Dave Bullock / eecue

photographer, director of engineering: crowdrise, photojournalist, hacker, nerd, geek, human

Blog

Defcon 15 : Photo Essay

As I mentioned in my previous blog posts, I attended my 6th Defcon this year. I had a great time and actually ended up getting hired by Wired Blog to shoot photos of the event, many of which can be found here. A few of them also made it onto the main Wired website. Of course I took hundreds of photos and only a handful were used by Wired, so here are some highlights from my collection:

Glowing DC Badges

Hacked Badge

OLPC

Uncle Ira Junk

Black Badges

More after the jump, and the whole archive can be found in my Defcon 15 gallery.

Blog

Lightroom Update : Much Much Better

About a month ago I upgraded to the newest version of Adobe's Lightroom. Adobe fixed most of the problems that existed in their first version, most importantly the horrid sluggishness that occurred when browsing through the library. It's not perfect yet, but it is much better. I am looking forward to the next version and the release of a plugin SDK.

Blog

Angel Fire, New Mexico

When my lovely wife Penelope and I were staying in Taos, we decided to go rock hounding around the Enchanted Circle scenic byway. We took a 4WD trail up a mountain and took some photos near Angel Fire:

Penelope, Dave and Blue-J

Clouds and Mountains

Dave and Penelope

You can see more in my Angel Fire New Mexico gallery.

Penelope and Dave The Black Hole Dave and Breakers Penelope working it The Black Hole Penelope on a Treadmill The Yard Rain Gauges Phone Equipment Thermocouples Thermocouple Wire Oscilloscopes High Vacuum Fittings Pressure Transducers and High Vacuum Fit Marley High Speed Camera Optic Mounts Chemistry Glassware The Library Random Equipment Vacuum Tubes Nuclear Equipment High Vacuum Equipment High Vacuum Equipment High Vacuum Equipment Test Equipment Work Bench The Black Hole Peace Obelisk Peace Obelisk Penelope, Dave and Blue-J Angel Fire Clouds and Mountains Dave and Penelope Clouds above Angel Fire
Blog

Taos in an Earth Ship

Penelope and I stayed in an Earthship in Taos. For years I have dreamt of building an Earthship, and someday I may do just that. We really enjoyed our stay and Taos, like the rest of New Mexico is beautiful:

Sunset and an Earthship

Rio Grande Gorge

Rio Grande Gorge Bridge

More photos in my Taos gallery

Rio Grande Gorge Bridge Rio Grande Gorge Rio Grande Gorge Bridge Penelope and Dave Rio Grande Gorge Rio Grande Gorge Sunset and an Earthship
Ed Grothus and his Peace Obelisks East Palace Avenue and Clouds Santa Fe Plaza Monument Topped with Pige El Portal and Crane with Clounds
Blog

Santa Fe Proper

Surprisingly enough, I only took a few photos of Santa Fe itself during our vacation there. Here they are:

El Portal and Crane with Clounds

Santa Fe Plaza Monument Topped with Pige

East Palace Avenue and Clouds

Blog

Prairie Dogs @ Jackalope

I really, really, really love Prairie Dogs. They have an extremely advanced and extensive form of verbal communication, with hundreds of distinct calls they use to describe different dangers and predators. It saddens me somewhat that the tourist trap known as Jackalope keeps over a dozen dogs in a cement lined pen which is roughly one tenth the size of the area the would inhabit in the wild. Either way about it, they're cute as can be, as evidenced by these photos:

Prairie Dog

Prairie Dog Eating

Prairie Dog Kisses

Prairie Dogs Kissing

Prairie Dog Munching

Prairie Dog

You can see the rest of the Prairie Dog photos I took in my gallery.

Blog

NF 289 and St Peter's Dome Road

Yesterday the radiantly beautiful Penelope and I took the road less traveled from Cochiti Pueblo up through Tent Rocks along National Forest road 289, with a slight detour to Saint Peter's Dome, up to Highway 4. The FJ, which we've named Blue-J, performed flawlessly, although this time 4 Wheel Low was required. Here are some photos I took, along with Penelope's first HDR photo:

Blue-J with Pen and Dave

Blue-J in Dome Wilderness

View from Dome Wilderness Lookout

View from Dome Wilderness Lookout

Cochiti Dam and Valley

Penelope's first HDR photo:

Dome Wilderness

You can check out the rest in my photo gallery.

Blue-J in Dome Wilderness View from Dome Wilderness Lookout View from Dome Wilderness Lookout View from Dome Wilderness Lookout View from Dome Wilderness Lookout View from Dome Wilderness Lookout Dave and Pen Dome Wilderness Blue-J in Dome Wilderness Dome Wilderness Dome Wilderness Blue-J with Pen and Dave Blue-J with Pen and Dave FJ Cruiser in New Mexico SR 289 in New Mexico SR 289 in New Mexico Cochiti Dam and Valley Cochiti Valley FJ Cruiser in New Mexico Cochiti Valley SR 289 in New Mexico Prairie Dog Prairie Dog Munching Prairie Dog Munching Prairie Dog Prairie Dogs Kissing Prairie Dog Kisses Prairie Dog Prairie Dog Kisses Prairie Dog Prairie Dog Dramatic Chipmunk Prairie Dog in the Dirt Prairie Dogs Munching Prairie Dog Prairie Dog Eating Prairie Dog Prairie Dog
View from Elk Mountain View from Elk Mountain View from Elk Mountain FJ Cruiser and Repeater atop Elk Mountai Penelope, Dave and Blue-J on Elk Mountai FJ Cruiser atop Elk Mountain FJ Cruiser and Repeater atop Elk Mountai FJ Cruiser and Repeater atop Elk Mountai FJ Cruiser atop Elk Mountain
Blog

Elk Mountain in New Mexico

Today Penelope and I drove up past Pecos to dig through some mine tailings for interesting rocks. Yeah we're rockhounds, so what? After finding some good specimens we decided to take a 4WD trail up to the top of Elk Mountain. It was a great drive, about 20 miles each way. Once again, the FJ totally kicked ass, this time getting totally covered with mud. I didn't even have to put it in to 4 low for the trail. Here are some photos from the top of Elk Mountain:

Penelope, Dave and Blue-J on Elk Mountai

FJ Cruiser atop Elk Mountain

View from Elk Mountain

FJ Cruiser and Repeater atop Elk Mountai

View from Elk Mountain

You can find the rest in my gallery.

Blog

New Mexico in an FJ Cruiser

My lovely wife, Penelope, and I are vacationing in New Mexico. We just got in last night and today was our first road trip. We drove down to the former ghost town of Madrid. We took back roads most of the way, and of course the FJ Cruiser, which we have named "Blue-J", performed beautifully.

I just drove by memory from my High School days in Santa Fe, and Penelope was a bit concerned we would get lost, driving on random poorly maintained dirt roads, but we did just fine. When we got back to Santa Fe, we picked up a road and recreation atlas that has much finer detail than our AAA maps. Tomorrow I think we're going to go to Tesuque and Las Vegas... New Mexico, not Nevada!

Here are some photos from today:

Dave and Penelope with Clouds and Blue-J

New Mexico Sky

Dave and Penelope in Blue-J

New Mexico Sky and Blue-J

You can check out the rest here in my photo gallery.

New Mexico Sky Dave and Penelope in Blue-J Dave and Penelope in Blue-J Penelope in FJ Cruiser New Mexico Sky and Blue-J New Mexico Sky and Blue-J New Mexico Sky Dave and Penelope with Clouds and Blue-J Dave and Penelope with Clouds and Blue-J Penelope in FJ Cruiser FJ Cruiser and New Mexico Sky
Wrinkly Building Bar Bar Bottle Service Area Bottle Service Area Elevate Ceiling Elevate Inside DJ Booth @ Elevate DJ Booth Elevate Elevate View Elevate Elevate Elevate Elevate Elevate Elevate Sculpture Elevate Sculpture Entry to Elevate Flowers Elevate Sculpture
Blog

Earthquake

Anyone else feel that? Spooky!

4.5 Magnitude NNW of Chatsworth

Cancer Monkey Pen and Drunk Monkey DJ Monkey Almost Dead Guy Penelope and Onyx the Bad Monkey Uncle Ira Junk ? Goons doing Little Teapot Impression Wall of sheep
Blog

Hacking the Defcon Badge

Defcon Badge with Soldered on Connector

Yesterday at Defcon I went to the vendor area to pick up the Zigbee and accelerometer chips for my awesome Defcon badge. Unfortunately they were out of both chips, but they did let me borrow their soldering iron and gave me some leads to solder onto my badge. I soldered these leads on in a minute or two and then attached my badge to their laptop which had the freescale programming software on it. I modified the source code, which is actually in C, simply changing the hard coded message from "I <3 DEFCON" to "eecue.com." Changing this, meant that as soon as I powered up the badge it displayed that instead of the default message, and also changed the POV message. After modifying the code, I recompiled the firmware and flashed it to the badge.

Programming the Defcon Badge

The hack was simple and in total took me about 10 minutes. According to the guys at the booth and Joe Grand (the badge's designer) I was the first person at the con to hack a badge. Today I am planning on picking up my own Freescale programmer and the accelerometer chips which should be in stock, and hopefully I'll find some time to modify the badge in more interesting ways. This simple hack has been written up on Wired's 27bstroke6 blog (whom I have been employed by for the duration of the convention as their staff photog), Gizmodo and several other places.

Hacked Defcon Badge

Blog

EVDO and Defcon

King Tuna

As everyone in attendance should know, the Defcon network is probably the most dangerous and hostile network in the world. No network is secure, but the wireless network at Defcon is totally insecure with thousands of hackers and script kiddies sniffing traffic and actively attacking ever system they see. This is one reason why I've made it a habit to use an out of band connection for my internet needs. My out of band network of choice is EVDO, but even with that I still send all my traffic through an ssh tunnel to a trusted host.

Verizon's EVDO uses ppp to assign you system a public internet address, and I'm guessing that the IP range varies from city to city. It's no surprise that people know about this as evidenced by the logs below that show port scans bouncing off my firewall.

One of the talks coming up today is "Hacking EVDO," and I was a bit worried that someone had figured out how to sniff EVDO traffic. I happened to run in to King Tuna, who is giving the talk and asked him about what he had found. He told me that currently the protocol is still secure, but that he had found a vulnerability in one of the chipsets which he has written an exploit for. The point of his research was to inspire other people to work on the protocol and break it.

The logs from my firewall can be found after the jump.

Abbynorml Almost Dead Guy Ashes L33tz Horny Dudes Capn Ice Chest
Blog

Defcon 15 : Badge Radness

Defcon 15 Badge

I just got my wife's badge for Defcon (they're not giving out press badges 'till tomorrow) and it is totally and completely awesome. At first when I put the batteries in, the LEDs lit up and then nothing happened. I tried shorting a few pins together on the back to no avail and then by accident I figured out that the front has two buttons, which are the smiley skull and the dial. After pressing the buttons it scrolled some text about Defcon, and then I hit the buttons a few more times and saw POV, which stands for persistence of vision. I swung the badge around and saw the word defcon, just like the cool spoke POV kits. Then I pushed the buttons a few more times and it displayed: TEXT. I held both buttons at once and I was able to program in 15 characters of text using the buttons to navigate and pressing them both at once to select a letter. I choose: "EECUE[HEART]PENELOPER^" with the heart being an actual heart symbol. The badge offers a full upper and lowercase alphabet along with an assortment of symbols and punctuation. After adding the 15 characters the text began to scroll in a marquee fashion. This is the dopest badge ever. Hell yeah and way to go Defcon!

Defcon 15 Badge

Defcon 15 Badge

Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge Defcon 15 Badge
Blog

Black Hat 2007 : Day 2 : Chris Paget

Chris Paget stirred up much controversy at Black Hat DC with the release of his RFID cloner. The cloner can be easily built with "a high school level of electronics" and some free time. Unfortunately, due to the threat of a massive patent lawsuit he is unable to release the schematics or source code for the cloner. He demoed his cloner and it was quite effect in cloning RFID cards that operate in the 134 kHz range. He also showed that the RFID tinfoil "shields" are completely ineffective for the 134 kHz RFID cards. Here are some photos of Paget and his cloners:

Chris Paget

Chris Paget RFID Cloner

Chris Paget

And that's it for my Black Hat 2007 live blogging... it's time to meet up with the wife and drink! More to come from Defcon. =]

Blog

Black Hat 2007 : Day 2 : Mike Spindel, Eric Schmiedl and Charlie Miller

This is going to be a short post, but here are a few photos from today. Mike Spindel and Eric Schmiedl gave a talk about access control system, read locks, which was interesting and informative, but didn't have much ground breaking information, here are a couple of photos:

Eric Schmiedl

Mike Spindel

Charlie Miller gave a talk about hacking OS X, and talked about the recent root exploit he found on the iPhone. Luckily for the iPhone users out there, Apple released an update that fixed this problem, and it happened to come out the day before Black Hat started. Luckily for Apple, Miller is a white-hat hacker and he disclosed his findings to them several weeks before Black Hat, and let them know he would be talking about it and releasing the exploit code. Here is a photo from his talk:

Charlie Miller

Blog

I won a 30GB iPod!

I never win anything. I was over at the google booth, and after letting them scan my badge, I decided to enter into their drawing for a free iPod. I didn't actually have a business card, so I put in the extra card that comes with the Black Hat badge. This card had my name on it and a checksum. After calling two names of people who weren't there they pulled a bright orange card, and it was mine. Rock on, I won a 30GB iPod. Thanks Google!

30GB iPod I won in a google giveaway

Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget Chris Paget RFID Cloner Chris Paget RFID Cloner Chris Paget RFID Cloner Charlie Miller Charlie Miller Charlie Miller Charlie Miller Charlie Miller 30GB iPod I won in a google giveaway
Blog

Black Hat 2007 : Day 2 : Adam Laurie

During the first part of his talk, Adam Laurie demonstrated some of his new research on hotel safes in which he opened a hotel safe using only a paperclip and multi tool in under a minute. He had a member from the audience read the marketing hype from the safe manufacturer while he opened the safe and recovered his previously "safe" beer.

Adam Laurie

His talk was actually about RFID chips, which are Radio Frequency IDentification systems. They are passive chips that are activated by a radio signal. There are two types of chips, smart and dumb, the smart ones have circuitry that processes input and return a signal. Dumb chips just respond with a code when lit up with radio frequency. The dumb chips are used in everything from hotel keys to car keys to pet implants. RFID plants are also being implanted in humans for military access control, mental patient tracking, and even as a digital wallet for beach-goers.

The point that the manufactures always drives home is that the chips are unique and can't be duplicated. In actuality, RFID chips can be easily cloned with a device that costs under $20, which you can get plans and parts to build here. There are numerous other kits available to clone RFIDs. The RFID industry's response to the ability to clone chips was they they aren't true clones because they don't have "the same form factor." Laurie took this as a challenge and decided to to clone an RFID chip using the same form factor.

Assorted RFID Cards / Readers / Writers

He researched RFID tag types, and found two that are multi-format configurable and that can be loaded with user selectable data. He happened to be in possession of a Q5 [pdf download] reprogrammable tag from the office where he works. Using a simple keyboard wedge he read the ID of the chip he wanted to clone. He then used a program he wrote in python, called rfidiot, to reprogram the chip with the cloned ID. He demoed the whole thing in about 1 minute and it work as designed, good show.

He then demoed a clone of the animal implant chip, and rewrote the chip in his wrist (watch) to the same chip ID. Verichip uses the same type of chip for identification, but the difference is that they use a 4 digit country code instead of a 3 digit code and being that no commercial software can write a 4 digit country code. Luckily Laurie wrote software that can write any code, no matter how long, to the card, thus defeating the "security" of the Verichip.

Adam Laurie

The next part of his talk focused on "smart" RFID cards, which most notably are being used in passports, including those from the US and UK. These chips can use a combination of a psuedo-random UID, strong authentication (3DES) and content encryption. So far no countries are using encrypted content, mostly because there is no published standard as of yet.

The key happens to be printed on the passport, which to me anyway, defeats most of the benefit of having strong auth. Although the passports have the shared key printed inside the front cover, it is still possibly to brute force the key, as there is no brute force prevention built in to the passport RFID.

Adam Laurie

Although cloning the passport is trivial and just a matter of copying the files, modifying the data should not be possible because of the use of a Certificate Authority and public key infrastructure. The possibility of signing the passport with your own key has recently been avoided due to a public repository of keys, but this only came out in April, so until then it has been possible to modify passports.

The amount of systems that are implementing RFID for "secure" purposes is growing everyday. Clearly this technology has many vulnerabilities and major changes are needed to ensure the security of these systems. I'm glad I recently got a passport last year, and that it doesn't have an RFID chip in it.

Mike Spindel Eric Schmiedl Assorted RFID Cards / Readers / Writers Assorted RFID Cards / Readers / Writers Assorted RFID Cards / Readers / Writers Assorted RFID Cards / Readers / Writers Adam Laurie Adam Laurie Adam Laurie Adam Laurie Adam Laurie
Blog

Black Hat 2007 : Day 2 : Andrea Barisani &amp; Daniele Bianco

Many modern cars have built in navigation / traffic systems. In North America data is transmitted over FM radio using the Radio Data System (RDS). The system can display station names, time, program type, and news override. The signal piggybacks on standard FM radio signals. RDS Traffic Message Channel (RDS-TMC) transmits traffic data over RDS and was introduced in Germany in 1997. Although it is a 10 year old protocol, it is just now being implemented in modern satellite navigation systems. TMC can also be transmitted over digital radio like DAB and Satellite radio.

Daniele Bianco

RDS is a very simple protocol with each packet consisting of 104 bits. The security issue with RDS is that it has no data authentication built in, which makes is easy to sniff and send fake messages using off the shelf components. The components to make a sniffer cost under $20 and can be easily made with very little technical skill according to the speakers. The specs and code for the PIC can be downloaded from the Inverse Path development website if you want to make your own RDS sniffer / injector.

Andrea Barisani

The injection code is still quite crude, as you have to edit the source and recompile every time you want to change what you are injecting. What's important is that it works, although it does happen to look somewhat like a bomb. When they brought their setup through TSA checkpoint, the TSA officer upon inspecting it, flipped a switch and said "boom". Barsiani said "apparently TSA officers are allowed to make jokes about bombs, which would get anyone else arrested."

RDS-TMC Injector / Sniffer

One of the features of RDS-TMS is the news override which forces your tuner to change stations to a different frequency. Barisani said they tested their system during a Saturday soccer match, which potentially enraged numerous Italians when their match was overridden by their radios tuning to a station with a carrier tone.

Some of the fun things you can do by injecting RDS-TMC messages is show fake road closures, traffic slow downs, dangerous weather, road work. You can also close roads and tunnels. The wacky stuff you can do is to display codes like: Terrorist Incident, Air raid danger, Air Crash, Bomb Alert, and a more generic Security Alert. The best one they showed though was "Bull Fight".

According to Barisani, his father was never impressed with his software and kernel hacking research, but when he showed him the RDS-TMC hacking his father said, "Wow, you have a cool job."

You can download Andrea Barisani and Daniele Bianco's CanSecWest 2007 presentation here [13mb PDF] and all the supporting files and schematics to make your own sniffer / injector here. Their website is Inversepath.com. [A complete list of the codes you can send can be found after the jump.]

RDS-TMC Injector / Sniffer RDS-TMC Injector / Sniffer RDS-TMC Injector / Sniffer w/ TSA Notice RDS-TMC Injector / Sniffer Andrea Barisani
Blog

Black Hat 2007 : Day 2 : John Heasman

BIOS is the system in your computer that initializes hardware, memory and loads basic user settings then finally loads a bootloader which will start your operating system. For years there have been methods of loading malicious code into a compromised host's BIOS, although physical access may be required.

John Heasman

One popular method of compromising a host through a BIOS is an option ROM rootkit. A rootkit prevents the user of a compromised system from being able to tell their system has been hacked by hiding traces of the malicious code, and thus gives full control of the compromised system to the attacker. A BIOS rootkit has multiple interrupts available to hook to including video, disk, and memory. Detection of this type of rootkit is fairly easy and is just a matter of dumping the content of the BIOS ROM.

Another method of of BIOS rootkitting is through ACPI, which is the hardware that controls power management of your system as well as provides temperature information to your operating system. ACPI has the ability to modify system memory and allow the attacker to deploy a rootkit. ACPI rootkits are independent of the operating system so will work on multiple platforms. ACPI is written in a high level language called AML that makes writing both malicious and non-malicious code easy. Not all operating systems have ACPI device drivers, and some prevent AML from accessing system memory by sandboxing it.

The Extensible Firmware Interface (EFI) is the replacement for the legacy BIOS system. EFI reuses existing systems including FAT filesystem and ACPI. EFI is a much more robust system than BIOS and is also backwards compatible with BIOS. The implementation that Intel uses is called "The Framework," it is partially open source and it what is inside the new Intel based Apple OS X systems.

There are many ways to get code into the EFI environment. An attacker can modify the bootlader directly, modify bootloader varibles in NVRAM, modify and reflash firmware or exploit an implementation flaw in the driver. Once the attacher is in, they can shim a boot service, modify an ACPI table like in the tradition BIOS attack, load an SMM driver, or hook interrup handlers. Modifying the boot loader is actually quite simple in Mac OSX as the bootloader binary is located in user disk space: /System/Library/CoreSerbvice.boot.efi. This isn't very stealthy as you are modifying a file on disk which could easily be detected by verifying checksums with an application like tripwire.

System Management Mode (SMM) is a "get out of jail free bard" for system designers. It allows an attacker to execute code that is hidden from the operating system like virtualization rootkits. EFI provides various protocols and a set of services for accessing SMM. SMM is normally used for error logging, enabling/disabling ACPI, power button spport when not using ACPI and various other system workarounds. SMM may be triggered on external events, I/O events, and timed events. SMM has been used in the past to disable BSD securelevel by Loic Duflot [PDF Download].

John Heasman

Detecting an SMM rootkit would be very difficult as hardware breakpoins to SMM and SMM memory access can be blocked. There currently is no SMM malware because bugging SMM code requires a hardware analyzer and the platform may be already using SMM.

The bottom line is that with the added functionality, EFI offers an attacker many more options than BIOS for exploitation. The EFI specification is not very clear with regards to security which will result in various vendors implementing insecure versions of EFI. In the future look out for nasty rootkits based on EFI.

John Heasman

John Heasman is an employee of Next Generation Security Software. The information in this post came from his "Hacking the Extensible Firmware Interface" talk at the Black Hat 2007 Briefings in Las Vegas.

Daniele Bianco Daniele Bianco Andrea Barisani Andrea Barisani Daniele Bianco RDS-TMC Injector / Sniffer John Heasman John Heasman John Heasman
Blog

Black Hat 2007 : Day 1 : Assorted

Ok, I'm getting tired, I didn't get much sleep last night after driving from LA to Vegas. Here are some photos I shot at the last group of sessions:

Brad Hill

bitsec

bitsec

bitsec bitsec bitsec bitsec Eugene Tsyrklevich Vlad Tsyrklevich bitsec Brad Hill Brad Hill Brad Hill
Blog

Black Hat 2007 : Day 1 : Phil Zimmermann

In case you haven't noticed I'm liveblogging Black Hat 2007. I just watched the end of Phil Zimmermann's talk about his new VoIP encryption product / SDK: ZPhone. Z-Phone is an application that allows you to make secure, encrypted phone calls over the internet using standard VoIP protocols. As with Zimmerman's other well known project PGP, the source code and software is given away for free.

During the question and answer session he talked about his disdain for software patents, but added that he had recently applied for a patent for the ZPhone protocol, with an interesting twist. He is using the patent for good, and here is how: Part of the patent states that any time a key is copied and stored (which would allow a party to monitor / wiretap the call) a flag is set on that session that designates the wiretapping. This won't prevent interested parties from not using the flag, but it will prevent them from using the free license for ZPhone and thus force them to disclose that their product is wiretap friendly.

Here are some photos from the talk:

Phil Zimmermann

Phil Zimmermann

Phil Zimmermann

I just heard this random quote in the press pen: "Our experience is to stay off the wireless network at Defcon, we actually got hacked into a few years ago." I bring my own out of band connection with me to all security conventions and even with that I still do all my surfing / blogging / emailing through an ssh tunnel to a trusted server.

Blog

Black Hat 2007 : Day 1 : Dan Kaminsky

Dan Kaminsky just gave a talk about the nasty things that service providers are doing to your network traffic, how it relates to network neutrality and how to detect it. Basically nearly all router manufacturers are working on technology to do hostile things to your internet traffic, including slowing certain parts of it, monitoring it, modifying it in real time to do mean things like put their own ads in your web pages or worst of all, storing it and selling it.

Dan stated that this kind of trickery is going to either make web advertising obsolete, or force most if not all web traffic to be encrypted. If ISPs don't wake up and realize that what they're doing is wrong and bad the effect on the current internet ad market will be bad. I never thought of network neutrality as more than just shaping traffic or preferred routing, but Dan opened my eyes to the ugly things that vendors and ISPs are doing to our data.

Here are some photos from his talk:

Dan Kaminsky

Dan Kaminsky

His grandma is in the audience, and he was giving away some of her cookies to people who asked good questions:

Dan Kaminsky

Dan Kaminsky

Phil Zimmermann Phil Zimmermann Phil Zimmermann Phil Zimmermann Phil Zimmermann Phil Zimmermann Phil Zimmermann
Blog

Black Hat 2007 : Day 1 : Richard Clarke + Swag Bag

I'm attending the Black Hat Briefings in Las Vegas. I just caught the tail end of Richard Clarke's keynote speech. One thing he said in a final question that I thought was really cool and spot on is that the government should be monitoring terrorists and hacking in to their computers, but should not be monitoring everyday citizens. I wish more government (or former government) officials felt this way as well.

This Black Hat is the largest ever with over 4,000 attendants. They completely streamlined the registration process and it is operating much more smoothly than last year.

Here are some photos from his talk:

Richard Clarke

Richard Clarke

Richard Clarke

And here is what came in the swag bag:

Black Hat Swag Bag

Dan Kaminsky Dan Kaminsky's Grandma Dan Kaminsky Dan Kaminsky Dan Kaminsky Dan Kaminsky Dan Kaminsky Dan Kaminsky Black Hat Swag Bag Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke Richard Clarke