invented a damn thing here; the basic concepts are 100% recycled, but we hope they will encourage people to get serious about areas where they've been coasting for too long.  The focus of the talk is Windows: tools will be presented for identifying potential trust relationships between disparate hosts, tinkering with friendly wireless interfaces, easy access to network shares without bothering to crack password hashes, and (if our luck holds) maybe even alittle more.  It'll be really fun, and stuff.  Foofus leads a team of security engineers at a midsize technology consulting firm in the midwest, where he has worked for the past seven years.  He has spoken at a variety of events and conferences including Toorcon and LISA.  His chief technical interest is software security, and in his spare time he enjoys playing guitar, cooking, and attending the symphony.
12. Rakan El-Khalil - Information Hiding in Executable Binaries  (20.1M MP3)
• Information Hiding (IH) techniques are much researched in the context of watermarking or fingerprinting images and sound files, mainly as a means of copyright protection and piracy prevention/detection.  Those mediums offer a significant amount of redundancy, thus lending themselves to the implementation of robust IH systems.  Executables however do not offer such amounts of redundancy, and have thus far proven to be a difficult and rarely used medium for steganographic and other IH purposes.  The aim of this talk is to be an introduction to IH, with a thorough coverage of state of the art techniques for embedding into binaries.  Hydan, a tool for performing such embeddings in machine code, will be presented.  In addition to typical IH uses [steganography, watermarking], the tool and techniques shown can be used in anti-reverse engineering, trusted application execution, frustrate some buffer overflow attacks, and as an engine for metamorphic viruses.  An interesting effect of the tool is that the executable remains the same size before and after embedding, while of course remaining functionally equivalent.  Rakan El-Khalil is currently on sabbatical in France.  He is a recent MS CS graduate from Columbia University.  While he was there he worked on a variety of projects at the CS Research Lab, such as an IDS that uses machine-learned models to detect network threats, and a syscall based permission system on OpenBSD [predating systrace].  He was also responsible for the short-lived official KaZaA Linux client `kza'.  Currently he is involved with The Bastard, a powerful linux disassembler, and has been researching steganography and information hiding in machine code.
13. Michael Davis - The Open-Source Security Myth and How to Make it a Reality  (24.3M MP3)
• Open Source software is frequently described as more secure, than closed source software for two reasons: the number of people available to correct a problem is potentially larger; and anyone can review the source code for vulnerabilities or malicious code.  Unfortunately, the current state of design documentation does not support a cost-effective security review.  In addition to compromising the confidence in the software, the lack of documentation also sets an unnecessarily high bar, for new members to join an Open Source projects.  This unintended consequence directly reduces the number of people available to correct vulnerabilities or otherwise improve the software.  The presentation provides a rationale for creating development documentation and identifies available tools.  Michael Davis oversees the Security Engineering services provided by Dynamic Security Concepts, Incorporated (DSCI).  During recent efforts to encourage his customers to use Open Source solutions; he oversaw the security review of a number of Open Source security tools.  He possesses a broad security background and has been a featured speaker for select audiences on the subject of intrusion detection and evaluating security solutions in general.
14. Deral Heiland - The Insecure Workstation  (20.6M MP3)
• The insecure workstation.  A creative look at the windows group policies as a security solution in today's workplace and how easily they are circumvented.  This talk will discuss the where, what and why on policies and also demonstrate simple tricks to bypass policies and exploiting poor policy implementation.  Deral Heiland has been in the IT field since 1994 working in the following industries; newspaper media, system integrator, manufacturing.  Held the following position network administrator, financial systems manager, network field engineer and network security analyst.  He presently holds the following certifications SSCP, CCNA, CCWS, CNE5 and CWSE.
15. Maximillian Dornseif - Far More Than You Ever Wanted to Tell - Hidden Data in Document Formats  (24.6M MP3)
• Applications usually put all kinds of information besides the ones which you intend to into saved documents.  This can lead to embarrassing revelations.  We will take a look into different types of application data and what can be hidden in there.  This allows us to "scrub" our own documents to avoid unwanted information in there but also to look for information in documents which the authors didn't want to hand out.  Go grasp the scope of the problem we will present a large scale study of hidden information in documents on the Internet.  Maximillian Dornseif has studied laws and computer science at the University of Bonn, Germany where he wrote his PhD thesis about the "Phenomenology of Cybercrime."  He has been doing security consulting since the mid-nineties.  His clients included the industry but also government.  At the moment he works on a third party founded research project about measurement of security and security breaches taking place at the Laboratory for Dependable Distributed Systems, RWTH Aachen University.  He also oversees several other projects in the area of detection and documentation of security incidents.  Dornseif has published in the legal and computer science fields on a wide range of topics.
16. Brett Neilson - The Advantages of Being an Amateur  (24.9M MP3)
• For close to 100 years amateurs have been working with radios and sending transmission all over the world.  The dawn of the information age has inspired many new technologies and advancements in communication; and amateur radio is no exception.  Today's modern amateur radio operators are building wireless networks and enjoying several advantages over their unlicensed counterparts.  This presentation will review some of these advantages as well as talk about some of the newer areas of interest including HSMM and APRS.  Brett L. Neilson is a network security and systems engineer with a strong background in the wireless industry.  Currently he is working for one of the world leaders in intrusion prevention supporting clients with network security related issues.  He previously worked for one of the leading wireless communication companies as a Senior Systems Administrator and RF field technician.  While there he worked to develop, deploy, and maintain their national infrastructure.  Some of his work is currently published in two information security related books, Maximum Wireless Security and Maximum Security 4th Edition.  Mr. Neilson is a former member of the North Texas FBI Emergency Response Team (InfraGard) and is a FCC-licensed amateur radio operator.  In these roles he has worked with multiple government agencies providing emergency communication assistance and coordination.  Mr. Neilson's broad knowledge and experience has allowed him to be involved with many organizations; providing network and security related solutions.
17. J0hnny Long - Google Hacking- The Return of the Googledorks  (24.9M MP3)
• Google hacking is not new, but it's back and deadlier than ever.  This talk is the follow-up to last years very successful talk "Watching the Watchers."  Attendees will learn the tricks and tactics that any self-respecting Google hacker should know.  Expanded extensively since last year, the techniques and always killer examples from the "googledorks" database are always a crowd-pleaser.  Witness how sites from all over the net fall victim to seemingly impossible searches from hackers armed with only the world's hottest search engine.  A special 'security' section this year covers how to find everything from usernames and passwords to live IDS data, live vulnerability scanner output and SQL injection points.  This talk intends to spread the word and help protect the security community from this dangerous and eye-opening form of information leakage.  Johnny Long "sold out" many years ago by accepting an I.T. position within a major international company.  By promptly securing each and every site he breaks into, Johnny has managed to maintain his friendships with hackers on both sides of the security fence.  Regardless of the color of his hat, Johnny is still passionate about hacking, and it shows through his work, his website and especially through his presentations which consistantly secure rave reviews.
18. Michael T. Raggo - Steganography, Steganalysis and Cryptanalysis  (16.4M MP3)
• This presentation will present steganography and techniques for steganalysis (identifying files with hidden messages).  A review of steganography will provide the basis for identifying and dissecting carrier files.  There will also be a demonstration of carrier file analysis and disection.  There will also be a demo of my new steganography detection program, StegSpy.  Cracking and reverse-engineering steganography programs will also be covered.  A cryptanalysis case study will review the steps necessary to reverse engineer and reveal a hidden message.  Additionally, other steganalysis and password cracking tools will be highlighted.  Michael T. Raggo (CISSP, IAM, CCSA, CCSE, CCSI, MCP, SCSA) is a principal security consultant for VeriSign, Inc.  As a consultant, Mr. Raggo architects and deploys firewalls, intrusion detection systems, and PKI solutions.  In addition, he also performs security assessments, penetration tests, and forensics investigations.  He is also an instructor for VeriSign's suite of security classes including "Applied Hacking and Countermeasures" and the author of StegSpy, a steganography detection program.  Mr. Raggo is a guest speaker at nationwide conferences including SANS, WebSec and InfoSec.  Prior to joining VeriSign, Mr. Raggo was supervisor of system administration for www.nasdaq.com at the NASDAQ Stock Market.  Mr. Raggo has 15 years experience in the information systems field including experience as a UNIX system administrator, network administrator, and firewall administrator.  Mr. Raggo conducted graduate work in information systems at Johns Hopkins University.  Prior to that, he earned his BSET in electrical engineering from Rochester Institute of Technology.
19. Wavyhill and Andre Goldman - Toward a Private Digital Economy (Trusted Transactions In An Anonymous World)  (25.9M MP3)
• Current financial privacy tools have drawbacks arising from centralized ownership and control, and the limitations of the service-for-profit model.  A better approach is to construct a fully distributed environment for economic activity which mimics in freedom and variety of action the way cash is used in the physical world.  The key to this variety is the element of locale.  We introduce the "Farmer's Market" model of anonymous commerce and refine it to a software functional description.  We explore some exotic kinds of business viable in this new environment and ways to connect them to the transparent banking world.  Number theory can be used to derive an "algebra of trust," exploited in practical ways to reduce risk in anonymous transactions, and overcome barriers to adoption of this and other digital cash systems.  We also discuss the boot-strapping problem and suggest some ways to address it.  Afterward, everyone is invited to participate in a role-playing simulation experiment to test the viability of these ideas using a prototype graphical software environment.  Wavyhill is a software engineer having a 25 year history with industrial research organizations and developers of operating system, video, and graphics products.  An anarcho-capitalist without portfolio and advocate of privacy and anonymity, he has also done experimental engineering work on artificial islands.  He has no academic credentials that he will admit to.  Andre Goldman writes on law and philosophy.  He works in the area of non-jurisdictional law, and was the primary author of "The Common Economic Protocols."
20. Greg Conti - Network Attack Visualization  (24.1M MP3)
• On even a moderately sized network, activity can easily reach the order of millions, perhaps billions, of packets.  Hidden in this sea of data is malicious activity.  Current network analysis and monitoring tools primarily use text and simple charting to present information.  These methods, while effective in some circumstances, can overwhelm the analyst with too much, or the wrong type of, information.  This situation is worsened by today's algorithmic intrusion detection systems, which, although generally effective, can overwhelm the analyst with unacceptably high false positive and false negative rates.  This talk explores the possibilities of visually presenting network traffic in a way that complements existing text-based analysis tools and intrusion detection systems.  By graphically presenting information in the right way, we can tap into the high-bandwidth capability and visual recognition power of the human mind.  Using the proper visualizations, previously masked anomalous activity can become readily apparent.  This talk will be of interest to those who wish to learn about information visualization as it applies to network security.  It requires a basic understanding of the OSI model and packet encapsulation.  Attendees will leave with an increased understanding of information visualization that they can apply to their own development projects and management of their networks.  Greg Conti is an assistant professor of computer science at the United States Military Academy.  He holds a masters degree in computer science from Johns Hopkins University and a bachelor of science in computer science from the United States Military Academy.  His areas of expertise include network security, interface design and information warfare.  Greg has worked at a variety of military intelligence assignments specializing in signals intelligence.  Currently he is on a Department of Defense fellowship and is working on his PhD in computer science at Georgia Tech.  He is conducting research into denial of information attacks.
21. Lucky225 - Phreaking in the Age of Voice Over IP  (13.9M MP3)
• Phreaking in the age of voice over IP?  What the hell is voice over IP?  If you're asking this question and you're interested in phones and thought phreaking was dead back in the early '80s when blueboxing died, or 2002 when AT&T killed redboxing on long distance calls then, this is the speech for you.  Or if you know what VoIP is but want to know how the hell it has any impact on phreaking you should also attend.  This talk intends to educate it's audience on the new age phreakers.  Most of the discussion will involve a detailed explanation of Calling Party Number (CPN), ANI, and Caller ID, and the differences between all three, we will also be covering the basics of phreaking with voice over IP technology, Asterisk, and VXML.  Not all of this presentation will be dealing with VoIP, this is a basic new age phreaking presentation that will show the latest techniques that phreaks are using today it's not just about free calls either, hell you get that with VoIP anyways!  You will learn not only why VoIP is important, but such things as spoofing caller ID (and no we don't mean orangeboxing, social engineering telus, our methods are simple to use and will cost as little as $15/month).  As technology is rapidly changing, so is our phone system.  We will be discussing a basic over view of voice over IP and some of the services provided by many of these so-called "broadband phone companies."  We will also be discussing calling cards that use VoIP technology to provide cheaper rates to their customers.  We intend to explain how VoIP is changing the phone system and making it very easy for the every day consumer to spoof caller ID by spoofing Calling Party Number (CPN), and how this can be exploited to circumvent security in such things as voicemail, credit card activations, and even telephone company numbers that when you call from your "own phone" will give you complete control over your dial-tone telephone line.  We also plan on showing how easy it is to get around services like "Call Intercept" without even spoofing caller ID.  We will also be discussing why *67 and complete caller ID block features offered from the phone company are not adequate privacy protection as anyone can still get your phone number when you call them with your number blocked, we'll of course describe how this can be possible.  As time permits there may very well be much more, you wont want to miss this presentation.  Lucky225 is the co-host of an Internet streaming radio show "Default Radio" that streams on Rant Radio a free non-profit shoutcast server that has been running for 6 years.  He has been a writer for 2600 magazine since 1999 and has spoken at both H2K2 and Defcon 11.  He has been an avid phone phreak since his early teens in high school and has much experience with the telephone system and a wide variety of knowledge ranging from regular telephones, payphones, cell phones, and voicemail systems to ANI, caller ID, PBX's, switches, VoIP and much more.  Strom Carlson is one of the last true phone phreaks; he has an intense interest in the structure and history of the telephone network and an intense distaste for fraud, theft, and vandalism.  He collects all things related to telephony (including recordings), and although he is rapidly running out of space in which to store his many cubic meters of telephone equipment, he will eagerly and compulsively snap up anything made or published by Western Electric if given the chance.  He encourages all phone phreaks and interested parties to learn what they're really talking about; he also encourages you to listen to everything on http://www.phonetrips.com and to poke around http://www.stromcarlson.com.
22. Tony Arcieri - PDTP: The Peer Distributed Transfer Protocol  (18.7M MP3)
• Despite decades of evolution, Internet file transfer is still plagued with problems to which formalized solutions are either inadequate or nonexistent.  Lack of server-side bandwidth often renders high demand content inaccessible (which we affectionately refer to as the Slashdot effect).  When the ability of a single server to provide content is exceeded, manual mirror selection is often utilized, providing an unnecessary and often problematic experience for end users.  No formalized cryptographic mechanism exists for preventing tampering of files located on a particular server, and consequently malicious individuals have managed to place Trojans in the releases of many high profile open source applications.  The Peer Distributed Transfer Protocol (PDTP) aims to solve all these problems.  PDTP can either function with a network of servers providing content directly to clients, or can provide BitTorrent-like download swarming, by forcing clients to participate in file transfers.  PDTP includes built-in mechanisms to prevent file tampering through the use of the Digital Signature Standard, and is able to automatically verify that a given file has been signed by a DSA key with a complete x.509 certificate check to ensure a given certificate can be trusted.  PDTP also provides a UDP-based decentralized search mechanism which, unlike current systems such as FastTrack, Gnutella, or FreeNet, does not consume undue bandwidth or system resources, all while removing legal liability for content indexing from the central services being utilized as entry points to the search system.  Tony Arcieri is a system administrator and programmer for the Pielke Research Group and Colorado Climate Center at Colorado State University.  He has also contributed to a number of open source projects, including authoring the Ogg Vorbis plugin for XMMS, the cdcd and gdcd X11 CD player applications, and various contributions to other projects such as the subversion version control system and the FreeBSD operating system.
23. Wendy Seltzer and Seth Schoen - Hacking the Spectrum: Open Source Software Vs. the Broadcast Flag  (23.0M MP3)
• The FCC, at Hollywood's request, has mandated a broadcast flag for High-Definition Digital Television (HDTV).  By July 2005, it will be unlawful to sell devices that don't respond to a "do not copy" flag or that provide unencumbered high-definition digital outputs.  The flag's "robustness" requirement will make it impossible to build an open-source HDTV version of the TiVo.  This talk will demonstrate how these rules thwart user innovation, showing an open-source HDTV PVR (MythTV on Linux) you soon won't be able to build.  We'll discuss the law and challenges to receiver regulation, and encourage people to get HDTV cards while they still can. Wendy Seltzer, Electronic Frontier Foundation Staff Attorney.  Wendy Seltzer is a staff attorney with the Electronic Frontier Foundation, specializing in intellectual property and free speech issues.  As a fellow with Harvard's Berkman Center for Internet and Society, Wendy founded and leads the Chilling Effects Clearinghouse, helping Internet users to understand their rights in response to cease-and-desist threats.  Prior to joining EFF, Wendy taught Internet law as an adjunct professor at St. John's University School of Law and practiced intellectual property and technology litigation with Kramer Levin Naftalis and Frankel in New York.  Wendy speaks frequently on copyright, trademark, open source, and the public interest online.  She has an A.B. from Harvard College and J.D. from Harvard Law School, and occasionally takes a break from legal code to program (Perl).  Seth Schoen, Electronic Frontier Foundation staff technologist.  Seth Schoen created the position of EFF staff technologist, helping other technologists understand the civil liberties implications of their work, EFF staff better understand the underlying technology related to EFF's legal work, and the public understand what the technology products they use really do.  Schoen comes to EFF from Linuxcare, where he worked for two years as a senior consultant.  While at Linuxcare, Schoen helped create the Linuxcare Bootable Business Card CD-ROM.  Prior to Linuxcare, Schoen worked at AtreNet, the National Energy Research Scientific Computing Center at Lawrence Berkeley National Laboratory, and Toronto Dominion Bank.  Schoen attended the University of California at Berkeley with a Chancellor's Scholarship.
24. Dan Kaminsky - Black Ops of TCP/IP 2004  (26.8M MP3)
• Continuing the research done in previous years on advanced protocol manipulation and the high speed evaluation of large network characteristics, this year's Black Ops of TCP/IP goes into new territory with a deep analysis of the Domain Name System (DNS).  A core element of the TCP/IP application suite, it is everywhere and there is unexpected power contained within.  Interesting Facets of the Global DNS Architecture: A high speed scanner for DNS servers, modeled after my TCP scanner "scanrand," recently executed several Internet-scale sweeps of the net.  Surprising results, with direct implications for computer forensics operations, will be discussed and analyzed.  Distributed, High Speed, Large File Dissemination via DNS, a.k.a. "Reinventing the Square Wheel."  Although there have been previous attempts to serve files over the DNS architecture, none have been even remotely usable.  I will discuss a new approach that, through its significant performance improvement, is indeed remotely usable.  One-To-Many Streaming Data Dissemination over DNS: The previous system maximizes speed at the expense of making streaming impossible.  We will discuss an interesting alternate approach that almost usefully distributes streaming audio data to endpoints via their DNS queries.  SSH over DNS: I will demonstrate a cross-platform, userspace mechanism for moving SSH data over DNS queries.  This has implications for captive wireless portals, which often