Home | Swag | Media | FTP | DC Mailing List | Other Mailing Lists | Books | Conventions | Groups/People | Contact    


Defcon 10 Speakers, Topics, and Bios
Ofir Arkin
Founder, The Sys-Security Group
XProbe, The Year After

Xprobe, written and maintained by Fyodor Yarochkin & Ofir Arkin, is an active operating system fingerprinting tool based on Ofir Arkin's "ICMP Usage in Scanning" research project (http://www.sys-security.com). Last year at the Blackhat briefings, July 2001, the first generation of Xprobe was released.

The tool's first generation (Xprobe v0.0.1) relies on a hard coded static-based logic tree. Although it has a lot of advantages (1-4 packets only, accurate, fast, efficient, etc.) the tool suffers from a major drawback - its logic is static.

At Defcon 10 we will be releasing Xprobe2, a complete re-written active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.

As with the previous year - Don't miss the demonstration!

Ofir Arkin is the Founder of the Sys-Security Group (http://www.sys-security.com), a free computer security research body. Ofir has published several papers as well as articles and advisories. Most known are the "ICMP Usage in Scanning", and "Trace-Back" research papers. Some of his research was mentioned in professional computer security magazines. He is an active member with the Honeynet project and participated in writing the Honeynet's team book, "Know Your Enemy" published by Addison-Wesley.

Mick Bauer
Upstream Solutions, Inc.
Stealthful Sniffing, Logging, and Intrusion Detection:
Useful and Fun Things You Can do Without an IP Address

Centralized event-logging and automated intrusion detection are required tools for good network security. But what can you do to prevent your loggers and IDS probes from falling victim to the same attacks they're supposed to warn you about? As it happens, one cool thing you can do is run such systems without IP addresses. In my presentation I'll describe the benefits and drawbacks of this technique, and demonstrate how it can be used in conjunction with Snort, syslog-ng, and other standard *nix tools to build stealthful loggers and IDSes.

Mick Bauer is a Technology Counselor (information Systems security consultant and engineer) for Upstream Solutions, based in Minneapolis. His areas of expertise include firewall architecture and integration, security policy, network application security, and Unix and NT system security. Mick is the author of Linux Journal's popular "Paranoid Penguin" security columns, and of the upcoming book "Building Secure Servers With Linux" (O'Reilly and Associates, October 2002).

Scott S. Blake, CISSP
Vice President, Information Security
BindView Corporation
The Politics of Vulnerabilities

The vulnerability reporting process is rife with competing interests. Research is conducted by software vendors themselves, paid consultants, government agencies, professional and academic researchers, as well as people who make their living in other ways. Each of these groups have particular interests in the process. The vendor of the targeted software has their concerns. The public at large has an interest in the process (and its results), but it is unclear what the public should be concerned with. This talk explores vulnerability reporting from all angles, including that of the public good. Atendees will learn a rudimentary cognitive framework for understanding the powers in play in vulnerability reporting and apply that to understand the present and the future of security.

As BindView's Vice President of Information Security and an internationally recognized security expert, Mr. Blake is responsible for providing security expertise to BindView's corporate strategy and operations. Before taking this role, he was the leader of BindView's RAZOR security research team. Prior to joining BindView, Mr. Blake designed perimeter security, network security architectures, and developed security policies for several large companies including leaders in financial services and telecommunications, as well as several large hospitals and universities. He has spoken at many security conferences, authored numerous articles on security topics and is frequently sought by the press for commentary. He holds a BA in Social Sciences (International Relations) from Simon's Rock College, an MA in Sociology (Political Theory) from Brandeis University, and is a Certified Information Systems Security Professional.

Saqib A. Khan, M.S.
SecurityV, Inc
Stealth Data Dispersal: ICMP Moon-Bounce

This research is targeted at demonstrating that small amounts of data can be dispersed over IP based networks, utilizing the data payloads of existing protocols. Such data is expected to be kept alive on the ether until one chooses to retrieve it. The crux of the scheme is the fact that this type of data dispersal is expected to be extremely difficult to detect. Such a scheme also raises some very interesting aspects regarding using Internet traffic itself as virtual mass storage system, etc.

As an example, a specific technique created by the author, the "ICMP Moon-Bounce", will be presented that accomplishes our data dispersal goal.

Khan is the Founder and CEO of SecurityV, Inc. a cutting edge Network Security Auditing startup. Previous to SecurityV, Khan founded and ran Secure Networks Corporation, a succesful network security integration firm w/ offices in Harvard Square, Cambridge, MA. Prior to Secure Networks, Khan performed brief consulting stints at MIT, Sun, Checkpoint, and Lucent(INS) on multiple security and programming projects.

Khan's primary interests lie in Network Protocol Vulnerabilities, Artificial Intelligence, and Cosmology.

Nowadays, Khan resides in Miami Beach and spends equal time on partying and Network Security research. Khan has previously presented 5 techincal papers in various professional conferences. Khan has a Masters in Computer Engineering and a Bachelors in Electrical Engineering from Auburn University, AL.

GOBBLES Security Wolves Among Us

GOBBLES Security members will be giving a presentation called "Wolves Among Us", which will discuss the evil motivations of certain members and organizations of the security industry, the big companies that are underqualified for security and yet reap such incredible revenue for their services, the way the media is uninformed and further intentionally writes incorrect information concerning hackers, and more. Concrete examples will be cited, and then discussion on the greater ramifications of those examples will be held.

GOBBLES Security -- currently the largest active nonprofit security group in existance (that favors full disclosure). GOBBLES Security consists of 17+ members, ranging from the age of 15 to 28. Unlike some groups that make this claim, GOBBLES actually publishes advisories for the sake of security, and not as an opportunity to get some political vendeta aired -- and also publish advisories at a rate greater than one every three years.

Philippe Biondi
Cartel Sécurité
Security at Kernel Level

Security is a problem of trust. Having a system that offers services to Internet and that can be trusted is very hard to achieve. Classical security models focus on the physical limit of the machine. We will see that it can be interesting to move the trust limit between user space and kernel space and that it is still possible to enforce a security policy from this trusted place. We will also see some practical aspects with a review of some implementations that exist for Linux kernels.

Philippe Biondi is a security consultant at Cartel Sécurité. He is involved in the developpement of LIDS. He does about everything that is related to computer security.

Ian Peters Rubicon - An Extensible Gateway IDS

IDSs have traditionally been seen as purely information resources, requiring human intervention in order to act on alerts. Recently, support for modifying firewall rules and killing active connections have begun to appear in IDSs, but these suffer from shortcomings. A desire has been recently expressed by many people for an active, 'Gateway' IDS (GIDS), allowing filtering and routing of traffic to be performed by a gateway computer using both traditional firewall-style rules, and also NIDS-style analysis. Rubicon was developed to supply this functionality, and more, in an extensible manner. This talk will discuss some shortcomings of current NIDS products, and hence the need for GIDS, the design and development of Rubicon, and the future for GIDS in general and Rubicon in particular.

Ken Caruso
Co-Founder of Seattlewireless.net project
Community Wireless Networks, Friend or Foe to the Telecom Industry

Ken will talk about different types/implementations of community wireless networks. He will also discuss why companies in the industry like, dislike and do know what to make of the community wireless movement. Most importantly he will tell you why this movement is important and what role it has promoting privacy, community owned infrastructure, and peer to peer communications

Ken Caruso is a co-founder of the Seattlewireless.net project. Seattlewireless is focused on enabling people to build public/open wireless MAN in the Seattle Area. He is a network engineer by trade and by night evangelizes Community Wireless Networks.

David Endler


Michael Sutton
Sr. Security Engineer

Web Application Brute Forcing 101 - "Enemy of the State (Mechanism)"

This presentation focuses on the ease with which many web application Session IDs can be brute-forced, allowing an attacker to hijack a legitimate web user's online session (e.g. Slashdot, Apache, Register.com, PHPNuke, etc.). While a somewhat narrow area of web application security, the simplicity of the attacks and the prevalence of these vulnerabilities on the Internet make this an important topic. Malicious users can easily try (usually automated) combinations of well-known usernames and passwords, or indeed attempt all possible combinations of the accepted Session ID character set. However, the scope of a brute force attack can be greatly reduced when Session IDs are predictable in nature. The presentation will include an overview of the issues involved in exploiting predictable or "reverse-engineerable" Session IDs in popular web applications, including a demonstration with several real-world exploitation examples. It will conclude with a description of techniques both users and web developers can use to protect against these types of attacks.

David Endler is the director of iDEFENSE's security research group, iDEFENSE Labs. iDEFENSE is a global security intelligence services company that provides advanced warning and analysis of cyberthreats - from technical vulnerabilities to hacker profiling to the global spread of malicious code. Prior to iDEFENSE, Endler served with Deloitte and Touche LLP in the e-business security and technology practice. In previous lives, Endler performed security research for Xerox Corporation, National Security Agency, and Massachusetts Institute of Technology. Mr. Endler holds a B.S. and M.S. in Computer Science, and is an active member of the Open Web Application Security Project (OWASP).

Michael Sutton is a Senior Security Engineer for iDEFENSE Labs. Prior to joining iDEFENSE, Sutton established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. The ISAAS practice is responsible for information systems auditing on both external financial audit engagements and internal audit outsourcing. Consulting engagements included SAS 70 audits, attack and penetration tests, architecture reviews, computer forensics and designing security policies. Sutton has also worked in the Ernst & Young ISAAS practice in New York. He is presently pursuing a Master of Science in Information Systems Technology degree at The George Washington University and has a Bachelor of Commerce degree from the University of Alberta.

Len Sassaman
The Shmoo Group
Anonymity Services and The Law:
How to Safely Provide Anonymous Technology on The Internet

Anonymity technologies can be an essential life-saving tool for whistle blowers, human rights workers, political dissidents of oppressive regimes, and can provide a safe mechanism for the free-sharing of controversial ideas while protecting an individual's "true name" reputation. Due to the possibility of abuse of these systems, however, anonymity services are often criticized by law enforcement agencies and ISPs.

This presentation will examine some of the challenges that anonymity service providers face when their systems are used for controversial purposes, and will explore ways to mitigate the risk of operating an anonymity service.

Len Sassaman is a communication security consultant specializing in Internet privacy and anonymity technologies. Len is an anonymous remailer operator, and is currently project manager for Mixmaster, the most advanced remailer software available. In addition, Len has contributed to the development of personal encryption software and standards.

Rich Murphey, PhD FreeBSD Exploits and Remedies

This talk continues the review of system hardening and security management presented in the BlackHat talk, "Locking Down Your FreeBSD Install". We walk though well-known exploits for the FreeBSD 4.5 release, showing the mechanisms and effects on the system. We then discuss the way in which the vulnerability is assessed and monitored, and the ways in which the system can be hardened or access controls can be refined to reduce the risk of exposure. For each of these, we show the key features of the bundled tools for monitoring and controlling access.

Rich Murphey was a founding core team member of FreeBSD and Xfree86. He received a PhD in Electrical and Computer Engineering from Rice University, was on the Faculty of the University of Texas Medical School in Galveston, and was Chief Scientist at PentaSafe Security Technologies before joining NetIQ recently. His main interests are development of Beowulf clusters and Intrusion Detection Systems.

Roelof Temmingh
Technical Director,
Founding Member


Haroon Meer
Technical Security Specialist

Setiri: Advances in Trojan Technology

The presentation will describe the inner workings of the Trojan "Setiri". Setiri leads a new wave of Trojan Horse technology that defeats most conventional security devices including personal firewalls, NAT, statefull inspection firewalls, IDS, proxy type firewalls and content level checking. The presentation will focus on the setting up of a bi-directional communication stream in non-conducive environments, rather than describing the features of the Trojan.

The presentation will include an online demonstration - a well-protected PC located inside a heavily protected environment will be Trojaned with Setiri. The computer will be taken over by a Controller that is situated outside of the network. At the same time network traffic will be manually inspected.

Roelof Temmingh is the technical director and a founding member of SensePost. After obtaining his degree in electronic engineering in 1995, he helped to establish SensePost along with some of South Africa's leading IT security minds. He is currently involved in the coding of proof of concept code, and the practical realization of complex security concepts. Roelof has been a speaker at the 2001 Summercon conference and the 2002 Black Hat Windows conference.

Haroon Meer joined SensePost as a Technical Security Specialist after over 7 years in the Networking/Security industry. He has a wide background in security & networking from writing code to administration of large Campus networks. He is currently heavily involved in the development of additional security tools and proof of concept code and has been a speaker at the recent Black Hat Windows Briefings in New Orleans.

Nate Rotschafer, MCP
University of Nebraska at Omaha
N Stage Biometric Authentication

The topic will be about using biometric authentication as part of a multiple stage authentication mechanism. This discussion will explore various applications and flaws with the technology along with some of my ongoing research into a replay attack on the devices by capturing what "goes down the wire".

I am a sophomore at the University of Nebraska at Omaha working towards a degreee in computer science with a focus in information security along with a degree in computer engineering. I've done research on the topic of biometrics for local conferences and was recognized by the university as a Scott Scholar.

Vic Vandal
Intelligence Gathering

This comprehensive talk covers the tools and techniques used in corporate espionage, information warfare, and private investigation. It also includes an overview of laws that one must be aware of before employing such tools and techniques.

Vic has been employed as an "InfoSec Samurai" by various government entities for the past 13 years. He was "drafted" (kicking and screaming) into the InfoSec discipline to develop proprietary security software for a specific government agency, and the rest is history. Some of the sensitive federal data he has helped protect has belonged to the CIA, DEA, Secret Service, Treasury Dept, Commerce Dept, and every other federal agency in existence. He has also done the same for the Department of Defense, Navy, Marines, and Army. He has worked extensively in every area of information security. Any more 411 and he'd have to kill you (heh).

Neuro-Linguistic Programming (NLP)

This talk is primarily about psychology and relates to typical programming in no way. Neuro-Linguistic Programming is best described as new age pseudo science by some and the future of psychology to others.

Through this talk on NLP you will learn about the ability to control and otherwise manipulate as well as teaching via "knowledge encoded linguistic algorithms." You should also gain the ability to do a "cold read." You will also learn about "NLP modeling." Some should walk away with a greater understanding of human psychological patterns.

About me: Happily spreading memes for years to come.

Tony 'Xam' Kapela

Bruce Potter

Adam Shand

Wireless Networking

Wireless networks have seen explosive growth in the last year. Wardriving a city last July resulted in only a handful of access points. Now there are hundreds if not thousands of access points in every city in the nation. And during the same time holes have been shot in all major wireless security protocols. People deploying wireless technologies are either unaware of the risk involved or have decided the productivity gain out weighs the risk. We feel it is more of the former than the later. This presentation will discuss contemporary issues in wireless network security. While we will discuss some of the basic foundations of wireless security such as WEP, the talk will be more focused on the state of the art. The speakers all have heavy backgrounds in community wireless networking using open standards and living in hostile environments. They will draw upon their knowledge to give the audience an idea of where they can expect wireless security to go in the next year.

Tony Kapela (aka: Xam) -- Asside from being a full-time student in Madison, Wisconsin, Tony choses to spend part of his free time thinking about wireless systems and mesh networking. His more recent projects include "MeshMadison" -- a network aimed at open community transport, supporting transparent roaming in downtown Madison. His other interests include ethernet adultry, HPNA acrobatics, and playing drums.

Bruce Potter -- Bruce is the founder of the Shmoo group of security professionals (www.shmoo.com). He is also the founder of the NoVAWireless community wireless network group in Northern Virginia. He has a soon-to-be published book on Wireless Network Security with O'Reilly.

Adam Shand -- Adam started PersonalTelco in November 2000 due to a happy series of coincidences. He believes that information wants to be free despite the fact that people want to be paid.

Gregory S. Miles Ph.D., CISSP, IAM AKA 'DOC'
CIO, Security Horizon, Inc
Anatomy of Denial of Service Mitigation Testing

DOC has had the privilege of working on a project that was focused on looking at new product technologies relating to DOS and DDOS mitigation. Several commercial companies were formed who's entire focus was to find solutions to DOS and DDOS issues. Different types of detection were used in each product from pure rate analysis to statistical analysis and anomaly detection. This talk will focus on the testing methodology, testing results, lessons learned, and thoughts on the direction that this technology will be moving.

DOC has over 15 years of information technology and security experience in the USAF, Defense Information System Agency (DISA), commercial and manufacturing industries. DOC is CIO for Security Horizon, Inc, a security professional services firm with HQ is Colorado Springs. His focus there has been on Organizational focused activities to include security assessments, policy and procedure development, and project management. He is also an authorized instructor of the NSA INFOSEC Assessment Methodology. DOC has built and managed Computer Incident Response Teams (CIRT) and provided extensive technical and project management skills related to information security. He has served as Director, CyberCrime Response, responsible for CIRT, Computer Forensics, and Training responsibilities. He has served as an INFOSEC Program Manager, where he was responsible for establishing and supporting the worldwide security program for the U.S. Defense Information Systems Agency's Field Security Operations, to include Computer Emergency Response Teams (CERT) in 5 locations worldwide. Greg also served as a Senior INFOSEC Engineer, supporting NASA's efforts with the Earth Observing System. DOC served 6 years in the U.S. Air Force with a concentration in Information and Security. He has authored articles for security periodicals and websites, to include "The International CyberCrime Journal, DuckTank (now Security Horizon), and Small Business Marketing Ideas. DOC has been a previous technical speaker at the BlackHat Briefings and APCO conventions.

TechnoDragon Making a Non-portable Computer System Portable

This will cover a range of information from wearable systems to homebrew mp3 players for cars to even network intrusion devices. Things such as user input, displays, storage and data access, along with remote / wireless access will also be covered.

Jennifer Stisa Granick, Esq.
Litigation Director
Center for Internet and Society
Stanford Law School
The USA PATRIOT Act and You

This presentation will update attendees on changes to the law under the USA PATRIOT Act, with special emphasis on how the changes may effect political activists and the investigation and prosecution of computer crimes.

Jennifer Stisa Granick is a Lecturer in Law and Director of the Litigation Clinic at Stanford Law School's Center for Internet and Society. Ms. Granick's work focuses on the interaction of free speech, privacy, computer security, law and technology. She is on the Board of Directors of the Honeynet Project, a computer security research group, and has spoken at the National Security Agency, to law enforcement officials and to computer security professionals from the public and private sectors in the United States and abroad. Before coming to Stanford Law School, Ms. Granick practiced criminal defense of unauthorized access, trade secret theft and e-mail interception cases nationally. She has published articles on wiretap laws, workplace privacy, and trademark law.

Jon Miller - Humperdink
Sr. Security Engineer
Covert Systems
Securing your Windows Internet Server

I will show people how to secure different Windows servers using common sense and a variety of different tools. The fundamentals can be applied to any Windows server whether it is NT 4 / 2000 / .NET as well as IIS or Exchange. I will also walk people thru many good security tools that are a must have for any Windows server. I will actually secure a server at the talk that will later be placed on the CTF network. I will anounce a FTP location at my talk where all of the tools I will feature can be downloaded from.

Dan Kaminsky
DoxPara Research
Black Ops of TCP/IP: Work NAT, Work. Good NAT. Woof

Communication under TCP/IP networks has become extraordinarily popular; still, there remains significant problems that as of yet have remained unsolved within its layered rules. So, lets break the rules, elegance (and possibly security) be damned. Signficant new techniques and code will be unveiled to answer the following questions:

A) Instant Portscan
  • Is it possible to discover instantaneously what network services have been made available, even on massive networks?
    B) Guerrila Multicast
  • Is it possible to send a single packet to multiple recipients, using today.s multicast-free Internet?.
    C) "NATless NAT"
  • Is it possible to share a globally addressable IP address without translating private IP ranges a la NAT?
  • Is it possible to allow incoming connections to an IP multiplexed in this manner?
    D) NAT Deadlock Resolution
  • Is it possible to establish a TCP connection between two hosts, both behind NATs?

    Various interesting uses of these new packet-level primitives should be discussed, and OpenSSH will trotted out as the method of bringing some degree of security unto the resulting chaos.

    Dan Kaminsky, also known as Effugas, worked for two years at Cisco Systems designing security infrastructure for large-scale network monitoring systems. He recently wrote the Spoofing and Tunneling chapters for "Hack Proofing Your Network: Second Edition", and has delivered presentations at several major industry conferences, including Linuxworld, DefCon, and past Black Hat Briefings. Dan was responsible for the Dynamic Forwarding patch to OpenSSH, integrating the majority of VPN-style functionality into the widely deployed cryptographic toolkit. Finally, he is the founder of the cross-disciplinary DoxPara Research in 1997, seeking to integrate psychological and technological theory to create more effective systems for non-ideal but very real environments in the field. He is based in Silicon Valley, presently studying Operation and Management of Information Systems at Santa Clara University.

  • zSnark Building Secure Wireless Networks

    Wireless has become quite popular in network scenarios from the basic home network to the corporate LAN to the point-to-point backbone tying together offices or job sites. Wireless security and security breaches have been getting lots of press as have various vendors' multitude of proposals for cute proprietary ways to solve some of the problems in currently available products (primarily 802.11) by retrofitting them with better encryption, better authentication, tightly integrated access control, etc. What is lacking is a well-defined practical approach for the administrator in deploying (or the auditor in testing) a wireless network with currently available technology. This talk will begin with an overview of my present threat model and the details of various attacks against typical wireless networks. Following this I will give a walk-through of building a secure 802.11 LAN as well as the monitoring and auditing necessary to keep it secure. Time permitting I will also bring up a guest or two to discuss several "theoretical" attacks and other things yet to be revealed.

    zSnark specializes in wireless networking and general UNIX tomfoolery. He is a member of the GhettoHackers and supports his local 2600. Among other things his alter ego spends most of his days working on wireless networks and various projects including SeattleWireless. See openbs.org or ghettohackers.net for his infoz.

    Steve Schear GNU Radio

    Wireless communication devices have traditionally been exclusively hardware in nature. Software has augmented and is now replacing basic functional elements of radio systems. The conclusion of this process is a radio where almost all functions are performed by software. GNU Radio is a collection of software that when combined with minimal hardware, allows the construction of radios where the actual waveforms transmitted and received are defined by software. What this means is that it turns the digital modulation schemes used in today's high performance wireless devices into software problems.

    Steve Schear is the CEO of Lamarr Labs. He has led development of commercial spread spectrum radios and held engineering, business development and marketing positions at TRW, Citicorp, Cylink, Com21, Mojo Nation and Counterpane Internet Security. Steve is currently the project administrator of GNURadio.

    Dr. Walter C. Daugherity
    Texas A&M University
    Quantum Computing 101: How to Crack RSA

    The brand-new technology of quantum computers offers the prospect of exponential speedup, making heretofore infeasible problems like cracking RSA conceiveable. The fundamentals of quantum computing are presented, and how a quantum computer could be used to crack RSA is described.

    Dr. Walter C. Daugherity is a Senior Lecturer in Computer Science and Electrical Engineering at Texas A&M University. He received a bachelor's degree from Oklahoma Christian University, and master's and doctor's degrees from Harvard University. His research interests include fuzzy logic, object-oriented programming, and quantum computing. With David A. Church he created the first course in quantum computing at Texas A&M University, which will be offered for the third time in the fall semester this year.

    Gingerbread Man Lock Picking: Techniques and Tools for High Security

    The talk will cover current techniques used for picking locks such as mushroom pin tumblers, medeco, abloy, and tubular locks. The talk will also cover how to formulate attacks on new locks.

    I am a self taught hobbyist. I have five years experience in amateur locksmithing. I am currently attending a Canadian University as a Computer Science major.

    Agent OJ
    Applescript (in)Security in OS X

    AgentOJ, a Macintosh programmer for Team2600, will be speaking on Applescript in the OS X environment, covering both attack and defense tools using Applescript. Topics covered will include: Applescript as an information gathering tool (system info, list of users, open services, etc). Applescript as an attack tool (applescript trojans, destructive scripts, exploiting scriptable applications, and a proof of concept applescript trojan). Applescript as a defense tool (log checking, locking down an OS X system, automating network security scripts, and a proof of concept applescript defense suite). General applescript security practices will also be covered.

    John Q. Newman Post 9/11 Privacy

    No bio or topic synopsis available at this time, however John is an exellent speaker and his lectures are always entertaining as well as informative

    DJ Sweet Sensation SNMP Attacks/Security

    No bio available

    Michael I. Morgenstern
    Global InterSec, Moderator

    Richard Schaeffer
    National Security Agency

    Marcus H. Sachs
    Office of Cyber space Security

    O. Sami Saydjari
    SRI International

    Steve Lipner
    Microsoft Corp

    Tom Parker
    Global InterSec

    Disclosure: The Mother of All Vulnerabilities

    Michael Morgenstern will be leading a panel comprised of several individuals from the 'other side' of Information Security. Panel highlights will include:

  • An overview on vulnerability disclosure in the past
  • Potential impacts of irresponsible disclosure
  • New threats (Does cyber terrorism exist?)
  • The vulnerability disclosure "food chain"
  • The issues involved in the handling of a new vulnerability, from the perspective of a commercial software vendor.
  • What "responsible disclosure" means.
  • The ideal disclosure metric, is it plausible?
  • Ways in which communities can work together to better the disclosure process.

    There will be time for questions during and after the presentation

  • Robert 'V1ru5' Lupo Introduction to Computer Viruses:
    Understanding the Fundamentals of How to Identify, Remove and Defend Against Hostile Code

    This talk will cover:

  • How different computer viruses work "boot sector, file infector, multi-parti, VBS, Java, the different OS viruses, etc..."
  • How to remove different computer viruses with and without anti-virus software.
  • How to defend against computer viruses and hostile code.
  • Computer viruses and different operating systems.
  • The future of computer viruses and hostile code.

    Robert Lupo "V1RU5" currently works for Expedia.com as there global network security engineer. He has several certifications in security including CCSA, CCSE, Internet Security Certified, and MCSE. Robert has lectured at Defcon in the past plus H2K, H2K2, University of Illinois, North Dakota State University and others nation wide.

  • Michael Rogers
    Exceptional Software Stratagies, Inc
    Steganographic Trojans

    As anti-virus manufacturers develop more efficient techniques for stopping an infection, potential attackers must become more cunning and resourceful in their deployment methodologies; they must create "invisible" code...but how? What are the possibilities of developing an invisible virus or Trojan?

    The purpose of this talk is to explain the research we have collected, and to identify potential distribution methods, including JPEG, MPEG, and MP3, which may utilize steganographic hiding techniques to obfuscate the source code of various programs such as viruses and Trojans.

    Michael has been working in the information security field for 4 years and is currently the Senior Security Engineer for Exceptional Software Strategies, Inc, located in Baltimore, Maryland.

    Selling Out For Fun and Profit

    Recent events in the security industry have caused multiple groups to cry foul and claim that many so called hackers have sold out. A war of words has errupted between those crying foul and those who have apparently sold out. Most recently, Gweeds presented a talk at H2K2 that touched on many nerves when he pointed fingers at specific people in the security industry.

    While the talk given by Gweeds was based mostly on made up stories and FUD he touched on some points that deserve a bit of attention. Additionally, the articles written in The Register by Thomas Greene points out that the media in general has a responsibility to verify facts -- somthing does not seem to be hapenning.

    The talk presented by hellNbak will address these issues along with some of the dirty little secrets in the security industry. In general, Hackers hack for the quest of knowledge and the ability to be places that others cannot go. Based on this, Hacktivism, cyberterrorism, and selling out is a myth and until hackers are hacking for a real cause it always will be.

    hellNbak has been around the IT Security industry for 11 years and a member of NMRC for three of those years. He has worked in a security related capacity for large companies such as IBM, BindView Development and Ernst & Young. Up until this year, hellNbak has found it necessary to hide behind his NMRC nym but after DefCon hellNbak, now a self employed Security Consultant, no longer needs the cover of a nym to protect himself from clueless managers and threatening venduhs.

    Richard Thieme
    1992 ... 2002 ... 2012 ...
    Hacking: The Next Ten Years

    Ten years ago hacking was a frontier; ten years from now, hacking will be embedded in everything we do, defined by the context in which it emerges. Real hackers will be pushing the frontiers of information networks, perception management, the wetware/dryware interface, and the exploration of our galactic neighborhood. Mastery means not only having the tools in your hands but knowing that you have them ... and using them to build the Big Picture. Richard Thieme illuminates how to do that.

    Richard Thieme is speaking for the seventh year at Def Con. He is a contributing editor for Information Security and has written for Wired, Forbes, Salon, and Secure Business Quarterly. He recently spoke for the FBI's Infragard Superconference, FS-ISAC and the Dept. of the Treasury as well as other hacker cons and numerous businesses and associations. His column Islands in the Clickstream is at www.thiemeworks.com.

    Kevin Spett
    SQL Injection

    SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping potentially harmful characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this talk is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general.

    Kevin Spett is a web application security expert and researcher. His discovery new SQL injection attack techniques and frequent security mailing list postings have made him among the most respected web application security professionals in the world. Kevin's responsibilities include maintaining the SPI Dynamics SecureBase and researching web application security concepts and software. He has been a SPI Dynamics employee since its inception.

    John L. Dodge

    Steve S. Mautsatsos

    Bernadette H. Schell

    Should Organizations Employ Hackers?
    Implications Drawn From the Book Hacking of America

    This DefCon10 presentation, while drawing from the study, will discuss the implications of employing hackers in the work place. The book Hacking of America (Greenwood, 2002) reports on the Laurentian University study of the hacker community and in particular the conference participants of DefCon8 and H2K. The study data was collected though a 20 page self-report questionnaire completed by hackers at these conferences. It was also supplemented by selected in-depth interviews.

    John Dodge is a Full Professor of E-Business at Laurentian University, Canada, Bernadette Schell is the Dean of Business Information Technology at the University Of Ontario Institute Of Technology (UOIT), Canada and Steve Moutsatsos is a partner with the law firm Weaver Simmons.

    John L. Dodge Is the Director of the Electronic Business Science Program and is a professor within the School of Commerce of Commerce and the Department of Math and Computer Science at, Laurentian University, Sudbury, Ontario, Canada. As a partner in a management-consulting firm, he lectures and consults widely on e-business and organizational strategic issues. Prior to his academic appointment, he was President and CEO of a venture capital firm, and Vice-President Development for a mining and development company. He holds a Bachelor of Engineering from Dalhousie University, a Master of Business Administration from Ivey School of Business, University of Western Ontario and a Ph.D. from the University of Bradford in the U.K. He is a Certified Management Consultant (CMC) and a Professional Engineer (P. Eng.).

    Steve S. Moutsatsos, LLB (Queen's University, Ontario), LLM (LSE), is a partner with the law firm of Weaver, Simmons, Sudbury, Ontario, Canada. He has practiced as a commercial lawyer in the information technology field for over twelve years, acting as counsel for both multinational technology companies as well as various small software developers and internet start-ups. Steve is a part-time lecturer at Laurentian University, where he also serves on the Board of Governors.

    Bernadette H. Schell is Dean of Business Information Technology, Universi_ty of Ontario Institute of Technology (UOIT), Canada and President of an HR consulting firm in Sudbury, Ontario. She lectures widely on stress management, executive stress, and stalking protection measures. She is also author of a Self-Diagnosis Approach to Understanding Organizational and Personal Stressors (1997), Management in the Mirror (1999), and Stalking, Harassment, and Murder in the Workplace (2000), all published by Quorum Books. She is the recipient of the Laurentian University Research Excellence Award (2000).

    Hackerz Voice Newspaper
    Advanced Shellcodes

    Shellcodes are tiny machine language programs designed to be injected inside a vulnerable process and executed with its priviledges. They traditionaly do simple actions, like exec-ing a shell or writing to a file. They can be easily defeated by host intrusion prevention and detection systems like filesystem ACL, kernel system calls ACL, non-privileged chrooted processes, etc. Is it possible to bypass these security measures, or at least take advantage of what they permit ? In this talk FozZy will present how to design small polymorphic shellcodes downloading encrypted modules or binaries and executing them directly in memory. (ever got a shell without running /bin/sh ? ;) Trough live demos with HIDS and NIDS on, we'll see the limits of current security systems on open-source OSes.

    FozZy is the director of the french "Hackademy" and chief redactor of the newspaper "Hackerz Voice". Topics covered include computer and network security and intrusion, real social engineering attempts, french credit and phone cards hacking, and hardware hacking.

    Mr. Michael Glasser CRL AKA Laz High Security Locks, and Access Control Products

    The topic of the talk will be covering both high security locks, and access control products. The locks covered will be including, Medeco, Mul-T-Lock, Assa, Fichet, Concept, Miwa and others. The access control technology will cover, Proximity cards, Mag stripe cards, Biometrics, keypad technology, and others.

    Questions will be answered on other topics, such as safes, standard locks, lock picking, CCTV, computer security, and other security issues.

    Michael Glasser is an ALOA Certified CRL and a New York State Licenced Alarm Installer. He is a member of both ALOA, and the North Jersey Master Locksmith Association.

    He currently is working as a manufacturers rep for access control and security electronics. The companies he reps are Bioscrypt, IEI, Recognition Source, Tatung, and others.

    Roger Dingledine
    The Free Haven Project
    The Mixminion Anonymous Remailer Protocol

    Mixminion is a message-based anonymous remailer protocol intended to take the place of the old Mixmaster network. Mixminion provides secure single-use reply blocks (Mixmaster provides no support for replies, instead relying on the older and less secure Cypherpunk remailers), and introduces nymservers that allow users to maintain long-term pseudonyms using single-use reply blocks as a primitive. It also integrates directory servers that allow users to learn public keys and performance statistics of participating remailers. I'll cover a variety of serious anonymity issues with Mixmaster and other deployed networks and published designs, and also describe some of the many surprising anonymity risks that come from adding these new services.

    As a cryptographer and network security expert, Roger Dingledine lives in that space between theory and practice. He prefers to tackle the really hard problems so one day we can build real solutions. Current interests include anonymous publishing and communication systems, censorship-resistance, attack-resistance for decentralized networks, and reputation.

    Thomas J. Munn, CISSP



    Using Filesystem Crypto and Other Approaches to Protect Your Data/Privacy on BSD and LINUX

    This talk will cover using the LOOP-AES package to encyrpt data on a removable, USB hard disk in linux.

    The presentation will focus on using encryption to protect your data, via using GNUPG, removable keychain, and a removable hard disk, to encrypt your home directory. It will focus on how to install the USB device, include a script for getting things going "automagically", and installing the LOOP-AES patch to both a stock and a custom kernel. The bsd portion of the talk will cover the use of tightvnc, ssh tunnels, 802.11 and vnconfig to keep personal data personal in a business environment.

    Thomas Munn-- Thomas Munn started security in 1997, working for Kellogg's on a now defunct firewall. He has worked in the financial, health, and cereal industries. He has spoken at the last 3 defcons, on topics ranging from personal firewalls to automated intrusion detection ideas. His outstanding accomplishments are: setting up a SNORT IDS box, integrating windows and NT via ssh, and getting a loopback device to encrypt his homedirectory. His first computer was an Atari 800. He enjoys meeting hacker types and learning from them. He knows a little perl, and is a LINUX guru, with a smattering of OPENBSD. He despises Microsoft Windows.

    tgr2mfx-- tgr2mfx has been #!'ing in an Installshield world since the days of BSD/386. He hails originally from Plessis, NY but streetraces in Denver now. Wills current projects are writing fibonacci sequencers in bourne shell, fidgiting with a bourne shell SQL equivalent for /etc, a p2p file sharing system (using multicast-ip6, ssh and nfs) and an automagic src and ports installer for OpenBSD.

    Michael Schrenk Introduction to Writing Spiders and Web Agents

    You can have a lot of fun with the Internet by ditching your browser in favor of writing special purpose programs that look for -- or do -- very specific things on the Internet. This session will equip you with techniques to extract and interact with data from web sites without a browser, parse and filter data, follow links, deal with encryption and passwords, and manage terabytes of information. You'll also learn why writing these programs is a useful activity, and walk away with ideas and abilities to write useful spiders or web agents of your own design.

    Michael Schrenk is a freelance Internet developer, instructor and writer. Much of his consulting business revolves around the creation of spiders, which search the Internet for information of value to his clients. He has also developed web strategies and online applications for Disney, Adidas, Nike and many others.

    Ian Vitek
    Citrix and Terminal Services

    Citrix and Terminal Services are becoming very popular. Ian Vitek will speak about:

  • Scanning and finding Terminal Services and Published Applications. This will include statistics of open and vulnerable servers.
  • Connection to Published Applications. This can be harder than you think. Most of the servers have Published Applications. You can’t just see them.
  • Breaking out from the given environment and elevation of rights.
  • Demonstration. The way administrators set up their Citrix servers every so often the Citrix client can’t enumerate Published Applications or connect to them from Internet. Tools for enumerating and connecting to Published Applications will be released.

    Ian Vitek has been working for iXsecurity in Sweden as a Penetration Tester for seven years. He is more a networking guy then doing assembly stuff. He is the writer of macof and briiis.

  • Nicolas Fischbach


    Sébastien Lacoste-Seris

    Layer 2, Routing Protocols, Router Security & Forensics

    Our talk will cover the (in)security of layer 2 protocols (CDP, xTP, HSRP, VRRP, VLANs, etc) and its consequences. We will also discuss routing protocols attacks and how to (try to) protect your infrastructure. The architecture, security, secure management and forensics of routers and switches will also be covered. This last part of the talk will be complementary to the presentation from FX of Phenoelit.

    Nicolas Fischbach is managing the IP Engineering Department and Sébastien Lacoste-Séris is the Security Officer and managing the IP Research & Development Department at COLT Telecom AG, a leading provider of high bandwidth data, Internet and voice services in Europe.

    Nicolas and his team are working on network, system and security architectures for the Swiss network. Previously he was dealing with the Internet Solution Centre deployment and security processes/auditing for major financial institutes, insurance companies and large hosting/housing projects. He worked for a french ISP and he's also teaching network and security courses in engineering schools and universities. He has an Engineer degree in Networking and Distributed Computing.

    Sébastien Lacoste-Séris is leading the Research and Development department for COLT Telecom AG and is also in charge of the security for Switzerland. His team is mainly working on the evaluation, integration and development of new IP based technologies. He previously worked for several major European ISPs as a network and security architect, he also did consulting and software auditing (ITSEC) for a security company. Sébastien holds a Degree in Computer and Network Engineering.

    Nicolas and Sébastien are co-founders of Sécurité.Org a french speaking portal on computer and network security, and are frequent speakers at technical and security conferences. You can reach them at webmaster@securite.org

    Sean Lewis
    BSD Security Fundamentals

    FreeBSD security fundamentals will cover some security basics as well as advanced topics on FreeBSD host and network security. Emphasis will be on hardening a FreeBSD machine from the inside-out, locking down ports, services, filesystems, network activity, etc. Some of the material presented in this talk will be BSD-agnostic, and some will apply to a UNIX environment in general. Review of several recent UNIX security vulnerabilities and valuable information on monitoring and safeguarding your system as well as your network.

    Sean Lewis has over six years of computer security experience, focusing mainly on UNIX systems - hardening, penetration testing and kernel-level lockdown of servers in various roles. Sean has designed systems for various large organizations that assume critical network roles and must be among the top host-based secured machines on the network. Using open source technology, these systems are not only some of the most secure machines you can find, they are also some of the least expensive. Sean is a Checkpoint Certified Security Administrator, and has in-depth knowledge of firewall installation and maintenence as well as penetration testing and evasion tactics with popular firewall products in use in Corporate America. Sean has also designed networks of varying scales, including a high-speed, high-availibility B2B e-business trading infrastructure that attracts millions of hits per month. Sean also has experience with Windows NT and 2000 security as well as a large deal of work with networking devices such as switches and routers. He also has published several documents regarding Windows NT and IIS security, including 'quick checklists' for post-installs and ongoing maintenence currently in use by several large organizations.

    Lucky Green
    Trusted Computing Platform Alliance: The mother(board) of All Big Brothers

    The Trusted Computing Platform Alliance, which includes Intel, AMD, HP, Microsoft, and 180 additional PC platform product vendors, has been working in secrecy for 3 years to develop a chip which will begin shipping mounted on new PC motherboards starting early next year.

    This tamper-resistant Trusted Platform Module (TPM) will enable operating system and application vendors to ensure that the owner of the motherboard will never again be able to copy data which the media corporations or members of the TCPA don't wish to see copied, or to utilize the TCPA's software applications without pay.

    Lucky Green will explain the history of the TCPA and the alliance's efforts, identify the dominant players in the TCPA and their objectives, discuss how the members of the TCPA will be able to limit and control a user's activities by remote, show how TPM's might permit a software vendor to exploit a bug in the GNU General Public License (GPL) to defeat the GPL, and detail previously unthinkable software licensing schemes which the TCPA enables.

    Lucky will then analyze the bill currently pending in the U.S. Congress (S. 2048 S.2048) that will make it illegal to sell PC hardware in the future that does not comply with the TCPA's specifications.

    Lucky Green has been a long-time activist in the Cypherpunks cryptography advocacy movement. He is best known for his role in coordinating the reverse engineering and break of the GSM digital mobile telephony authentication and voice privacy systems, showing that the systems had been deliberately weakened in the interest of facilitating national intelligence collection. Lucky also FedEx'ed, at his own expense, crates of PGP source code books to Europe, becoming the first person to legally export PGP from the United States. Faced with a demonstration of its absurd position that it was legal to export books from the U.S., but not electronic copies of the source code contained within those books, the U.S. Government came under increasing pressure from industry and was forced to relax governmental controls on strong cryptography in January of 2000.

    Ryan Lackey Anonymous, Secure, Open Electronic Cash

    Electronic cash has been the lynchpin of cypherpunk software goals for decades -- yet, there is no viable electronic cash system in the marketplace. We will describe the theory, applications, past attempts, politics, failures, and successes in the field. We present a specification and implementation of a new system which is secure, open, extensible, Free, and which will hopefully avoid the technical and strategy mistakes which plagued earlier systems. We will solicit developer involvement in creating applications which use this infrastructure. We hope this infrastructure is a first step toward limiting the power of governments and other oppressors vs. individuals and small groups throughout the world. It is also an example of how to proivide a critical infrastructure application, in an open-source form, in the post-dotcom world, and a generally-applicable demonstration of how security hardware and software can be used in applications to win user trust.

    Ryan Lackey, founder and CTO of HavenCo, has been involved with electronic cash and other cypherpunk applications for years. In addition to HavenCo and living full-time on Sealand, he works on several open-source software and hardware projects which are finally ready for public launch. He has a great interest in seeing technology deployed in the service of individuals fighting against the State.

    William Reilly


    Joe Burton

    Dmitry Sklyarov and the DMCA: 12 Months Later

    Joe Burton will discuss the events that lead to Dmitry's arrest last July in Las Vegas for violating the DMCA. Joe will also discuss the legal issues surrounding the case, the current status of the criminal proceedings in California and some thoughts on the future of the DMCA. Joe has been one of the nation's leading critics of the aggressive civil and criminal application of the DMCA's anti-circumvention provisions. Bill Reilly will discuss how non-US software developers and others can avoid falling into US digital jurisdiction by analyzing how the Federal government brought charges against Dmitry. Joe and Bill will also discuss how the DMCA, the USA Patriot Act and other recent legal developments are increasing the liability for network administrators and network security specialists.

    Bill Reilly is a California-based attorney who specializes in Network Security and Intellectual Property law. He is a GIAC-certified Advanced Incident Handling Analyst and author of numerous articles on network security law. He is also Managing Editor of the Journal of Internet Law and writing a network security law handbook for system administrators and CIOs.

    Joe Burton is a partner in the San Francisco office of Duane Morris LLP, a national law firm with approximately 500 lawyers. Joe is the defense counsel for ElcomSoft Co., Ltd., Dmitry Sklyarov's Russian employer. Joe also represented Dmitry in his initial court appearances last summer in Las Vegas and San Jose. Joe practices in the area of complex civil, criminal and appellate litigation. His practice includes trade secret and patent litigation with an emphasis in cybercrime and cybersecurity matters. Joe was also former chief of the U.S. District Attorney's office in San Jose, where he initiated and supervised all federal prosecutions in the San Jose venue, reporting directly to the United States Attorney in San Francisco.

    Adam Bresson
    DEF CON 10 Talk: Consumer Media Protections

    Did you buy The Fast and the Furious Soundtrack only to find out you couldn' t archive the songs to MP3s on your PC? Companies including Vivendi Universal, AOL Time Warner and Sony employ different protection methods on DVDs, video games and CDs. Many consumers argue that these protections abrogate their legal rights. I'll be presenting a broad overview of these Consumer Media Protections (CMPs) and will conduct demonstrations of how to identify and bypass them. I will focus on bit-level video game, video signal and audio CMPs. Whichever side of the legal argument you fall on learn the law, learn your rights and speak-up.

    Adam Bresson owns GreentreePC a Los Angeles-based on-site network consulting service. At DEF CON 8 and 9, he spoke on Palm and PHP security, respectively. He founded and continues to develop two exciting Internet startups: Recommendo.com and GetAnyGame.com




    Resurrecting the Scene Through Local 'Hacker' Meetings

    Many people are interested in bringing their local underground community closer together by organising meetings for those in the area. While this is certainly a good idea, doing it successfully is not as simple as it sounds.

    Grifter (Salt Lake City 2600) and skroo (Los Angeles 2600) intend to cover the more relevant points of starting local meetings. Topics discussed will include identifying if your area needs a meeting, setting things up, choosing a location, running the meeting, and keeping it going successfully. This will be done in a Q&A session based on the speakers' experiences both attending and running 2600 and other meetings. Questions from the audience will be actively encouraged.

    Rich Bodo
    Managing Director, Open Source Telecom Corporation
    It is Now Safe to Compile your Phone System

    The telephony industry was late to adopt open-source software and commodity protocols. The open-source development community is rapidly correcting that problem. Everyone from enthusiasts to Fortune 500 companies are now deploying open-source telephony software, from PBX's to voice messaging systems to VoIP gateways. This lecture will focus on the practical. We'll provide demos of the major open-source telephony systems, a brief tutorial on rapid application development, and a discussion of the effect these systems will have on the future the industry. Special attention will be paid to Bayonne and other GNU projects, and their relationship to the more ambitious GNUComm and GNU Enterprise meta-projects.

    Attendees should leave with an understanding of the general capabilities of the major existing open-source telephony projects and a working knowledge of basic application development with the GNU telephony subsytem.

    Rich is a regular contributor to the Bayonne project, and the coordinator of the GNUComm and Voxilla projects. He worked as a software engineer at several silicon valley telephony companies, and one Linux company, before founding Open Source Telecom Corporation (OST). OST has been deploying open-source telephony systems since 1999. He has most recently spoken at the O'reilly Open Source Convention and the Intel Communications Tech Summit. He organizes the bi-annual Free Telephony Summit as well as the Telephony BOFs and GNUComm booths at LinuxWorld conventions.

    Ian Clarke
    FreeNet Project
    Freenet, Past, Present, and Future Direction

    Freenet is a system designed to allow people to publish and read information on the Internet with reasonable anonymity for both producers and consumers of information. To achieve this, Freenet uses a totally decentralized emergent architecture. This talk will describe the interesting aspects of Freenet, the challenges we have faced, and what the future holds for the project.

    Ian Clarke is the architect and coordinator of The Freenet Project. Ian holds a degree in Artificial Intelligence and Computer Science from Edinburgh University, Scotland. He has worked as a consultant for a number of companies including 3Com, and Logica UK's Space Division. He is originally from County Meath, Ireland.

    Jaeson Schultz


    Lawrence Baldwin

    Extreme IP Backtracing

    A prudent System Administrator will review system logs. While performing this log analysis, administrators may detect nefarious activity of various types (port probes, exploit attempts, DOS/DDOS). Of course, what you receive in the system logs doesn't contain the offender's name and telephone number. Rather, most Firewalls and Intrusion Detection Systems will log an IP address, or at best, a reverse DNS lookup of the IP address. This presentation outlines several "Road-Tested" techniques for tracing IP addresses back to a responsible party. Included are many real-world examples from our research; Step-by-step traces ranging from the trivial to the impossible.

    Jaeson Schultz is an independent security consultant specializing in log analysis and intrusion detection. He has accumulated over 14 years experience programming and troubleshooting networks for various governmental and corporate organizations. Formerly employed by Counterpane Internet Security, Jaeson spent the last two years monitoring the security of Fortune 1000 companies and performing Security and Software Engineering. While at Counterpane, Jaeson helped to identify the networks responsible for the thousands of alerts received at the Counterpane Secure Operations Center per day.

    Lawrence Baldwin is an independent Network Performance Consultant and author with over 15 years experience in deep protocol analysis and troubleshooting mission-critical networks and applications for Fortune 500 companies. In 2000, Baldwin developed and deployed one of the first Internet "neighborhood watch" systems known as myNetWatchman (mNW). mNW is a distributed IDS (dIDS) that uses the collective awareness of thousands of cooperating participants to identify compromised hosts and notify compromised machine owners. In an average day, mNW processes more than 1,000,000 events from a global sensor network of more than 1,300 firewall and IDS systems in 40 countries. mNW analyzes and back traces event activity from 50,000 unique hosts per day, identifying compromised hosts and sending e-mail notifications at a rate of approximately one per minute. The data collected by mNW enables analysis of global attack trends, identification of DDoS bot assimilation activities, and signature-independent detection of new worm activity.

    Huagang Xie
    IntruVert Networks
    Linux Kernel Security with LIDS

    The talk will discuss the backgroup, current architecture and use the LIDS. And also will talk about what kind of attacks LIDS can detect and prevent and finally will get into details how to build a secure linux system with LIDS.

    Huagang Xie, the author of the open source (GPL) LIDS project, is a kernel hacker and linux enthusiast. Gradudated from Tsinghua University and Insititue of Computing Techology of Chinese Academy of Sciences,he has extensive experience in linux kernel, kernel security and Host/Network based IDS. He currently works as software engineer at IntruVert Networks.

    FX and FtR
    Attacking Networked Embedded Systems

    Servers, workstations and PCs are the common targets of an average attacker, but there is much more to find in todays networks. Every device that has a processor, some memory and a network interface can become a target. Using printers and other common devices as examples, we will show how to exploit design failures and vulnerabilities and use the target as an attack platform. We will also release some tools, methods and sample code to entertain the audience and aid further vulnerability research in this area.

    FX is the leader of the German Phenoelit Group. His and the groups interest is in less known or commonly ignored protocols, devices and techniques. FtR of Phenoelit is the resident Perl guru and algorithm guy of the group.

    Matthew G. Marsh
    Chief Scientist
    Replacing TripWire with SNMPv3

    This talk demonstrates how to use SNMPv3 software (specifically illustrated using Net-SNMP) both with minor custom configurations and also with specialized MIBs and Agents to provide file data and file hashes on demand over secure channels. I also discuss the use of the TCP Inform Trap as a syslog style message transfer mechanism. I spend the majority of the time showing how the authentication and privacy features of SNMPv3 provide robust bi-directional security message transfers. Along the way I demonstrate how to use the split between the authentication and privacy features to provide double blind random file hashes of a managed system. Use of trigger settings to capture file changes will be discussed. I provide the example MIBs and related Agent code for general Unix platforms running Net-SNMP and where possible discuss how to get the code working on Microsoft or other platforms. Time permitting I will digress into ways to integrate these techniques into common Network Management platforms.

    Chief Scientist of the NEbraskaCERT, President & Founder of Paktronix Systems LLC, Author of "Policy Routing Using Linux" (SAMS), Creator of PakSecured Linux. Working in network management and architecture since 1983 specializing in routed IP/IPX/SNA networks. Worked extensively with various SNMP platforms both as a user and as a vendor. On NEAR & BIT -Net in 1984 (PreHistoric Internet) and addicted ever since. As Chief Scientist of the NEbraskaCERT researching IPv4/IPv6/IPSec Integrated Security Networks. Developed the first (and currently still the only) SNMPv3 managable policy routing firewall system for Linux available under GPL at http://www.paksecured.com. Actively researching management and design of Integrated Security Networks.

    Wilco van Ginkel
    The Other Side of Information Security

    Until now, the focus of Information Security within organisations was mainly technical. Organisations are becoming more and more aware of the fact that this technical side - although very important - is just one part of the total security solution. Currently, organisations are increasingly changing their focus to the organisational side of Information Security. In order to control the organisational issues of Information Security, an organisational oriented approach is needed. Such an approach will be the subject of this talk and will give the audience an overview, ideas, references, hints & tips of this organisational side. Items to be discussed are:

  • Risk Management
  • Security Policies & Procedures
  • Security Standards
  • Security Awareness
  • Security Auditing & Monitoring
  • Where Organisational meets Technical

    Wilco has University backgrounds in Business Economics, Business Administration, Computer Science and Information Security. He has held positions as assistant teacher at the Erasmus University Rotterdam (NL), as Technical IT Auditor, as IT Security Architect, and as teacher Information Security at different business schools and universities. Currently, he works as Senior Security Consultant for Ubizen, where he is also a teacher for Ubizen College. When he is not working, you can find him under water (Scuba Diving), playing computer games, travelling or reading a book.

  • Aaron Higbee


    Chris Davis
    Senior Security Consultant

    DC Phone Home

    DC Phone Home (DreamCast Phone Home, a pun on the well-known film ET: The Extraterrestrial) is a project that challenges conventional enterprise security models by showing the ease by which an attack to an organization's network resources and infrastructure can be performed from an internal perspective. Simply put, once the DreamCast is deployed, it 'phones home' joining an organization's internal network with a remote network. We show that this type of attack can be performed easily with a variety of available hardware and software and in such a way that is not easily discovered by an organization's employees or security resources. Our presentation will include development descriptions and demonstrations of the attack tools that we have developed and are continuing to develop. The attack tools are comprised of a SEGA Dreamcast, a Compaq iPAQ handheld device, and a bootable x86 CD-ROM which can perform the attack using any available PC. Using open-source tools that we have ported to these platforms, we have created devices that 'phones home' over known protocols.

    Aaron Higbee has been working in information security for the past 4 years, getting his start at Earthlink Network as a Network Abuse Administrator. In this position, Aaron became intimately acquainted with the tactics of spammers, hackers, and every kind of network abuse imaginable. Later, while working as RoadRunner's Senior Security Administrator, Aaron learned and responded to the network abuse problems that plague broadband connections. Working at two national service providers, Aaron was able to become an expert in the tactics of hackers and the mistakes that get them caught. This experience made his transition from incident response to penetration testing a natural one. Currently, Aaron works for Foundstone Inc. as a security consultant.

    Chris Davis has been working in the field of information technology for 8 years, with a concentration on information security for the past 4 years. He has participated in secure systems development, information security consulting, penetration testing and vulnerability assessments, and information security R&D. He is a contributing author to Newrider's recent publication Building Linux Virtual Private Networks(VPN) and continues to write and publish various papers. He has developed and instructed a number of courses, the most recent of which was a 3-month course on software vulnerability discovery and exploit coding. Currently, Chris is a Senior Security Consultant for RedSiren.

    Thomas Rude aka Farmerdude, CISSP
    RedHat, Inc.
    Next Generation Data Forensics & Linux

    The field of data forensics ('computer forensics' as commonly referred to) is rapidly changing. Historically data forensics was focused on the imaging, analysis, and reporting of a stand-alone personal computer (PC) hard drive perhaps 1 gigabyte (GB) in size using DOS-based tools. However, due to a number of changes and advances in technology an evolution has begun in the field of data forensics. So where do we stand today? Increasingly, forensic examiners are faced with analyzing 'non-traditional' PCs, corporate security professionals are doubling as in-house forensic examiners and incident first responders, and critical data is residing in volatile system memory. This is the 'Next Generation of Data Forensics.' What is the Next Generation Data Forensics platform of choice? Linux. Why Linux? There are a number of key functionalities within the Linux operating system environment that make it the best platform for data forensics. Among them:

  • everything, including hardware, is recognized as a file
  • support for numerous filesystem types
  • ability to mount a file via the 'loopback driver'
  • ability to analyze a live system in a safe and minimally invasive manner
  • ability to redirect standard output to input, or 'chaining'
  • ability to monitor and log processes and commands
  • ability to review source code for most utilities
  • ability to create bootable media, including floppies and compact discs

    farmerdude is a Security Consultant for Red Hat, Inc. When not performing vulnerability assessments, penetration tests, or designing security technologies such as firewalls and VPNs, he can be found in the lab testing various security tools, applications, and operating systems for weaknesses and flaws. farmerdude has presented on topics ranging from steganography, data forensics, and social engineering, at various Cyber Crime and INFOSEC conferences. In addition to serving as the current Vice President for the Atlanta Chapter High Technology Crime Investigation Association (HTCIA), he is also a member of the Atlanta Metropolitan Crime Commission.

  • Dr. Cyrus Peikari, CTO, VirusMD


    Seth Fogie, Director of Engineering, VirusMD

    Hacking .NET Server

    Windows .NET Server is Microsoft's new contender against Linux in the server market. Scheduled for release in 2003, .NET Server (which was originally released for beta testing under the codename "Whistler") is re-engineered from the Windows 2000 Server codebase. .NET Server's survival will probably depend on how users perceive its security. Bill Gates himself realized this when he released his "Trustworthy Computing" memo in Jan. 2002. His ultimatum echoed what hackers have been saying for years: get secure or fail.

    This speech will focus on the new security features in .NET Server -- and how to break them. The purpose is to identify early weaknesses while the OS is still a release candidate so that developers and network administrators can make informed decisions before deployment. This talk is technical, using live examples and some source code, but there will also be enough general information to benefit anyone interested in .NET Server security. Coverage includes weaknesses and exploits in the following areas:

  • Windows Product Activation (WPA) on .NET Server
  • New Encrypting File System (EFS) changes
  • .NET Server Smart Card support
  • Kerberos implementation
  • Wireless standard implementation
  • Remote Desktop Security
  • Death of the Microsoft Security Partners Program (MSSP)
  • Microsoft security partners full disclosure "gag rule"

    Dr. Cyrus Peikari is Chief Technology Officer of VirusMD Corporation. Seth Fogie is Director of Engineering at of VirusMD Corporation. Peikari and Fogie co-authored the first book ever written on .NET Server: "Windows .NET Server Security Handbook" from Prentice Hall PTR (ISBN 0130477265).

  • Simple Nomad
    Widdershins: The Hacker Nation

    Post 9-11 knee-jerk legislation such as the U.S. Patriot Act. Calls for new legislation requiring ISPs to retain 90 days worth of email. The European Union collecting Internet communications. The continued fall of the nation state, and continued rise of the transnationals. Echelon. Carnivore.

    Last year's Widdershins talk outlined a need for hackers to band together, put aside petty differences, and start thinking about what we can do as not just hacker but humans to help the war on privacy. It appears to many that the war may be over, and we seem to have lost.

    This year we have to face the fact that the playing field has shifted. We can no longer stand on the sidelines. The time is now. The ability to communicate privately and securely on the Internet is rapidly dwindling. Therefore NMRC will be announcing and recommending some new software to help answer the threat to our online privacy.

    Simple Nomad is the founder of the Nomad Mobile Research Centre, an international group of hackers that explore technology. By day he works as a Senior Security Analyst for BindView Corporation. He has spent years developing and testing various computer systems for security strengths. He has authored numerous papers, developed a number of tools for testing the security and insecurity of computer systems, a regular lecturer at popular hacker and security conferences, and has been quoted in various media outlets regarding computer security.

    Network Printers and Other Network Devices, Vulnerabilities and Fixes

    Like computers on large heterogeneous environments, networked printers and other peripherals have vulnerabilities that can lead to exposure of data, denial of service, and as a gateway for attacks on other systems. Yet, while many organizations seek to protect their computers, they ignore printers and other peripherals. We will discuss general attacks against printers and other peripherals, with specifics on known (and some newly discovered) vulnerabilities in several brands of printers, and propose possible solutions to keep both computers and networked peripherals from attack. The talk is technical but not microcode technical, and the audience needs only to bring their brains, though familiarity with the various printers and other peripheral devices available on the market is a plus.

    Ltlw0lf (aka Dennis W. Mattison)is a consultant for both military and civilian organizations, primarily an instructor on information security and assurance classes for Solaris and other UNIX environments, as well as a security and penetration testing analyst, PKI engineer, policy designer, and systems administrator. As a hobby, Ltlw0lf dabbles in vulnerability discovery, and has released several vulnerability reports involving printers and other network devices. Ltlw0lf was the sysop of "The Programmers Connection BBS" in San Diego for 8 years, and has been involved with several Sysop and Systems Administrator organizations in the past.

    Chris Hurley
    Hardening Solaris Installs

    A step by step guide to hardening a Solaris installation. Focusing primarily on Solaris 8 but with concepts that apply to all Solaris/Unix installs, attendees will learn the steps that need to be taken to lock down a Solaris installation. While recognizing the best practice of pre-deployment hardening, the concepts presented also apply to already live Solaris installations. Rather than focusing on known attacks and reacting to them, this presentation will better equip system/security administrators to proactively reduce the risk of a successful attack against their systems.

    Chris Hurley is a Senior Information Security Engineer working in the Washington DC area. Primarily focusing his efforts on vulnerability assessments, he also performs penetration testing, forensics and incident response operations. He has spoken at the IATF Forums in Washington DC and has written numerous whitepapers for both print publications and online security sites. Many of his papers can be found at his site SecurityTribe and also at Security Horizon. He has worked as a DefCon Goon for the past three years which probably explains both the bags under his eyes and the rubber truncheon in his hand.

    Christian Grothoff
    Department Of Computer Sciences
    Purdue University

    GNUNet is an anonymous peer-to-peer networking infrastructure. GNUnet provides anonymity, confidentiality, deniability and accountability, goals that were thought to be mutually exclusive. In GNUnet, users can search for files without revealing the query to anybody. Intermediaries can not decrypt the query or the reply, but they can verify that the reply is a valid answer for the query. This allows GNUnet to deploy a trust-based accounting scheme that does not require end-to-end knowledge about transactions and that is used to limit the impact of flooding attacks.

    Anonymity in GNUnet is based on the idea that it a host is anonymous if the perceived sender of the message looks sufficiently like a router. Based on this realization, GNUnet nodes can individually trade-off anonymity for efficiency without affecting the anonymity of other participants. GNUnet is written in C and licensed under the GNU Public License. GNUnet is officially part of the GNU project

    Christian Grothoff is a Ph.D. Student in Computer Sciences at Purdue University. He is primarily working on OVM, a DARPA funded project to build a customizable real-time Java Virtual Machine. Christian Grothoff started the GNUnet project, a secure peer-to-peer file-sharing network to protect privacy.

    Jay Beale
    JJB Security Consulting & Training
    Bastille Linux
    Bastille Linux 2.0: Six Operating Systems and Still Going!

    Bastille Linux is a security tightening program that has proven capable of thwarting or containing many of the vulnerabilities discovered in operating systems. Originally written for Red Hat Linux, Bastille has now been ported to six operating systems, including HP-UX. This talk will talk about what Bastille does, what we've done to it in the last year, and what we're working on next. Most importantly, it will teach you something about hardening systems and beating worms, even if you're an old spacedog of a sysadmin.

    Attacking and Securing FTP

    The Unix FTP servers have been called 'the IIS of the Unix world' for their frequent and potent vulnerabilities. Each has provided remote exploits, usually at the root privilege level, on a consistent and frequent basis. WU-FTPd is the most popular Unix FTP server by far, shipping by default on most Linux distributions, and even on Solaris, and being installed most commonly on the rest of the Unix platforms. This talk will demonstrate working exploits on WU-FTPd, then show you how to configure WU-FTPd to defeat them. While the talk will use WU-FTPd as the primary example, we'll also discuss ProFTPd, the other major FTP daemon for Unix.

    Jay Beale is the president and founder of JJB Security Consulting and Training, LLC. He is the Lead Developer of the Bastille Linux Project, which creates a hardening program for Linux and HP-UX. Jay is the author of a number of articles on computer security, along with the upcoming book "Locking Down Linux the Bastille Way" to be published in the second quarter of this year by Addison Wesley. You can learn more about his articles, talks, courses and consulting via http://www.bastille-linux.org/jay.

    Drew Hintz
    Covert Channels in TCP and IP Headers

    How would you communicate securely in a country where encryption is outlawed or where key escrow is mandatory? How can you prevent the Feds from forcing you to turn over your encryption keys? Simple. Don't let your adversaries know that you're transmitting encrypted information. Using covert channels you can completely hide the fact that you're transmitting encrypted information. During this presentation we'll give an introduction to covert channels in TCP and IP headers, release a few vulnerabilities in current TCP timestamp covert channels, and demonstrate and release software that enables covert communication via TCP and IP headers.

    Brett Eldridge
    Mobile VPN Vulnerabilities & Solutions

    A real life solution to the mobile VPN problem will be presented. It uses OpenBSD on a laptop with a IPsec tunnel to a gateway. The real benefit to the audience is that potential security vulnerabilities will be discussed (e.g., sending IKE ID in the clear, allowing udp/500 to the gateway from all IP addresses, the use of Aggressive vs. ID Prot mode in Phase 1). In addition, potential solutions to those vulnerabilities will be presented.

    Brett recently joined NetScreen as the Director of Professional Services. Prior to NetScreen, he was a co-founder at OneSecure and before that a senior technical security consultant at HP Consulting. Brett has written numerous papers and presentations on security.

    T3 - Fred Trotter, CISSP
    Operating System Fingerprinting Library

    This is a fingerprinting library designed to bring together the fingerprinting capabilities of NMAP, QueSO and X (at least version 1). Using this library you should be able to add operating system sensitive code to your favorite Perl, Java, C or C++ code.

    At the most basic level the goal of this library is to provide a mechanism so that you can add code to your programs that reads

    if(OS.Family == Windows Family)
    { 'do something'}

    if((OS.Name == Linux) && (OS.Kernel > 2.2))
    { 'do somthing else'}

    At the same time the library will give you control over the execution of individual OS Fingerprint Tests. If you are interested in writing OS sensitive code or researching OS fingerprinting then this talk. (and the code) are for you. Everything will be released GPL.

    In his first life Fred Trotter worked at the Air Force Information Warfare Center, and was a spook. But, while the Air Force let him work on cool stuff, which was good, it paid crappy, which was bad. So, Fred quit working as a spook and went to work for Rackspace. And there was much rejoicing. At Rackspace Fred Trotter tried to protect the largest installed base of RedHat servers in the world, and often succeeded. Then that contract ended abruptly and there was wailing and gnashing of teeth, for Fred had been paid well, and had gotten used to bank. Then, Lo, exault was hiring, and Fred Trotter applied and was hired, and there was much rejoicing, and the people did feast upon the lambs and sloths etc. Then after 40 days (more or less) exault was bought by VeriSign. Then 40 days (more or less) later the VeriSign stock price plummeted, and the beatings given it by Wall Street were not just, or holy. But, Verily, though his stock options were worthless, he still had a cool job with a cool company in a crappy economy; and there was much rejoicing.

    Daniel Burroughs
    Institute for Security Technology Studies
    Dartmouth College
    Correlation and Tracking of Distributed IDS

    Standard approaches to intrusion detection and response attempt to detect and prevent individual attacks. However, it is not the attack but rather the attacker against which our networks must be defended To do this, the information that is being provided by intrusion detect systems (IDS) must be gathered and then divided into its component parts such that the activity of individual attackers is made clear. By applying techniques from radar tracking, information warfare, and multisensor data fusion to info gathered from distributed IDS, we hope to improve the capabilities for early detection of distributed/coordinated attacks against infrastructure and the detection of the preliminary phases of distributed denial of service attacks.

    Daniel Burroughs is a research engineer and Ph.D. candidate at the Institute for Security Technology Studies at Dartmouth College. His areas of research have included mobile agents, distributed simulation, and distributed intrusion detection. He is also the head of engineering for SignalQuest, Inc., which specializes in the development of embedded sensors.



    All content (c) 1992-2007 Dark Tangent. Site designed and maintained by BlackBeetle.