August 1, 2007

In case you haven't noticed I'm liveblogging [Black Hat 2007](http://blackhat.com/html/bh-usa-07/bh-usa-07-index.html). I just watched the end of Phil Zimmermann's talk about his new VoIP encryption product / SDK: [ZPhone](http://zfoneproject.com/). Z-Phone is an application that allows you to make secure, encrypted phone calls over the internet using standard VoIP protocols. As with Zimmerman's other well known project PGP, the source code and software is given away for free. During the question and answer session he talked about his disdain for software patents, but added that he had recently applied for a patent for the ZPhone protocol, with an interesting twist. He is using the patent for good, and here is how: Part of the patent states that any time a key is copied and stored (which would allow a party to monitor / wiretap the call) a flag is set on that session that designates the wiretapping. This won't prevent interested parties from not using the flag, but it will prevent them from using the free license for ZPhone and thus force them to disclose that their product is wiretap friendly. Here are some photos from the talk: [](https://eecue.com/p/30882/Phil-Zimmermann.html) [](https://eecue.com/p/30885/Phil-Zimmermann.html) [](https://eecue.com/p/30884/Phil-Zimmermann.html) I just heard this random quote in the press pen: "Our experience is to stay off the wireless network at Defcon, we actually got hacked into a few years ago." I bring my own out of band connection with me to all security conventions and even with that I still do all my surfing / blogging / emailing through an ssh tunnel to a trusted server.

Ok, I'm getting tired, I didn't get much sleep last night after driving from LA to Vegas. Here are some photos I shot at the last group of sessions: [](https://eecue.com/p/30872/Brad-Hill.html) [](https://eecue.com/p/30873/bitsec.html) [](https://eecue.com/p/30879/bitsec.html)

Dan Kaminsky just gave a talk about the nasty things that service providers are doing to your network traffic, how it relates to network neutrality and how to detect it. Basically nearly all router manufacturers are working on technology to do hostile things to your internet traffic, including slowing certain parts of it, monitoring it, modifying it in real time to do mean things like put their own ads in your web pages or worst of all, storing it and selling it. Dan stated that this kind of trickery is going to either make web advertising obsolete, or force most if not all web traffic to be encrypted. If ISPs don't wake up and realize that what they're doing is wrong and bad the effect on the current internet ad market will be bad. I never thought of network neutrality as more than just shaping traffic or preferred routing, but Dan opened my eyes to the ugly things that vendors and ISPs are doing to our data. Here are some photos from his talk: [](https://eecue.com/p/30890/Dan-Kaminsky.html) [](https://eecue.com/p/30893/Dan-Kaminsky.html) His grandma is in the audience, and he was giving away some of her cookies to people who asked good questions: [](https://eecue.com/p/30888/Dan-Kaminsky-s-Grandma.html) [](https://eecue.com/p/30891/Dan-Kaminsky.html)

I'm attending the Black Hat Briefings in Las Vegas. I just caught the tail end of Richard Clarke's keynote speech. One thing he said in a final question that I thought was really cool and spot on is that the government should be monitoring terrorists and hacking in to their computers, but should not be monitoring everyday citizens. I wish more government (or former government) officials felt this way as well. This Black Hat is the largest ever with over 4,000 attendants. They completely streamlined the registration process and it is operating much more smoothly than last year. Here are some photos from his talk: [](https://eecue.com/p/30896/Richard-Clarke.html) [](https://eecue.com/p/30899/Richard-Clarke.html) [](https://eecue.com/p/30903/Richard-Clarke.html) And here is what came in the swag bag: [](https://eecue.com/p/30905/Black-Hat-Swag-Bag.html)