BDwC:\Documents and Settings\billy\My Documents\prog\consched\consched\pub\www.defcon.org\html\defcon-13\dc13-datebook.dbaƒ€BusinessBusinessPersonalPersonal‚dc13dc136лџџџ`6ъBpDъBCoffee Wars in Athenaџџџџџџџ`6ъBpDъBChillout in Parthenon 2џџџџџџџ`6ъBBъB?Recapturing the Revolutionary Heart of Hacking [Richard Thieme]џП\" A revolutionary program for preparing the future using past models of creativity and ingenuity. Deeply personal and implicitly political, this talk illuminates the potentials and possibilities of hacking in a transparent society, a surveillance society, a society that neutralizes dissent. It defines identity hacking as a transformational process requiring all of our resources and skills. Identity hacking is alive in an underground now that is gathering itself for a defiant refusal to be captured and managed. That revolutionary heart is recaptured in the willingness to understand the mechanics of reinvention and to commit ourselves to a higher code or path than the broken options offered by a consumer society in a globalized world tilted far to the right. Hackers in the future will have to be wily and guiltless, transparent and duplicitous, treacherous and faithful. They must know how to live in this world but never surrender, they must learn how to splice multiple possibilities into a single destiny in the moment of execution. That moment, fusing self-transcendence and action, is the revolutionary heart of hacking. It is also a means of practice for a trans-planetary quest. \"џџџџџџџ`6ъBBъB;The Unveiling of My Next Big Project [Philip R. Zimmermann]џџџџџџџ`6ъBpDъBCheck-in for Wardrive in Athenaџџџџџџџ`6ъBBъBHacking Nmap [Fyodor]џZ\" While many security practitioners use Nmap , few understand its full power. Nmap deserves part of the blame for being too helpful. A simple command such as \"nmap scanme.insecure.org\" leaves Nmap to choose the scan type, timing details, target ports, output format, source ports and addresses, and more. You can even specify -iR (random input) and let Nmap choose the targets! Hiding all of these details makes Nmap easy to use, but also easy to grow complacent with. Many people never explore the literally hundreds of available options and scan techniques for more powerful scanning. In this presentation, Nmap author Fyodor details advanced Nmap usage--from clever hacks for teaching Nmap new tricks, to new and undocumented features for bypassing firewalls, optimizing scan performance, defeating intrusion detection systems, and more. \"џџџџџџџpDъB(PъBBooksigning: Richard ThiemeџџџџџџџpDъB(PъBMudgeџџџџџџџpDъB(PъBDOn the Current State of Remote Active OS Fingerprinting [Ofir Arkin]џї\" Active operating system fingerprinting is a technology, which uses stimulus (sends packets) in order to provoke a reaction from network elements. The implementations of active scanning will monitor the network for a response to be, or not, received from probed targeted network elements, and according to the type of response, and the conclusions following (part of an implementation's intelligence), knowledge will be gathered about the underlying operating system. This talk examines the current state of remote active OS fingerprinting technology and tools: the different methods used today, the issues associated with them, the limitations, where the current technology is, what can and cannot be accomplished, and what should be done in the future. The talk also highlights the accuracy aspects of several active operating system fingerprinting tools, analyzes them and compare between them. During the talk a new version of Xprobe2, a remote active OS fingerprinting tool will be released. \"џџџџџџџpDъB(PъBJEnd-to-End Voice Encryption over GSM: A Different Approach [Wesley TannerџУ\" Where is end-to-end voice privacy over cellular? What efforts are underway to bring this necessity to the consumer? This discussion will distill for you the options available today, and focus on current research directions in technologies for the near future. Cellular encryption products today make use of either circuit switched data (CSD), or high latency packet switched networks. We will discuss the advantages and disadvantages of these services, focusing on details of GSM cellular channels specifically. The highlight will be our current research project: encrypted voice over the GSM voice channel. We'll dig into how this works, and why it is useful. This talk will touch on some fundamentals of modem design, voice codecs, GSM protocol basics, cryptographic protocols for voice links, and a bunch of other interesting stuff. There will be demonstrations with MATLAB/Octave and C, and we will provide some fun code to experiment with. \"џџџџџџџ€RъB8^ъBDunk Tank Opensџџџџџџџ€RъB8^ъBInternet Survivabilityџ!\" In this lecture we will begin with a brief introduction on a couple of the common or not so common threats that exist to the Internet and Internet infrastructure today, provide with some statistics and discuss the harm rather than potential risks. We will then proceed to discuss problems we face dealing with these threats, and what actually gets done to combat them, globally - and by who. We will also try and determine \"where do we go from here\", and if time allows take questions from the audience to form a short discussion. \"џџџџџџџ€RъB8^ъBGRouting in the Dark: Scalable Searches in Dark P2P Networks [Ian Clarkeџщ\" With peer to peer networks under fire by organizations using the legal system to attack participants, it seems that the only sustainable future is for dark, encrypted, networks where participants only talk to peers that they know and trust. Such networks, like WASTE, already exist to some extent, but they scale poorly and do not allow global communication. This does not need to be the case, however. The \"small world\" observations, going back to Milgram's famous experiments in the sixties, show that social networks have all the right characteristics for being easy and efficient to navigate and search. It stands to reason that, under the right circumstances, so should a Darknet. We present algorithms for making routing possible in such networks, based on the real mathematics of how small worlds function. The goal is to build peer to peer networks that are difficult for outsiders to detect and infiltrate, making the job of those who wish to shut them down much harder. \"џџџџџџџ€RъB8^ъBBooksigning: Kevin Mitnickџџџџџџџ€RъB8^ъB;Introducing Unicornscan - Riding the Unicorn [Robert E. LeeџГ\" 2.2 Abstract Unicornscan is an open source (GPL) tool designed to assist with information gathering and security auditing. This talk will contrast the real world problems we've experienced using other tools and methods while demonstrating the solutions that Unicornscan can provide. We will use Unicornscan to collect information from large networks, data mine the collected information, and test systems for susceptibility to specific vulnerabilities. Some of the more interesting content includes: How to take stable working exploits and use Unicornscan as a delivery agent. How to deliver platform specific exploits using just the information from one Target response packet (SYN/ACK). How to avoid the kernel fixing packets that we have specifically created to be invalid. How to get more mileage out of the information contained inside the TCP stream for OS and possibly application fingerprinting. An introduction to the Scatter Connect method of TCP Connection State information tracking. During the talk we will release a new DEFCON specific version of Unicornscan that contains many enhancements that we will demonstrate during the talk. The DEFCON version will also contain a couple of special payload configuration files not included in the standard release. To get the most out of this talk attendees should have a strong working knowledge of TCP/IP, C programming, assembly, and OS/Application fingerprinting techniques. \"џџџџџџџ`ъBHlъBSuicidal Linux [Bruce Potter]џa\" I spend a lot of my time shooting at random targets. Last year I was on a Bluetooth holy war, trying to raise awareness of Bluetooth security (or lack therein). My talk at BH 04 was actually a two day experiment using Bluetooth to track attendees around the conference (code available from bluetooth.shmoo.com). While the technology was simple, the message needed to get out. Bluetooth enabled phones are dangerous and are flying under the security industry's radar screen. Fast forward a year, and the situation is much better. Bluetooth security is getting more and more coverage and research ( www.trifinite.org is a great site for BT security issues), and people are (finally) getting scared. So I decided to shift gears into a bigger hornet's nest... The holy war of Operating System security. No, not the standard issue \"OpenBSD is uber secureџџџџџџџ`ъBHlъB+ATM Network Vulnerabilities [Robert Morris]џ\" When was the last time you visited an actual human being to withdraw some spending money? In a world were most people visit computers for cash, ATM Networks have been traditionally thought of as a secure haven. Financial data theft is more of a reality than ever, but the backbone for the majority of cash to consumer transactions is not a target. I will show you why that is about to change. During my years at the NSA, I witnessed the growth of the electronic banking industry and observed many poor security design decisions as the ATM network was built. The means for authentication, the protection of data, and the methods for transferring sensitive information are just the tip of the iceberg. The ATM network is the next financial hacking pot of gold. \"џџџџџџџ`ъBHlъB(Lost in Translation [Christian Grothoff]џk\" This presentation describes the possibilities of steganographically embedding information in the \"noise\" created by automatic translation of natural language documents. An automated natural language translation system is ideal for steganographic applications, since natural language translation leaves plenty of room for variation. Also, because there are frequent errors in legitimate automatic text translations, additional errors inserted by an information hiding mechanism are plausibly undetectable and would appear to be part of the normal noise associated with translation. Significantly, it should be extremely difficult for an adversary to determine if inaccuracies in the translation are caused by the use of steganography or by perceptions and deficiencies of the translation software. A prototype, Lost in Translation (LiT), will be presented. \"џџџџџџџ nъBXzъB\Credit Cards: Everything You have Ever Wanted to Know [Robert \"hackajar\" Imhoff-Dousharm]џ˜\" Identity theft is at an all time high. With businesses, universities and banks being compromised the threat is real right now. The media covers these area's but miss one important location that your most suseptiable to fraud, everywhere you swipe your credit card. We will pull out all the stops to help you understand credit cards, their history and how to protect yourself. Ever wonder what was in the magnetic strip of a card? Where that information goes? Who keeps your personal information, and for how long? Who is data mining this information? Who do they sell it to? All these questions and more will be answered in this presentation Defcon 11 we talked about social engineering to steal your credit card information. Defcon 12 we gave a live example on stealing credit card data from merchant networks. Now we will show you what that information is, and how to protect yourself against fraud. \"џџџџџџџ nъBXzъB'CISO Q&A with Dark Tangent [Scott Blakeџ#\" The Dark Tangent, founder of DEFCON, invites Chief Information Security Officers from global corporations to join him on stage for a unique set of questions and answers. What do CISOs think of David Litchfield, Dan Kaminsky, Joe Grand, Metasploit, Black Hat, and DEFCON? How many years before deperimeterization is a reality? Is security research more helpful or harmful to the economy? What privacy practices do CISOs personally use? These questions and others from the audience will be fielded by this panel of security visionaries. \"џџџџџџџ nъBPsъB?Auto-adapting Stealth Communication Channels [Daniel Burroughs]џк\" Intrusion detection systems and firewalls generally follow one of two methods of attack detection, signature or anomaly. Signature detection detects known attacks and anomaly detection covers unusual activity (with the hope that it will discover new attacks). Often what is detected by the IDS or firewall is not the original attack, but rather the communication that occurs afterwards. Known methods are easily picked up by signature detection, new methods are either picked up by anomaly detection or have a limited lifespan (signatures are created to detect them). That leads us to the dilemma of trying to create a covert communication scheme with no (easily) detectable pattern and one that does not cause statistical anomalies. The key to solving this dilemma is to use a scheme that is not consistent in its appearance and adapts itself to match its current surroundings. The traffic on one network will very from that on another network. This means that what will look unusual or out of place on one network might not look so strange on another. By analyzing the conditions that exist on a network and then adapting the communication scheme to fit in with those conditions, a well camouflaged communication channel can be created. This talk covers the concepts for such a communication system. It will cover the development and research being performed currently as well as providing a moderately technical discussion of the background concepts for such a system. \"џџџџџџџЈuъBXzъB\" As the demand for mobile internet access increases, more and more public wireless access points are becoming available for general usage. Unfortunately, as awareness of these access points increases, some companies have been capitalizing on the idea, charging monthly and hourly rates. This talk discusses methods of silently bypassing current implementations of authenticated wireless networks. An automated proof of concept tool is released and explained. Some theoretical methods of authentication that might be implemented in the future are also discussed. \"џџџџџџџа˜ъB€ъBpWhiz Kids or Juvenile Delinquents: A Sociological Perspective The Construction of Hacker Identity [Amanda Dean]џN\" The paper I will be presenting serves as a rudimentary literature review on how hackers may be constructed as either deviants or non-deviants in society. This presentation begins by placing hackers within the framework of sociological literature on deviance. I talk about how deviance has historically been a social construction, with the more powerful members of society defining what it is to be deviant, and those with less power are frequently applied the label. I apply sociological definitions of of deviants to hackers, and am able to refute these claims in many cases. \"џџџџџџџа˜ъBˆЄъB