For the mainstream media, DEFCON is all about visual shock candy. If it is a choice between JesusHackers and the BondagePornoBabes*, it's an easy guess which ones will make the evening news. Most of the security news last week was nefariously linked to DEFCON, regardless of relevance.
Whatever the case, the mostly male, mostly black T-shirt crowd got an earful from a variety of speakers (assuming they could find a seat - no standing, per fire code). Phil Zimmermann, creator of the PGP encryption program, fessed up to wanting to ship the PGP program overseas as a human rights tool, altho' his lawyers told him not to say admit it while battling the U.S. government in court for three years.
Zimmermann emphatically repeated "There is no backdoor in PGP" despite assertions by TechTV and others. "Network Solutions wouldn't know how to put in a back door... or a front door, for that matter," he said. He attributed some of the paranoia surrounding PGP and the flood of annoying and irrational fan mail he receives on a daily basis to "People who think the X-Files are a documentary." He also stated he was mis-quoted by the Washington Post in a post-9/11 interview.
Chris Hurley, founder of the World Wide WarDrive, took a chunk of his podium time to flog InfoWorld and The Wall Street Journal for inaccurate and misleading stories about the effort to document the number of wireless APs and the (ugly) number of them not running WEP encryption. (One might say the Washington Post is in good company for bad technology reporting). Less than a third of WiFi APs world-wide are running WEP, a percentage Hurley hopes goes up due to the annual and public and not-secret and not terrorist-linked WarDrive campaign.
Did you know ISPs in the Netherlands get paid for every successful government-ordered wiretap? Or that there's an EU standard for bugging your IP traffic? Jaya Baloo revealed this and some other tasty tidbits in her talk about Government IP Tapping. Baloo, a consultant in the Netherlands, noted that ultimately there will be EU-wide agreements for "borderless lawful intercepts" but both quantum crypto and wireless LANs pose some interesting challenges to regulators.
Sunday's presentation on social engineering was saved from being stoned by the appearance of Kevin Mitnick out of the audience to regale the packed ballroom with his exploits of talking Motorola staff into sending him a source code for their cell phone. His quest - two hours of talking on the phone -- was nearly frustrated by a firewall preventing outbound ftp until a Moto security guru thoughtfully provided a way around it. Mitnick also won the 10th annual "Hackers Jeopardy" contest, a two evening ordeal that has few rules other than answering questions and drinking a lot. (Hmm, maybe Kevin could find a job at the INQUIRER).
Among other contests, the WiFi shootout provided some interesting results. Held 20 miles outside of Vegas, in the desert, contestants had to set up and test their gear in the rain (yes, the rain) on the first day of activities on top of a craggy heap of rock to get the best distance. The winner, built by ASLRulz out of New York, was able to send and receive data over 35 miles. Most disturbing/amusing, the huge antenna was built out of a last minute design with $98 of parts bought at Home Depot. µ
* CORRECTION Doug got overexcited. The folk were labelled as the BondagePornoBabes when they should really be called HaXXXor or the HaXXXor Girls, according to Aaron, creator of HaXXXor. Ed.
Sign up for INQbot – a weekly roundup of the best from the INQ