DEF CON Radio on SomaFM speaker clips (with quotes)

The following is a list of the short clips heard occasionally between song tracks on SomaFM’s DEF CON Radio stream. These clips are all sourced from the DEF CON media server and linked thereto.

Listen to DEF CON Radio on SomaFM using the macOS, iOS, or tvOS apps, on many streaming services including Roku, Echo, Sonos, and more, including the trusty web.

SomaFM has been present in the DEF CON Chillout Lounge since DEF CON 21 with a variety of DJs playing music from morning to evening, streamed live from the annual event in Las Vegas.

Click the banner to listen to DEF CON Radio on SomaFM

DC#Speaker(s)Talk TitleClip NameTextURL
7Michael MartinezHackers and the Media – A Love/Hate ThingBlack TeeYou know, we have, again, our own preconceptions of the sixteen year old wearing black tee shirts in a darkened room when the sun is out and all they’re doing is playing on a computer for twenty four hours straight, um, that actually may be some of you, I don’t know. I so see some black tee shirts here and they look wonderfulDirect Link
7Michael MartinezHackers and the Media – A Love/Hate ThingBustedDon’t do anything that’s gonna get you busted, okay, I have seen stories that, a reporter says, hey, I hooked up with these guys and I went on IRC with them while they were hacking, and it was so cool, and this is what they did. You can be within 48 hours of that story being published the FBI called that reported and said we need to know everything.
7Michael MartinezHackers and the Media – A Love/Hate ThingEmailsI will get emails, sometimes, that are longer than the original story. I’m a little less inclined to read them because I’m like, why are you doing this to me.
7Michael MartinezHackers and the Media – A Love/Hate ThingHackerGive you guys some hints for when, the next clueless reporter comes up and says hey man, what’s it like to be a hacker.
7Michael MartinezHackers and the Media – A Love/Hate ThingHireThere are still come security companies our there that won’t hire anybody who says they are a hacker, which kinda blows my mind
7Michael MartinezHackers and the Media – A Love/Hate ThingInterviewIf the virus spreader comes forward, I’d like to get him for an interview
7Michael MartinezHackers and the Media – A Love/Hate ThingIRCSay I go, actually I’m a reporter that knows about IRC, and I go to #hackphreak or #hack or something, and I get somebody who uses a lot of threes when he spells, and I think, ooh that’s kinda funky, maybe he’s a hacker. Maybe he’s a script kiddie who has like three warez on his hard drive, I don’t know.
7Michael MartinezHackers and the Media – A Love/Hate ThingKickIf any reporter comes up and tell you that their reporting is one hundred percent unbiased, you may feel free to kick them. Actually, I can’t advocate violence either, that’s bad.
7Michael MartinezHackers and the Media – A Love/Hate ThingQuakeThe next time I play Quake, and I going to have an erased hard drive? Who knows.
7Michael MartinezHackers and the Media – A Love/Hate ThingSexyIt’s sexy, it will sell papers. You didn’t think of yourselves as sexy, did you. It’s true. Yes, you are sir.
7Michael MartinezHackers and the Media – A Love/Hate ThingSurf WellYou’re going to get reporters who, the only reason they’re a tech writer at their particular publication or television station is because they can surf the web really well, that’s it.
7Michael MartinezHackers and the Media – A Love/Hate ThingTrashedIf you fake your knowledge, and you give incorrect information to a reporter, and that gets into print, your name is trashed.
7Michael MartinezHackers and the Media – A Love/Hate ThingWebsiteWhy do these people hate me, I just wanna run my website!
7Ira WinklerMyths of Hiring HackersAdd FiveDo you have the most recent hot fixes, and Windows service pack loaded on your system, add one. What if you don’t have Microsoft? Add Five.Direct Link
7Ira WinklerMyths of Hiring HackersArsonistsArsonists can not put out fires or engineer fire safe buildings. They know how to take a bunch of papers together, take gasoline, spread around, light everything up. Same thing with script kiddies. They know how to take a bunch of tools, you know, shoot it off at the websites. Do it.
7Ira WinklerMyths of Hiring HackersBusiness CardNo matter what your business card says, that doesn’t automatically guarantee you’re a quote unquote security expert either
7Ira WinklerMyths of Hiring HackersCIOI’m rephrasing, I can train a monkey to hack a computer in a few hours to I can teach a CIO to break into a computer in a few hours. Honestly, though, I’m not sure if that’s less insulting.
7Ira WinklerMyths of Hiring HackersHackerYou know, all the sudden you walk around, you call yourself a hacker, and 60 Minutes is putting a camera in front of your face now days.
7Ira WinklerMyths of Hiring HackersJanitorsI would remind you that NSA and CIA have janitors and, they don’t know much about security either.
7Ira WinklerMyths of Hiring HackersKill -9Everybody wants to go out and hire a hacker, and as the presentation before just started to discuss, you don’t know what you get when you hire a hacker. You know, you could get somebody like Mudge, or one the other hand you could get somebody like, the people that are out there trying to figure out that kill -9 is a Unix command and are trying to do that on Windows 95
7Ira WinklerMyths of Hiring Hackersl0phtRemember, why is the l0pht called the l0pht? Because they have a loft filled with computer equipment, and it was kind of a joke. The loft was not called the internet. These are people that break into their own computers, not the internet’s computers.
7Ira WinklerMyths of Hiring HackersMisguidedBenjamin Netanyahu, the Israeli Prime Minister, called The Analyzer a Misguided Genius. I like that one.
7Ira WinklerMyths of Hiring HackersMITSo the hackers at MIT were really true hackers in every sense of the word.
7Ira WinklerMyths of Hiring HackersNo BrainI never met this guy, but what the hell, you’re sitting here in a field with no brain. You might as well come with me, and he was like “okay”
7Ira WinklerMyths of Hiring HackersScript KiddieWhen a script kiddie doesn’t get in using his tools, they’ll give up hacking, if they’re not passionate. They’ll go away and say “damn, that little script didn’t work, I’ll go find another one” and then when that one doesn’t work they’ll go find another one and after the third or fourth one doesn’t work they’ll hopefully give up and maybe find that women exist
7Ira WinklerMyths of Hiring HackersSecurity ProfessionalMost security professionals become one when their employer tells them they’re a security professional
7Ira WinklerMyths of Hiring HackersSoulThe people who know how to break into computers best are the really good system and network administrators. Those are the people who know the systems in their soul.
7Ira WinklerMyths of Hiring HackersTake AnythingIf you’re not good, you might as well take anything you can get though, let’s face it.
7Ira WinklerMyths of Hiring HackersUniqueFirst of all, again, the main issue is that the companies and government try to make you believe that hackers have some sort of unique skills and abilities that can’t be picked up by other people
7Ira WinklerMyths of Hiring HackersWordAnybody that knows how to use Microsoft Word and knows what a macro is considered a computer genius these days. Hackers are trying to jump on this because they know a little more than Microsoft Word.
7Dead AddictSet TechnologyComplicatedOh my goodness, this is complicated. Well, this is a protocolDirect Link
7Dead AddictSet TechnologyCurrencyIt’s possible and feasible to implement your own currency systems if you can get enough people to go along with it.
7Dead AddictSet TechnologyNutI found every time I attempt to fully understand, let alone re-communicate how currency systems work, I sound like a complete nut
7Dead AddictSet TechnologySellI wouldn’t suggest anyone in the audience do this. Hackers have a tendency to, uh, sell those credit cards to the FBI, so, I don’t recommend that either.
11Cat OkitaAura – A Reputation SystemA Dog On the InternetI mean, you can be a dog on the internet, and as long as you post reasonably, no one caresDirect Link
11Cat OkitaAura – A Reputation SystemCookiesMy friends say that these chocolate mint cookies are really good
11Cat OkitaAura – A Reputation SystemDon’t Even Know His NameSee I’ve giving him a bad reputation by standing up here and saying all sorts of things about him and I don’t even know his name
11Cat OkitaAura – A Reputation SystemFlagsSome of you may have had the experience of having someone ask you the interview question: what are the flags to “ls”. This is an evil question, and really it’s easier to say what aren’t the flags to “ls”, but that’s neither here nor there.
11Cat OkitaAura – A Reputation SystemGot A RoomAnd you know if the three of you get a room and make a movie you can make a lot of money.
11Cat OkitaAura – A Reputation SystemGrassrootsAnd I’m much more interested in grassroots ability for everyone to communicate with everybody else and have their dependencies
11Cat OkitaAura – A Reputation SystemReliabilityIf you can claim that everyone is 99.7 or 100 percent reliable, I’d like to hear it from one of you right now
11GrifterDumpster DivingStreakFor those of you that don’t know what the hell that was, on the scavenger hunt list it says “streak through Grifter’s talk” Good times, lots of man ass today.Direct Link
11GrifterDumpster DivingCool RingtoneI’m tired and irritable, so if your cell phone’s on, shut it off, unless it has a cool ringtone, in which case we can all enjoy
11GrifterDumpster DivingI Have A DumpsterI have a dumpster in my back yard and I practice on it all the time
11GrifterDumpster DivingOur NamesI’m Grifter, nice to meet all of you, let’s go around and say all names. Start over here.
11GrifterDumpster DivingYellingBefore I even get started, if you’re going to start yelling at me from the back or something about how ethical this is, and how I’m horrible and I’m promoting identity theft I don’t wanna hear it so shut up.
11VikiToday’s Modern Network Killing RobotIRCGeeks are generally not so good at expressing themselves, so they go on to IRC and they can use these tools to express their feelings towards others, feelings like anger, rage, hatred, resentmentDirect Link
15Dan KaminskyBlack Ops 2007Let’s Break Some ThingsWhat’s up guys? You guys are nuts. Look at this frikkin’ crowd. Alright, we have so much stuff to go over. Let’s break some things eh?Direct Link
15Dan KaminskyBlack Ops 2007Actually Winn SchwartauingData suggest that the DNS based attacker has a remarkably high chance of actuallywinning
15Dan KaminskyBlack Ops 2007AnywhereWe need to have disaster recovery plans that include how to handle the discovery of a flaw in any mission-critical code anywhere
15Dan KaminskyBlack Ops 2007APINever presume and API is ever smarter than it had to be to ship, it rarely actually is
15Dan KaminskyBlack Ops 2007BGPInteresting questions, which would you rather own? PGP, or DNS?
15Dan KaminskyBlack Ops 2007DancingThe game is to get compliance from the user to assist in executing the attack, and since users wanna see dancing pigs, this is not necessarily that hard
15Dan KaminskyBlack Ops 2007EmailAnyone here work somewhere where they get emails from the Internet
15Dan KaminskyBlack Ops 2007Game SecurityGame developers have time to do many, many things. Write secure code that can deal with crappy servers is just not one of them. Or at least hadn’t been, because it wasn’t a ship requirement.
15Dan KaminskyBlack Ops 2007He AskedWho did you get a cert for? Login do live dot com. And how did you get it? I placed an order on a big CA’s website for it. He asked.
15Dan KaminskyBlack Ops 2007HosedI’m the first to say, this bug should not nearly be as interesting as it actually is. The reason this bug is interesting is because everything else is hosed.
15Dan KaminskyBlack Ops 2007Make LocksI think this is what happened to pixel artists: They all went to make locks for bank websites.
15Dan KaminskyBlack Ops 2007MalaysiaIf your DNS is bad, two boxes physically next to each other are going to route to each other by way of Malaysia.
15Dan KaminskyBlack Ops 2007PoisonDon’t bother poisoning foo dot com or google or yahoo, just poison everything
15Dan KaminskyBlack Ops 2007SalvaDon’t worry, SSL will totally save us all
15Dan KaminskyBlack Ops 2007ServiceableService-ability is survivability, and no one has ever made the link that says how serviceable a network is a major selling point, a major metric for the quality of a system
15Dan KaminskyBlack Ops 2007SSLPeople say “But SSL, SSL will save us!”
15Dan KaminskyBlack Ops 2007SurfaceI think we may have some new attack surface to play with.
15Dan KaminskyBlack Ops 2007WrongIt’s not about how the network works when things are going right, it’s how the network works when things are going wrong.
15Johnny LongNo-Tech HackingBack To the HotelI’m like, what do you mean we’ve gotta go. He’s like, we’ve gotta go back to the hotel.Direct Link
15Johnny LongNo-Tech HackingBumper StickersI swear I’m gonna get bumper stickers for this.
15Johnny LongNo-Tech HackingCookoutI got these pictures from a cookout that I wasn’t invited to.
15Johnny LongNo-Tech HackingMitnickI’m also a professional one of these, although I’m not dead yet, I’m more like one of these, although I look nothing like Kevin Mitnick, which this guy looks like.
15Johnny LongNo-Tech HackingNinja HatSo, the ninja puts on a hat, gets a ladder, and a can of compressed air. So, he goes from ninja to old guy in hat.
15Johnny LongNo-Tech HackingOn With the ShowAlright, and on with the show.
15Johnny LongNo-Tech HackingProxThese folks, I’m not sure exactly where they work cause they took their badges off, but they left their prox cards out. Well, the funny things about prox cards is that if you get a good picture of them, you take these really complex numbers here, you punch them into a telephone, a nice person answers and you read the numbers off the top of the card, and guess what they tell you. They tell you the address, the building, the floor, and the room that the card will work on. Clever.
15Johnny LongNo-Tech HackingThe Whole SystemSo, for no money, and hardly any materials, he took down the whole system
15Johnny LongNo-Tech HackingVery Nice ColorWhich I think is a very nice color
15Johnny LongNo-Tech HackingWoWDid anybody else notice the World of Warcraft icons down in the dock?
16GMark HardyA Hacker Looks At 50The 70sAgain, bad passwords were all the rage back in the 70sDirect Link
16GMark HardyA Hacker Looks At 501984Navy has no need for computer security, from Washington, 1984
16GMark HardyA Hacker Looks At 50AARPBecause, yes indeed, I am now a card carrying member of the only organization that’s more liberal than Barack Obama, and that’s the AARP
16GMark HardyA Hacker Looks At 50APLAlright, what does APL stand for? A Programming Language, that’s cool.
16GMark HardyA Hacker Looks At 50ASCIIWe have the best tic tac toe, and everything else. Didn’t have porn in it because it was ASCII but…
16GMark HardyA Hacker Looks At 50BillionsBut what did they have that we didn’t have? Vision. What did they end up with that we didn’t have? Billions.
16GMark HardyA Hacker Looks At 50CapabilitySo I realize that even though you have the capability, sometimes it’s not a good idea to use it.
16GMark HardyA Hacker Looks At 50CarbonIt’s not the silicon network in life that counts, it’s the carbon network that counts. It’s the people in your life.
16GMark HardyA Hacker Looks At 50ControlAnd you spend a week owning anything that moves, trying to think about what you want to do with your life, you get control back.
16GMark HardyA Hacker Looks At 50DQThere are people out there who will disqualify you, there are people who love to disqualify you, but don’t do it to yourself.
16GMark HardyA Hacker Looks At 50DressedAnd unfortunately, back in the 70s, being a computer geek was not cool. We didn’t dress in black, we dressed in corduroys
16GMark HardyA Hacker Looks At 50Global DominationNoooooo, total global domination!
16GMark HardyA Hacker Looks At 50HockeyThere was ASCII porn but we didn’t understand that. Hey, this was Buffalo. There’s not much to do up there but hockey and shovel
16GMark HardyA Hacker Looks At 50Just AskOne of my observations in life? Just ask.
16GMark HardyA Hacker Looks At 50LowWhat the next words out of my mouth were the following: Sometimes I go that low.
16GMark HardyA Hacker Looks At 50No HelpOkay, with no manuals, no readme, no help button, no F1 on the keyboard. There it is, go figure it out.
16GMark HardyA Hacker Looks At 50OwnedSo we kinda sat there for a minute or two, the operator tried to log in, realized he’d been owned, changed the password.
16GMark HardyA Hacker Looks At 50PensBig gigantic thing, not quite the size of this room, but huge. Ton of air conditioning equipment, and works in a big glass room. And the only way in and out was to wear a white lab coat and four different kinds of pens.
16GMark HardyA Hacker Looks At 50PiI can remember this: three, fourteen, fifteen, nine. Three, fourteen, fifteen, nine. Three one four one five nine. Okay. That was the root user ID, was Pi. Cool, and we’ve got the password.
16GMark HardyA Hacker Looks At 50RPGTake away porn and role playing games and what you’ve got left is nothing, right, for your life.
16GMark HardyA Hacker Looks At 50SeatedAnd, the chip wasn’t seated right and that was the problem and it worked perfectly. So Billy lived.
16GMark HardyA Hacker Looks At 50TalkA whole life of things that we depend on today just didn’t exist so we had to do the strangest thing in the world and that was talk face to face to other people.
16GMark HardyA Hacker Looks At 50TTLWe got a TTL that’s a hidden field in life
16GMark HardyA Hacker Looks At 50Two TenAnd so I have a legitimate W-2 doing computer security work, full time, for 1976, for two dollars and ten cents an hour. Have we come a long way or what.
16GMark HardyA Hacker Looks At 50UnattendedBut, we found where the console was. It was sitting over in the corner, and it was unattended.
16GMark HardyA Hacker Looks At 50WisdomThe problem is, wisdom has a diode. I can not be taught, it can only be learned.
16FXBarcodingConfigureThe scanners that phase outside to a potentially hostile barcode are actually configured by barcodes.Direct Link
16FXBarcodingDODYou can send pretty much everything, anywhere for free and it will be trusted because the sender ID says “this is the Department of Defense”
16FXBarcodingInjectionsThat brings us to actually having SQL injections and format string attacks in barcodes. You will be surprised at how good this works.
16FXBarcodingNewspaperSo, you’re point your browser to a not-to-you-known URL, automatically, with your newspaper. Is that potentially a bad idea? Anyone?
16FXBarcodingPornAnd that usually tends to be a really good driver for technology. Either making more money or porn.
16FXBarcodingPrinting MoreHave you noticed that putting more stuff in to something than it was expecting is something that hackers really like? So, yes, it does happen. We did find buffer overlooks with barcodes simply just by printing more.
16FXBarcodingShell CodeUm, warning, it is, a pain to develop shell code on barcodes
16FXBarcodingTrustDo not trust a printed number
16FXBarcodingXSSYou get to cross site script people with your newspaper!
16Jason ScottMaking A Text Adventure DocumentaryAwesomeHow many people here, and nobody’s looking at you, don’t know what a text adventure is? Alright, there’s one person. They were awesome.Direct Link
16Jason ScottMaking A Text Adventure DocumentaryCreative CommonsI think some times it’s overused, like any good tool, and I think that some times people apply Creative Commons to places it shouldn’t be and they don’t entirely understand it but at the very least they did the right thing, they created a simple to understand legal framework for people to release things under a copyright other than The Copyright which at this point has been kinda fortified with eleven vitamins and terrible constitutional nonsense because everybody was scared that somebody was going to take away Leonard DiCaprio’s paycheck
16Jason ScottMaking A Text Adventure DocumentaryDelete That LetterI’ve gotten some wonderful letters, heartfelt letters, telling me to please delete stuff. The only thing I delete is that letter.
16Jason ScottMaking A Text Adventure DocumentaryFatIt was tough, and I’ve gotten dinged on a few things, but it’s all like, so, having given away all this history you failed at A, B, and C, and I’m like “that’s why you’re fat”
16Jason ScottMaking A Text Adventure DocumentaryFreakI believe that the modern human can’t really sustain more than fifteen to thirty seconds of a person talking without any change in the shot before they start to freak out.
16Jason ScottMaking A Text Adventure DocumentaryMythosAnd I’ve been very lucky over the past eight years or so talking directly to people who I’d only thought of as words on a page or on a box or otherwise in some way completely in the realm of mythos, which disappears when you’re in their kitchen
16Jason ScottMaking A Text Adventure DocumentarySchedulingAt this juncture, I say, as I watch people kind of storm out, you either go, I want to see even more of this or you say, I have made an enormous scheduling error
16Jason ScottMaking A Text Adventure DocumentaryThe ThingIt’s gonna do the thing, isn’t it
16Jason ScottMaking A Text Adventure DocumentaryTwinkieYou know, secretive isn’t the word so much, they try to obfuscate how and where caves are located because they don’t want people to just kind of, you know, pack a Twinkie and go in and die, so.
16Jason ScottMaking A Text Adventure DocumentaryWifeI still get fan mail every week about the BBS Documentary. It all comes down to “Oh God, thank you” nobody understands me. Now my wife understands me. It’s mostly used as a wife education tool.
16Jason ScottMaking A Text Adventure DocumentaryYou WonI don’t regret one moment of this, so, if nothing else, from my talk, take some amount of heart if you’re working on a project that nobody else understands because if, at the end of the day, you enjoyed it and you appreciated it, then you won
16DT and Joe GrandMaking the DEF CON 16 Badge128kBecause if yore’s ting to transfer more than 128k at 771 bits a second, I don’t even know what to say.Diret Link
16DT and Joe GrandMaking the DEF CON 16 Badge8500Trying to find 8500 of anything is hard
16DT and Joe GrandMaking the DEF CON 16 BadgeAcoustic CouplersFor those of you who remember acoustic couplers, anybody, it’s like that
16DT and Joe GrandMaking the DEF CON 16 BadgeCardboardI felt really bad seeing all of these green cardboard badges everywhere
16DT and Joe GrandMaking the DEF CON 16 BadgeGuaranteeSo, pretty much, I mean no matter how much you plan in advance, there’s always going to be problems and yeah, this year we didn’t plan as much in advance as we could have, which is why next year we’re going to try, but next year there’s going to be a different problem, I don’t know what it is gonna be, but there will be one, I can guarantee that.
16DT and Joe GrandMaking the DEF CON 16 BadgeJailYou make sure Grifter’s son is gonna stay out of jail and can be a hacker
16DT and Joe GrandMaking the DEF CON 16 BadgeKnight RiderSo ti’s a little hard to see, but you take one badge, you turn it into receive mode, which is the first mode where the LEDs go back and forth like Knight Rider, because I love David Hassellhoff
16DT and Joe GrandMaking the DEF CON 16 BadgeMoreSo, number of badges. Every year, we’re making more and more. The first year 6500 badges, last year 6800, this year 8500, That’s a lot of hackers. That’s really cool. Hopefully it’s all hackers and not just like more feds have come.
16DT and Joe GrandMaking the DEF CON 16 BadgeTaxAnd when you’re sending fifty thousand dollars worth of parts through China, they want their tax.
16DT and Joe GrandMaking the DEF CON 16 BadgeUser ErrorI’m like, well, there’s little indicator on the battery holder to put it in the right way. That sounds like user error.
16Jay BealeOwning the Users With Agent In the MiddleAll MuscleHi Priest, don’t hurt me. He’s a very nice man who’s got a weight ratio of three to one on me. And I’m telling you it’s all muscle.Direct Link
16Jay BealeOwning the Users With Agent In the MiddleBlockI wanna reiterate you can’t block doors, you absolutely can not block doors. It’s not good to block doors, that is how people die. And I do not mean the people you block from getting our, I mean you, as you get trampled, really badly, it’s no fun. So first, don’t block doors, second, keep a clear aisle for some definition of an aisle, that means Goons should be able to run down. They may do it as like a test. And, again, the Goons are called Goons for a reason so don’t block the aisles either.
16Jay BealeOwning the Users With Agent In the MiddleBurnEvery year I bring a laptop here and I, when I get home I burn the laptop. No, I burn the hard drive. I pull the hard drive out, it was a fresh one that went in before I got here, it didn’t have any real data on it. I just installed some kind of, well
16Jay BealeOwning the Users With Agent In the MiddleEthicsWhich really, you gotta think, there’s gotta be some kinda ethics to doing bad things, I mean you can be bad, but there are like levels of badness, you know, there’s like, you know, shoving somebody in line, or cutting in line, and then there’s like eating a kitten. Eating a kitten is really bad, okay.
16Jay BealeOwning the Users With Agent In the MiddleLivejournalMaybe we wanna be the DNS server, that’s a good person to be too, cause you start saying wow, everybody who like asks for say dub dub dub dot live journal dot come that’s like my laptop
16Jay BealeOwning the Users With Agent In the MiddleModifyThis is, what you’ve kinda gotta understand, is what you’ve gotta tell your friends, you gotta tell your family, you’ve gotta tell your place of employ, you’ve gotta tell everybody on the Earth.If we share a LAN, if you and I share a LAN, I can view and modify your traffic.
16Jay BealeOwning the Users With Agent In the MiddleRoute My PacketsNow, I’m going to tell you guys something, because we’re at a hacker con, and I’ve been on a lot of good networks gone bad, if your’e going to do that to me, if you’re going give me a DHCP lease instead of the real person, you’re going to do any of these network games, please route my packets.
18TottenkophAn Introduction to Virtual GraffitiAnd That’s MathHackers, it’s something new to exploit and learn about, and the young people because hormones plus destruction of someone else’s property equals lols and that’s math, you can’t argue math.Direct Link
18TottenkophAn Introduction to Virtual GraffitiCursing Her NameNext thing I knew i was cursing her name and submitting my CFP
18TottenkophAn Introduction to Virtual GraffitiDo ItDo I think it’s possible? Yes. I just thing we need to get off our butts and do it.
18TottenkophAn Introduction to Virtual GraffitiIrrelevantThe software company that distributes the software actively discourages the use of Apple and/or Linux machines unless there’s an XP virtual running on it because they think that XP security issues are irrelevant
18TottenkophAn Introduction to Virtual GraffitiMakes the Girls SighSusperium Polarum Celitus Threakes, or Celitus the Thoracian makes the girls sigh.
18TottenkophAn Introduction to Virtual GraffitiSlidesThis just gave up the fact that I didn’t do my slides. Unfortunately tottendad is the one who does all my slides and Nikita yells at me to do my own damn slides and this is why.
18TottenkophAn Introduction to Virtual GraffitiWear A HatWear gloves and be as inconspicuous as possible. If you’re the only blue or purple haired person in your town, wear a hat.
18RAINBuild/Beat A Lie DetectorDeception ComesDeception comes naturally in all living thingsDirect Link
18RAINBuild/Beat A Lie DetectorHorribly BadMore than three decades of psychological research has shown that most individuals are bad at knowing when they’re being lied to
18RAINBuild/Beat A Lie DetectorOwn TruthBut what you need to understand is that our present view is rooted in the very modern philosophical sense that the individual self, as an autonomous being is the possession of it’s own truth
18RAINBuild/Beat A Lie DetectorSpockEnded up losing a game of Rock Paper Scissors Lizard Spock to urbanmonkey, frikkin paper disproving Spock.
20Bruce SchneierAnswers Your QuestionsGoogle Customer ServiceActually, Google has great customer service, the problem is you’re not customers. Right, become a Google customizer, an advertiser, and they have customer service all over the placeDirect Link
20Bruce SchneierAnswers Your QuestionsKnown List of AttacksIn a sense, they’re all sorta equally mediocre, because all the standards ever do is secure the system against a known list of attacks
20Bruce SchneierAnswers Your QuestionsLose SlowerSometimes the best we can do is lose slower.
20Bruce SchneierAnswers Your QuestionsMake Security Systems WorkI think it’s our job, in security, to make security systems that work with actual users, that educating the user is a mistake.
20Bruce SchneierAnswers Your QuestionsMost Common PasswordBut we’ve made some progress, right, the most common password is now password1 instead of password, but that took a decade!
20Bruce SchneierAnswers Your QuestionsNew Meanings for WordsRichard Thieme told me this, that they have a list of attributes at the NSA, on their signage, and one of them is transparency. Clearly we’re inventing new meanings for words here.
20Bruce SchneierAnswers Your QuestionsNew Person – Old ProblemAnd this is why a new person can go to a old problem and look at it in a new way and figure out a way in
20Bruce SchneierAnswers Your QuestionsNot Going to Ban ThemAnd that is the way it will be, you know, we’re not going to ban them from coming cause I think that’s wrong too, and you know they could always pretend they’re from someplace else
20Bruce SchneierAnswers Your QuestionsQuantum ComputingCome back here in ten years and there might be a quantum computing room at DEF CON. That would be kind of fun.
20Bruce SchneierAnswers Your QuestionsSubvert the SystemHow can I subvert the system for my personal aim.
20Bruce SchneierAnswers Your QuestionsThank You Are There AnyI’m Bruce Schneier. Thank you, are there any questions?
20Bruce SchneierAnswers Your QuestionsTube of AntsI look at this and say, you mean I can send a tube of ants to anybody I want? What a great country!
20Bruce SchneierAnswers Your QuestionsWay of Thinking Doesn’t ChangeThe talks we’re seeing here at DEF CON this year are not the same types of talks we saw fifteen, twenty years ago. The world’s changing, but that way of thinking doesn’t change.
20Bruce SchneierAnswers Your QuestionsWhat Hackers DoHow can I take this system and make it do something that it’s not supposed to do. That it’s not intended to do. That the organizers, the creators didn’t envision it to do.
20Bruce SchneierAnswers Your QuestionsYou Can Never HaveYou can never have a standard of Is It Secure. You can have a standard of is it not insecure in this particular way.
20Cory DoctorowBeyond the War on General Purpose ComputingBootlockingIt’s a safe bet that totalitarian governments will happily take advantage of bootlicking and move surveillance right into the boxDirect Link
20Cory DoctorowBeyond the War on General Purpose ComputingCan’t Make It SecureIf you’re not allowed to know what software is running on your computer then you can’t make it secure.
20Cory DoctorowBeyond the War on General Purpose ComputingCertainly BecomesNow in a world where the computers that we’re discussing can see you, and hear you, where we insert our bodies into them, when they fly our planes and drive our cars, where they’re surgically implanted inside us, certainty becomes a very big deal.
20Cory DoctorowBeyond the War on General Purpose ComputingComputer In EverythingA car is just a computer that we put our body in, a 747 is a flying Solaris box full of SCADA controllers, hearing aids and pacemakers and other prosthesis are just computers we that put inside our body and that means that all our sociopolitical problems in the future are going to have a computer inside them
20Cory DoctorowBeyond the War on General Purpose ComputingControl and KnowledgeWhether you want to be free, or want to enslave, you need to have control and you need to have knowledge.
20Cory DoctorowBeyond the War on General Purpose ComputingControl Your EnvironmentRemember that security is relative, you are secured from attacks on your ability to freely use your music if can control your computing environment
20Cory DoctorowBeyond the War on General Purpose ComputingConvergentThe technical needs of helicopter parents, school systems, and enterprises are convergent with the governments of Syria and China
20Cory DoctorowBeyond the War on General Purpose ComputingDevil In the DetailsAs with everything important, the devil is in the details
20Cory DoctorowBeyond the War on General Purpose ComputingDoctrine of First SaleNow, we like the doctrine of first sale, it’s an important piece of consumer law.. It says that once you buys something, it belongs to you. And you should have the freedom to do anything you want with it, even if that hurts the vendor’s interests
20Cory DoctorowBeyond the War on General Purpose ComputingDRMDRM and it’s cousins are deployed by people who believe that you can’t and shouldn’t be trusted to set policy on the computer that you own
20Cory DoctorowBeyond the War on General Purpose ComputingHuman RightsIf your world is made of computers, then designing computers to override their owner’s decisions has significant human rights inplications
20Cory DoctorowBeyond the War on General Purpose ComputingIf We Don’t StartWe need to start thinking about now about the principles that will apply when the day comes, because if we don’t start now, it’s going to be too late
20Cory DoctorowBeyond the War on General Purpose ComputingNo Reasonable DistinctionThe reason employers give us these mobile devices is because there’s no longer any meaningful distinction between personal life and working life
20Cory DoctorowBeyond the War on General Purpose ComputingSurveillanceSurveillance in the middle of the network is nowhere near as exciting as surveillance at the edge of the network might be, whether that edge of the network is in your ear or in your laptop
20Cory DoctorowBeyond the War on General Purpose ComputingWar On General ComputingThe war on general purpose computing is what happens when the control freaks in government and industry demand the ability to remotely control our computers
20Cory DoctorowBeyond the War on General Purpose ComputingWe Don’t Know HowWe don’t know how to make computers that can run all the programs we can compile except for the one that pisses off a regulator or distorts a business model or abets a criminal
20Cory DoctorowBeyond the War on General Purpose ComputingYou Can Do Almost AnythingYou can do almost anything if you say that you’re protecting shareholders or children
20Dan KaminskyBlack OpsCancerCarbohydrates cause cancer, that’s a real link, proteins cause cancer, fats cause cancer, alcohol causes cancer, uh oh.Direct Link
20Dan KaminskyBlack OpsComputers AreComputers are small networks of interconnected devices on asynchronous networks that communicate with each other at their own time and pace. That’s how they work. Every single computer has different devices talking to each other from different clocks. These clocks are not synchronized. Even if they had an error of one part per million. That’s a bit per second per megahertz. We have way more than that actually going on.
20Dan KaminskyBlack OpsDead BodiesI don’t know if you realize this, it took hundreds of year for medicine to get it’s scientific act together, and they had dead bodies.
20Dan KaminskyBlack OpsDeterministicOkay, look, anyone who thinks computers are completely deterministic devices has clearly never written threaded code
20Dan KaminskyBlack OpsDoghmaLet’s not just assume because it violates dogma that it might not be a better path to protecting these networks
20Dan KaminskyBlack OpsFool’s ErrandPredicting what some other language is going to do, given arbitrary input is a um, fool’s errand
20Dan KaminskyBlack OpsFundamental DifferenceWhat is the fundamental difference between offense and defense, between the attack and the defense? You can tell when an attack doesn’t work.
20Dan KaminskyBlack OpsIf Language Got UsCoined by Len Sassman and Meredith Patterson as a corollary: If language got us into this mess than perhaps it can get us out
20Dan KaminskyBlack OpsIRQsAnyone remember IRQs?
20Dan KaminskyBlack OpsLack of ConsensusWe’re not going to talk about busting the bad guys. I don’t know if you noticed but there seems to be some, uh, lack of consensus on who the bad guys are.
20Dan KaminskyBlack OpsOne NanosecondOne nanosecond is the amount of noise that you can insert on a network interface, that is going to destroy an entire class of security vulnerability with a single command. That is kinda cool.
20Dan KaminskyBlack OpsOne of These DaysOne of these days we’re going to be spending as much time and money on security research as we are on medical research
20Dan KaminskyBlack OpsRandom NumbersThis is stuff that we’ve been fretting about twenty years. Twenty years ago someone was saying I hope we’re not worrying about this twenty years from now, and they’re screwed.
20Dan KaminskyBlack OpsRandom OutputI seem to not that every attack against random number generators involve looking at large amounts of output from them. So you know what I want to do? Not that.
20Dan KaminskyBlack OpsScrew Around for 10msNothing a computer like to do more than screw around for 10 milliseconds. Where’d you go? I dunno.
20Dan KaminskyBlack OpsStarving for EntropyThis is a thing that happens in technology all the time. You get too good at one solution and another failure mode crops.up. We are starving for entropy.
20Dan KaminskyBlack OpsStateless TCP StackWe’re going to build a stateless TCP stack. It just sends data, it doesn’t remember to who. The other guy remembers that he’s talking to me.
20Dan KaminskyBlack OpsStructured QueriesIt turns out, this really matters. It turns out that SQL is a language that’s really good a structured queries.
20Dan KaminskyBlack OpsThe Low End TheoryThere’s a rule called, the high end keeps getting higher, but the low end never goes away.
20Dan KaminskyBlack OpsThe VisionOur languages that are popular are artistic endeavors generally by one person, supported by others, but one guy’s got the vision.
20Dan KaminskyBlack OpsTwo Threads – One INTNow here’s my favorite of these: Two threads, one INT
20Dan KaminskyBlack OpsWe Call That ComplianceDefense that doesn’t involve offense, you know what happens? Defense gets stupid. We call that Compliance.
20Dan KaminskyBlack OpsWe Hold the GunWell, nobody has ever written a parameterized query in their life without a gun to their head. We know. We hold the gun.
20BarkodeDC20 Closing CeremoniesLong Story ShortAnd uh, long story short, I’m not dead yet. So, whichever foreign power or intelligence agency I forgot to give a Ninja badge to, I’m super sorry about that. But you’re going to have to do a lot better than that.Direct Link
20BarkodeDC20 Closing CeremoniesNinjatel Was BornBut when we were trying to figure out what to do this year to kinda go out with a bang, we thought, it’s DEF CON 20, what were we all doing twenty years ago? We were all phone phreaks, most of us in the group were anyway, we were on the phone, we thought how can we bring that nostalgia back, let’s do something with phones, so that’s how NinjaTel was born.
20DTDC20 Closing CeremoniesConcievedHow many people were conceived at DEF CON?
20DTDC20 Closing CeremoniesFree BeerFree booze, that was the other thing we did is we had some free beer that Thursday night for the people that showed up early, and that seemed to go over really well, but I could see that could be a losing battle. You could probably go broke giving away free beer here.
20DTDC20 Closing CeremoniesGetting CardedWe have a lot of volunteers and so, this is a quick little story of me showing up at the con, and uh, and one of my new goons, you know, cards me. He’s like, where’s your badge, and so the guy next to be is busting up like, oh god, he’s getting so busted. And uh, actually it’s like that’s totally cool, that’s exactly what he should do right. so, if he doesn’t know who I am, and I don’t have a badge, he should stop me.
20GMark HardyDC20 Closing CeremoniesSQL Injection to WinNobody had the right answer, but one of the guys put in their answer key. They did a SQL injection and they won it.
20Jason ScottDC20 Closing CeremoniesWithout Them We Are NothingYou know, originally I thought was just a lattice work of interrelated groups, but it is in fact a burlap sacks full of ball bearings smashing into each other, all with their own goals, but every single one stood up and said I believe in DEF CON, I believe in Jeff’s dream, and I believe in our people. Without them we are nothing
20LosTDC20 Closing CeremoniesHow Many of You MetFor my benefit, how many of you out there met somebody else because of the badges this year?
20LosTDC20 Closing CeremoniesMystery Challenge ChallengesSo, they had to do everything from doing a crimp from The Mighty Boosh, that they had to memorize in like less than like an hour, to cracking crypto that was written on some skull faces. At the very end they received a skull made out of paper mache and filled with plaster of Paris that had a thumb drive embedded inside it that they had to chisel out and they would spend hours on the crypto on the thumb drive only to find out that there was a micro SD card inside of the thumb drive that they had to crack open to find.
20pyr0DC20 Closing Ceremonies50 Pounds of MetalI ran into zoo after he won and he was packing around this huge bag of all the change and he was talking about how he’s going to go through the airport and not check it, like he’s just going to carry it on to the plane. Because they can’t separate you from your money even though that’s like 50 pounds of metal or something like that
20RiversideDC20 Closing CeremoniesCookies in the ClearIf you’re a security researcher on reddit, in Ask Me Anything, you make sure that your cookies are not in the clear
20RiversideDC20 Closing CeremoniesMorse Code Over ICMPWe invented three new steganography techniques just for this event, and actually one of the teams did get my morse code over ICMP.
20RiversideDC20 Closing CeremoniesOwn WiresharkWe had a six year old girl capturing packets and owning Wireshark. It was awesome.
20Winn SchwartauDC20 Closing Ceremonies20 Years AgoTwenty years ago tonight, Jeff said let the games begin, and we began it in DEF CON 2
20Winn SchwartauDC20 Closing Ceremonies75 SecondsI can take 3.25 million ip addresses, I can sweep them from my little $200 Opteron box on a really nice pipe, I can get 800 megs of http data, the scan takes 75 seconds.
20Winn SchwartauDC20 Closing CeremoniesWeight Around My NeckDEF CON has been a weight around my neck for twenty years, Jeff.
20RendermanHacker + AirplanesBirthday ParadoxBut first I wanna address something, the Kaminsky problem. Over multiple cons, Dan Kaminsky and I are speaking at the same time. I’ve have yet to see him actually speak. This is getting absolutely ridiculous. On his blog he actually plugs it as the Renderman birthday paradox. Which is highly ironic because yesterday was my birthday. And I don’t think he has any cookies this year. Oh hell. Apparently I get to drink.Direct Link
20RendermanHacker + AirplanesFor the Love of SpongebobFor the love of Sponge Bob, do not try anything you’re about to see
20RendermanHacker + AirplanesWe As HackersWe as hackers have unique insight, we think about things in terms of security. We always think about the outside, we always think about that x-factor, that thing that nobody else in the world seems to do
20Jayson StreetHow To Channel Your Inner Henry RollinsFifteen ThousandFifteen thousand opportunities for you to network and find a new friend that shares the same passion you haveDirect Link
20Jayson StreetHow To Channel Your Inner Henry RollinsGet Up HereI wanna hear what you have to say. You got research, you got valuable information you can share. Get up here, with me, and speak it.
20Jayson StreetHow To Channel Your Inner Henry RollinsHaving A BlastYou have to have passion, you have to want it, because the guys on the other side of the keyboard are having a blast
20Jayson StreetHow To Channel Your Inner Henry RollinsJumperBeing a hacker is thinking, you know, realistically this is not supposed to happen, but let me put this jumper there anyway.
20Jayson StreetHow To Channel Your Inner Henry RollinsWant To See It BetterI love this community, I love these people. And I just want to see it better.
20Zach FaselPwned in 60 SecondsAnd That’s the StoryAnd that’s the story, thanks for coming guysDirect Link
20Zach FaselPwned in 60 SecondsJudge MeJudge me based on the quality of this talk, not based on a list of certs
20PriestQ&A With the Men (and Women) In BlackActionAnd you’ve gotta be willing to lean forward and make change happen because if you just sit back and complain, nothing’s going to happenDirect Link
20PriestQ&A With the Men (and Women) In BlackAlamedaWhere are the nuclear vessels in Alameda
20PriestQ&A With the Men (and Women) In BlackBuild ThingsYou know it’s great to break things. I need people who can help me build things, not just break them. We’ve got about 30 seconds left.
20PriestQ&A With the Men (and Women) In BlackCaught TiredAnd as I said in the program, we promise, no extreme renditions or mind control unless you really deserve it, so if you see me reaching for my microphone, don’t run. You’ll just get caught tired.
20PriestQ&A With the Men (and Women) In BlackEven at my sizeAnd even at my size I don’t want to be somebody’s bitch
20PriestQ&A With the Men (and Women) In BlackFailure of ImaginationOne of the things in the 9/11 commission was that intel, and the intelligence community, had a failure of imagination
20PriestQ&A With the Men (and Women) In BlackFeds are People TooFeds are people too
20PriestQ&A With the Men (and Women) In BlackFez are CoolAnd you get a really cool Fez, cause Fezes are cool.
20PriestQ&A With the Men (and Women) In BlackLike SushiThat answer is kinda like eating sushi. You’re full right afterwards then after about and hour you’re like man, I’m hungry.
20PriestQ&A With the Men (and Women) In BlackNCIS is TrueConspiracies are hard. Never assume conspiracy when ignorance or stupidity will do. I have one comment, everything you see on NCIS is true.
20PriestQ&A With the Men (and Women) In BlackNobody On the PlanetNobody on the planet said that the Department of Defense should be prepared to shoot down airliner on the tenth of September, 2001, and everybody on the 12th of September though that should have been done
20PriestQ&A With the Men (and Women) In BlackRaise Your HandAll you FBI agents in the room, raise your hand.
20PriestQ&A With the Men (and Women) In BlackRead the Comic BooksHe’s the guy that read the comic books to the other SEALs
20PriestQ&A With the Men (and Women) In BlackSmile for the PictureSo when you go outside and smile for the satellite picture, she’s the one that gets to see it.
20PriestQ&A With the Men (and Women) In BlackSpace AliensI’d like to thank everybody for not asking about the space aliens
20PriestQ&A With the Men (and Women) In BlackSpot Some FedsWho in here has heard of the Defense Industrial Base Cyber Pilot. One, two, three people. Y’all wanna spot some feds, there you go.
20PriestQ&A With the Men (and Women) In BlackStop and ReorganizeWe as a federal government need to stop and reorganize. We are not set properly for this mission set in a large sense.
20PriestQ&A With the Men (and Women) In BlackTen Foot FenceI will not build a ten foot fence when I know I’m going to be attacked by two foot midgets
20PriestQ&A With the Men (and Women) In BlackTold You I Wasn’t CheapPriest, you can’t ask those questions, and I gave you a six pack of Corona just a couple of minutes ago. I told you I wasn’t cheap, sir.
20PriestQ&A With the Men (and Women) In BlackToy BudgetI have a half million dollar a year budget just for myself for toys, that we put together. It doesn’t pay as much, but like I said you get the really really good toys, and in his case, you get to kill people.
20PriestQ&A With the Men (and Women) In BlackTranslationTow things, I speak Fed and I speak English. So if they say something blah blah blah raise your hand and I’ll be happy to translate it for you
20PriestQ&A With the Men (and Women) In BlackUnicorns ExistUnicorns exist sir, they really do exist.
20PriestQ&A With the Men (and Women) In BlackWe Need A Whole New WayWe need a whole new way to think. What we need to do is capture what the federal government does well and what private industry does well.
20Richard ThiemeTwenty Years Back, Twenty Years AheadAlways WavingAnd whenever a fed said something that’s bullshit they waved the pendant, like this, and those pendants were always wavingDirect Link
20Richard ThiemeTwenty Years Back, Twenty Years AheadDaringWilson said in Concilliance, all artists, all scientists are characterized by passion, and obsessiveness, and daring
20Richard ThiemeTwenty Years Back, Twenty Years AheadGoing LiquidComputersization and digitalization means preexisting cultural forms are going liquid
20Richard ThiemeTwenty Years Back, Twenty Years AheadHacker DefinitionsA Black Hat Hacker is a Hacker. A Grey Hat Hacker is a Hacker that knows when to fudge the truth. A White Hat Hacker is a Hacker who put the truth down somewhere and forgot where they left it.
20Richard ThiemeTwenty Years Back, Twenty Years AheadNarrow Self InterestHumans being, kind of the land mammal we are, we will do almost anything for narrow self interest and short term gain even if it means suiciding ourselves, not with a bomb, but with disease
20Richard ThiemeTwenty Years Back, Twenty Years AheadRecognizably PersistentThe functions of the intelligence community today is de facto to make sure that people know that when they wake up in the morning the world in which they went to sleep will pretty much be recognizably persistent
20Richard ThiemeTwenty Years Back, Twenty Years AheadSee ContextHackers see the context. They see more deeply. They see that the thing can be made to do all kinds of things it wasn’t intended to do.
20Richard ThiemeTwenty Years Back, Twenty Years AheadSome of My Best FriendsSome of my best friends are from NSA. I wouldn’t want my daughter to marry somebody from NSA. I wouldn’t wanna live next door to someone from NSA, but some of my best friends are there.
20Richard ThiemeTwenty Years Back, Twenty Years AheadTransparent BallsHow can you even have the balls to put the word transparency up there as one of the things to which you are committed
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitGive Me A ShellYou know you want to give me a shell…awww.Direct Link
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitJavascriptThey implemented RSA and the implemented RC4 in Javascript. Holy Crap
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitMiddleAny time you can get in the middle, browser exploits become incredibly interesting.
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitObfuscationThe downside to obfuscation is of course that it’s not crypto, it’s just obfuscations. A human would be able to figure this out relatively easily.
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitShellsWhich exploit do you send? If you send one Internet Explorer exploit and all of your people connect up with a vulnerable version of Firefox, you’re missing out on shells. And everybody loves shells, you don’t want to miss out on them.
17egyptAutomatic Browser Fingerprinting and Exploitation with MetasploitUser AgentPeople that change their user agent are people that, you know, kinda know things about computers
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamExpertiseIf it’s going to really be a global marketplace for ideas, there can’t be an expertise price to pay for getting in the doorDirect Link
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamFuture WebI think it’s possible that the Dark Web is the Future Web
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamLawThe fact that people can break the law is necessary for the evolution of our society
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamLettersHow can we let companies that write letters tell us what is and isn’t a crime?
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamNormAnd we’re headed towards a world that’s less like the utopian dream that I described and more a world where surveillance, censorship, and centralized control by companies and governments is the norm
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamDeclarationGovernments of the industrial world, ye weary giants of flesh and steel, I come from cyberspace, the new home of mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamDreamThe dream of a free, open, interoperable, reliable internet where people can speak their minds and anyone who wants to hear it can listen
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamEnemyThe warrant requirement is the enemy of mass surveilance
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamHackersHackers were people who wanted free access to information and were willing to take time to build tools to make it so.
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamRoleAnd when technology has done what it’s done, and made information collection about us so cheap, so easy, and so ubiquitous, then the law has a role to play
24Jennifer GranickSlouching Towards Utopia – The State of the Internet DreamVery FarWe have moved very far from the idea that people get to see whatever information they want to see.
17Joe Grand & ZozThe Projects of Prototype ThisBagelsTalking to Joe on the radio, how are you doing? Terrible, I’m terrified of the sharks. I’m really sick, and all we’ve got are jalapeño bagels. I thought he was joking about those bagels because who’d ever heard of jalapeño bagels?Direct Link
17Joe Grand & ZozThe Projects of Prototype ThisCAD DesignTo me that was one of the coolest things about the whole show. And I can not freaking wait until we have this in our house. That we could design the electronics, CAD model and enclosure, print it out, put it together, and put it in the water without ever having to go outside our own building.
17Joe Grand & ZozThe Projects of Prototype ThisCouchIt helps to have a couch that you don’t care what you crash it in to. Yeah, or cars.
17Joe Grand & ZozThe Projects of Prototype ThisDestroyingA system that was more than capable of totally destroying itself if you got things wrong
17Joe Grand & ZozThe Projects of Prototype ThisDon’t CareNot only do they not know anything about the engineering details, they really don’t care.
17Joe Grand & ZozThe Projects of Prototype ThisHot NerdsSo here’s, like, some hot nerds getting body scanned.
17Joe Grand & ZozThe Projects of Prototype ThisLuggageThey disassembled it and carried it on the plane in checked luggage.
17Joe Grand & ZozThe Projects of Prototype ThisRocketIt’s a computer controlled plane. You can’t just take of on a runway somewhere because it’s a beach, so of course you have to launch it by a rocket. Yeah yeah, rocket. Rubber bands won’t do.
17Joe Grand & ZozThe Projects of Prototype ThisSharksSharks will put up with a robot for quite a long time, but not indefinitely
17Joe Grand & ZozThe Projects of Prototype ThisSuperheroesSome people are like, yay, superheroes. I love those guys.
17Joe Grand & ZozThe Projects of Prototype ThisTRUEAnd I put true in quotes because nothing in TV is really real, or true
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)AliasesWe only agreed to do it if we could testify under our hacker aliasesDirect Link
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)DemonstrateA lot of the questions were, well, if somebody can take the entire internet down, why haven’t they done it, to demonstrate it.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)DumpstersYou know, here are some kids, in Boston, who did nation-state stuff out of dumpsters as far as they were concerned
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)ExampleI figured that the FBI, or the DoJ, was going to, at some point, just for the media, try to make an example out of us
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)Good ThingsYou find something that you love and, good things are going to happen
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)HackersHackers are people who get stuff to do things that the creator didn’t think could be done
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)Here’s DataThat’s how I rebooted DARPA. That was the entire framework. That was the 125 lines of code malware that took half a billion dollars away from Keith Alexander, and redirected it. It was like, we brought data, what do you have? An opinion? That’s great, here’s data.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)Internet DownLet’s assume that you weren’t the good guys. How long would it take you to take the internet down today?
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)JailDo some research on the laws, don’t cross the lines, stay out of jail
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)Long GamePlay the long game. Everybody else is optimizing locally. Optimize globally and for the long term.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)MSDNIt used to be that if I wanted to exploit every single network driver on the planet, I would go find a bug in the MSDN example code because everyone would cut and paste that.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)MudgeThey fixed it. Then they sent out to the same press folks the exact same thing, with my real name replaced by Mudge
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)OffersThe answer was no, but if you’d like to be the first, we’re willing to entertain offers. Luckily, they laughed.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)OpaqueYou can’t hide behind it, you can’t make it opaque. Here’s how it works so both offense and defense can understand it.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)OverlapsI don’t think you have it embrace it. I think you have to respect it and figure out where you have overlaps and where everybody can move forward without trying to co opt people
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)PauseIt is amazing and terrifying and it is 15 years old and hasn’t been updated, and it is still the exemplar of the best thing out there, which should make people pause
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)PeopleIt may be harder to exploit things. It has become easier to exploit people
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)PressWe were getting a lot of press, and that’s actually what kinda started this in my mind. We were getting a little too much press.
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)Proof of ConceptI always wonder if I shouldn’t have actually released a proof of concept for that
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)ResponsibleAll of you are directly responsible for me
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)SausageSo our big message to them then was, do not make it illegal to se what’s in the sausage
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)ValueWhat people didn’t realize is there’s no value in actually taking down all of the internet because you take down all of your targets as well
26L0pht20 Years Later (and Other Things You Were Afraid to Ask)WiredIf it’s good enough for the US Senate, it’s good enough for Wired.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkBean BagsI know the bean bags are going to get stolen, because I mean who wouldn’t want to steal one. I think we’ve already stopped some of the staff from stealing them.Direct Link
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkBiggestHello, and welcome, and thank you for coming to our biggest conference ever
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkBlack BadgeFor those of you who don’t know, if you win a black badge competition at DEF CON, you get an Uber badge, which is free entrance to DEF CON for the rest of your life.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkCatsAnd so then it’s just professional cat herding. And, I’m not saying you guys are cats, but, you’re cats.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkCoffinI’m going to run a Mystery Challenge, and then I’m going to put a nail in that coffin and it’s never going to be resurrected again.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkCommunityDid you think about this, or did you think about doing this? Because this really is a community effort and badge is all about you guys.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkDarwinianAnd through this sort of Darwinian process we’ve ended up with what we’ve got.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkDog NameI’m not going to let you see the lanyard unless you tell me your dog’s name.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkEntropyI just really want it to be this boiling cauldron of randomness, right, this entropy
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkEvery MinuteI’m sorry for the extra bandwidth I decided to make that run every minute
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkFind SomethingDo what you like to do and I’m just here to try to provide a stage, so if you’re not interested in that anymore, great. Find something else you’re interested in.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkFoilingI’m sorry that I consistently used my Chinese name, and this time randomly switched to my Korean name, there foiling any searches for said information
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkInterestingSo, if you don’t know what that is, I’d suggest you look that up. It’s interesting, and this is a hacker con.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkJumpingWhat I love about this community is you see people and they’ll be doing social engineering one year, car hacking the next. They’ll start a contest, they’ll play in a contest
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkPerpetuateYou’re here to challenge the speaker. This is not meant to be sort of a passive, you receive the information, active I’’m telling you the information. I really want it to be challenge the speaker. If they’re saying something you don’t like or you don’t agree with or if you think is inaccurate, you’ve got to say something. Otherwise you’re just letting the misinformation perpetuate and that’s not cool.
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkServosAnd come to Closing Ceremonies and there may be just a little bit extra that may have to do with those servos in the back
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkShow of HandsBy a show of hands, how many of you are familiar with the Mystery Challenge
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkSplitWe week really hard to try to figure out ways to get you split into smaller groups so you can meet each other
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkTurnAnd we don’t trust you do to that whole 2001 lip analysis so we’re going to turn our heads away from you
24L0sT & The Dark TangentDEF CON Welcome and Badge TalkWhat Is That?If you come to me and you say I want to do a Bio Hacking village I say great, that sounds really cool, what is that?
26Maggie Mayhem Sex Work After SESTA FOSTAAsymmetricIt’s important to remember that asymmetric enforcement of a law will always infringe on the fundamental rights of the non-criminal partyDirect Link
26Maggie Mayhem Sex Work After SESTA FOSTACompetentI think there is no greater pleasure on Earth than doing dangerous things with competent people
26Maggie Mayhem Sex Work After SESTA FOSTANegotiationAs long as there are haves and have nots, negotiations will occur between the two parties
26Maggie Mayhem Sex Work After SESTA FOSTARat TrapIf you build a better rat trap, you will always have a better rat
26Maggie Mayhem Sex Work After SESTA FOSTAShameSo if you can’t arrest somebody, you can always shame them
26Maggie Mayhem Sex Work After SESTA FOSTAUh OhPresence of multiple computers, cell phones, pagers, credit card swipers and other technology. Uh oh, uh oh.
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profit32-BitBecause, nobody runs 32-bit x86 anymore, right?Direct Link
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitARM1.00The ISA actually hasn’t changed in about 20 or 30 years. You can still read ARM 1 assembly from the 80s, kind of figure it out, and run it on a brand new ARM chip today.
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitBowie KnifeBut unfortunately you’ve lost the jar of piss and all you have left is the Bowie knife
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitDashIt’s one part science, one part estimation, a dash of bitter feelings about everything in the world. And a little bit of what the #$%@ was the EE thinking when they made this?
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitEmbeddedThere are many targets you can attack. There are ARM devices and embedded Linux devices all around you.
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitKeep On HackingThere are embedded systems everywhere. Keep on Hacking.
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitQEMUYou can run QEMU on ARM to pretend that it’s ARM if you have the wrong kind of ARM.
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitSeen OneOnce you’ve seen one, you’ve sen them all
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitShovingEvery vendor has their own way of shoving bits on to a device. They all suck!
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitTFTPDon’t be afraid to look for TFTP
26Morgan Gangweret’s Assembler Jim but not as we know it abusing binaries from embedded devices for fun and profitWgetEspecially if you look very carefully there. You can flash straight from wget straight to the device.
22PanelDiversity in Information SecurityAltairOur history is that we took our blinky boxes called Altair, and we wanted to be real engineers and they said no. So we went and build our own party with blackjack and hookers and called it DEF CON because %#@^ those people.Direct Link
22PanelDiversity in Information SecurityDen of ThievesThere’s a lot of talk right now about DEF CON being this openly inclusive place and we all just want to learn from each other and make the world happier. When I came to DEF CON it was a den of @$#$ thieves
22PanelDiversity in Information SecurityFail WellI want you to fail well and I want you to fail often
22PanelDiversity in Information SecurityFlirtingMy girlfriend’s watching on TV right now so, hopefully I’m not flirting with you too much. Just enough.
22PanelDiversity in Information SecurityMinorityBecause hackers are now a minority at DEF CON
22PanelDiversity in Information SecurityNowhere ElseDEF CON is a giant hacker family reunion. I feel at home in this place like nowhere else on Earth.
22PanelDiversity in Information SecurityOursAn ours means that the thing that matters most when you’re is not what you look like, not what you smell like, not whether you have three dicks or two arms, but what you do, what’s in your head. If I hand you a problem, and I don’t help you solve it, what do you do with it.
22PanelDiversity in Information SecurityPart of ItI could come, and I could present research, and I never felt a part of it because it was me not letting myself be a part of it
22PanelDiversity in Information SecurityPC PoliceAnd I think it’s important to keep that mantra, because as soon as we become the PC Police, and we start backing up for things other than our hacks? We don’t have our hacks anymore.
22PanelDiversity in Information SecurityPiviledgeBecause I have substantial benefits because of who I am. Versus my white, male friends with glasses wearing black tee shirts. Try finding one of them in a crowd at DEF CON
22PanelDiversity in Information SecuritySafestYou will find that this is the safest environment you will ever be in to be who you really are.
22PanelDiversity in Information SecuritySay HiSo, why not talk to somebody that you might not have talked to before. Go say hi.
22PanelDiversity in Information SecurityTouristThose people want to come here. They want to come to our space. They want to look at our tricks. They want to buy our bugs and then pretend like we did it to teach them. Look, if you have a badge and you’re here today. And you don’t hack stuff, and you’re really just here to observe it that’s great. I hope you have a great time and that nobody messes with you but understand that you are a @$%^ tourist!
22PanelDiversity in Information SecurityWasn’t FunI obviously stood out and I was definitely the different kid and I got teased a lot for it and if I look at my pre-college life it wasn’t fun.
16Sandy “Mouse” ClarkClimbing EverestBackdoorBut I don’t know what else you can call an intentionally coded function that, when it is called, it provides its user with complete root access to the system and it doesn’t require a password. That’s my definition of a backdoor.Direct Link
16Sandy “Mouse” ClarkClimbing EverestBar KeyHe went home and he brought back his key to home mini bar and it is so familiar it’s identical. So if you have a home mini bar there’s a 90 percent chance you can unlock a Diebold voting machine.
16Sandy “Mouse” ClarkClimbing EverestBlackAnd this PEB gives you complete root access to the machine and it doesn’t require a password. You just stick it in the slot and you have root. I don’t know what color it is, but ours was black.
16Sandy “Mouse” ClarkClimbing EverestCritical MassLike anything, until we reach critical mass, until enough of us get involved in this, nothing is going to change
16Sandy “Mouse” ClarkClimbing EverestDartsSo basically we threw darts, and wherever a dart landed, somebody went and looked. Lucky for us the systems were such crap that we couldn’t not find things.
16Sandy “Mouse” ClarkClimbing EverestFamily ValuesSo, 80 percent of the votes that are tallied in US elections are tallied on systems sold by companies owned by brothers. It gives a new meaning to the term Family Values
16Sandy “Mouse” ClarkClimbing EverestGive ItIf you can stick your removable media into that machine it will run whatever you give it
16Sandy “Mouse” ClarkClimbing EverestHardWe found a comment next to the hard coded password. It stated, I kid you not, we hard coded this password so that hackers couldn’t use it.
16Sandy “Mouse” ClarkClimbing EverestIncompetenceI could never prove any maliciousness. I can tell you that the code is very poorly written. There is definite signs of incompetence.
16Sandy “Mouse” ClarkClimbing EverestMake ItBut you know, we’re hackers. In our community, if you can’t buy something, how do you get a hold of it? You have to make it. We made ours with a Palm and a magnet.
16Sandy “Mouse” ClarkClimbing EverestMore PortsEthernet ports, modem ports, serial ports, parallel ports. Every single vendor has at least one that you can get access to.
16Sandy “Mouse” ClarkClimbing EverestPaperclipBut if you don’t own the key you can just pick the locks. You see, Ohio didn’t send us the keys for the first five days so in order for us to turn the machine on at all we had to pick the locks. Paperclip and a little jiggling.
16Sandy “Mouse” ClarkClimbing EverestPlus OneWhen you think about voting, you think it should be as simple as Votes Candidate equals Votes+1. This is what voting in the US really looks like.
16Sandy “Mouse” ClarkClimbing EverestPortsMaybe it’s too much trouble to remove the seals. It’s too hard to get a key or pick the locks. You can always just access one of the many open and unprotected ports.
16Sandy “Mouse” ClarkClimbing EverestSmall FontI apologize for the small font but it couldn’t get them all to fit on the screen
17Sherri DavidoffDeath of Anonymous TravelAMTRAKOn Sept. 23 2008, AMTRAK and TSA conducted the largest joint, simultaneous northeast rail security operationDirect Link
17Sherri DavidoffDeath of Anonymous TravelCall InformationThere is evidence that at least, technically, they could have access to mass domestic call information
17Sherri DavidoffDeath of Anonymous TravelCashIf you care about your privacy you can still pay in cash, right?
17Sherri DavidoffDeath of Anonymous TravelFTPSo if you’re a security geek, you probably did a little..whaaa?
17Sherri DavidoffDeath of Anonymous TravelHow on EarthHow on earth could we get people to carry around an RFID card with them wherever they go.
17Sherri DavidoffDeath of Anonymous TravelMovedSo whether or not you’re on a watchlist doesn’t depend on whether you’ve tried to bring explosives to an airport. It can depend simply on how often you’ve moved.
17Sherri DavidoffDeath of Anonymous TravelPOLICE_USERSo, if the variable POLICE_USER is yes, and this is taken from the client side, you would show the accept or reject buttons
17Sherri DavidoffDeath of Anonymous TravelPretzel VendorIt was a big camera emblazoned with the NYPD logo keeping tabs on a suspicious pretzel vendor
17Sherri DavidoffDeath of Anonymous TravelShiny Metal ThingsSo those of us who care about our privacy of course can just use those shiny, round, metal things and those paper things we call cash, right?
17Sherri DavidoffDeath of Anonymous TravelSQLThey create what’s going to become a URL, and in the URL is a select statement, a SQL select statement
17Sherri DavidoffDeath of Anonymous TravelUnfetteredHe says that, the users of this line could have unfettered access to voice, data, and even physical location information
17Sherri DavidoffDeath of Anonymous TravelVerisignAnd then you can see there’s a cute little Verisign secured logo, which makes me feel much more confident
17Sherri DavidoffDeath of Anonymous TravelVerizonAll the information from OnStar goes across Verizon’s network so the FBI already has access to it.
17Sherri DavidoffDeath of Anonymous TravelWatchingPlease turn off your cell phones. They’re watching you.
17Sherri DavidoffDeath of Anonymous TravelWho KnowsSo, as we run through this, some questions to keep in your mind. Who knows that you’re here? Who knows you’re in Las Vegas? Who knows that you’re at this hotel, Riviera? Who knows that you’re attending the DEF CON conference? Who knows that you’re in this room watching this presentation right now?