Def Con 0xB

Today Darth Elmo is unusually vexed by
heat, dehydration and fatigue. But somehow he's smiling, and
sporting a brand new black T-shirt with a cryptic yet discernibly
rude slogan on the back. What could this mean? Only one thing: it's
time for this year's Darth Elmo Def Con Dispatch!Def Con, of
course, is the biggest and best annual hacker convention in the US.
Def Cons take place in Las Vegas, Nevada, and span a three-day
weekend in early August or late July. The convention is attended by
thousands of information security professionals, hackers of all
shapes and UNIX affiliations, law enforcement officers both federal
and not, and journalists both clueful and clueless. Def Con is part
security convention, part family reunion, part flea market and 100%
party. This year's Def Con, the eleventh, didn't disappoint in the
fun or socializing departments, and it delivered pretty well on
interesting ideas and discourse, too.Def Con EventsBefore Darth Elmo describes the Deep Thoughts of Def Con 0xB,
let's consider some of Def Con's amusements and contests of skill.
Many are offered, but several stand out in the Furry Lil' Sith
Lord's mind.First, the Def Con 11 Scavenger Hunt. Run by
rootcompromise.org and 2600SLC, this year's hunt featured many
challenging and arcane items and tasks on its official List. Some
of Darth Elmo's favorites were:

• Person wearing a bow tie (30 points)
• Get a member of the Blue Man Group to talk (40
  points, video evidence required)
• A cannonball (very big, very heavy, very real) (100
  points)
• Any Smurf merchandise (15 points)
• Picture of a team member in a Las Vegas Metro
  (jail) cell (100 points)
• Kaypro computer (60 points)
• A cheese wheel and some mittens (20 points)
• Get in a (loud) fight with a team member about
  whether the volcano outside The Mirage is real (45 points, video
  evidence required)

Darth Elmo has no idea which team won (his flight left before
the Awards Ceremony on Sunday), but he's sure they all had a great
deal of fun trying. (Darth also is now much less confused as to
why, at various times, he saw people fishing in the moat at the
Bellagio, filling a beer-keg with brake fluid and eating dangerous
quantities of Sweet 'n Low while being filmed.)Besides the Scavenger Hunt, Def Con attendees also sought
diversion in the annual Spot the Fed contest (STFC). Each year more
US Federal agents of various kinds attend Def Con, but they also
get harder to spot due to the large crowds. This year, Priest (the
Def Con Goon in charge of the STFC, among other things) ruled that
"because there are so many feds at DEF CON this year, the only feds
that count are the kind that don't want to be identified". Off-duty
military and civilian contractors, in other words, did not
qualify.Priest held impromptu Spot the Fed sessions at various times
and locations over the course of Def Con, but in none of the ones
Darth Elmo participated in did he see an actual, qualified Fed
identified. Everyone had fun, however, listening to Priest's gentle
interrogation of the various researchers, consultants and other
suspiciously clean-cut types whom audience members fingered.
Luckily, in the official Spot the Fed Contest rules, Priest said
"if you survive unmolested and undetected, but would still secretly
like an I am the Fed! shirt to wear around the office or when
booting in doors, please contact me when no one is looking."The last Def Con 11 contest Darth Elmo will mention here was,
arguably, the most important of them all: the Capture the Flag
(DTF) contest, aka Root Fu, aka The Hacking Contest. In this year's
CTF, run for the second year in a row by three-time champions
Ghetto Hackers, each competing team was given a CD-ROM containing
server software created especially for the contest. Over the course
of Def Con, each team had to defend and figure out how to operate
its server properly, while simultaneously attacking those of the
other teams. Darth Elmo's good friend Jay Beale participated on the
Immunix team this year. They nearly won, but victory was snatched
from their jaws by Anomaly.Def Con ContentSo, what about actual Def Con content? What pearls of wisdom
did Def Con presenters bestow upon your humble hacking
correspondent? Oh, this and that. Here's a completely arbitrary
selection of notes, based not on merit but on which memories have
somehow survived Darth Elmo's post-Def Con,
sleep-deprivation-induced stupor.Darth Elmo first attempted to attend "A Conversation With
Phil Zimmerman". Phil Zimmerman, of course, is the creator of PGP
(Pretty Good Privacy) and a longtime advocate of and pioneer in
digital privacy. But Darth Elmo and his pals were refused entry:
the hall was full when we arrived, and the Las Vegas Fire Marshal
had decreed there could be no standing in the back. Standing room
had been abolished at Def Con 0xB. Fair enough, thought Darth Elmo,
at which time he toddled over to Bruce Potter's "Bluetooth"
presentation. But again, he was forbidden to enter the filled
hall.This happened to a lot of people at Def Con 0xB, especially
on Friday and Saturday. So strict was the enforcement of fire code
that the Goons, for a while at least, required people who wanted to
attend two consecutive sessions in the same hall to exit along with
everyone else and then get in line to return to the hall they'd
just exited--in order to give others a fair chance at entry. On the
one hand, Darth Elmo is a big supporter of fire safety. But on the
other hand, Def Con's planners clearly will need to limit the
amount of admissions they sell next time or find a much bigger
venue.Having been turned away twice, Darth Elmo retreated with some
friends to a chum's hotel room (thanks, tmns!), where we finally
were able to watch some Def Con sessions via
closed-circuit TV.Brian Glancey's talk on "PDA Insecurity" was most
enlightening. As a general rule, both Pocket PCs and PalmOS devices
generally have poor security. Passwords and PINs are
user-chooseable and therefore particularly susceptible to
brute-force and dictionary attacks. Glancey said that even the HP
iPAQ 5455, which has a thumbprint scanner, is vulnerable. The
scanner is, in fact, a simple camera, meaning it's trivially easy
to fool with a photograph or other forgery of authorized
thumbprints.Sensepost, an information security consultancy in South
Africa, gave an interesting presentation entitled "Putting the
'Tea' Back Into Cyberterrorism". In a nutshell, Sensepost described
hypothetical attacks using multi-exploit worms that could
infiltrate the internal computer systems of, say, a national
government, circumventing firewalls and other perimeter defenses.
In close coordination with other attacks, such worms could cause
unprecedented levels of mayhem.Naturally, researchers and other experts have said for a long
time now that the worms, viruses and so forth that we've seen so
far, even highly disruptive ones like SQL Slammer and Melissa,
could have been much worse had their creators been less restrained
(or more skilled). But the notion of using what we normally think
of as a highly indiscriminate attack vector--that is, malware--in
conducting a tightly targeted attack was novel.Two talks on Sunday stood out for Darth Elmo, possibly
because both were given by longtime cohorts. The first was "Locking
Down Mac OS X", in which Jay Beale related his experiences and
observations on porting his important Bastille OS-hardening tool to
Mac OS X. Mac OS X was much in evidence at Def Con: many, many
attendees and speakers were carrying iBooks and PowerBooks. Among
the geek elite, the combination of cool Apple hardware with the
powerful, BSD-based OS X, has a strong appeal. Accordingly, Jay's
talk was well attended and enthusiastically received.The talk that immediately followed Jay's is of no small
interest to Linux Journal readers: Paranoid
Penguin columnist Mick Bauer delivered "Self-Abuse For Smarter Log
Monitoring", an introduction to the simple and fun technique of
attacking one's own systems for the purpose of learning what
attacks look like in one's logs. Mick appeared free and easy in his
jaunty black kilt, matching dress shirt and motorcycle boots.
("Does the kilt facilitate self-abuse?", inquired one audience
member. "I'm not prepared to answer that", answered Mick, "but I
will say that the sporran [the pouch that accompanies kilts] is
really useful. It keeps yer stuff close at hand, and if while
looking for something you need a discrete scratch, no one's the
wiser!")Kilt jokes aside, Mick clearly had fun describing and
demonstrating his attacks and their resulting log trails.
Sometimes, the audience had fun, too. When he invited audience
members to attack his victim machine themselves ("you be the
K1d10t!"), he gave prizes for several entertaining log messages
caused by participants. The final winner: erroneous
characters after protocol string: HTTP GET
/Bauer_upkilt_13.jpg.Randomly Selected ResourcesDef Con Home
PageNomad Mobile Research
Center. Although unjustly neglected in the above article,
Simple Nomad and his crew unveiled NMRC-OS (a new secure Linux
distro) and a few other new tools at Def Con 11.Sensepost Home
PageRichard
Thieme is another speaker neglected in the above dispatch,
but whose home page is still worth checking out. He spoke about
"Hacker Generations" at Def Con 11.Mick Bauer's
slides from "Self-Abuse For Smarter Log Monitoring", in
handy HTML format.Darth Elmo has been
Linux Journal's Special Hacking Correspondent
since Def Con 9. He won't say whether he wears kilts.