DEF CON nostalgia [was: going double cryptome at DEF CON 22]

coderman coderman@gmail.com
Wed Jul 30 14:57:43 PDT 2014


a hollow, decrepit shell of its former self..
... oh the 0ld days,
  ;)


"We'd appreciate some more ethics." - GOBBLES
 - https://www.youtube.com/watch?v=DAJSxOzrD1g
 [ GOBBLES Security - still disappointed in 2014 ... ]


----


regarding the current line up:
 https://defcon.org/html/defcon-22/dc-22-speakers.html


"Detecting Bluetooth Surveillance Systems" - what about RFID?

"Dropping Docs on Darknets: How People Got Caught" - see also, EPICFAIL

"How to Disclose an Exploit Without Getting in Trouble" - if you
thought ice cream had many flavors, welcome to the brave new world of
'responsible disclosure'!

"NSA Playset: PCIe" - the lack of any VT-d mention makes for mediocre.
TAO tools better include a VM breakout and uCode errata exploitation.
(spoiler alert - i don't think this is actually dropping NSA exploits)

"The Monkey in the Middle: A pentesters guide to playing in traffic" -
this middle perspective, however, is absolutely a tailored favorite. a
gift that keeps on giving...

"Investigating PowerShell Attacks" - this is now pointless, what with
pass the hash dead.  IT'S ALL OVER, JUST GO HOME.  *sobbing*  [c.f.
http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/
]

"Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty
Hunter!" - one step further to enlightenment. the industry that should
not exist; better yet to become build engineer or test automationer or
devops devotee and build security in at unsexy day jobs for not fame
and not riches. #hashtagInfosuckprotipyolo

"In the forest of knowledge with 1o57" - nothing to say here other
than i'm selling 1o57's uber badge for bitcoin to highest bidder. come
find me :P~

"RF Penetration Testing, Your Air Stinks" - my discriminator for a
delicious sw defined deployment: a) new grc blocks or custom sdr
pipeline?  b) wideband and full duplex?  c) opportunistic and ad-hoc
capabilities?  - if you answered no to any of the following please try
again, with more harder!  [c.f. http://www.pervices.com/buy-crimson/
dual 10GigE, 100kHz – 6GHz, <= 800MHz bandwidth, 4 x (16 bit, 370 MSPS
ADCs), 2 x (quad channel, 16 bit, 2500 MSPS DAC), 10MHz, 10ppb,
reference OCXO]
P.P.S. if you want do your own training on "WB Quad System" without
travel to FVEY facilities this is how ;)

"Panel - Diversity in Information Security" - i was not invited to
this panel. credibility lost.

"Android Hacker Protection Level 0" - because more fingers in the dike
is more fingers.

"Blinding The Surveillance State" - i am soliciting donations for
premium consulting expertise. i don't think Soghoian's free advice
will be instrumental, but Cowboy Alexander has some sweet new shit
(you get what you pay for? :)
 [ c.f. http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents
]

"Summary of Attacks Against BIOS and Secure Boot" - aka, why to
coreboot and kill AMT with fire.  ok Intel chipsec peeps i got bones
to pick SEE YOU IN VEGAS


---


how about the talks you want so much but will never see?  those
billions for your discretion clearly benefiting profitability over
pervasive security.


best regards,




More information about the cypherpunks mailing list