HomeBlogForumsDownloadsLinksContactPolicies
 
 
 
Login Form
Username

Password

Remember me
Forgotten your password?
No account yet? Create one

Who's Online
We have 5 guests online

Latest Referers
defcon.org
www.mamble.com
www.google.com
www.google.de
www.anomic.de
www.google.se
dc404.kaos.to
www.google.it
www.dc404.org
www.defcon.org
answerbus.com
gmail.google.com

DC404 URLS
www.dc404.org
dc404.kaos.to
dc404.TenetOne.com

Hit Counter
6637 Visitors

Support DC404!
Support DC404 in making a small donation:

 
Home arrow Forums

Next Meeting is September 11, 2-4pm at Carpe Diem
Directions

Advertiser Support

17 days until September Meeting


DC404 Forum  
Home | post reply | threaded view | help
::post new topic::
Author Message
Experiences at Defcon 12 - 2004/08/04 19:02 This thread discusses the Content article: Experiences at Defcon 12

digunix and I flew in from Atlanta on Thursday, arriving in LV around 3pm. After a short ride over to the Riviera to drop off our bags, we shot over to the AP. When I walked into the AP I spotted ZenMachine, another 404 native, and several of us sat around in the lobby b.s.'ing, theorizing, and, with ZenMachine's master guidance, picking Master locks.

That night, during registration, I also spotted Alkyloyd standing in line and stood around smoking and discussing dc404 and upcoming meeting topics for the better part of an hour as we weaved our way into the badge/registration room. After that, I caught up with a few friends out by pool 1, including my friend Jon Callas and his lovely wife, Tamzen. Still on EST5EDT though, dig and I were both exhausted and called it a night shortly after.

Friday being the first day of the con, the energy and excitement at AP was palpable. Across the span of several hours, I weaved in and out of the lobby and bar, between the Athena room (info booth, coffee wars, lockpicking contest), the Parthenon (vendor presentations), the CTF and vendor areas, and the [rather well-air-conditioned] tent outside. During this time, I ran into several more familiars including friends from VeriSign, Vigilar, the US Marine Corps, the NSA, Cox, BellSouth, etc. etc. Indeed, I was actually quite surprised by the number of folks I knew who made it out this year.

I only managed to catch a couple of Friday's presentations, as capacity issues once again presented significant challenge, though Jon Callas' talk about PGP's new initiatives was very good, and the Shmoo's 'Wireless Weaponry' was quite entertaining as well (with a brief intro session from Robert Morris Sr. and a mostly hilarious Spot the Fed session with Priest).

Friday night, dig and I got invited to a party hosted by Geoff from Pivx (a cool cat I met in line for badge registration on Thurs), which turned out to be in the utterly amazing Penthouse at Bellagio (yep, capital P). Had a blast, view was amazing and the company was good, although I apparently threw back a few too many at the party, but dig finally managed to shove me into a cab and get me back to the hotel by around 4 without significant incident.

Saturday, I woke up with a nasty hangover and what felt like a boulder in my eye. I must have tried to remove my left eye in my sleep (drunken stupor) the night before, and I spent the better part of the day wearing sunglasses to hide my red, swollen, and excessively watering eye. Only caught a couple of presentations on Saturday: Morph by Kath Wang (ok), Advanced Netfilter by Michael Rash (quite excellent), and Hacking the Media by Dead Addict (ok).

Saturday night brought another party at the Bellagio, this time with the Feds. Had a pretty good time despite recovering from a hangover and only getting to enjoy 1 free beer -- that is, until a particularly dishonest, untrustworthy and thieving ex-colleague showed up, which inspired my early departure (see, good thing I didn't get drunk again after all). Spent a few bucks in the casino at Bellagio (damn, those slots are tight), then called it a night at about 2am.

Sunday, was mostly uneventful with the exception of a good talk on Stego by my friend Mike Raggo from VeriSign and the ever-entertaining j0hnny long with his latest on Google Hacking. Split fromt the AP a little early to head over to the Boblbee store at the Fashion Mall, where we ran into several of my Marine pals (who competed in CTF again this year) and who were also at the party the previous evening. Spent a couple hours modifying and customizing Boblbees, and just generally shooting the shit, and then finally called it a day. Spent the rest of Sunday basically relaxing, trying to get online via dial-up to check my mail, and watching cheeezy shows on the Riviera's crappy cable stations. Few more bucks in the Riviera's casino and I called it a night, ready to get back home to my wife, kid and king-sized bed.

Monday was basically on all-day travel day (left the Riviera at about 9a, arrived in Atl about 9p, home by 10, bed by 2 -- exhausted), and yesterday was a bit more catch-up, as I tried to recover from 4 days away from e-mail and normal business.

I think that amounts to a pretty full acount of my Defcon this year. Had a blast, and I'll do it again next year, although -- as I tell myself /every/ year -- I think I'll plan things a little farther in advance next time.

Cheers,
./dr.kaos

Post edited by: drkaos, at: 2004/08/18 13:32
  The administrator has disabled public write access.
Re:Experiences at Defcon 12 - 2004/08/18 06:48 drkaos wrote:
This thread discusses the Content article: Experiences at Defcon 12

-- as I tell myself /every/ year -- I think I'll plan things a little farther in advance next time.

Cheers,
./dr.kaos

That's what I tell myself as well, but there's alway missed
presentations, stuff I meant to do, etc. Hey, it's Defcon. Yours
was the first 404 face I saw there, I think.

Al
  The administrator has disabled public write access.
Re:Experiences at Defcon 12 - 2004/08/18 14:53 alklloyd wrote:

That's what I tell myself as well, but there's alway missed
presentations, stuff I meant to do, etc. Hey, it's Defcon. Yours
was the first 404 face I saw there, I think.

Al


I think our project for next year needs to be a wheeled-robot (like Shmoo's), but instead of hax0ring wireless, it would run around and stand in long lines and record all the damn presentation's I'm likely to miss...

./dr.kaos
  The administrator has disabled public write access.
::post new topic::
Security News
SecurityFocus Vulnerabilities
Wed, 25 Aug 2004 17:55
SecurityFocus
Opera is a web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.Opera Web Browser is reported to be sus...
Vulns: Opera Web Browser JavaScript Denial Of Service Vulnerability
Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database.Mantis is reportedly susceptible to a vulnerability in its signup proc...
Vulns: Mantis New Account Signup Mass Emailing Vulnerability
Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database.It is reported that Mantis is affected by cross-site scripting vulnera...
Vulns: Mantis Multiple Cross-Site Scripting Vulnerabilities
Gallery is a web application designed to allow users to manage images on their web site, such as creating photo albums. Gallery is written in the PHP script language. A...
Vulns: Gallery Remote Server-Side Script Execution Vulnerability
Mantis is a web-based bug tracking system. It is written in PHP and supported by a MySQL database.Mantis is reportedly susceptible to a remote server-side script execut...
Vulns: Mantis Remote Server-Side Script Execution Vulnerability
Sympa is a mailing list manager written in Perl. It is supported on numerous Unix, and Unix-like platforms including Linux, BSD, Solaris, and others. It contains a web in...
Vulns: Sympa New List HTML Injection Vulnerability
Sender: Jérôme ATHIAS [jerome dot athias at caramail dot com]
BugTraq: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability

Secunia Advisories
Wed, 25 Aug 2004 17:55
Secunia.com
A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.
Winamp Skin File Arbitrary Code Execution Vulnerability
ISS X-Force has reported a vulnerability in the NSS library included with various Netscape products, which can be exploited by malicious people to compromise a vulnerable system.
Netscape Multiple Products NSS Library Vulnerability
ISS X-Force has reported a vulnerability in the NSS library included with Sun Java System Web Server, which can be exploited by malicious people to compromise a vulnerable system.
Sun Java System Web Server NSS Library Vulnerability
Sun has acknowledged multiple vulnerabilities in Apache for Solaris, which can be exploited to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
Sun Solaris Multiple Apache Vulnerabilities
Juha-Matti Laurio has reported a weakness in Outlook Express 6, which may disclose email addresses in "BCC:" fields to other recipients.
Microsoft Outlook Express "BCC:" Recipient Disclosure Weakness
A vulnerability has been reported in ignitionServer, which can be exploited by malicious people to cause a DoS (Denial of Service) on vulnerable systems.
ignitionServer "SERVER" Denial of Service Vulnerability
A vulnerability has been reported in WebAPP, which can be exploited by malicious people to access sensitive information.
WebAPP Directory Traversal Vulnerability

BugTraq
Wed, 25 Aug 2004 17:55
RealVNC 4.0 DoS
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server
IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service
Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow
Computer Network Defence Vulnerability Alert State
Vulnerability: OpenBSD 3.5 Kernel Panic.
Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??)

Slashdot
Wed, 25 Aug 2004 17:55
Slashdot:
Dodgeball: Text Your Location To Friends
Justice Dept. Raids Homes of File Swappers
HP Shelves Virus Throttler Program
TrackIR3 Pro Head-Tracking System For Gamers
The Linux Incompatibility List


Live Support
Click here for support