Phoenix.pm: [scott@illogics.org: Thursday Meeting Automated Pre-Announcement]

Scott Walters scott at illogics.org
Tue Aug 5 04:05:34 CDT 2003


Did my script get the date right? If so, I'll point it at the list instead
of just myself ;)

Just back from DEFCON where Nathan Torkington, of all people, was lurking.
Okey, he wasn't lurking per se, but he was there. He states that ORA
made him the new security editor. Just as I was explaning that most of
the time a company sends someone to DEFCON, they don't do it again,
someone went cruising into the lobby carrying a giant bong, followed by a 
hoarde soon-to-be-stoned. Gnat didn't seem very comfortable with that. Of 
course, the party was only starting. 

Team Immunix lost Capture the Flag (now Root-Fu) for the second
year in a row, placing second, again, and again, only by a narrow
margin. This sucks because I was on this team. I got a rather
radical glow-in-the-dark-penguin-in-a-gas-mask-looking-frumpy
tee, though. There is a lot of good that can be done by a Perl
programmer in this contest - auditing Perl (an old version of
Slash and several CGIs were part of the services you were
required to provide and keep up), and mounting attacks. Nits of the 
rules made interesting applications of Perl beyond just exploiting
Perl on the other side. Last year, I used Perl, sh, and Python
to convince remote teams machines to damage their own score by 
transmitting large amounts of unrequested data, effectively
using one team to DoS other teams. This year was trickier -
you had to convince them to initiate the request. I really don't
have too much interesting in security, but Root-Fu is one
heck of an intense, fun, challenging game with lots of room
for creativity and thinkiing on your feet.

Next year, I'd love to recruit a chunk of PhoenixPM to help =)

Kevin Mitnick's team won the current battery of Hacker Jepordy,
and then went on to win the playoffs against last years team.
At one point, someone noticed the thing that Kevin was idely
fidgeting with was a Blackberry. It turns out that people in
the audiance were emailing him answers. It also turned out
that this isn't against the rules, though it is likely to be
next year. Kevin looks vibrant, healthy, and happy. He spent a
lot of time up on the stage at Hacker Jepordy just grining
at the audiance. Yes, there is something sly to his grin, but
he certainly doesn't exude evil. For those of you not familiar
with Kevin Mitnick, he is kind of the hacker poster boy.
He is famous for not ever doing anything malicious - damaging
systems, releasing damining information, and so forth - but
for learning a lot of things that people felt threatened
by and for being very hard to arrest. When prosected, the
case was blown out of proportion: all sorts of paranoid garbage
like Kevin might have cruise missile launch codes so he
should be put in solitary confinement (he was put in solitary for
over a year, which is itself illegal), and that bandwidth
goes for a large dollar amount per K, so he cost the network
hundreds of thousands of dollars were all accepted in the
first of many hacker kangaroo courts. A large campaign to
"Free Kevin" sprung up, drawing attention to the lack of ethics
in how "hackers" were handled in court, which has done atleast
some good to make the feds play by their own rules.

"Secure Programming Cookbook for C and C++" is on shelves now.
Go buy your copy. I won't make any money from it, but it doesn't
suck, unlike the last thing I did technical review on ;)

Okey, thats my DEFCON report.

-scott


----- Forwarded message from scott at illogics.org -----

Received:  from straylight (localhost [127.0.0.1])
Encoding:  8bit
Subject:  Thursday Meeting Automated Pre-Announcement
Date:  Tue, 5 Aug 2003 00:00:02 -0700
To:  scott at illogics.org
From:  scott at illogics.org


Hi,

This is an automated message - this upcoming Thursday, the 11st, is a Perl Mongers
night! 

Pack up your favorite old and new books, your problem code, your clever
hacks, pick a new or favorite module from CPAN or your library to mention,
if you want to share.

If no topic has been announced, this is your chance to present that 
algorithm or module or technique - it doesn't have to be spectacular -
people of all abilities show up and there is plenty of room for novice,
intermediate, and expert content. If you don't suggest something, Doug,
Kurt and Scott's inventory will be exhausted eventually, and no one wants
that.

Watch this space for confirmation of the meeting date and announcement of the
final topic selection. 




----- End forwarded message -----



More information about the Phoenix-pm mailing list