DEF CON SomaFM clips (with quotes)

By Dave
Comments Off on DEF CON SomaFM clips (with quotes)

Full text of quotes for searching below

DC#SpeakerTopicClip NameTextURL
7Michael MartinezHackers and the Media – A Love/Hate ThingBlack TeeYou know, we have, again, our own preconceptions of the sixteen year old wearing black tee shirts in a darkened room when the sun is out and all they’re doing is playing on a computer for twenty four hours straight, um, that actually may be some of you, I don’t know. I so see some black tee shirts here and they look wonderfuldirect link
7Michael MartinezHackers and the Media – A Love/Hate ThingBustedDon’t do anything that’s gonna get you busted, okay, I have seen stories that, a reporter says, hey, I hooked up with these guys and I went on IRC with them while they were hacking, and it was so cool, and this is what they did. You can be within 48 hours of that story being published the FBI called that reported and said we need to know everything.
7Michael MartinezHackers and the Media – A Love/Hate ThingEmailsI will get emails, sometimes, that are longer than the original story. I’m a little less inclined to read them because I’m like, why are you doing this to me.
7Michael MartinezHackers and the Media – A Love/Hate ThingHackerGive you guys some hints for when, the next clueless reporter comes up and says hey man, what’s it like to be a hacker.
7Michael MartinezHackers and the Media – A Love/Hate ThingHireThere are still come security companies our there that won’t hire anybody who says they are a hacker, which kinda blows my mind
7Michael MartinezHackers and the Media – A Love/Hate ThingInterviewIf the virus spreader comes forward, I’d like to get him for an interview
7Michael MartinezHackers and the Media – A Love/Hate ThingIRCSay I go, actually I’m a reporter that knows about IRC, and I go to #hackphreak or #hack or something, and I get somebody who uses a lot of threes when he spells, and I think, ooh that’s kinda funky, maybe he’s a hacker. Maybe he’s a script kiddie who has like three warez on his hard drive, I don’t know.
7Michael MartinezHackers and the Media – A Love/Hate ThingKickIf any reporter comes up and tell you that their reporting is one hundred percent unbiased, you may feel free to kick them. Actually, I can’t advocate violence either, that’s bad.
7Michael MartinezHackers and the Media – A Love/Hate ThingQuakeThe next time I play Quake, and I going to have an erased hard drive? Who knows.
7Michael MartinezHackers and the Media – A Love/Hate ThingSexyIt’s sexy, it will sell papers. You didn’t think of yourselves as sexy, did you. It’s true. Yes, you are sir.
7Michael MartinezHackers and the Media – A Love/Hate ThingSurf WellYou’re going to get reporters who, the only reason they’re a tech writer at their particular publication or television station is because they can surf the web really well, that’s it.
7Michael MartinezHackers and the Media – A Love/Hate ThingTrashedIf you fake your knowledge, and you give incorrect information to a reporter, and that gets into print, your name is trashed.
7Michael MartinezHackers and the Media – A Love/Hate ThingWebsiteWhy do these people hate me, I just wanna run my website!
7Ira WinklerMyths of Hiring HackersAdd FiveDo you have the most recent hot fixes, and Windows service pack loaded on your system, add one. What if you don’t have Microsoft? Add link
7Ira WinklerMyths of Hiring HackersArsonistsArsonists can not put out fires or engineer fire safe buildings. They know how to take a bunch of papers together, take gasoline, spread around, light everything up. Same thing with script kiddies. They know how to take a bunch of tools, you know, shoot it off at the websites. Do it.
7Ira WinklerMyths of Hiring HackersBusiness CardNo matter what your business card says, that doesn’t automatically guarantee you’re a quote unquote security expert either
7Ira WinklerMyths of Hiring HackersCIOI’m rephrasing, I can train a monkey to hack a computer in a few hours to I can teach a CIO to break into a computer in a few hours. Honestly, though, I’m not sure if that’s less insulting.
7Ira WinklerMyths of Hiring HackersHackerYou know, all the sudden you walk around, you call yourself a hacker, and 60 Minutes is putting a camera in front of your face now days.
7Ira WinklerMyths of Hiring HackersJanitorsI would remind you that NSA and CIA have janitors and, they don’t know much about security either.
7Ira WinklerMyths of Hiring HackersKill -9Everybody wants to go out and hire a hacker, and as the presentation before just started to discuss, you don’t know what you get when you hire a hacker. You know, you could get somebody like Mudge, or one the other hand you could get somebody like, the people that are out there trying to figure out that kill -9 is a Unix command and are trying to do that on Windows 95
7Ira WinklerMyths of Hiring Hackersl0phtRemember, why is the l0pht called the l0pht? Because they have a loft filled with computer equipment, and it was kind of a joke. The loft was not called the internet. These are people that break into their own computers, not the internet’s computers.
7Ira WinklerMyths of Hiring HackersMisguidedBenjamin Netanyahu, the Israeli Prime Minister, called The Analyzer a Misguided Genius. I like that one.
7Ira WinklerMyths of Hiring HackersMITSo the hackers at MIT were really true hackers in every sense of the word.
7Ira WinklerMyths of Hiring HackersNo BrainI never met this guy, but what the hell, you’re sitting here in a field with no brain. You might as well come with me, and he was like “okay”
7Ira WinklerMyths of Hiring HackersScript KiddieWhen a script kiddie doesn’t get in using his tools, they’ll give up hacking, if they’re not passionate. They’ll go away and say “damn, that little script didn’t work, I’ll go find another one” and then when that one doesn’t work they’ll go find another one and after the third or fourth one doesn’t work they’ll hopefully give up and maybe find that women exist
7Ira WinklerMyths of Hiring HackersSecurity ProfessionalMost security professionals become one when their employer tells them they’re a security professional
7Ira WinklerMyths of Hiring HackersSoulThe people who know how to break into computers best are the really good system and network administrators. Those are the people who know the systems in their soul.
7Ira WinklerMyths of Hiring HackersTake AnythingIf you’re not good, you might as well take anything you can get though, let’s face it.
7Ira WinklerMyths of Hiring HackersUniqueFirst of all, again, the main issue is that the companies and government try to make you believe that hackers have some sort of unique skills and abilities that can’t be picked up by other people
7Ira WinklerMyths of Hiring HackersWordAnybody that knows how to use Microsoft Word and knows what a macro is considered a computer genius these days. Hackers are trying to jump on this because they know a little more than Microsoft Word.
7Dead AddictSet TechnologyComplicatedOh my goodness, this is complicated. Well, this is a protocoldirect link
7Dead AddictSet TechnologyCurrencyIt’s possible and feasible to implement your own currency systems if you can get enough people to go along with it.
7Dead AddictSet TechnologyNutI found every time I attempt to fully understand, let alone re-communicate how currency systems work, I sound like a complete nut
7Dead AddictSet TechnologySellI wouldn’t suggest anyone in the audience do this. Hackers have a tendency to, uh, sell those credit cards to the FBI, so, I don’t recommend that either.
11Cat OkitaAura – A Reputation SystemA Dog On the InternetI mean, you can be a dog on the internet, and as long as you post reasonably, no one caresdirect link
11Cat OkitaAura – A Reputation SystemCookiesMy friends say that these chocolate mint cookies are really good
11Cat OkitaAura – A Reputation SystemDon’t Even Know His NameSee I’ve giving him a bad reputation by standing up here and saying all sorts of things about him and I don’t even know his name
11Cat OkitaAura – A Reputation SystemFlagsSome of you may have had the experience of having someone ask you the interview question: what are the flags to “ls”. This is an evil question, and really it’s easier to say what aren’t the flags to “ls”, but that’s neither here nor there.
11Cat OkitaAura – A Reputation SystemGot A RoomAnd you know if the three of you get a room and make a movie you can make a lot of money.
11Cat OkitaAura – A Reputation SystemGrassrootsAnd I’m much more interested in grassroots ability for everyone to communicate with everybody else and have their dependencies
11Cat OkitaAura – A Reputation SystemReliabilityIf you can claim that everyone is 99.7 or 100 percent reliable, I’d like to hear it from one of you right now
11GrifterDumpster DivingStreakFor those of you that don’t know what the hell that was, on the scavenger hunt list it says “streak through Grifter’s talk” Good times, lots of man ass link
11GrifterDumpster DivingCool RingtoneI’m tired and irritable, so if your cell phone’s on, shut it off, unless it has a cool ringtone, in which case we can all enjoy
11GrifterDumpster DivingI Have A DumpsterI have a dumpster in my back yard and I practice on it all the time
11GrifterDumpster DivingOur NamesI’m Grifter, nice to meet all of you, let’s go around and say all names. Start over here.
11GrifterDumpster DivingYellingBefore I even get started, if you’re going to start yelling at me from the back or something about how ethical this is, and how I’m horrible and I’m promoting identity theft I don’t wanna hear it so shut up.
11VikiToday’s Modern Network Killing RobotIRCGeeks are generally not so good at expressing themselves, so they go on to IRC and they can use these tools to express their feelings towards others, feelings like anger, rage, hatred, resentmentdirect link
15Dan KaminskyBlack Ops 2007Let’s Break Some ThingsWhat’s up guys? You guys are nuts. Look at this frikkin’ crowd. Alright, we have so much stuff to go over. Let’s break some things eh?direct link
15Dan KaminskyBlack Ops 2007Actually Winn SchwartauingData suggest that the DNS based attacker has a remarkably high chance of actuallywinning
15Dan KaminskyBlack Ops 2007AnywhereWe need to have disaster recovery plans that include how to handle the discovery of a flaw in any mission-critical code anywhere
15Dan KaminskyBlack Ops 2007APINever presume and API is ever smarter than it had to be to ship, it rarely actually is
15Dan KaminskyBlack Ops 2007BGPInteresting questions, which would you rather own? PGP, or DNS?
15Dan KaminskyBlack Ops 2007DancingThe game is to get compliance from the user to assist in executing the attack, and since users wanna see dancing pigs, this is not necessarily that hard
15Dan KaminskyBlack Ops 2007EmailAnyone here work somewhere where they get emails from the Internet
15Dan KaminskyBlack Ops 2007Game SecurityGame developers have time to do many, many things. Write secure code that can deal with crappy servers is just not one of them. Or at least hadn’t been, because it wasn’t a ship requirement.
15Dan KaminskyBlack Ops 2007He AskedWho did you get a cert for? Login do live dot com. And how did you get it? I placed an order on a big CA’s website for it. He asked.
15Dan KaminskyBlack Ops 2007HosedI’m the first to say, this bug should not nearly be as interesting as it actually is. The reason this bug is interesting is because everything else is hosed.
15Dan KaminskyBlack Ops 2007Make LocksI think this is what happened to pixel artists: They all went to make locks for bank websites.
15Dan KaminskyBlack Ops 2007MalaysiaIf your DNS is bad, two boxes physically next to each other are going to route to each other by way of Malaysia.
15Dan KaminskyBlack Ops 2007PoisonDon’t bother poisoning foo dot com or google or yahoo, just poison everything
15Dan KaminskyBlack Ops 2007SalvaDon’t worry, SSL will totally save us all
15Dan KaminskyBlack Ops 2007ServiceableService-ability is survivability, and no one has ever made the link that says how serviceable a network is a major selling point, a major metric for the quality of a system
15Dan KaminskyBlack Ops 2007SSLPeople say “But SSL, SSL will save us!”
15Dan KaminskyBlack Ops 2007SurfaceI think we may have some new attack surface to play with.
15Dan KaminskyBlack Ops 2007WrongIt’s not about how the network works when things are going right, it’s how the network works when things are going wrong.
15Johnny LongNo-Tech HackingBack To the HotelI’m like, what do you mean we’ve gotta go. He’s like, we’ve gotta go back to the link
15Johnny LongNo-Tech HackingBumper StickersI swear I’m gonna get bumper stickers for this.
15Johnny LongNo-Tech HackingCookoutI got these pictures from a cookout that I wasn’t invited to.
15Johnny LongNo-Tech HackingMitnickI’m also a professional one of these, although I’m not dead yet, I’m more like one of these, although I look nothing like Kevin Mitnick, which this guy looks like.
15Johnny LongNo-Tech HackingNinja HatSo, the ninja puts on a hat, gets a ladder, and a can of compressed air. So, he goes from ninja to old guy in hat.
15Johnny LongNo-Tech HackingOn With the ShowAlright, and on with the show.
15Johnny LongNo-Tech HackingProxThese folks, I’m not sure exactly where they work cause they took their badges off, but they left their prox cards out. Well, the funny things about prox cards is that if you get a good picture of them, you take these really complex numbers here, you punch them into a telephone, a nice person answers and you read the numbers off the top of the card, and guess what they tell you. They tell you the address, the building, the floor, and the room that the card will work on. Clever.
15Johnny LongNo-Tech HackingThe Whole SystemSo, for no money, and hardly any materials, he took down the whole system
15Johnny LongNo-Tech HackingVery Nice ColorWhich I think is a very nice color
15Johnny LongNo-Tech HackingWoWDid anybody else notice the World of Warcraft icons down in the dock?
16GMark HardyA Hacker Looks At 50The 70sAgain, bad passwords were all the rage back in the 70sdirect link
16GMark HardyA Hacker Looks At 501984Navy has no need for computer security, from Washington, 1984
16GMark HardyA Hacker Looks At 50AARPBecause, yes indeed, I am now a card carrying member of the only organization that’s more liberal than Barack Obama, and that’s the AARP
16GMark HardyA Hacker Looks At 50APLAlright, what does APL stand for? A Programming Language, that’s cool.
16GMark HardyA Hacker Looks At 50ASCIIWe have the best tic tac toe, and everything else. Didn’t have porn in it because it was ASCII but…
16GMark HardyA Hacker Looks At 50BillionsBut what did they have that we didn’t have? Vision. What did they end up with that we didn’t have? Billions.
16GMark HardyA Hacker Looks At 50CapabilitySo I realize that even though you have the capability, sometimes it’s not a good idea to use it.
16GMark HardyA Hacker Looks At 50CarbonIt’s not the silicon network in life that counts, it’s the carbon network that counts. It’s the people in your life.
16GMark HardyA Hacker Looks At 50ControlAnd you spend a week owning anything that moves, trying to think about what you want to do with your life, you get control back.
16GMark HardyA Hacker Looks At 50DQThere are people out there who will disqualify you, there are people who love to disqualify you, but don’t do it to yourself.
16GMark HardyA Hacker Looks At 50DressedAnd unfortunately, back in the 70s, being a computer geek was not cool. We didn’t dress in black, we dressed in corduroys
16GMark HardyA Hacker Looks At 50Global DominationNoooooo, total global domination!
16GMark HardyA Hacker Looks At 50HockeyThere was ASCII porn but we didn’t understand that. Hey, this was Buffalo. There’s not much to do up there but hockey and shovel
16GMark HardyA Hacker Looks At 50Just AskOne of my observations in life? Just ask.
16GMark HardyA Hacker Looks At 50LowWhat the next words out of my mouth were the following: Sometimes I go that low.
16GMark HardyA Hacker Looks At 50No HelpOkay, with no manuals, no readme, no help button, no F1 on the keyboard. There it is, go figure it out.
16GMark HardyA Hacker Looks At 50OwnedSo we kinda sat there for a minute or two, the operator tried to log in, realized he’d been owned, changed the password.
16GMark HardyA Hacker Looks At 50PensBig gigantic thing, not quite the size of this room, but huge. Ton of air conditioning equipment, and works in a big glass room. And the only way in and out was to wear a white lab coat and four different kinds of pens.
16GMark HardyA Hacker Looks At 50PiI can remember this: three, fourteen, fifteen, nine. Three, fourteen, fifteen, nine. Three one four one five nine. Okay. That was the root user ID, was Pi. Cool, and we’ve got the password.
16GMark HardyA Hacker Looks At 50RPGTake away porn and role playing games and what you’ve got left is nothing, right, for your life.
16GMark HardyA Hacker Looks At 50SeatedAnd, the chip wasn’t seated right and that was the problem and it worked perfectly. So Billy lived.
16GMark HardyA Hacker Looks At 50TalkA whole life of things that we depend on today just didn’t exist so we had to do the strangest thing in the world and that was talk face to face to other people.
16GMark HardyA Hacker Looks At 50TTLWe got a TTL that’s a hidden field in life
16GMark HardyA Hacker Looks At 50Two TenAnd so I have a legitimate W-2 doing computer security work, full time, for 1976, for two dollars and ten cents an hour. Have we come a long way or what.
16GMark HardyA Hacker Looks At 50UnattendedBut, we found where the console was. It was sitting over in the corner, and it was unattended.
16GMark HardyA Hacker Looks At 50WisdomThe problem is, wisdom has a diode. I can not be taught, it can only be learned.
16FXBarcodingConfigureThe scanners that phase outside to a potentially hostile barcode are actually configured by link
16FXBarcodingDODYou can send pretty much everything, anywhere for free and it will be trusted because the sender ID says “this is the Department of Defense”
16FXBarcodingInjectionsThat brings us to actually having SQL injections and format string attacks in barcodes. You will be surprised at how good this works.
16FXBarcodingNewspaperSo, you’re point your browser to a not-to-you-known URL, automatically, with your newspaper. Is that potentially a bad idea? Anyone?
16FXBarcodingPornAnd that usually tends to be a really good driver for technology. Either making more money or porn.
16FXBarcodingPrinting MoreHave you noticed that putting more stuff in to something than it was expecting is something that hackers really like? So, yes, it does happen. We did find buffer overlooks with barcodes simply just by printing more.
16FXBarcodingShell CodeUm, warning, it is, a pain to develop shell code on barcodes
16FXBarcodingTrustDo not trust a printed number
16FXBarcodingXSSYou get to cross site script people with your newspaper!
16Jason ScottMaking A Text Adventure DocumentaryAwesomeHow many people here, and nobody’s looking at you, don’t know what a text adventure is? Alright, there’s one person. They were link
16Jason ScottMaking A Text Adventure DocumentaryCreative CommonsI think some times it’s overused, like any good tool, and I think that some times people apply Creative Commons to places it shouldn’t be and they don’t entirely understand it but at the very least they did the right thing, they created a simple to understand legal framework for people to release things under a copyright other than The Copyright which at this point has been kinda fortified with eleven vitamins and terrible constitutional nonsense because everybody was scared that somebody was going to take away Leonard DiCaprio’s paycheck
16Jason ScottMaking A Text Adventure DocumentaryDelete That LetterI’ve gotten some wonderful letters, heartfelt letters, telling me to please delete stuff. The only thing I delete is that letter.
16Jason ScottMaking A Text Adventure DocumentaryFatIt was tough, and I’ve gotten dinged on a few things, but it’s all like, so, having given away all this history you failed at A, B, and C, and I’m like “that’s why you’re fat”
16Jason ScottMaking A Text Adventure DocumentaryFreakI believe that the modern human can’t really sustain more than fifteen to thirty seconds of a person talking without any change in the shot before they start to freak out.
16Jason ScottMaking A Text Adventure DocumentaryMythosAnd I’ve been very lucky over the past eight years or so talking directly to people who I’d only thought of as words on a page or on a box or otherwise in some way completely in the realm of mythos, which disappears when you’re in their kitchen
16Jason ScottMaking A Text Adventure DocumentarySchedulingAt this juncture, I say, as I watch people kind of storm out, you either go, I want to see even more of this or you say, I have made an enormous scheduling error
16Jason ScottMaking A Text Adventure DocumentaryThe ThingIt’s gonna do the thing, isn’t it
16Jason ScottMaking A Text Adventure DocumentaryTwinkieYou know, secretive isn’t the word so much, they try to obfuscate how and where caves are located because they don’t want people to just kind of, you know, pack a Twinkie and go in and die, so.
16Jason ScottMaking A Text Adventure DocumentaryWifeI still get fan mail every week about the BBS Documentary. It all comes down to “Oh God, thank you” nobody understands me. Now my wife understands me. It’s mostly used as a wife education tool.
16Jason ScottMaking A Text Adventure DocumentaryYou WonI don’t regret one moment of this, so, if nothing else, from my talk, take some amount of heart if you’re working on a project that nobody else understands because if, at the end of the day, you enjoyed it and you appreciated it, then you won
16DT and Joe GrandMaking the DEF CON 16 Badge128kBecause if yore’s ting to transfer more than 128k at 771 bits a second, I don’t even know what to link
16DT and Joe GrandMaking the DEF CON 16 Badge8500Trying to find 8500 of anything is hard
16DT and Joe GrandMaking the DEF CON 16 BadgeAcoustic CouplersFor those of you who remember acoustic couplers, anybody, it’s like that
16DT and Joe GrandMaking the DEF CON 16 BadgeCardboardI felt really bad seeing all of these green cardboard badges everywhere
16DT and Joe GrandMaking the DEF CON 16 BadgeGuaranteeSo, pretty much, I mean no matter how much you plan in advance, there’s always going to be problems and yeah, this year we didn’t plan as much in advance as we could have, which is why next year we’re going to try, but next year there’s going to be a different problem, I don’t know what it is gonna be, but there will be one, I can guarantee that.
16DT and Joe GrandMaking the DEF CON 16 BadgeJailYou make sure Grifter’s son is gonna stay out of jail and can be a hacker
16DT and Joe GrandMaking the DEF CON 16 BadgeKnight RiderSo ti’s a little hard to see, but you take one badge, you turn it into receive mode, which is the first mode where the LEDs go back and forth like Knight Rider, because I love David Hassellhoff
16DT and Joe GrandMaking the DEF CON 16 BadgeMoreSo, number of badges. Every year, we’re making more and more. The first year 6500 badges, last year 6800, this year 8500, That’s a lot of hackers. That’s really cool. Hopefully it’s all hackers and not just like more feds have come.
16DT and Joe GrandMaking the DEF CON 16 BadgeTaxAnd when you’re sending fifty thousand dollars worth of parts through China, they want their tax.
16DT and Joe GrandMaking the DEF CON 16 BadgeUser ErrorI’m like, well, there’s little indicator on the battery holder to put it in the right way. That sounds like user error.
16Jay BealeOwning the Users With Agent In the MiddleAll MuscleHi Priest, don’t hurt me. He’s a very nice man who’s got a weight ratio of three to one on me. And I’m telling you it’s all link
16Jay BealeOwning the Users With Agent In the MiddleBlockI wanna reiterate you can’t block doors, you absolutely can not block doors. It’s not good to block doors, that is how people die. And I do not mean the people you block from getting our, I mean you, as you get trampled, really badly, it’s no fun. So first, don’t block doors, second, keep a clear aisle for some definition of an aisle, that means Goons should be able to run down. They may do it as like a test. And, again, the Goons are called Goons for a reason so don’t block the aisles either.
16Jay BealeOwning the Users With Agent In the MiddleBurnEvery year I bring a laptop here and I, when I get home I burn the laptop. No, I burn the hard drive. I pull the hard drive out, it was a fresh one that went in before I got here, it didn’t have any real data on it. I just installed some kind of, well
16Jay BealeOwning the Users With Agent In the MiddleEthicsWhich really, you gotta think, there’s gotta be some kinda ethics to doing bad things, I mean you can be bad, but there are like levels of badness, you know, there’s like, you know, shoving somebody in line, or cutting in line, and then there’s like eating a kitten. Eating a kitten is really bad, okay.
16Jay BealeOwning the Users With Agent In the MiddleLivejournalMaybe we wanna be the DNS server, that’s a good person to be too, cause you start saying wow, everybody who like asks for say dub dub dub dot live journal dot come that’s like my laptop
16Jay BealeOwning the Users With Agent In the MiddleModifyThis is, what you’ve kinda gotta understand, is what you’ve gotta tell your friends, you gotta tell your family, you’ve gotta tell your place of employ, you’ve gotta tell everybody on the Earth.If we share a LAN, if you and I share a LAN, I can view and modify your traffic.
16Jay BealeOwning the Users With Agent In the MiddleRoute My PacketsNow, I’m going to tell you guys something, because we’re at a hacker con, and I’ve been on a lot of good networks gone bad, if your’e going to do that to me, if you’re going give me a DHCP lease instead of the real person, you’re going to do any of these network games, please route my packets.
18TottenkophAn Introduction to Virtual GraffitiAnd That’s MathHackers, it’s something new to exploit and learn about, and the young people because hormones plus destruction of someone else’s property equals lols and that’s math, you can’t argue link
18TottenkophAn Introduction to Virtual GraffitiCursing Her NameNext thing I knew i was cursing her name and submitting my CFP
18TottenkophAn Introduction to Virtual GraffitiDo ItDo I think it’s possible? Yes. I just thing we need to get off our butts and do it.
18TottenkophAn Introduction to Virtual GraffitiIrrelevantThe software company that distributes the software actively discourages the use of Apple and/or Linux machines unless there’s an XP virtual running on it because they think that XP security issues are irrelevant
18TottenkophAn Introduction to Virtual GraffitiMakes the Girls SighSusperium Polarum Celitus Threakes, or Celitus the Thoracian makes the girls sigh.
18TottenkophAn Introduction to Virtual GraffitiSlidesThis just gave up the fact that I didn’t do my slides. Unfortunately tottendad is the one who does all my slides and Nikita yells at me to do my own damn slides and this is why.
18TottenkophAn Introduction to Virtual GraffitiWear A HatWear gloves and be as inconspicuous as possible. If you’re the only blue or purple haired person in your town, wear a hat.
18RAINBuild/Beat A Lie DetectorDeception ComesDeception comes naturally in all living thingsdirect link
18RAINBuild/Beat A Lie DetectorHorribly BadMore than three decades of psychological research has shown that most individuals are bad at knowing when they’re being lied to
18RAINBuild/Beat A Lie DetectorOwn TruthBut what you need to understand is that our present view is rooted in the very modern philosophical sense that the individual self, as an autonomous being is the possession of it’s own truth
18RAINBuild/Beat A Lie DetectorSpockEnded up losing a game of Rock Paper Scissors Lizard Spock to urbanmonkey, frikkin paper disproving Spock.
20Bruce SchneierAnswers Your QuestionsGoogle Customer ServiceActually, Google has great customer service, the problem is you’re not customers. Right, become a Google customizer, an advertiser, and they have customer service all over the placedirect link
20Bruce SchneierAnswers Your QuestionsKnown List of AttacksIn a sense, they’re all sorta equally mediocre, because all the standards ever do is secure the system against a known list of attacks
20Bruce SchneierAnswers Your QuestionsLose SlowerSometimes the best we can do is lose slower.
20Bruce SchneierAnswers Your QuestionsMake Security Systems WorkI think it’s our job, in security, to make security systems that work with actual users, that educating the user is a mistake.
20Bruce SchneierAnswers Your QuestionsMost Common PasswordBut we’ve made some progress, right, the most common password is now password1 instead of password, but that took a decade!
20Bruce SchneierAnswers Your QuestionsNew Meanings for WordsRichard Thieme told me this, that they have a list of attributes at the NSA, on their signage, and one of them is transparency. Clearly we’re inventing new meanings for words here.
20Bruce SchneierAnswers Your QuestionsNew Person – Old ProblemAnd this is why a new person can go to a old problem and look at it in a new way and figure out a way in
20Bruce SchneierAnswers Your QuestionsNot Going to Ban ThemAnd that is the way it will be, you know, we’re not going to ban them from coming cause I think that’s wrong too, and you know they could always pretend they’re from someplace else
20Bruce SchneierAnswers Your QuestionsQuantum ComputingCome back here in ten years and there might be a quantum computing room at DEF CON. That would be kind of fun.
20Bruce SchneierAnswers Your QuestionsSubvert the SystemHow can I subvert the system for my personal aim.
20Bruce SchneierAnswers Your QuestionsThank You Are There AnyI’m Bruce Schneier. Thank you, are there any questions?
20Bruce SchneierAnswers Your QuestionsTube of AntsI look at this and say, you mean I can send a tube of ants to anybody I want? What a great country!
20Bruce SchneierAnswers Your QuestionsWay of Thinking Doesn’t ChangeThe talks we’re seeing here at DEF CON this year are not the same types of talks we saw fifteen, twenty years ago. The world’s changing, but that way of thinking doesn’t change.
20Bruce SchneierAnswers Your QuestionsWhat Hackers DoHow can I take this system and make it do something that it’s not supposed to do. That it’s not intended to do. That the organizers, the creators didn’t envision it to do.
20Bruce SchneierAnswers Your QuestionsYou Can Never HaveYou can never have a standard of Is It Secure. You can have a standard of is it not insecure in this particular way.
20Cory DoctorowBeyond the War on General Purpose ComputingBootlockingIt’s a safe bet that totalitarian governments will happily take advantage of bootlicking and move surveillance right into the boxdirect link
20Cory DoctorowBeyond the War on General Purpose ComputingCan’t Make It SecureIf you’re not allowed to know what software is running on your computer then you can’t make it secure.
20Cory DoctorowBeyond the War on General Purpose ComputingCertainly BecomesNow in a world where the computers that we’re discussing can see you, and hear you, where we insert our bodies into them, when they fly our planes and drive our cars, where they’re surgically implanted inside us, certainty becomes a very big deal.
20Cory DoctorowBeyond the War on General Purpose ComputingComputer In EverythingA car is just a computer that we put our body in, a 747 is a flying Solaris box full of SCADA controllers, hearing aids and pacemakers and other prosthesis are just computers we that put inside our body and that means that all our sociopolitical problems in the future are going to have a computer inside them
20Cory DoctorowBeyond the War on General Purpose ComputingControl and KnowledgeWhether you want to be free, or want to enslave, you need to have control and you need to have knowledge.
20Cory DoctorowBeyond the War on General Purpose ComputingControl Your EnvironmentRemember that security is relative, you are secured from attacks on your ability to freely use your music if can control your computing environment
20Cory DoctorowBeyond the War on General Purpose ComputingConvergentThe technical needs of helicopter parents, school systems, and enterprises are convergent with the governments of Syria and China
20Cory DoctorowBeyond the War on General Purpose ComputingDevil In the DetailsAs with everything important, the devil is in the details
20Cory DoctorowBeyond the War on General Purpose ComputingDoctrine of First SaleNow, we like the doctrine of first sale, it’s an important piece of consumer law.. It says that once you buys something, it belongs to you. And you should have the freedom to do anything you want with it, even if that hurts the vendor’s interests
20Cory DoctorowBeyond the War on General Purpose ComputingDRMDRM and it’s cousins are deployed by people who believe that you can’t and shouldn’t be trusted to set policy on the computer that you own
20Cory DoctorowBeyond the War on General Purpose ComputingHuman RightsIf your world is made of computers, then designing computers to override their owner’s decisions has significant human rights inplications
20Cory DoctorowBeyond the War on General Purpose ComputingIf We Don’t StartWe need to start thinking about now about the principles that will apply when the day comes, because if we don’t start now, it’s going to be too late
20Cory DoctorowBeyond the War on General Purpose ComputingNo Reasonable DistinctionThe reason employers give us these mobile devices is because there’s no longer any meaningful distinction between personal life and working life
20Cory DoctorowBeyond the War on General Purpose ComputingSurveillanceSurveillance in the middle of the network is nowhere near as exciting as surveillance at the edge of the network might be, whether that edge of the network is in your ear or in your laptop
20Cory DoctorowBeyond the War on General Purpose ComputingWar On General ComputingThe war on general purpose computing is what happens when the control freaks in government and industry demand the ability to remotely control our computers
20Cory DoctorowBeyond the War on General Purpose ComputingWe Don’t Know HowWe don’t know how to make computers that can run all the programs we can compile except for the one that pisses off a regulator or distorts a business model or abets a criminal
20Cory DoctorowBeyond the War on General Purpose ComputingYou Can Do Almost AnythingYou can do almost anything if you say that you’re protecting shareholders or children
20Dan KaminskyBlack OpsCancerCarbohydrates cause cancer, that’s a real link, proteins cause cancer, fats cause cancer, alcohol causes cancer, uh link
20Dan KaminskyBlack OpsComputers AreComputers are small networks of interconnected devices on asynchronous networks that communicate with each other at their own time and pace. That’s how they work. Every single computer has different devices talking to each other from different clocks. These clocks are not synchronized. Even if they had an error of one part per million. That’s a bit per second per megahertz. We have way more than that actually going on.
20Dan KaminskyBlack OpsDead BodiesI don’t know if you realize this, it took hundreds of year for medicine to get it’s scientific act together, and they had dead bodies.
20Dan KaminskyBlack OpsDeterministicOkay, look, anyone who thinks computers are completely deterministic devices has clearly never written threaded code
20Dan KaminskyBlack OpsDoghmaLet’s not just assume because it violates dogma that it might not be a better path to protecting these networks
20Dan KaminskyBlack OpsFool’s ErrandPredicting what some other language is going to do, given arbitrary input is a um, fool’s errand
20Dan KaminskyBlack OpsFundamental DifferenceWhat is the fundamental difference between offense and defense, between the attack and the defense? You can tell when an attack doesn’t work.
20Dan KaminskyBlack OpsIf Language Got UsCoined by Len Sassman and Meredith Patterson as a corollary: If language got us into this mess than perhaps it can get us out
20Dan KaminskyBlack OpsIRQsAnyone remember IRQs?
20Dan KaminskyBlack OpsLack of ConsensusWe’re not going to talk about busting the bad guys. I don’t know if you noticed but there seems to be some, uh, lack of consensus on who the bad guys are.
20Dan KaminskyBlack OpsOne NanosecondOne nanosecond is the amount of noise that you can insert on a network interface, that is going to destroy an entire class of security vulnerability with a single command. That is kinda cool.
20Dan KaminskyBlack OpsOne of These DaysOne of these days we’re going to be spending as much time and money on security research as we are on medical research
20Dan KaminskyBlack OpsRandom NumbersThis is stuff that we’ve been fretting about twenty years. Twenty years ago someone was saying I hope we’re not worrying about this twenty years from now, and they’re screwed.
20Dan KaminskyBlack OpsRandom OutputI seem to not that every attack against random number generators involve looking at large amounts of output from them. So you know what I want to do? Not that.
20Dan KaminskyBlack OpsScrew Around for 10msNothing a computer like to do more than screw around for 10 milliseconds. Where’d you go? I dunno.
20Dan KaminskyBlack OpsStarving for EntropyThis is a thing that happens in technology all the time. You get too good at one solution and another failure mode crops.up. We are starving for entropy.
20Dan KaminskyBlack OpsStateless TCP StackWe’re going to build a stateless TCP stack. It just sends data, it doesn’t remember to who. The other guy remembers that he’s talking to me.
20Dan KaminskyBlack OpsStructured QueriesIt turns out, this really matters. It turns out that SQL is a language that’s really good a structured queries.
20Dan KaminskyBlack OpsThe Low End TheoryThere’s a rule called, the high end keeps getting higher, but the low end never goes away.
20Dan KaminskyBlack OpsThe VisionOur languages that are popular are artistic endeavors generally by one person, supported by others, but one guy’s got the vision.
20Dan KaminskyBlack OpsTwo Threads – One INTNow here’s my favorite of these: Two threads, one INT
20Dan KaminskyBlack OpsWe Call That ComplianceDefense that doesn’t involve offense, you know what happens? Defense gets stupid. We call that Compliance.
20Dan KaminskyBlack OpsWe Hold the GunWell, nobody has ever written a parameterized query in their life without a gun to their head. We know. We hold the gun.
20BarkodeDC20 Closing CeremoniesLong Story ShortAnd uh, long story short, I’m not dead yet. So, whichever foreign power or intelligence agency I forgot to give a Ninja badge to, I’m super sorry about that. But you’re going to have to do a lot better than link
20BarkodeDC20 Closing CeremoniesNinjatel Was BornBut when we were trying to figure out what to do this year to kinda go out with a bang, we thought, it’s DEF CON 20, what were we all doing twenty years ago? We were all phone phreaks, most of us in the group were anyway, we were on the phone, we thought how can we bring that nostalgia back, let’s do something with phones, so that’s how NinjaTel was born.
20DTDC20 Closing CeremoniesConcievedHow many people were conceived at DEF CON?
20DTDC20 Closing CeremoniesFree BeerFree booze, that was the other thing we did is we had some free beer that Thursday night for the people that showed up early, and that seemed to go over really well, but I could see that could be a losing battle. You could probably go broke giving away free beer here.
20DTDC20 Closing CeremoniesGetting CardedWe have a lot of volunteers and so, this is a quick little story of me showing up at the con, and uh, and one of my new goons, you know, cards me. He’s like, where’s your badge, and so the guy next to be is busting up like, oh god, he’s getting so busted. And uh, actually it’s like that’s totally cool, that’s exactly what he should do right. so, if he doesn’t know who I am, and I don’t have a badge, he should stop me.
20GMark HardyDC20 Closing CeremoniesSQL Injection to WinNobody had the right answer, but one of the guys put in their answer key. They did a SQL injection and they won it.
20Jason ScottDC20 Closing CeremoniesWithout Them We Are NothingYou know, originally I thought was just a lattice work of interrelated groups, but it is in fact a burlap sacks full of ball bearings smashing into each other, all with their own goals, but every single one stood up and said I believe in DEF CON, I believe in Jeff’s dream, and I believe in our people. Without them we are nothing
20LosTDC20 Closing CeremoniesHow Many of You MetFor my benefit, how many of you out there met somebody else because of the badges this year?
20LosTDC20 Closing CeremoniesMystery Challenge ChallengesSo, they had to do everything from doing a crimp from The Mighty Boosh, that they had to memorize in like less than like an hour, to cracking crypto that was written on some skull faces. At the very end they received a skull made out of paper mache and filled with plaster of Paris that had a thumb drive embedded inside it that they had to chisel out and they would spend hours on the crypto on the thumb drive only to find out that there was a micro SD card inside of the thumb drive that they had to crack open to find.
20pyr0DC20 Closing Ceremonies50 Pounds of MetalI ran into zoo after he won and he was packing around this huge bag of all the change and he was talking about how he’s going to go through the airport and not check it, like he’s just going to carry it on to the plane. Because they can’t separate you from your money even though that’s like 50 pounds of metal or something like that
20RiversideDC20 Closing CeremoniesCookies in the ClearIf you’re a security researcher on reddit, in Ask Me Anything, you make sure that your cookies are not in the clear
20RiversideDC20 Closing CeremoniesMorse Code Over ICMPWe invented three new steganography techniques just for this event, and actually one of the teams did get my morse code over ICMP.
20RiversideDC20 Closing CeremoniesOwn WiresharkWe had a six year old girl capturing packets and owning Wireshark. It was awesome.
20Winn SchwartauDC20 Closing Ceremonies20 Years AgoTwenty years ago tonight, Jeff said let the games begin, and we began it in DEF CON 2
20Winn SchwartauDC20 Closing Ceremonies75 SecondsI can take 3.25 million ip addresses, I can sweep them from my little $200 Opteron box on a really nice pipe, I can get 800 megs of http data, the scan takes 75 seconds.
20Winn SchwartauDC20 Closing CeremoniesWeight Around My NeckDEF CON has been a weight around my neck for twenty years, Jeff.
20RendermanHacker + AirplanesBirthday ParadoxBut first I wanna address something, the Kaminsky problem. Over multiple cons, Dan Kaminsky and I are speaking at the same time. I’ve have yet to see him actually speak. This is getting absolutely ridiculous. On his blog he actually plugs it as the Renderman birthday paradox. Which is highly ironic because yesterday was my birthday. And I don’t think he has any cookies this year. Oh hell. Apparently I get to link
20RendermanHacker + AirplanesFor the Love of SpongebobFor the love of Sponge Bob, do not try anything you’re about to see
20RendermanHacker + AirplanesWe As HackersWe as hackers have unique insight, we think about things in terms of security. We always think about the outside, we always think about that x-factor, that thing that nobody else in the world seems to do
20Jayson StreetHow To Channel Your Inner Henry RollinsFifteen ThousandFifteen thousand opportunities for you to network and find a new friend that shares the same passion you havedirect link
20Jayson StreetHow To Channel Your Inner Henry RollinsGet Up HereI wanna hear what you have to say. You got research, you got valuable information you can share. Get up here, with me, and speak it.
20Jayson StreetHow To Channel Your Inner Henry RollinsHaving A BlastYou have to have passion, you have to want it, because the guys on the other side of the keyboard are having a blast
20Jayson StreetHow To Channel Your Inner Henry RollinsJumperBeing a hacker is thinking, you know, realistically this is not supposed to happen, but let me put this jumper there anyway.
20Jayson StreetHow To Channel Your Inner Henry RollinsWant To See It BetterI love this community, I love these people. And I just want to see it better.
20Zach FaselPwned in 60 SecondsAnd That’s the StoryAnd that’s the story, thanks for coming guysdirect link
20Zach FaselPwned in 60 SecondsJudge MeJudge me based on the quality of this talk, not based on a list of certs
20PriestQ&A With the Men (and Women) In BlackActionAnd you’ve gotta be willing to lean forward and make change happen because if you just sit back and complain, nothing’s going to happendirect link
20PriestQ&A With the Men (and Women) In BlackAlamedaWhere are the nuclear vessels in Alameda
20PriestQ&A With the Men (and Women) In BlackBuild ThingsYou know it’s great to break things. I need people who can help me build things, not just break them. We’ve got about 30 seconds left.
20PriestQ&A With the Men (and Women) In BlackCaught TiredAnd as I said in the program, we promise, no extreme renditions or mind control unless you really deserve it, so if you see me reaching for my microphone, don’t run. You’ll just get caught tired.
20PriestQ&A With the Men (and Women) In BlackEven at my sizeAnd even at my size I don’t want to be somebody’s bitch
20PriestQ&A With the Men (and Women) In BlackFailure of ImaginationOne of the things in the 9/11 commission was that intel, and the intelligence community, had a failure of imagination
20PriestQ&A With the Men (and Women) In BlackFeds are People TooFeds are people too
20PriestQ&A With the Men (and Women) In BlackFez are CoolAnd you get a really cool Fez, cause Fezes are cool.
20PriestQ&A With the Men (and Women) In BlackLike SushiThat answer is kinda like eating sushi. You’re full right afterwards then after about and hour you’re like man, I’m hungry.
20PriestQ&A With the Men (and Women) In BlackNCIS is TrueConspiracies are hard. Never assume conspiracy when ignorance or stupidity will do. I have one comment, everything you see on NCIS is true.
20PriestQ&A With the Men (and Women) In BlackNobody On the PlanetNobody on the planet said that the Department of Defense should be prepared to shoot down airliner on the tenth of September, 2001, and everybody on the 12th of September though that should have been done
20PriestQ&A With the Men (and Women) In BlackRaise Your HandAll you FBI agents in the room, raise your hand.
20PriestQ&A With the Men (and Women) In BlackRead the Comic BooksHe’s the guy that read the comic books to the other SEALs
20PriestQ&A With the Men (and Women) In BlackSmile for the PictureSo when you go outside and smile for the satellite picture, she’s the one that gets to see it.
20PriestQ&A With the Men (and Women) In BlackSpace AliensI’d like to thank everybody for not asking about the space aliens
20PriestQ&A With the Men (and Women) In BlackSpot Some FedsWho in here has heard of the Defense Industrial Base Cyber Pilot. One, two, three people. Y’all wanna spot some feds, there you go.
20PriestQ&A With the Men (and Women) In BlackStop and ReorganizeWe as a federal government need to stop and reorganize. We are not set properly for this mission set in a large sense.
20PriestQ&A With the Men (and Women) In BlackTen Foot FenceI will not build a ten foot fence when I know I’m going to be attacked by two foot midgets
20PriestQ&A With the Men (and Women) In BlackTold You I Wasn’t CheapPriest, you can’t ask those questions, and I gave you a six pack of Corona just a couple of minutes ago. I told you I wasn’t cheap, sir.
20PriestQ&A With the Men (and Women) In BlackToy BudgetI have a half million dollar a year budget just for myself for toys, that we put together. It doesn’t pay as much, but like I said you get the really really good toys, and in his case, you get to kill people.
20PriestQ&A With the Men (and Women) In BlackTranslationTow things, I speak Fed and I speak English. So if they say something blah blah blah raise your hand and I’ll be happy to translate it for you
20PriestQ&A With the Men (and Women) In BlackUnicorns ExistUnicorns exist sir, they really do exist.
20PriestQ&A With the Men (and Women) In BlackWe Need A Whole New WayWe need a whole new way to think. What we need to do is capture what the federal government does well and what private industry does well.
20Richard ThiemeTwenty Years Back, Twenty Years AheadAlways WavingAnd whenever a fed said something that’s bullshit they waved the pendant, like this, and those pendants were always wavingdirect link
20Richard ThiemeTwenty Years Back, Twenty Years AheadDaringWilson said in Concilliance, all artists, all scientists are characterized by passion, and obsessiveness, and daring
20Richard ThiemeTwenty Years Back, Twenty Years AheadGoing LiquidComputersization and digitalization means preexisting cultural forms are going liquid
20Richard ThiemeTwenty Years Back, Twenty Years AheadHacker DefinitionsA Black Hat Hacker is a Hacker. A Grey Hat Hacker is a Hacker that knows when to fudge the truth. A White Hat Hacker is a Hacker who put the truth down somewhere and forgot where they left it.
20Richard ThiemeTwenty Years Back, Twenty Years AheadNarrow Self InterestHumans being, kind of the land mammal we are, we will do almost anything for narrow self interest and short term gain even if it means suiciding ourselves, not with a bomb, but with disease
20Richard ThiemeTwenty Years Back, Twenty Years AheadRecognizably PersistentThe functions of the intelligence community today is de facto to make sure that people know that when they wake up in the morning the world in which they went to sleep will pretty much be recognizably persistent
20Richard ThiemeTwenty Years Back, Twenty Years AheadSee ContextHackers see the context. They see more deeply. They see that the thing can be made to do all kinds of things it wasn’t intended to do.
20Richard ThiemeTwenty Years Back, Twenty Years AheadSome of My Best FriendsSome of my best friends are from NSA. I wouldn’t want my daughter to marry somebody from NSA. I wouldn’t wanna live next door to someone from NSA, but some of my best friends are there.
20Richard ThiemeTwenty Years Back, Twenty Years AheadTransparent BallsHow can you even have the balls to put the word transparency up there as one of the things to which you are committed

Comments are closed.