Forgot your password?
typodupeerror
Programming Security The Internet Technology

Blackhat/Defcon Report 305

Posted by michael
from the neuromancer dept.
Joe Barr writes "NewsForge [ed. note: part of OSTG along with Slashdot] is running its concluding piece on the week-long Blackhat/DEFCON hackerfest in Las Vegas. Want to know how little our police/intelligence agencies seem to have learned from their failures prior to 9/11? Or how a very large goon known only as Priest prevented outright political violence at a DEFCON presentation on Civil Disobedience? Or which of the two conferences is right for you? It's all here in the Blackhat/Defcon: Final report." Reader M. Curphey writes "The Web Application Security Consortium (WASC) announced at Blackhat the release of a 'Threat Classifications' document. This document attempts to clarify web security terminology such as Cross Site Scripting, Session Fixation, Cookie poisoning, and HTTP response splitting (to name a few)."
This discussion has been archived. No new comments can be posted.

Blackhat/Defcon Report

Comments Filter:
  • Crimethinc (Score:5, Insightful)

    by evslin (612024) on Tuesday August 03, 2004 @01:14PM (#9869812)
    Questions were asked about what "going over the line" meant. Assclowns like Crimethinc are exactly what you'd want to point at and say "that's what I'm talking about." Disagreeing with the government (or even just Republicans) is one thing, but going around encouraging people to vandalize websites/etc is something else.

    Jesus. No wonder he looked like he was expecting to be arrested.
  • by wayward (770747) on Tuesday August 03, 2004 @01:18PM (#9869836)
    To paraphase Gene Spafford when he talked about the idea of hiring hackers as security experts, an arsonist isn't necessarily well-qualified to be on a fire department.
  • by Rufus88 (748752) on Tuesday August 03, 2004 @01:23PM (#9869862)
    "We got the call for trouble in the room. The gentleman, I was told, was preaching sedition. I knew that we had to take some steps quickly preventing that. Defcon is definitely for free speech, definitely for legal civil disobedience. But not anarchy, not psychopathic destruction of property. " [Emphasis mine]

    Civil disobedience is, by definition, illegal. That's the whole point of it.
  • by Anonymous Coward on Tuesday August 03, 2004 @01:33PM (#9869910)
    today we find out the information was all years old

    I think all that means is that the terrorists are going on scouting missions. IOW, scout possible targets, determine some facts about them, etc. It's the same thing militaries have done for centuries: figure out what to attack and what impact it might have.

    The question is whether the targets scouted are still considered relevant by the terrorists. This is the type of stuff intelligence services need to find out, and in a timely manner. And if it is still a relevant target, find out if attacks are planned or are being planned. Get info on those plans, etc etc until an attack can be thwarted.

    Now whether or not our gov't should be reacting the way it is to this info (orange alerts in NYC, Newark, Washington, etc) I dont really know. They (the gov't) might have other info not releasable to the public, and keep in mind the RNC will be at Madison Square Gardens later this month.
  • Re:Crimethinc (Score:1, Insightful)

    by Anonymous Coward on Tuesday August 03, 2004 @01:37PM (#9869932)

    Idiots like this may as well go on the Republican payroll. It's all fine to be a mindlessly enthusiastic twit, but when you have the skills and ability to do serious damage to things, you lose that option and have to THINK seriously about the consequences of your actions.

    What did he think would be likely to happen in the wake of acts of political vandalism, such as he advocates? Reductions in police powers in the governtment? Reduced government action against hackers? A more permissive government attitude towards legitimate, nonviolent, nondestructive acts of protest?

    In any area I can think of, the consequences of the sort of infantile tactics he advocates would be a setback, by DECADES, of any civil rights cause even remotely associated with computing and activism.

    The thing that pisses me off the most about this is that the damn twit could have spent that session brainstorming with the crowd, coming up with forms of protest that both got a message out and were PERSUASIVE, while also respecting the times we live in. Any angry four year old can come up with something as inventive as breaking someone else's toys. Not to mention the fact that the authorities don't need another group of terrorists/large-scale vandals to track.

    The problem, of course, is that running a session like that would require a display of a) respect b) creativity and c) intelligence, all of which this speaker seems to lack.

    Protest is great, but counter-productive protest is just masturbation. And if you are reading this and getting angry at me, take a minute, step back, and think. I'm not saying not to protest, i'm saying "protest smart, not hard", if I can paraphrase the old "work smart, not hard" saying. If you are enthusiastic enough to protest, you deserve to have that protest make a real difference, a real change for the better.

    Think of it as avoiding the Nader Error, which is going to great lengths to set your own cause back.

  • by smooth wombat (796938) on Tuesday August 03, 2004 @01:38PM (#9869940) Homepage Journal
    It's only so long till most Americans start ignoring the terror alerts as things now stand,. . .

    What do you mean start to ignore terror alerts? I haven't listened to one since the beginning!

    Cue the Herman Goering quote about keeping people in fear. . .

  • Yes, I RTFA, and somehow I didn't see much about our intelligence agencies "not learning much since 9/11". I suppose the summary is referring to not hiring crackers that have done illegal stuff, but that's moronic -- if the NSA would reject someone for a job breaking into things BECAUSE they know how to break into things, we are all in big trouble.
  • by Anonymous Coward on Tuesday August 03, 2004 @01:44PM (#9870004)
    There are some anti-abortion groups (on the conservative end of the spectrum) which advocate violence, and also militia groups (some of which McVeigh had contact with) which also advocate violence. There have been numerous other right-wing groups in America which have used violence against their political enemies - in the sixties there were more than a couple anti-war protesters that got their heads bashed in with axe handles. Also don't forget the various Civil Rights workers in the south during the 50s/60s who were murdered by folks who were definitely on the right-wing end of the spectrum.

    It's not as one sided as you make it out to be.
  • Wrong opinions (Score:3, Insightful)

    by nuggz (69912) on Tuesday August 03, 2004 @01:46PM (#9870012) Homepage
    Having the wrong opinion and voicing it is generally okay.

    Free speech ends when you're inciting violence.
  • by ResidntGeek (772730) on Tuesday August 03, 2004 @01:46PM (#9870014) Journal
    An arsonist just pours some gas and lights a match. That's more like what a script kiddie does. They just throw some exploits at random machines and try to install subseven. Obviously they don't know jack about security. A skilled hacker is more like an experienced thief. They use complex techiques to avoid detection, make surgical strikes at predetermined targets, and learn about their targets' security measures to more effectively neutralize them. Those people make good security experts.
  • by smooth wombat (796938) on Tuesday August 03, 2004 @01:48PM (#9870026) Homepage Journal
    how is it that the half of America which owns guns is never the one calling for violence?

    You've never heard of militias, have you? Listen to some of the right-wing crud that they spew and you'll see how wrong your comment is.

    Southern Michigan Regional Militia [michiganmilitia.org]
    Militia of Montana [militiaofmontana.com]

    Those are just two to get you started but feel free to do your own research.

  • by wayward (770747) on Tuesday August 03, 2004 @01:56PM (#9870120)
    One real security problem is that the complexity of attacks is increased, but the difficulty of launching them has decreased. The more skilled hackers create scripts or point-and-click tools, and the script kiddies can use them without having to know much about what they're doing. One book had a transcript of a conversation from an irc hacking channel, and some of the "hackers" seemed to be lacking in basic knowledge. For example, one of them wasn't too sure how to mount a second hard drive in Linux.

    I'm not sure what motivates the more talented black hats to create easy-to-use programs for script kiddies. Someone suggested that they didn't want to bother deploying them. It also occurred to me that the script kiddies would be more likely to get caught and prosecuted if anything went wrong.
  • by FreeUser (11483) on Tuesday August 03, 2004 @01:59PM (#9870141)
    How is it that the members of the most dovish American ideology when it comes to foreign policy always seem to be the ones for inciting violence against their domestic enemies?

    For the same reason that the radical right are always the ones who seem to be inciting violence against their domestic enemies. Tim McVee is hardly unique in his political stance and aspirations, nor have you cited anyone on the left that equals his level of destructiveness or intent (there are such people, but CrimeThinc is hardly of that caliber. He is not advocating mass murder).

    The reality is that the so-called political spectrum is more of a sphere than a line. The extreme right and far left meet and become one and the same. Consider the similiarities of Stalin and Hitler, for example. Kids blowing up toilets to protest vietnam bear a striking similiarity to skinheads defacing jewish tombstones. Republican thugs terrorizing librarians and volunteers during the Florida recount bear a striking resemblence to communists in China enforcing campus-wide political correctness vis-a-vis the One True Party(tm) system.

    Radicalism is radicalism, whether dressed in a Liberal Left or Reactionary Right attire, just as religious fundamentalism is religious fundamentalism irrespective of its Christian, Jewish, or Islamic trappings.

    You have simply chosen to filter your perceptions through your own political dogma, as many people on both sides of the aisle often do. However, the reality is that folks of all radical stripes, in all political, religious, social, and philosophical directions, employ similiar methods to achieve their goals, those methods correlating much more strongly to their degree of radicalism and fanaticism than their particular social, political, religious, or philosophical bent.
  • by gelfling (6534) on Tuesday August 03, 2004 @02:01PM (#9870169) Homepage Journal
    I would imagine that people by and large go to DefCon to learn HOW to do something not WHY. There appears to be a lot of faux anarcho posing going on as well as faux Fedcop speak in response.

    Only another anarchist or Fedcop would ever think that what an anarchist or Fedcop has to say is remotely interesting. I can't imagine anyone at DefCon suddenly deciding that either breaking thinks is kewl or that diversity of opinion has to be tolerated. Nor would I think that the self professed Grey-Hats are going to come out in favor of the PATRIOT act.

    When we all talk to a room full of people who are our clones it's got to get pretty boring.
  • by Anonymous Coward on Tuesday August 03, 2004 @02:03PM (#9870182)
    when the government, specifically the supreme court, is the sole arbiter of where freedom of speech ends, you've already found yourself in a hell of a mess. (most people use the shouting fire example, but there are reasons you should restrain your freedom of speech even if entitled to it) The act of governing others needs to grow out of governing oneself, because until you can control yourself you're not capable of laying down the law for anyone else.

    I might break the law by soap-boxing violent revolution, but I will do so knowing full well the consequences i am accepting if i fail to overthrow the government. Revolution is not meant to be easy, if it wasn't hard it wouldn't be effective; and regardless of lofty ideals, there is no such thing as justice - two forces collide and the stronger wins.
  • by Oligonicella (659917) on Tuesday August 03, 2004 @02:13PM (#9870291)
    Our government is by no means "too corrupt and opressive". I'm a hippie, old but still, and I don't find our government such. I've seen it way worse, and so have many others. So, no, it's not anywhere near justifying "by any means".

    "Who defines what's sedition?"

    Not you, and here's why.

    "...Republicats are guilty of treason..."
    "...for misleading Americans into war..."
    "...selling the country to the Chinese..."
    "...passing the Patriot Act..."

    Someone who doesn't understand the errors in those phrases isn't in any position to determine sedition.
  • Re:How could you? (Score:3, Insightful)

    by HarveyBirdman (627248) on Tuesday August 03, 2004 @02:14PM (#9870302) Journal
    Well sure it could, but crashing a cropduster into a Waffle House isn't going to have the same kind of effect.

    That's a debatable point, actually, and I think you're being a bit of a bigot (and this is from a guy who sometimes wishes much of the "South" would slip off into another dimension).

    If I were a terrorist, I'd be looking for the *least* likely targets. I might even just throw a dart at a map. One of the aspects of terror is to, well, terrorize, and an implementation of random "can happen anywhere at anytime" strikes will accomplish that. So, yeah, a croipduster loaded with smallpox crashed into an anonymous waffle house in SaddleCloth, Iowa would have a pretty big effect. Especially if your current goal is to swing an election and not, say, upset financial markets.

  • by FreeUser (11483) on Tuesday August 03, 2004 @02:16PM (#9870322)
    I wish one could go back and edit old posts. :-)

    I apologize for the sloppy use of language.

    If I had it to do over again, I would substitute zealotry for radicalism in the post above.

    There are many people with radical notions (where radical = divergence from the society's mainstream assumptions) who are not at all fanatical and would never resort to violent means to achieve those changes (Richard Stallman is an example of someone who is radical and stubborn, but not zealous or fanatical in any real sense of the word ... his detractor's rhetoric notwithstanding). Women's suffurage was at one time radical, but most of those persuing it were not fanatical and virtually everyone non-violent. This in contrast to those who fanatically defended the status quo and physically attacked and even murdered women for daring to insist on the same basic civil rights afforded the men of their day.

    So, to recap: the reality is that folks of all fanatical stripes, in all political, religious, social, and philosophical directions, employ similiar methods to achieve their goals, those methods correlating much more strongly to their degree of zealotry and fanaticism than their political, social, relgiious, or phisophical bent, or their degree of divergence from the political "mainstream."
  • by edremy (36408) on Tuesday August 03, 2004 @02:17PM (#9870333) Journal
    ...killing civil rights demonstrators, blowing up black girls attending churches and like as right wing violence your stats are pretty good. Oh yeah, and shooting abortion doctors, bombing the Olympics, killing Jewish schoolchildren [cnn.com], attacking gays [cnn.com], the OKC bombing....

    Yeah, the right wing is just *so* peaceful.

  • by dr_dank (472072) on Tuesday August 03, 2004 @02:34PM (#9870493) Homepage Journal
    It is the willful and public breaking (hence illegal) of an unjust law, in the hopes of receiving the corresponding punishment, as a means of protesting that law.

    In a country that has no problem jailing more of its citizens than any other nation, it seems like going to prison in protest doesn't really inconvenience anyone in power.
  • by Rufus88 (748752) on Tuesday August 03, 2004 @02:36PM (#9870507)
    Not always to start with.

    Yes, always to start with.

    A group of people staging a sit-down isn't initially illegal (your police state may vary).

    Then it isn't civil disobedience yet. It's a lawful protest. Why do people insist on using the term "civil disobedience" as a synonym for "protest"?
  • by murr (214674) on Tuesday August 03, 2004 @02:50PM (#9870638)
    CrimeThinc (yes, I actually read the article) is just one of a long line stretching back to the Weatherman Underground and the SLA up to the Seattle WTO protestors smashing windows.

    Setting bombs and robbing banks is hardly the same as smashing windows (not that I approve of either).

    Discounting lone nuts like Timothy McVee

    McVeigh.

    (and remember that the Oklahoma City bombing was universally condemned among conservatives)

    "condemned" like when Ann Coulter said "My only regret with
    Timothy McVeigh is he did not go to the New York Times Building." ?

    how is it that the half of America which owns guns is never the one calling for violence?

    In my limited experience, the vast majority people who shoot other people tend to be in possession of guns at the time.

    It seems you've never heard of (to only quote a few examples from the last 20 years, long after the Weather Underground and the SLA went out of business):
    • The Order.
    • The various militias.
    • The World Church of the Creator.
    • The James Byrd murder.
    • The Matthew Shepard murder.
    • Numerous murdered abortion providers.
    • Eric Rudolph.

"Success covers a multitude of blunders." -- George Bernard Shaw

Working...