Forgot your password?
typodupeerror
News

H2K2 Wrapup 138

Posted by michael
from the more-fun-than-a-barrel-of-monkeys dept.
Your intrepid reporter took a jaunt down to the H2K2 conference this past weekend, held in the lovely Hotel Pennsylvania. The conference had much more floor space than they had two years ago, and it seemed like more attendance as well. Wireless networks were available, though overcrowded, and if you didn't encrypt your communications, well, you've probably already paid the price. My notes on the conference and the sessions I attended are below, followed by a couple of reader submissions.

The conference took up the 18th floor of the Hotel Pennsylvania[1], with the second floor being devoted to network operations/music/gawking at the old computers. Unlike the last conference, both major session tracks were on the same floor, preventing the logjams that occurred in 2000 when hundreds of people decided to use the elevators every hour between sessions. Lesson learned for future conference organizers: don't split your major crowd-drawing events between floors if you can possibly help it.

Siva Vaidhyanathan was the first keynote speaker. He described the internet as a cynical technology -- a technology which promotes seeing things as they are, not veiled by smokescreen or corporate PR -- and noted the attacks on cynical technologies since Sept. 11, tying that in to the copyright wars with Valenti, the DMCA, WIPO, and so on. It was good, well-reasoned speech, but honestly, Slashdot readers have heard it before so I'm not going to spend much time on it.

Andy Mueller-Maguhn (probably best known to U.S. readers as the European At-Large ICANN representative) and Paul Garrin of Name.space gave a talk about ICANN and the DNS. Mueller-Maguhn described the attendance at ICANN's Montevideo meeting: about 450 people overall, of which 320 were representatives of the Intellectual Property community (RIAA, MPAA, many others), 100 or so from the world's various governments, and even a few technical people. He drove home the fact that the IP people have the funds and personnel to participate in these meetings, and that few other organizations do. Mueller-Maguhn was critical of the recent decisions by various U.S. civil liberties groups to stop trying to affect ICANN (nothing they've done has had any effect) and to start working on the U.S. Commerce department to cause change in the DNS -- Mueller-Maguhn prefers to work within the system, even when his efforts bear no fruit. Garrin talked briefly about Name.space's efforts to provide a free-speech alternative to the current DNS system.

Goldstein and Macki of 2600, and Robin Gross of the EFF, discussed the DeCSS case. Again, this a topic thoroughly covered on Slashdot, so I see no need to recap the talk. They noted that Jon Johansen is still facing charges in Norway, and that the EFF is still interesting in overturning various provisions of the DMCA, so if you have a situation that might represent a good test case, please contact them.

The next day, Eric Grimm and Robin Gross did a presentation on the DMCA, almost a continuation of the DeCSS presentation. Notice and takedown, ReplayTV, the Eldred and Golan lawsuits against the most recent copyright extensions; Slashdot covers these pretty well.

This was followed by journalist Declan McCullagh and cryptographer Matt Blaze, with a talk titled "Educating Lawmakers: is it possible?". McCullagh told his favorite anecdotes about Congressional stupidity, while Blaze described his interactions with the NSA during the dark days of crypto prohibition. Blaze described his work on the Clipper chip, which may be before the time of some Slashdot readers: in a nutshell, the U.S. government decided that they would promote a cryptographic solution which had a Federal backdoor, allowing users to secure their secrets against anyone but the government. Blaze expressed interest in it, and was invited to visit Ft. Meade, where he was given a sample Clipper chip by NSA techies -- except they weren't sure if he would allowed to take it out of the facility. The techies gave him a brown paper bag to carry out the sample -- a burn bag for *classified* materials. Which he successfully carried out, with Clipper chip inside. Blaze discovered major flaws in Clipper's backdoor, which would have allowed anyone to gain access through it, and which eventually helped torpedo the Clipper plan. (Of course, Microsoft's Palladium plan will accomplish much the same purpose: just as the Federal government had final control over the design of Clipper, Microsoft will have final control of your PC, making government wiretapping trivial, so saying "key escrow is dead" is not even close to true.) Blaze concluded by describing his testimony before the Senate Intelligence Committee: he noted that when he consulted with other witnesses after the testimony, each of them had independently decided to liberate one of the stationery notepads provided in the hearing chamber for a souvenir, and "one of us got the gavel".

Aaron McGruder gave a very interesting speech. I had barely heard of him before (not a Boondocks reader, sorry), so I wasn't sure what to expect. McGruder covered his experiences getting into cartooning, and described getting his thoughts into a few hundred newspapers daily as a "hack," which I suppose it is. His speech was mostly about his cartooning and recent politics -- suffice it to say that he isn't a fan of Bush and the current corporate government.

Philip Kaplan, best known for fuckedcompany.com, talked about the secrets of making money on the net. His secret is basically: when you scratch an itch for yourself, scratch it for others as well, since probably thousands of people worldwide have the same itch you do. He also described some of the trials and tribulations of running his dot-com deadpool site, the inevitable legal hassles, etc.

Jello Biafra wasn't originally scheduled to speak, but happened to be in town. His address last time with the refrain of "Become the media" brought the house down, and he gave a late-night wide-ranging ramble working from handwritten notes which again proved to be quite popular. The talk centered mainly on music, with a secondary helping of politics, touching on his legal troubles with the rest of his former band, current developments in digital music, and ad-busting counter-culture efforts (he was following Mark Hosler of Negativland). Biafra came prepared with some old vinyl albums of corporate morale-boosting and sales songs -- imagine songs composed at corporate retreats and sung by miscellaneous employees, extolling the joys of using company X's products, or a song about the joys of being a Ford employee's wife who (of course) stays home to cook him dinner and bring his slippers when he comes home after a hard day at work. Hilarious stuff.

On Sunday, Maximilian Dornseif gave a talk about digital demonstrations. Obstructive demonstrations and sit-ins are more popular in Europe than in the U.S., and they are branching out into digital versions, electronic sit-ins that attempt to slow down or DDOS targeted websites for political ends. Dornseif described several previous attempts: programs distributed to automatically reload a targeted website, for instance. Some of them were quite sophisticated, including one with smart date-checking to make sure it was used only during the designated protest time. Dornseif described his ideals for an electronic protest, to make it as similar as possible to a real-world one: persons involved should be identifiable, outside observers should be able to know the goal of the protest, etc. Overall, an electronic protest should have strong parallels to physical protests, so that if the judicial system examines the legality of what you are doing, the judge is tempted to find it a legitimate protest rather than an illegitimate attack by cyber-criminals. Dornseif suggested making "slow" connections to HTTP servers ("G" sleep 10 "E" sleep 10 "T" sleep 10 ...), as well as "accept flooding" -- completing the TCP handshake, but not actually making any HTTP request -- these are "slow" versions of regular connections, which make effective DOS's, but also mimic regular users and might find acceptance in the courts as part of a planned protest.

Finally we come to some of the most interesting presentations. The lockpicking presentation, by Barry "The Key" Wels and Mike Glasser, was given to an utterly packed room. Wels and Glasser described many common and uncommon types of locks, and proceeded to pick them with great success. Those combination Master locks that are so popular on high school lockers? Takes one second to open any of those with the proper tool, a bent piece of metal that allows the shackle to simply pop out. You might want to invest in better protection for your varsity jacket. Thought your bicycle U-bolt lock was too strong to cut? It only takes ten seconds to pick it with the right tool, a circular pick that mimics any key. This might help explain the two bicycles I've had stolen in New York City. Normal house deadbolts? Maybe 30 seconds. They covered an assortment of high-security locks, such as ones with side dimple keys instead of teeth, 3 or 4-edged keys, disk keys, locks with magnetic pins, and so on. It was a remarkable presentation, and Mr. Wels especially represents a true hacker in every good sense of the word. He suggested starting at locktools.nl or security.nl or lockpicking.org if you'd like to try your hand.

Douglas Rushkoff was next with a wide-ranging speech about the true role of hackers in modern society. I probably can't do justice to his argument - read through his website, which has a lot of various essays and articles, if you want to get a sense of it -- but essentially he made a very Matrix-like argument about hackers, storytellers, the media, and empowerment. Starting from a premise that stories control reality (as an example he used the Ewoks in Star Wars, who were convinced to die for the Rebellion by the stories told to them by C3PO), he said that recently we have been empowered to alter and participate in our own stories (empowerment through devices such as the joystick, remote control and computer keyboard, each of which allows us to control our experiences), but this time is now ending. We are currently in a Golden Age of interactivity, where most of the attackers that attempted to control computing and the internet in round 1 have been beat down (the dot-com bust), but they're coming back, and hackers are the only ones who have the ability to see through the veils (computer GUIs and the like) that blind us to true reality. Very fun to listen to, and way too full of information to summarize effectively. I'll leave you with one memorable analogy -- Rushkoff said business and government were like bacteria and fungus, they have to stay in balance and if you suppress one of them the other one grows out of control. Not a bad analogy at all considering the times we live in.

Eric Blossom gave another fascinating presentation about GNU radio, whose goal is to develop a Free software-defined radio system that runs on commodity hardware. Software-defined radios are a tremendous concept which are going to cause revolution when they are deployed. Think about a PC or other electronic device that has complete access to every bit of information in every radio-frequency wave passing through it, in constant wireless communications with any nearby similar device. Maybe if the devices are close, they adopt a high-frequency unlicensed band to communicate, if they're farther apart they pick a lower frequency ... Slashdot gets a lot of Ask Slashdot questions which say roughly "What open source software project should I work on?" or "I know I like computers, what should I do in college?" We delete most of them. Here is the answer for everyone who asks those questions: software-defined radio. Trust me. It's going to be big. The GNU radio people are concentrating mainly on television applications right now, because the tuners and such are readily available, and they have a lot of pieces which each work but still have a lot of work to do to create a turnkey system.

Ryan Lackey and Avi Freedman talked about the past, present and future of Sealand. We've covered this pretty extensively on Slashdot. Havenco is doing acceptably well, with their only significant problem being that the major European ISPs keep going bankrupt. They hinted that they are planning to do more things to promote free speech in the very near future - they already run an anonymous remailer and host a copy of DeCSS. An offhand comment by Freedman gave me a very good idea of what they're planning, but I'm not going to spoil their surprise by mentioning it here.

And finally, the time-honored Social Engineering panel. Again, the largest conference room available was packed with attendees. After a few funny stories about legendary hacks, Goldstein read the AT&T memo and noted, "If that's not an invitation I don't know what is." Coincidentally or not, the two lines which Verizon had installed in the conference room were mysteriously unable to dial long distance numbers or AT&T, though they had been able to yesterday. (Um, the phone companies are slow but they're not stupid - when a conference of phone hackers wants phone lines installed, it has to set off a few alarm bells somewhere.) When Goldstein eventually got an AT&T operator, she was suspicious and refused to assist him - obviously she had read the memo. :) Goldstein decided to hit easier targets, and starting paging through the phone book, eventually settling on a Starbucks outlet. He was able to get a Starbucks employee to provide him with customers' credit card information, without much difficulty. If you used an American Express card to make a $3.57 purchase at a Manhattan Starbucks on Sunday morning, you might want to check your next statement (although the A/V crew kept the card number from being heard by the crowd). Next up was the Russian Tea Room, a high-class restaurant in Manhattan, where Goldstein had no difficulty in changing some poor woman's reservations and getting her phone number, then calling her and notifying her of the changed reservations, due to a "health inspection". He said he'd call and change them back to the original time, showing the hacker's spirit: inquisitiveness without destructiveness.

Overall, I had a great time at the conference, and so did a couple of non-computer geeks that I dragged along with me. I'm looking forward to H2K4 already.

[1] That's the third time I've linked to that Dave Barry piece, and it's still funny.




Reader lokii202 takes a look at the Social Engineering presentation: lokii202 writes "I attended the Social Engineering panel discussion today at the H.O.P.E. conference, and thought it might be nice to follow up on the previous article about AT&T's Hacker Warning memo. The AT&T security number was tried and the attempt failed, although one of the members of the large crowd in attendence offered up an AT&T HRID number. The operator got suspicious and shut us down.

However, no fair 'cause they were ready for it. Starbucks, to our enjoyment, had no such warning memo circulating, and here are the results...

Our panelist made a call over a standard phone line to a Starbuck's store using a calling card. Asked the underling if they were having network problems. Underling, following the standard underling procedure, got the Assistant Manager. AM told us that yes, they were having problems with the credit card system. Oops. Within about 5 minutes he was reading off transaction times, dates, and more chillingly an American Express card number and expiration date. Our panelist stopped the guy before he exposed the whole number (the phone was hooked into a P.A. system for the conference and the experiment). The point was made very clearly.

Next, our guy called up the Russian Tea Room, which is a pretty classy joint in NYC, and posed as the flustered husband who needed to change dinner reservations for this evening. He had no names, no prior knowledge, etc. He managed to get some poor guys' reservations changed to 9pm and also got the guy's cell number. Next, he called the guy and posed as a Russian Tea Room host and apologized that his reservations were changed to 9pm, due to a health department inspection.

That was kinda funny.

High tech gizmos and uber-gear might get one pretty far, but when you come down to it security starts with the user. This demonstration, and others like it at H2K2, made it embarassingly apparent that to obtain sensitive data one only needs a little ingenuity and some acting skills."


Reader weave takes a look at the whole conference (this may seem repetitive, but it's good to look at things through others' eyes...) He writes "H2K2 (or HOPE 2002 or Hackers On Planet Earth 2002) was held this past weekend in New York City at the Hotel Pennsylvania. I've been to previous HOPE conferences and this one was much better than ones in the past, but it still had a few problems.

Aaron McGruder, the creator of Boondocks comic strip was keynote. Jello Biafra makes a repeat appearance as well as some other past favorites, such as the "former spy" Robert Steele, as well as some surprise guests such as former Taliban fighter, Aukai Collins.

This is my personal review of h2k2. There were so many things happening at once that one person can't obviously see it all. This is based on what I saw, experienced, felt, and my personal opinions.

Keynote Speaker: Aaron MgGruder, author of Boondocks, spoke on Saturday. This was my favorite speaker and worth the price of admission. He was invited because he did a short sequence of strips covering the DeCSS subject and, as Emmanuel Goldstein said, "the only person in popular media to get it right." Aaron was very articulate, intelligent, and of course, opinionated. What I liked most about him was his admitting that he does not know it all. He made fun of political experts who sit around and debate political topics based on what they are spoon fed by popular media. He says there is not much difference between us and people who live in censored countries except they KNOW they aren't getting the full story. We all think we are smart and know it all. His advice to people who love to rant about political topics, "Shut the hell up, you don't know anything."

McGruder thinks our society is falling apart and the only thing that can fix it is revolution. He has hope, but not much. He spoke about Bush's line that countries that hurt American are going to have to pay, which means we kill a bunch of their innocent civilians so they get to claim that we will then have to pay, where they kill a bunch of us. McGruder's solution is that people should just go kill the leaders of these nations. He then back-pedaled (remembering the place was probably full of feds) and disclaimed that he wasn't advocating that anyone go out and shoot Bush (who he has no love for). He reminded us that if Bush was killed, we'd be left with Cheney, who is far far worse in his opinion. "If Cheney was President, Afghanistan and Iraq would be glass, and we may give the neighboring countries 30 minutes of warning to get away from the borders."

Jello Biafra: Jello was keynote at H2K in 2000 and returned this year to speak late Saturday night. He was well loved by most people there, based on the reactions I saw that night. I didn't like him. He reminded me of Rush Limbaugh except on the left side. Loads of rhetoric, wild claims, and positioning himself as an expert. He was supposed to speak for one hour, and then the film "Freedom Downtime" was to be shown. He rambled on for two and a half hours, then took his shoe off and asked for donations for his legal defense fund involving his former record label. People flocked up and stuffed it full of money as he started to spin records. At this point it was 12:30am and I gave up and went to my room and and got some sleep.

Robert Steele : Former spy, and backer of a concept called "Open Source Intelligence" where countries share intelligence information freely with each other and their citizens. His speech on Hacking National Intelligence was, to me, frightening. He claims that 9/11 involved a serious failure of our intelligence network and Washington is trying to whitewash it all. He also claims that he has no doubt at all that New York City will be the target of another terrorist attack soon. "When foreigners think of the U.S. they think of New York City. It is the center of capitalism." He is an excellent speaker. I hope he returns next time.

During his talk, he introduced Aukai Collins who told us of his experiences fighting for bin Laden (during the 90s when we were paying bin Laden's salary and he allegedly was a good guy). When the embassy bombings started to occur, he went to the CIA and offered himself as an intelligence source. He worked for them and the FBI a few years and during that time was invited by bin Laden's runners to come work closely with him. When he bought this opportunity to get close to bin Laden to his superiors, they told him not to go. He feels we lost probably our only opportunity to get one of our guys close to bin Laden. He has written a book on this called My Jihad.

If this so far sounds like h2k2 was more politics than tech, I got the same impression. I skipped out on most of the DMCA updates and other legal updates. They were hosted by members of EFF and their lawyers. The small bits I saw sounded very informative and I applaud their works in these areas. Since I've kept up on all the news on these cases, I decided to skip these forums.

The best of the tech presentations was Fun with 802.11b hosted by Dragorn, Porkchop, and StAtic FuSIOn. (I sometimes hate silly handles). During the days before h2k2, they mapped out over 400 open wireless networks accessible from within three blocks of the hotel in midtown Manhattan. They demonstrated passive snoopers like kismet and showed us different directional high-gain antennas. Their recommendation for a good PCMCIA 802.11b card was Cisco's 352, which I of course didn't have. I ran out and bought an SMC card for my company laptop before the conference and had a tech load Linux on my laptop. I told him he could pick the distro of his choice, but unfortunately he picked the one I'm least familiar with, Slackware. I could not get the damn card working for the life of me. I wanted to scream.

A big disappointment was the Cult of the Dead Cow Extravaganza . It was to be held down on the lower level in the network room and broadcast up to the conference rooms on the 18th floor. Well, it didn't work. I was upstairs and they mucked with the equipment for an hour trying to get a a/v feed going. After all this time of wondering whether we should fight our way downstairs to watch it in person, we got an announcement. "Sorry, but we can't get it to work. Oh, by the way, they have already started downstairs."

Urge to kill. My friend and I wondered how they screwed this one up and traced the wires to a display table and behind a closed stairwell door. We looked at each other and said "Nooo". We popped into a neighboring stairwell as everyone fought for the elevators. We went down one floor then popped over to the stairwell that we saw the wires going down. Sure enough, they had run the wires down the open portion of the stairs so they were hanging by their own weight for a distance of about 22 floors (the hotel has 18 number floors, about 4 lettered floors like A, B, C, D, a mezzanine floor, and lobby floor). I'm not sure what the stress would be introduced by a cable hanging by its own weight for that kind of distance, but I bet the center copper core couldn't bear it and broke inside.

So we run downstairs and saw some talented but unwanted female singing about how great the CDC was. Then someone else got up and swung a black briefcase looking device around. Had no idea what it was because we couldn't understand squat in the back. Basically we said to hell with them all, and left.

So while the presentations were hit and miss, the overall best part of the conference were the attendees. Freaks, geeks, and misfits everywhere, all being good to each other, curious, intelligent, and sometimes a bit too paranoid. Of course it was mostly guys, but there were women as well as one person who had a male voice but noticeable breasts and a feminine face and shape. Many other guys dressed up a bit too flamboyant for my tastes as well. My point being, everyone was accepted for who they are and all got along great together. I didn't meet a single person who I talked to who was rude, or unwilling to strike up a conversation. The network room had wired and wireless internet access and was open 24 hours a day and the source for some of the most fun at the conference. But by all means, the best part of h2k2 was the attendees and they are the reason why I will want to go again in the future."

This discussion has been archived. No new comments can be posted.

H2K2 Wrapup

Comments Filter:
  • cDc Talk (Score:3, Funny)

    by borg05 (161991) on Wednesday July 17, 2002 @10:16AM (#3901293) Homepage
    The best part of the cDc talk was when the cute little blonde got up on the stage and people began yelling "Show us your tits".
    • Even better was when one of the male CDC members went up there and a bunch of people(guys adn girls I think) screamed "Show us your tits." Oh, and that tunneling protocol was cool too.
    • Re:cDc Talk (Score:1, Flamebait)

      by gosand (234100)
      The best part of the cDc talk was when the cute little blonde got up on the stage and people began yelling "Show us your tits".

      Fantastic. So your point is that hackers can be just as ignorant as the Nascar (pronounced Nas-corrr) drunken rednecks.

    • The only thing that made this funny was that the shout "Show us your tits" came from a group of female hackers.
    • The thing is there were (at least) two blue hair girls there, me and someone I don't know. Well the OTHER blue hair girl yelled the tits thing, not me. But I was asked about it the rest of the day.
  • by e-gold (36755) <jray@@@martincam...com> on Wednesday July 17, 2002 @10:29AM (#3901377) Homepage Journal
    I unfortunately missed this conference. One session I really wanted to see was John Young and Deborah Natsios of Cryptome.org [cryptome.org] & Cartome.org [cartome.org] which happened on Friday (probably before Michael got there, I'd guess).

    John slings information (in his spare time, he's an architect!) and makes trouble better than most people who claim to do it for a living. (Proof is in the form of an NSA robot which combs his site every morning.) Anyone who saw the talk, please post! John isn't a boring guy, so I'll bet it was good.
    JMR

    (As always, speaking ONLY for Jim Ray!!!)
    • by dr_dank (472072)
      I was able to catch that when I arrived and it was excellent. They delved mostly into their area of expertise: architecture. Mostly of the Hotel and old Penn Station.

      They showed photos from ground zero of debris and Johns commentary on it (from a helicopter they charter themselves).

      Debra went on to tell the audience that John was detained for taking pictures on the site and wryly pointed out that they made him delete the photos from his digital camera. Those very same photos were recovered with the assistance of the Cypherpunks newsgroup and used in the presentation. Needless to say, the crowd burst into applause at that revelation.
    • I did see this particular session and it was very interesting although not particularly on topic. John Young gave none of the presentation which was given entirely by Deborah although he did take questions afterwards. The topic was "Standing up to authority" and while John answered a fair number of questions regarding cryptome and what/why/how they publish, the main presentation focused more on the history of architecture in midtown Manhattan. It was actually quite interesting, just not particularly on topic.
    • I was able to catch the last half of the talk, and as soon as I got there I realized I should have gotten there at the beginning.Very interesting talk regarding Cryptome itself, and some examples of "controversial" information, for instance, WTC site details that the authorities didn't really want publicized... I'm looking forward to streaming the talk when it's posted so I can hear the whole thing.

      Eater

  • by wallsaroundme (582721) on Wednesday July 17, 2002 @10:31AM (#3901402)
    I saw Robert Steele's presentation as well, and I did not find him to be a "great speaker". It seems his primary reason to speak was to promote his books, even taking care to make sure his covers showed up on the screen periodically. When someone asked him a question he did not like he did one of two things; either go way off topic ignoring the question in the first place, or even go so far as to insult that person. As far as his "plan" goes, I'm surprised anyone into the philosphy of free/open software would even consider some of his plan to be rational. Claiming to be a supporter of open source, it seems he failed to realize what it's all about. His plan involves a layered approach, exactly what free software is against. In a later session he even admitted that creating a system of superiority was good "to pay his mortgage". Although he threw out several details that exited the audience, I hope people realized that the big picture is most important here. I AM FLAIMBAIT, but please remember that just because someone has a few good ideas, intentions are most important.
    • I also believe that Robert Steele got it wrong in a major way. I saw him initially as part of a three person panel on the FBI. Essentially he sort of applied libertarian theory to intellegence. The problem with having being a little intellegence agent has been well illustrated by the informant states that have existed in the past.

      Furthermore, the problems with having hordes of untrained people with a little bit of power and authority all doing their best to "beef up security" leads to people getting thrown off airplanes for their choice of reading material, or even worse, the TIPS program.

    • I haven't seen Steele speak, but I've seen the phenomenon you describe: an enthusiastic speaker who does things like "throw out details that excite the audience" gets reviewed as an excellent speaker, although any reasonably object analysis concludes otherwise. Many people tend to judge a speaker based on how he makes them feel, rather than on a dispassionate analysis of his delivery and material. I've seen people be wowed by transparent two-bit conmen with passionate delivery. I think it has to do with our desire to find leaders to look up to, or something.
      • Well how a speaker makes you feel is the difference between a good speaker and a good writer. That's what they mean by "speaking skills".
        • You're right. I think what I really meant to say is that just because someone's a good speaker - and can engage people emotionally - doesn't mean that they have something interesting to say. Good speakers can give content-poor speeches.

          If the presentation is right, people tend to focus on that and overlook the lack of content. This can result in people coming away from a talk completely jazzed up but totally unable to coherently explain a single reason why they should be. ("But he was just so... forceful!")

    • He was a bit evasive on some questions, and his public intelligence idea was questionable (yet interesting). However, don't totally discount his insight into the CIA and other intel agencies... even if you don't like his solutions, the problems he identifies are nonetheless critical and deserving of attention.

      On a similar note, I'd love to see a debate between Robert Steel and Jello Biafra. :-)

      Eater

      • There was supposed to be a debate between Jello and Steele after Jello spoke, but since Jello's verbal diarrhea went untreated for hours, I bet it never happened... (it reminded me of a recent southpark episode where people reverse the food intake/outake direction...)
    • I agree with the last guy. Biafra vs Steele would have been a spectical (sp?). I thought Steele was a very good speaker. When I say that I mean he was able to give an intresting talk and keep my attention. His slide presentation was intresting but no where on his website oss.net can I find it. He said everything he showed at H2K2 would be available there. Oh well. I was suprised he didn't plug his books more often though. I've seen some pretty lame speakers whos every third comment was "Buy my book". I didn't notice he was that evasive but he did 'beat around the bush' alot. But he gave me pretty stickers so its all good.
    • I enjoyed his presentation. Doesn't mean I agreed with it all. His little weird deal where he'd give 2600 a free copy of every book bought on amazon until wednesday so you could get a buy-one-get-one-free deal was pretty farking weird. Like, I'm supposed to write 2600 and say "I bought this book, send me the other as promised for free?"

      His handing out little earth stickers was weird too, what was that about? His graphics with nonsensical arrows that didn't really represent anything coherent were whacked too...

      But his speech wasn't boring and the points he raised were usually interesting. But that doesn't mean I agree with it all. Like, I didn't like his idea that every neighborhood should have their own spies (although it sounds like Bush loves a similar idea) either.

      • > His handing out little earth stickers was weird
        > too, what was that about?
        He just likes the stickers, I guess. He handed out the same stickers at h2k.

        I have his h2k talk on tape, and it was the reason I went to this year's hope. His talk in 2000 had a bit more of an emphasis on story-telling and stuff that makes you say 'wow', though constructive criticism of CIA, FBI, et al was still a big part.
        This year he seemed to push the open intelligence thing a lot more.

        I found his talks quite interesting and I think he generally makes a lot of sense. But the neighborhood intelligence groups is a little scary.

        You can buy the 2000 talk at http://store.yahoo.com/2600hacker/noname1.html
        Sp y Stuff: Everything You Never Believed But Wanted To Ask About
  • by gmcraff (61718) <gmcraff@[ ]oo.com ['yah' in gap]> on Wednesday July 17, 2002 @10:34AM (#3901424)
    ... but the politics was waaaaaaay overdone.

    The best neat-hack I saw was during the "Protection for the Masses" presentation.

    PROBLEM: Protecting sensitive data on a computer from unauthorized person when they have managed to steal your laptop.

    COMPLICATION: Implementing an encryption scheme within, say, Windows 2K/NT/XP/etc is exceptionaly difficult because Windows tends to leave plaintext all over the hard drive, such as in the swap space, the temp files, etc. Implementing such a thing in other operating systems is easier, but you've still got to have an un-encrypted part of the disk to boot from, which could be vulnerable. Furthermore, you haven't got the resources of a major government to have a contractor create you a hardware-based encrypted laptop.

    SOLUTION: Enter Linux and VMware. My doing some clever hacking to pass encrypted file systems to WMware, which presents it to the OS inside the box, the OS (let's say Windows) doesn't have to do encryption... it thinks it's talking to a normal disk. The crypt keys are on a USB storabe device, such as the keychain-sized ones. When you boot up, you get prompted for a passcode to access the crypt keys, and then you end up in a GUI with four buttons: Boot the internal OS; Shut down; Backup functions; Options.

    Without the crypt keys and the pass code and the hard drive it goes to, a nefarious person can't even tell what operating system is on the inside of the VMware, much less when interesting information is there. Encryption options range from Blowfish to ROT13 (pretty much anything you want). The implementation is clean enough to let your mother or CEO have it: Once s/he punches the "Boot OS" button, s/he might never know that s/he is using anything other than Windows. Or FreeBSD. Or another instantiation of Linux.

    Currently, their web site, www.nah6.com, has nothing on it but a logo, but they mentioned that they'll be having some good stuff out within six months. Heck, I'm looking forward to it for more than just personal use.
    • ... but the politics was waaaaaaay overdone.

      Actually, most of the tech-talk was stuff you could figure out on your own time, anyway. The political talk, however, was a rare experience, and sorely needed in the hacker culture. I suppose it just depends on what you're trying to get out of it. If you really need somebody to demonstrate how a lock mechanism works, or how to use kizmet, or how to do an op-redirect, etc... h2k2 probably isn't for you anyway.

      Eater
    • There are commercial full hard drive encryption programs available from Winmagic, PC Guardian, and Pointsec. And you don't need to deal with any funky WMware.

      (yadda yadda trust in closed source yadda)
  • My H2K2 pics (Score:4, Informative)

    by rprycem (113790) on Wednesday July 17, 2002 @10:41AM (#3901462)
    Hey, just plugging the link to my brothers site with h2k2 pictures. [opticaldelusions.net] http://www.opticaldelusions.net/28a.html
  • by intuition (74209) on Wednesday July 17, 2002 @10:43AM (#3901486) Homepage
    I finally bit the bullet, and attended H2K2. The speeches for anyone interested in these areas were altogether pretty much unimpressive for two reasons. First, the good reason, most of the speakers are very good at disseminating information over the internet - so if you had previous interest in any of these areas, and actively read the internet none of the information was not extraordinarily new. For example, the 802.11b presentation by dragorn, porkchop, and StAtic Fusion, was no more than a simple demonstration of various passive and active sniffers and a light overview of 802.11b technology.

    So the first point is a good thing, information is available over the internet - no big suprises or insights available at the conference - however, someone looking for a casual introduction to many of these issues would of found the conference very interesting.

    Second, and the bad part, most of the speakers were HORRIBLE god-awful nails on blackboard poor public speakers. There were a few gems, but thank god for the barely usable 802.11b network in the main track speakers room. Of course this comes from lack of experience, lack of often having an audience like this assemble, and lack of preparation. Some of these people should seriously look into how to "hack" an audience. For an example of a particularly bad one, is the speech on "The New FBI and How It Can Hurt You" by Mike Levine. This guy took one hour rambling about the dangers of the FBI and could barely get his point across, without needless rambling. He wasted the whole hour talking about the system where the DEA gives money to criminal informants in drug cases is horrible corrupt and dangerous - once even it almost resulted in his untimely demise. Not even one consideration from this guy as to what he was there for. For proof, amazingly he has a radio show on listener supported radio station WBAI in NY (where Emmanuel Goldstien, who I speculate has a large part in organizing the conference also has a radio show) with links to audio available here : Expert Witness Radio [expertwitnessradio.org]

    Overall, I think your average /. reader would be unimpressed. But the people were cool and eccentric, and it was a fun time nevertheless.

    As a side point I spent the whole weekend logging on and off of my AOL IM account and telneting to a linux box in the clear - just to see what would happen. So far, nothing.
    • Mike Levine is a bad example for your point. The guy was obvisouly well-prepared and a good public animator, although I gather you didn't like his style. Rather, he was victim of one of the many shameful technical breakdown at the conference. Where he planned to begin his lecture with a video tape, the crew had him rable as best as he could, filling time for almost half an hour, while they figured out how to plug their vhs.

      I think his point was clear : the CIA is a buch of incompetant and the mafia runs circles around them. They survive by milking the media with sensational bursts - something they are scary good at.

    • I agree most of the speakers were pretty bad... Speech Communication 101 could set em straight.

      There were a few guys who really knew how to engage the audience, including Mike levine. He may have gone off the track but IMHO at least he spoke with some passion and had interesting things to say. (who knows how true any of it is)

      My personal highlights were the Boondocks guy (who i didnt know about at all and turned out to be an interesting speaker), Jello (old DK and spoken word fan of his, so was really excited to hear he could make it), Social engineering panel, Negativland presentation (here's a band that REALLY needs a Behind The Music special.. ;), typing up crappy BASIC programs on the retro computers downstairs, and the beautiful view of the sunset from the 18th floor during negativland on saturday.

      There was probably other stuff but i can't think of it now.. My first time there and I had a lot of fun, even though i went alone it didn't feel like it because almost anyone there was eager to strike up a conversation if the opportunity presented itself.

      My only regret is not owning a laptop with wireless that i could bring, and being stuck trying out those badly configured X terminals. Thought it was a shame they never worked right the whole weekend cuz it must have been a hassle bringing all that gear in...

      internet access aside, can't wait for the next one!

      • being stuck trying out those badly configured X terminals. Thought it was a shame they never worked right the whole weekend cuz it must have been a hassle bringing all that gear in...
        They weren't so much badly configured, but highly abused. I know; I was one of the people running them. More equipment was stolen from the cluster than you can possibly imagine. Also, people would unplug the ethernet cables from the terminals to hook up their laptops, and never replace them, and random people would pull a handfull of cables from the Cisco 6509 in the centre of the room. Then, there were the kiddiots. People were fork-bombing the xdm/shell server all weekend, and generally trying to break the cluster as much as possible. That made for a horrible experience for the rest of the people just trying to get online.

        As far as hauling it in, I didn't get to NYC until Friday evening, but the rest of the cluster crew had a hell of a time getting all that crap in there and setting it up. A good portion of the theivery happened while setup was still occuring, as well. You try setting up a 100-plus-unit computing cluster while people are just walking off with the equipment.

        Hauling the gear out of there is a lot easier, though, as almost everything gets sold off on Sunday afternoon. PC X terminals, the NCD X terms, DEC VT and Dorio dumb terminals, and even a 24-port Tiger switch got sold.
  • To crack WEP, all you need to do is run a tool that monitors the traffic and cracks it. After collecting enough traffic, it only takes a second or so to crack.

    http://www.networkmagazine.com/article/NMG200112 03 S0008

    My suggestion would be to use IPSec for encryption on top of WEP.

    -Lucas
  • by dr_dank (472072) on Wednesday July 17, 2002 @10:44AM (#3901489) Homepage Journal
    It was a great weekend overall, with the Social Engineering panel well worth the price of admission.

    While the phones were being set up for the AT&T attempt, Emmanuel (?) was talking about a voicemail system for the Caldor retail stores in the Northeastern US being protected by a very obvious four digit pin (the first four letters of Caldor). Using this, they could gain access to the PA system of almost any store.

    Aside from the obvious hi-jinks of putting random things on sale and playing music (which, BTW, the employees would run all over, thinking it was coming from a phone on the sales floor), they would dial in when the night crew was stocking. Imagine hearing "I'm still in the store" when working late at night....

  • LATimes [latimes.com] has a story on Dave Richardson who is considered one of the masters of his trade.

    The article is fairly long, but he comes off as one hell of a legal lock picker, whose services are employed by law enforcement and in sometimes to break in to safes without leaving a trace behind. Interesting stuff.
  • What ever happened to ? [wired.com]

    Is there any info on this?

    Hacktivismo is down [hacktivismo.com] and I didn't see anything on cDc [cultdeadcow.com]
    • errp... that is "What ever happened to Six/Four?"

      man i'm getting lazy
    • It was released, but cDc put all of their effort into press releases on it, and not what they said at the conference. It was hard to pick out the important stuff out of an hour of assinine skits. As an aside, I think Oxblood Ruffin (sp?) had some of the most important stuff to say, unfortunatly he was so awful at using a microphone that finally one of the other cDc folks went up on stage to pass on what he was saying.
  • Top 20 IT Anthems [zdnet.co.uk] features the best/worst of them all, music created by overbudgeted tech company PR groups who clearly need hitting with the reality stick a few times. Most famous of course is KPMG - with "Our Vision Of Global Strategy" [zdnet.co.uk] - the title almost rhymes with KPMG. This monster sounds like "We Are The World" for world domination - this has proven so popular that it's even had Jungle and Rock remixes produced.

    OK.... everyone.... 1, 2, 3....

    KPMG, we're strong as can be
    A team of power and energy
    We go for the gold
    Together we hold onto our vision of global strategy.

  • by HappyPhunBall (587625) on Wednesday July 17, 2002 @11:19AM (#3901761) Homepage
    1. Go to Hacking Convention
    2. Connect laptop to spiffy free wireless network
    3. Get Owned
    4. In less than a minute
    5. Spend rest of Convention denying the bad porn and pathetic love letters stolen from hard drive
    6. Go Home
    7. Format drive, re-install OS with patches this time
    8. Search net to see if your bad porn and pathetic love letters have made it to Geocities yet
  • Culture (Score:3, Insightful)

    by TedCheshireAcad (311748) <ted@fc.AAArit.edu minus threevowels> on Wednesday July 17, 2002 @11:22AM (#3901782) Homepage
    Many of the speakers were government hating paranoids, which was pretty funny. The lockpicking panel was great, as was social engineering. Thanks to Sean from Starbucks for the fun.

    If anything, it was a good place to try out network sniffers. Won't people learn that accessing your POP account not over SSL is a bad idea?
  • by Anonymous Coward
    So it was a bunch of smelly communists that took a break from playing with linux and looking at kiddy porn to gather together and (shock) relay their displeasure with the current politcal administration. Yeah that sounds like fun. Looks like that one Aaron guy didnt follow his own advice to "shut the hell up, you don't know anything". Sounds like a really nice guy though.
    • Looks like that one Aaron guy didnt follow his own advice to "shut the hell up, you don't know anything

      I was thinking the same thing. He was an entertaining speaker, but it didn't seem like he thought out his speech too much.
  • The BBC covered the convention initially in this article [bbc.co.uk].

    Of course, the original version of this article had this as it's original fourth paragraph:

    The hackers conference is an annual event and usually includes an attack on a high-profile computer system.

    I wrote their factual error department. The conference is not annual, there are no attacks on high-profile computer systems as part of the event, there's no facts supporting the claim that the USA Today defacement has anything to do with the conference, and the story is one sided in as much as their primary source appears to be an AT&T memmo. I then urged some of the other people who attended to write the BBC as well, and the BBC changed their story.

    One of the other people who wrote the BBC, posted this response that they received from the Assistant Editor of Technology to the H2K2 Volunteer list, where we had been discussing this matter.

    Thank you for your e-mail. I apologise for the inaccuracies contained in the article on the H2K2 conference. It was written by a non-specialist and has now been corrected.

    Of course, the correction occurred after the article had been up for a few days, and viewed by countless people around the world. However, it wasn't a correction in the sense that anyone was made aware of the change. The offending paragraph simply was deleted. No mention to the general public that they've got stories being written by people who don't know what they're doing. Just a simple "my bad" via e-mail, and a quick edit and the database, and there you go.

    Then, of course, there was the gentleman from Fox News who came up to the information desk with his cameraman and told one of the volunteers: "I need help. Can you give me a hacker handle." Of course, this happened just moments after he had harrassed a conference participant who had repeatedly told him that he wasn't interested in being interviewed or being on camera.

    Of course, not all the media covereage was clueless. There was a gentleman from the IEEE Spectrum who was kind enough to bring some past articles published in his publication as a demonstration of the type of media that they produce. Of course, he also attended some of the panels as well, instead of just walking around and sticking a camera in someone's face and asking outlandish questions.

  • Shpennsylvania (Score:1, Redundant)

    by cybercuzco (100904)
    More [freerepublic.com] about the lovely hotel pennsylvania courtesy of Dave Barry.
  • To the one who reviewed the social engineering panel: the Starbucks guy didn't read the whole number, Emannuel stopped him before he got to the end...
  • "If Cheney was President, Afghanistan and Iraq would be glass, and we may give the neighboring countries 30 minutes of warning to get away from the borders."

    And what is wrong with that?
  • Gee, it would be nice if those lockpicking links weren't all in Dutch or German.
    • Learn another language.
      Dutch girls look nice, in case you need the motivation :)
  • H2K2 is a conference for hackers. From the above article, if you read slashdot, you already know about everything that's said at H2K2. Therefore, we can infer that if you read slashdot, you are a hacker. As reported a few days ago, the U.S. government enacts a new life-imprisonment punishment for hackers. Taking into account the corollaries above, we can infer that... Reading slashdot can put you away for 20-Life. Woohoo! :)
  • At one point there was a great act down in the area 7 stage ... a guy wearing a george bush mask stood up and pantomimed along to a speech cut together from real george bush audio. "We must continue the war ... on America. Democracy, freedom of speech, freedom of expression ... these things must be controlled. We must preserve ... illegal drugs. I myself use ... illegal drugs." The george bush-public speaking rhythm seems to lend itself to this kind of cutting -- it sounded like natural speech. (either that or he really said all those things, who knows ...)

    I don't know who put that one together -- does anyone have a link?
  • I think the best part of a conference like this is meeting people with whom you've talked online for years -- they were quite interesting, as were the new people I met at the conference.

    H2K2 definitely had a more activist/political slant, vs. purely technical like blackhat/defcon, or commercial like RSA, or academic/mathematical like the IACR conferences. It's nice to have such a range. H2K2 was probably the best conference I've ever attended in the US, although HAL2001 in Holland was more unique -- being in a field with even more hackers, faster network connection, and the special goodness of Holland is pretty much ideal.
  • I am so jealous right now.

    ahhhh. maybe next year.
  • Copper? Pshaw! (Score:3, Interesting)

    by alexburke (119254) <slashdotmail.alexburke@ca> on Wednesday July 17, 2002 @09:45PM (#3906025)
    My friend and I wondered how they screwed this one up and traced the wires to a display table and behind a closed stairwell door. We looked at each other and said "Nooo". We popped into a neighboring stairwell as everyone fought for the elevators. We went down one floor then popped over to the stairwell that we saw the wires going down. Sure enough, they had run the wires down the open portion of the stairs so they were hanging by their own weight for a distance of about 22 floors (the hotel has 18 number floors, about 4 lettered floors like A, B, C, D, a mezzanine floor, and lobby floor). I'm not sure what the stress would be introduced by a cable hanging by its own weight for that kind of distance, but I bet the center copper core couldn't bear it and broke inside.

    I was on security detail during H2K2, and I was one of about 6 people that installed that cable on Thursday evening. That was the B stairwell. (Us security types referred to it as the 'booger' stairwell. Don't ask.)

    It's a good thing you chose to stay away from that stairwell -- we caught a group walking down that stairwell fiddling with the cable and they were promptly detained then removed from the conference for good.

    The cable was not copper, but rather Corning 24-strand multimode (62.5/125) fiber cable. Due to an installation snafu, about 50 feet from the end of the run several strands got broken when the cable became pinched. However, we only needed two strands to make the whole shebang work, and we found two properly-working ones (yellow-black and white-black, IIRC) fairly quickly by the guys at the top of the staircase shining an LED flashlight into the connectors while we looked into them at the bottom of the run.

    The cable was fairly well supported with cable ties (snug, but not crushing) at several points along the way down.

    At no point was link on that run lost, so I know it wasn't the fault of the cable.

    Anyway, I'll stop rambling now. I hope you enjoyed H2K2 as much as I did... it was a blast!
  • Siva Vaidhyanathan appeared on Slashdot before: I intervied him about his book Copyrights and Wrongs. The interview is over here [slashdot.org].
  • So it's going to be big hmm?

    Why?

    They have a driver for a 1100 british pound DAC, so how many guys are going to lay out that much cash for a radio?

    And to listen / send what?

The study of non-linear physics is like the study of non-elephant biology.

Working...