 |
|
|
|
|
 |
|
|
|
Jason Scott has been involved with computing machinery since 1978 and modems of one sort of another since 1981. Wrapping himself up in the world of BBS's, Diversi-Dials, Dial-Your-Matches and the occasional Alliance Teleconference, he had a grand old time from high school until early college. Leaving the BBS world for the Internet, he had an even grander old time, and got involved in a number of successful online projects. As he neared 30, he returned from his years of telnetting and web-browsing to find his childhood gone, his favorite BBS's unmentioned on any web site, and the BBS itself a forgotten foundation underneath it all.
Out of this initial concern of what had been lost came textfiles.com, which now contains over 30,000 textfiles, g-files and log files from the 1980's, and bbslist.textfiles.com, a collection of information on over 90,000 BBS's. These sites made him a bit of a focal point for the nostalgia and memories of an online generation, and he has embarked on a new project: An all-inclusive BBS Documentary. No, it never ends; worthwhile projects never do.
We are very pleased to announce that Jason Scott will be delivering out keynote address this year. Mr. Scott will kick off Rubi Con 2003 with a two-hour presentation which will touch on many aspects of computing and the computing underground, from the "golden age" for which Mr. Scott has much personal nostalgia, to the modern state of technology and technology culture. Our keynote address will occur at 1900 on Friday in Room A.
Mr. Scott will also be presenting "Apple Piracy" at 1700 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Forno was the INTERNIC's Chief Security Officer from 1998 to 2001. Before that, he helped establish the Information Security Office for the U.S. House of Representatives, and was a consultant to the Department of Defense where he assisted in researching and developing capabilities needed to respond to information warfare attacks against the United States. He's currently writing and consulting in the DC area.
Mr. Forno is a frequent speaker at security and intelligence community seminars and industry conferences, and also keynoted Rubi Cons 3 and 4. In addition to several papers and a columnist for Securityfocus, he is the co-author of "The Art of Information Warfare" and O'Reilly's "Incident Response." He regularly lectures at the National Defense University in Washington, DC.
Mr. Forno will be giving an as yet undetermined presentation at 1300 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
A business consultant, writer, and professional speaker focused on the human dimension of technology and the work place.
Mr. Thieme has spoken for the Black Hat Briefings (intelligence and corporate security) since its inception in 1997 and for the annual computer hackers conventions Def Con IV (1996), Def Con V (1997), Def Con VI (1998) and Def Con VIII (2000). He has also spoken for PumpCon, Xmas Con (New Orleans 2600), Rubi Con (2000, 2001, and 2002), and SummerCon.
At Def Con VIII, he moderated a panel that included the Assistant Secretary of Defense, the Director of Information and Infrastructure Assurance for DOD, and the Director of the Federal Computer Incident Response Team, who came to "dialogue" with more than 5000 computer hackers. He was invited to moderate because, according to the National Security Agency officer who asked, "You're the only one in the room with the acceptance and respect of both the hackers and the Feds."
Mr. Thieme has been published widely and has been translated into German, Chinese, Japanese, Slovene, Danish and Indonesian. His articles are taught at the University of Leipzig and numerous universities in Ireland, England, and Canada, as well as in the United States at Rutgers, Baldwin-Wallace College, Ohio State University, University of Vermont, San Diego State University, Colorado State University, and others. His work has been frequently anthologized. His column, "Islands in the Clickstream," has been published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine (Capetown) and is distributed to subscribers in 58 countries. He has had articles published in Forbes Digital, the Village Voice, LA Weekly, Salon, LAN Magazine, Wired, Computing Japan, and CTHEORY.
Mr. Thieme will be presenting "Masters of the Unseen: The Art of Information Warfare" at 1700 on Friday in Room A. The technical details of information security can be described, but true mastery of the art of information warfare --both offense and defense-- is more subtle. Richard Thieme is currently interviewing some of the best and brightest in the field; the government side, corporate side, and hacker side, in order to illuminate the heuristics of that subtle art and craft. He shares some of their stories and insights with us and talks about why the real geniuses are often multi-disciplinary and why it pays to cross-leverage the wisdom of many domains instead of staying stuck in just one.
|
|
|
|
|
|
|
|
|
|
|
|
|
During the mid 70's, a poor Lithuanian was blessed with the first of the total nine children they would have, a healthy son. Over the course of the next twelve years, he was given the greatest gift that any young Lithuanian could ask for -- the title of "Big Brother" to his eight younger brothers and sisters.
The village in Lithuania that the family resided in (and, to date, still lives) was overrun with crime and corruption. Making an honest living was nearly impossible, and the family struggled on a daily basis just to get enough food to feed everyone.
The oldest son was tempted to join a gang that his friends ran with, because it seemed to be the only thing he could do to help provide for his undernourished brothers and sisters. His father, who was a very wise man, saw what was going on and shared his insight on the matter.
"Dearest Son," he said, "consider what it is you are doing, and how it will affect you later in life. It is better to live a meager life while being poor and honest, than to live a gluttonous and luxurious life as a criminal, since in the end its only your character that matters."
These words didn't have an immediate affect on the boy, and he went ahead and joined the gang with his friends. And suddenly one day, he was abducted by a rival gang and held as collateral in exchange for properties held by his own gang. His friends had no interest in giving up the possessions in exchange for his life, and his fate seemed sealed.
His father heard of the situation and found out where he was being held. Since the police force was corrupted already, and not interested in intervening, he had to take the matter into his own hands and attempt to rescue his son.
During the rescue, he managed to free his son, but was mortally wounded by a gunshot as the two fled the building. As he lay dying, in his son's arms, he said, "Son, take heed of those words I have spoken to you before. As I pass, I will no longer be capable of providing for our family, and now the responsibility is fully yours. Understand that your current lifestyle is a threat to your own well being, which now affects the welfare of our family in a more severe way. Do what is right..." and then he passed on.
The next day, the boy was working in the fields with the other poor, honest citizens of Lithuania, trying to make his father proud. The small amount of money he made depressed him and the family would often go several days without having any food. One day his mother walked in on him in the kitchen and silently observed him eating a full loaf of their bread, which was meant to last a week for the family. When he was done, she said to him, "Son, look at what you have done. You've gobbled down a weeks worth of our food."
His youngest sister, who was three at the time, was also standing there silently. She said, "Stupid GOBBLES" to him -- a nickname that would stick for the rest of his life.
The humiliation "GOBBLES" felt the next few months from having his family call him by nothing but GOBBLES was more than he could endure. He decided to leave his family and their insults behind, while he went to America to seek a better life, where the big dollar could be made and he could make enough money to better support his family, and not have to endure their constant insults. When he arrived in America, he realized exactly how much he missed his beloved family, and even in their annoying ways. He made the decision to be known as GOBBLES from then on, which is now how he introduces himself to anyone that meets him.
In recent years, GOBBLES has found a job with Victoria's Secret as a photographer. In his spare time he started a computer security research group, which is now known as GOBBLES Security. Over time they have become an icon in the security world, well known for their controversial actions and what is largely thought of as being "Unethical Full Disclosure."
GOBBLES will be presenting, "Project Honeynet: Know your Enemy" at 1800 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Fanto currently works in the Computer Security Division, PKI Group, of the National Institute of Standards and Technology (NIST,) the agency that brought the world AES, DES, SHA1, DSA, and most other cryptography and computer security standards. He is involved in the Linux-NTFS project, adding NTFS support to Linux. He works on the Gentoo project, and is working on a secure Gentoo release, as well as Gentoo kernels. He contributes to the EXT3SJ project, which is an encrypted filesystem for Linux. He also contributes to the LSE project (Linux Scalability Effort) and a few other projects. Mr. Fantošs background is in cryptography, in the design of block ciphers, cryptanlaysis, and public key cryptography.
Mr. Fanto will be presenting "Secure Gentoo" at 2100 on Friday in Room A. Mr. Fanto will discuss the secure Gentoo release currently under development. He will discuss some of the pitfalls they have encountered during development, and how security can be a fundamental design element of an operating system.
|
|
|
|
|
|
|
|
|
|
|
|
|
David Downey is a Red Hat Certified Engineer (RHCE), has used Linux since 1994 (kernel version 1.0.8), was one of the Core LPIC-2 Certification Developers for Linux Professional Institute (one of the nation's leading certifications for Linux Administrators), and an ex Red Hat Linux, Inc. employee. He is also the official Debian GNU/Linux Maintainer for libpam-pgsql, a Pluggable Authentication Module (PAM) for Linux which allows administrators to authenticate users against a PostgreSQL database. David is the Co Project Founder of EXT3SJ, a project put together by MattJF and himself to add secured (read encrypted) journaling functions to the EXT3 filesystem for Linux. David is also a certified Internet Security Engineer specializing in webfarm clustering technologies.
Mr. Downey started his Linux journey on SLS Linux which is the father of SlackWare Linux. SLS Linux was in it's infancy when he started with it! SLS Linux is the second oldest distribution out there, the first being MCC Linux. Ahhh! Those were the days, when everything was floppies (and SLS Linux was roughly 86 floppies back then for the full distribution), and all you had was time (not). A screw up back then usually meant spending the day feeding floppies to the machine while his wife looked on like he was a total nut!
He currently works as the Senior Administrator for Aeternam Technologies out of Montreal, Canada and is responsible for all day to day systems operations. His favorite pastime is playing Counter Strike on the company's game servers.
Mr. Downey will be presenting, "EXT3SJ Secured Journaling Project" at 1400 on Friday in Room B.
The purpose of the EXT3SJ project is to provide cryptographic services at the filesystem layer. By utilizing system calls, the user enters their key into kernel-space using any custom frontend they choose, thus EXT3SJ does not provide policy, only a common entry API.
The user has many encryption algorithms to choose from. Metric algorythms as AES, Triple DES, IDEA, CAST and BlowFish, and verification hash functions such as MD5 and SHA1. EXT3SJ adds a secure delete() and allows the user to easily verify the integrity of files through the use of cryptographically secure hash functions.
Through the use of file attributes for any file, the VFS manager will be able to correctly determine which algorithm to use, thus providing seamless and secure interaction between the user, kernel, and filesystem.
Mr. Downey will also be participating in panel discussion, "Linux Wars: My distro is better than yours" at 2100 on Friday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
A brief discussion of the history and workings of TCP/IP. Mr. Amonette has certifications from such prestigious organizations as The Health Department, The American Culinary Federation, The Powered Industrial Truck Operators, Cisco, and some small company in Redmond. Having spent nearly 20 years working in some of the highest quality restaurants in Michigan (Amway Grand, Gutheries, and of course Taco Bell,) he decided to tackle the obvious next carreer: computer security. Holding his head high amongst the ranks of script kiddies everywhere, Mr. Amonette is a security engineer working with ITMTech, a Grand Rapids based computer security firm.
Mr. Amonette will be preseting "Basics of TCP/IP" at 1400 on Friday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently a system administrator at a small company, Mr. Honeycutt also moonlights as a coder, information architect, and a security analyst. When he is not having his soul raped working for the man, he's making noise with various tools or slothing to the max.
He will be presenting a demonstration on the failures of using log analysis as your only means to monitor systems and an interactive concert using netpeep, an OpenBSD based firewall, network traffic, and you.
|
|
|
|
|
|
|
|
|
|
|
|
|
Sometimes answering to the name Jason Larsen, Anonpoet (A-Non-Poet or Anon-Poet) is the primary author of Hogwash. Hogwash is an open source packet scrubber used in a number of honeypot projects. It lives inline and can drop or modify packets based on signature and heuristic rules. Used mostly by people who can tweak it, Anonpoet's tendency towards procrastination has kept Hogwash from releasing an end-user friendly version.
You can find his code is various projects including Snort, ATS, the GTK packet decoder, and a long list of others. He has been published in a number of online security journals and medical journals.
Over his career, Anonpoet has worked in industrial control systems, radiation treatments for brain tumors, distributed archive systems, and network security.
He is currently the Network Security Architect for the Idaho National Engineering and Environmental Laboratories, a DOE nuclear research lab in central Idaho.
Aggressive Honeypots: Methods and examples of using open source tools to make honeypots active and aggressive participants in network security infrastructures. We will be presenting new systems of, tool examples for, and real life experiences with aggressive honeypots in this presentation. Covering both research as well as defensive implementations, the aim is to help you take honeypots out of the shadows of the network security arsenal and to increase their usefullness as the security world evolves. Featured projects will be Hogwash's H2 active response code and the Bait and Switch Honeypot system. Anonpoet will presenting "Aggressive Honeypots" at 1600 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Answering to the name of Alberto Gonzalez, electr0n is just another geek contributing to projects he finds interesting. Project contributions include Hogwash, Bigeye Honeypot, and Bait N Switch Honeypot. Main interests are Intrusion Detection Systems, Honeypots and Firewalls.
He is currently working as an Intrusion Detection Engineer for EDS in VA. Now he gets to geek at home and work, who can ask for more?
Aggressive Honeypots: Methods and examples of using open source tools to make honeypots active and aggressive participants in network security infrastructures. We will be presenting new systems of, tool examples for, and real life experiences with aggressive honeypots in this presentation. Covering both research as well as defensive implementations, the aim is to help you take honeypots out of the shadows of the network security arsenal and to increase their usefullness as the security world evolves. Featured projects will be Hogwash's H2 active response code and the Bait and Switch Honeypot system.electr0n will be presenting "Aggressive Honeypots" at 1600 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
One of the founding members of Violating Networks and the originator of the Bait'N'Switch Honeypot system, Jack Whitsitt (jofny) has a taste for doing the unusual and a fascination for fringe security work. Although involved in a number of security consulting projects in the past, jofny keeps the bills paid by working for Perot Systems at a United States Army Chemical Depot. Hopefully, he will be deploying a NIDS (his own B&S!? we'll see...) at the Depot in the near future. [Note: He is not a "security professional," but he *does* play one on IRC!]
Aggressive Honeypots: Methods and examples of using open source tools to make honeypots active and aggressive participants in network security infrastructures. We will be presenting new systems of, tool examples for, and real life experiences with aggressive honeypots in this presentation. Covering both research as well as defensive implementations, the aim is to help you take honeypots out of the shadows of the network security arsenal and to increase their usefullness as the security world evolves. Featured projects will be Hogwash's H2 active response code and the Bait and Switch Honeypot system. Jofny will be presenting "Aggressive Honeypots" at 1600 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Information comes in many forms and flavors, but it can always be reduced to something more concise, something more pure. It can be dispersed, it can be hidden or locked away, but it can never be destroyed. Maybe that's why he does what he does today: he's curious about the why and the how, even if he knows his questions may never be answered. After all, how long ago was it that mathematics and philosophy became separate subjects? Mr. Hardy's first experience in the area of his specialty might have been with a high school science fair project, or it might have been earlier still, when he learned gematria in first grade. (No kidding. His first name is 700.) Either way, learning and teaching are two of his major interests, and have brought him to where he is now.
In the world of academia, Mr. Hardy has focused on cryptology, viewed from two different but related sides. On the side of computer science, he has worked on a number of projects including crypto libraries developed for the European Union and a distributed elliptic curve cracker. On the side of mathematics, his attention has mostly been on optimization of cryptosystems and cryptanalysis through combinatorics. Currently he is a member of a prominent cryptography research group at a well-known university.
Mr. Hardy will present "Randomness: Prowessful Counterassertion, Intercommon Sunshining in Synentognathous Crossbreeds" at 1200 on Saturday in Room A. The talk will cover pseudorandom number generation, and how "randomness" can be defined. It will be oriented for those people who want a better understanding of what terms like "pseudorandom" and "bit entropy" mean, or are wondering why exactly it is that a computer can not generate a "truly random" number. A number of different aspects of pseudorandom number generation will also be covered, including ways of analyzing the strength and randomness of pseudorandom number generators, and explaining things such as what it means when nmap tells you that a prng is weak.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Murry and Dros Adamson will be presenting "Systrace Policies and Privilege Escalation" at 1500 on Saturday in Room A. They will address the recent Systrace code integrated into the *BSD's. They will also discuss the soon-to-be released Linux port, and plans for OSX support.
|
|
|
|
|
|
|
|
|
|
|
|
|
A technology consultant for ITS Communications (ITS is a Wide Area Network technology solutions provider), he supports clients' needs for security within their LAN. Despite Microsoft security challenges, he has spent the last three years doing the best he can to secure Microsoft products that his clients insist on using. Primary areas of focus are Microsoft servers, mail systems, systems management, Linux integration, firewalls, and LAN security. In addition Mr. Wyant has taught several technology courses at a local university. These courses include Active Directory, Windows Security, Network Security, Network Systems, and Windows Administrator. He has also authored a course on business and technology.
Mr. Wyant will be presenting "Corporate Security Blunders" at 1000 on Saturday in Room A. Mr. Wyant will be sharing some of the crazy and often funny security blunders that he encounters everyday. Initially there will be a review of the security flaws that are often found in corporate LANs. Their will be a humorous overview of some of the best and worse security problems. To wrap up there will be a summary of typical changes that are made to resolve the most common security issues.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. MacDermid has spoken at Black Hat in the past on kernel module rootkits, and is the author of an encrypted mailing list package, and tools to spoof packets via abuse of source route reversal. Past projects he has done are at http://www.synacklabs.net/projects
He will be combining a presentation with a tool release. The tool is stegtunnel, which passes messages and commands across in the sequence number and IPID fields of packets, giving people the ability to pass hidden data across arbitrary TCP streams. It will be released under the BSD license. The talk would be focused on the science and history of steganography, as well as implementation details of the software.
He will also set up a demo machine running the server end of stegtunnel, so people can download the client at the conference and get messages from it.
Mr. MacDermid will be presenting "Stegtunnel, or, How I Learned to Stop Worrying and Love Carnivore" at 1100 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Ryan Fox has founded several open source software projects, including NOLA (nola.noguska.com), CCC, and Portscan (www.backwatcher.org/portscan). Mr. Fox has been doing web development for 10+ years, including developing commercial web applications for Fortune 500 companies. He's also spent more time than he'd care to admit evangelizing the laurels of open source. He's currently employed at BackWatcher Inc. (www.backwatcher.com), an open-source centric security/sysadmin/consulting firm.
Mr. Fox will be presenting "Starting and Running a Successful Open Source Project" at 1400 on Saturday in Room A. He will cover the reasons (right and wrong) for starting a project. What to expect, how to get started, and how to inform people of what you have will all be discussed. He will also talk about why to open-source an existing code-base, and the differences between open-source licenses.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Matheny is a student of Mathematics and Computer Science at Purdue University who prior to becoming a student worked for several consulting companies, Sprint, and now works for Backwatcher Inc. Mr. Matheny spends a majority of his time contributing to interesting projects such as; GNUnet, the Linux kernel, FreeBSD, OpenBSD, and CPU. An active member of the several research groups, much of his recent research has been in the areas of distributed source sharing, p2p applications, NLP for information security, and anomaly detection using event logic.
Diversity in the protocols and application layer data formats being used on systems today have created an environment where the information being relayed can no longer effectively be used. Heterogeneous application layer data formats lead to information loss or at best information overload, protocol diversity leads to unusable data, and not all data is needed by every agent in a system. Applications such as SEC have tried to address such issues in a round about fashion but in general these applications produce more overhead then they reduce.
Babe is a framework designed to remedy these problems through the idea of information routing. Babe allows users to focus on routing the information they need to agents in systems that can use this information. This routing is accomplished in a manner that in a sense allows users to focus solely on the content (and context) of data, without having to worry about data format and protocol diversity.
We believe that when appropriate agents in systems receive needed information in a timely manner, it allows for interesting (new and old) areas of research to be further explored. Information routing should allow for new research and development in the areas of intrusion detection, digital libraries, probabilistic modeling of attacks, data mining, ontological systems, and so on. This talk will focus on the Babe architecture as well as on practical examples of usage and what the future holds for users.
Mr. Matheny will be presenting "A system for end to end brokering of diverse data types" at 1300 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
The MOB was founded in the early nineties and was composed of many computer programmers, security experts, telephone phreaks, illegal aliens, and government employees. Since The MOB's immaculate conception, our members have been leaders in both the above and underground scene. While several arrests, marriages, and deportations have cooled us down quite a bit, we still remain an active, growing family and we hope to remain so for decades to come.
Mob representatives Tophat, Sodium and zxanaxz will be presenting "Introduction to Subliminal Media" at 2100 on Saturday in Room B. They will be talking about Subliminal Media, where it originated and how it effects its victims. This includes demonstrations of government and civil organizations that have tried to persuade us into making choices subconsciously. Open discussion will be held after the speech to answer any questions.
|
|
|
|
|
|
|
|
|
|
|
|
|
A senior computer science student at Kettering University, Mr. Mozurkewich has recently decided to take some time off of school to focus on work. While working for an information technology company during the day, at night he coordinates the affairs of Utropicmedia, a group of individuals that pursue software and other media design projects.
Playing with computers since his Commedore 64, Karl is not afraid to tell you why he thinks the Amiga 1000 was the best computer of its day. Besides getting nostalgic over the long forgotten days of Amiga, Mr. Mozurkewich is one academic term away from his undergraduate in Computer Science from an engineering school in Flint, Michigan, second in atmosphere only to Detroit. When not at school, he works for what is perhaps the largest and certainly the oldest information technology company in the world. When not working, he finds the time to run Utropicmedia, a collective of industry professionals that enjoy art, music, computers, and business enough to do it in their spare time.
At Rubi Con 2002 he discussed why p2p network models will assert their ownership upon us over the next few years, not only demonstrating why, but showing us why they have failed in the past and how they can be fixed.
Mr. Mozurkewich will be participating in panel discussion, "The state of the tech economy" at 1000 on Saturday in Room B.
Mr. Mozurkewich will also be moderating panel discussion, "Peer to peer: Issues of legal and technological significance" at 2000 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Tony's one of those people with too much time on his hands. Really. He gets into wireless stuff, reads TIA and IEEE docs for fun and tries to make sense of it all for the grander purpose -- implementation. He feels that wireless networking should ultimately lead to community development and telecom independence -- a community-owned telecom co-op in its truest sense.
Even though Tony is an optimist, he's well versed in the rough edges of 802.11's MAC and thoroughly wet with various vendor implementation fudges (let's call them vulnerabilities), and has spoken at past conferences on the subject with Bruce Potter and Adam Shand.
Moving down from interests in layer2, he's also well versed on the RF side of wireless networking. Much of his experience comes from several community network projects in the Madison and Chicago areas, specifically MeshMadison and the Westside Health Authority of Chicago.
Groups that Tony works and collaborates with from time to time include the Wisconsin 2600 (www.wi2600.org), and The Shmoo Group (www.shmoo.com).
Tony will be participating in panel discussion "Wireless: Convenience versus risk" at 1800 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Abstract: This discussion will be based on the currently acceptable ethical standards that millions are following today. The talk will begin with a presentation about the many different "gray" areas of ethics today. This will include file trading; exploit disclosure; political hacking; worms; viruses; and businesses/government. We will then attempt to combine these areas into one massive theory for the future. The talk will follow with a moderated discussion about these topics and the ethics associated with them. As laws grow more and more strict to accommodate the money hungry business world, millions of Americans will find themselves under the strong arm of the government. Only the future will tell.
Disclaimer: I speak independently and not on the behalf of (educational institution). I do not promote illegal activity. I do not partake in any illegal activity. The topics discussed are not affiliated with any organization. My views are completely independent and are not associated with any "hacking group" nor are they politically motivated. I am in no way promoting or actively participating in any ideas or theories discussed in this presentation.
My history: I have been an active observer in the underground since 1994. I have worked as a Unix systems administrator, a database administrator, a Windows NT/2000 administrator, a Network engineer, a Network and Host based Security Auditor, a Systems policy administrator, and have Experience with HIPAA regulations.
Reverse Corruption will be presenting "Gray Ethics: Theories for the future" at 1500 on Friday in Room B.
Reverse Corruption will also be participating in panel discussion "IDS: The state of current technology" at 1400 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Damron has been involved in network security through research, implementation, or recreation (or some combination) for a decade. For the past three years, he has been a leader in the development of the Dragon IDS. Prior to that he analyzed perimeter devices (firewalls/routers/guards) for the NSA with the intent of discovering vulnerabilities and provided countermeasures to ensure the security of nationally critical networks. Mr. Damron was born and raised within 10 minutes of the site of RC5, and is looking forward to being back home at the end of March.
Mr. Damron will be participating in panel discussion "IDS: The state of current technology" at 1400 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
I always did have underground in my blood I guess... Playing techno in the mid 80's, people were like, "Man that's some weird shit!" Now, most just say I'm weird, but they have their reasons. I started BBS'n in 1990 just for something to kill time when I wasn't with DJ House (Kenny Dixon) learning techno. It all changed when I asked about seeing ANSI graphics and I needed a program called "TELIX" I was told that was Elite Software and I needed Elite access to the file directory to get it (Huh? What's that?!). I think from that point on my life changed. Later it would be anything cellular!
Later I learned of a board by the name of "STARGATE." Slowly I passed the questions (background checks) and ridicule while learning to box from a guy named "CyberPhobe" while "Techman" schooled me on the technical aspects of cellular phreaking. Eventually my access got raised, and later I co-sysed the board. Thinking one night, I decided I could take what I learned from the "Elite" and what I learned from the hood and basically control if not own this fucking city in some way. WE DID!
From the abyss came "Celco 51." STARGATE was the primo site for cell warez and I was with a crew that had no leader, but everyone knew what was expected of them and acted upon it. Trashing was a regular. Remember the news in the day, "What You Throw Away My Hurt You?" Thanks for the pub. Haha it does! Social engineering, scanning, carding, hacking, and phreaking... you name it, we did it to perfection. In the hood I was considered the "Wizard" (still to many.) You needed info - we got it. You needed revenge - we did it (right price of course!) My regular daily income varied from $600 to $2000 and I NEVER SOLD DRUGS OR HURT ANYONE! Well maybe a few ppl.
We all know "Celco 51" and STARGATE is done! Me, some 38 counts of electronic devices fraud (10.29a.b), illegal possession of corporate info, static sensitive devices, and the list goes on. Now! Am I the same guy that was supposed to speak last year, but got locked up by the Feds for three months on bullshit? -YES! Did I do it? -No! This year we'll be walking in the shoes of a former "Technology Hustla." "Nino Brown" meets Silicon Valley! Many of us read stories of elite shit, but how many of us did it and lived it 24/7?
Who can say that they actually controlled a city so to speak in 93' and 94'? How do you put together a real hardcore crew? What role do women fit in all this? What did I learn from the "real mob" while in prison? When the Feds come what is it really like? What is Federal time like? How do you handle snitches? Where's Techman now?? What shit did I do and how did I make money off of it? What is the real meaning of control (0wn shit)? How do you plan a crime? What really is Crime? How do you dispose of a body/where? What's going on with the case/me now? What's the deal with this Underground Documentary? These topics will be discussed in detail. Questions/Answers!
Cybertr0n will be presenting "The Ins and Outs of Being Caught: Part II" at 1200 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
A computer aided design technician and general tech support bitch by day, computer dork and trouble maker by night. He has been scripting and programming for almost six years now on various topics and various programming languages that happen to come across his mind. He currently has an Associates in Computer Information Systems and is pursuing a Bachelors in Information Systems before proceeding to the next level. His working experience is varied from working on small engineering firms computer networks and servers to writing engineering programs to speed up the tasks of the engineers in their calculations. He has also helped check security for some larger corporations as well as provide consulting information to them in regards to the performance of computer companies underneath them. Artificial Intelligence and Evolutionary Programming just happen to be two of his hobbies that he has a long standing interest in.
Dameon will be presenting "Foundations of Genetic/Evolutionary Programming" at 1200 on Sunday in Room A. The presentation will be a brief overview of Genetic and Evolutionary Programming and its effects on the future of computing and uses in todays society. The session will discuss the implications of methods for allowing machines to solve problems without explicitly telling them how, and the near future of Artificial Intelligence.
|
|
|
|
|
|
|
|
|
|
|
|
|
My name is Triax. I hack. Any questions?
Triax will be presenting "Free TV" at 1600 on Friday in Room A. In it I will show how we hacked and cracked our way into the primry software chip of a DirecTV receiver (Gen 5), and modify it so that we can get all the channels, and that any 'fry' code they send down the stream will be put in an infinite loop before it hits the EEPROM, so it does not write to the chip. Thus, it is possible to get all the channels, free, for life, without interruption. Due to the nature of all hardware of this type, it is not possible to bypass this hack, even with the new Gen 6 they are coming out with next year.
|
|
|
|
|
|
|
|
|
|
|
|
|
Created by an alchemist-wizard some 3,000 years ago, Brian Deline was born of fire and rock amid the harsh bosom of the Mesopotamian crescent. Reared on the ashes and bones fallen gods, Mr. Deline suckled on the shadows of forgotten Adrammelech, Enmesarra, Ereshkigal, Erra and Namtar. He battled in the conquests of the Mauryan Empire, forging an alliance of land, sword and blood. He descended with Inanna into Irkalla, and accompanied the Seven Sages as they wondered the harsh lands of Byzantium, the Khazar Empire, and the Arab Caliphates amid the Black Sea. He served as Doge of Genoa and in 1081 AD received the title of Protosebastos from Alexis I Comnenos the Great, then Emperor of Byzantium, following a naval victory against the Normans. Mr. Deline's illustrious career continues to unfold. It is said that today he practices the dark magic of network security at a large Grand Rapids-based furniture company.
Mr. Deline will be participating in panel discussion "Wireless: Convenience versus risk" at 1800 on Saturday in Room B.
Mr. Deline will also be participating in panel discussion "IDS: The state of current technology" at 1400 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Layoffs are a bitch.
By day, Darkcube **WAS** a Solaris security researcher for an unnamed company in Silicon Valley. He sharpened his techniques as a fairly active member of the computer and telephony underground, which he's been in contact with since 1994.
In February, <company> laid him off, with a pretty nice severance package, to boot.
After blowing his severance package on vinyl, drugs, and women, he moved back to Detroit for the Rubi Con 2002 weekend. Yes, NFF and him made the SF to DTW drive in that van in under 32 hours. Yes, they only got pulled over once. Yes, it was in Nebraska.
Since then, he's been working on quite a few interesting projects, both technical and media; rumors are afloat of a documentary film in the spirit of "Hackers 95" being produced.
This year, Darkcube's going to present a panel discussion with a few other notorious members of the Detroit underground. The focus of the panel will be the discussion of real-world applications of underground technologies and methodologies. Topics that might come up in the panel include: Staying out of *real* trouble; Making one's self *really* invisible; How to deal with police/investigation; And what exactly to do with these sk1llz0rz you picked up along the way. Darkcube will be presenting "...Let's see if I know the ledge" at 2000 on Saturday in Room A.
This panel is classified NC17-BYOB-CYA.
|
|
|
|
|
|
|
|
|
|
|
|
|
Myself will not be talking at length about firewalls, VPNs, cryptography, intrusion erection, administration, Linux, script kiddies, programming, Beowulf, or anything else that so many others have more than adequately covered. Instead, Myself likes to remind us that our computers would be little more than exotic calculators if it weren't for the circuits that connect them.
A telco geek with too little supervision on the job, Myself likes to curl up with a good manual, frequently while sprawled out in the cable rack above an ESS machine. A background in computers and electronics, and the ability to explain almost anything to almost anyone, should make for an interesting talk. Bring your questions! Bring your t-berds! And bring the numbers you found while wardialing that you couldn't make sense of!
Myself will be presenting, "Playing with Myself: Two hours of fun" at 1000 on Sunday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
There is a natural order, the way things are meant to be. An order that says the good guys always win, that you die when it's your time or you have it coming; that the ending is always happy, if only for someone else. Now, at some point it became clear to us that our path had been chosen and we had nothing to offer the world. Our options narrowing down to petty crime or minimum wage. So we stepped off the path and went looking for the fortune we knew was looking for us. Once off the path you do what you can to eat, to keep moving. You don't blow your ghost of a chance with nickel and dime. No possessions, no comforts. Need is the ultimate monkey. A pint of your blood is worth twelve bucks. A shot of cum, three grand. The longest distance between two points is a kidnapper and his money, and a plan is just a list of things that don't work out. Whether the ending is happy or not... depends on how closely you look at the details.
rious will be participating in panel discussion "Linux Wars: My distro is better than yours" at 2100 on Friday in Room B.
rious will also be participating in panel discussion "Wireless: Convenience and risk" at 1800 on Saturday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr. Erickson has over seven years of experience in the realm of computer security. He has spoken at computer security conferences around the world, from Chaos Communication Congress in Berlin to the standard blend of DEFCON-esque conferences in the US. He works as a Cryptologist and Enterprise Security Designer for a healthcare infrastructure consulting company in San Francisco. In addition, Mr. Erickson also runs Phiral Research Laboratories, an independently funded think-tank dedicated to the research and analysis of a myriad of computer science related projects.
Mr. Erickson will be presenting an as yet undetermined session. Whatever it is he will do it at 1900 on Saturday in Room A.
|
|
|
|
|
|
|
|
|
|
|
|
|
Former members of the ill-fated Amerisuk Communications, and active members in the "419 scene," c0rr, doc, and perplext opted to keep the scene alive as well they knew how, and have continued to meet and delve into various aspects of computer security, programming, radios, and ethics. Bringing a combined experience of over 30 years of experience with computers, and doc's 12+ years of experience with radios, the three make up a large portion of the "419 crew" (name coined by Admin-X while explaining his rivals in last years information page.)
419 will be presenting "Introduction to hacking in modern times" at 2200 on Friday in Room A. They will provide general overviews of modern hacking methods, and if time allows provide a few demonstrations of modern attacks, and possibly common ways to bypass IDS's. 419 will address many of the basic concepts surrounding the computing underground, the misconceptions that make the "hacker" community so misunderstood, and how the underground is changing as technology advances and the culture evolves.
419 will also be presenting "Ideas from the 419" at 2100 on Saturday in Room A. Each member will give a 20 minute talk on three topics (c0rr: Currently deciding his topic; doc: "Radios and wireless, from AM to 802.11b"; perplext: "When Web Apps Attack") in which each member will propose some insights they have found while working or playing and show potential problems or exploitations that could result.
|
|
|
|
|
|
|
|
|
|
|
|
|
A network support specialist and network administrator for one of northwest Ohio's oldest ISPs he brings a Knowledge of MTA's (mail transport agents) and spam management. Everyday he battles thousands of incoming spam messages protecting users from the much needed (and often requested) Viagra ads. Armed with his CCNA and a knowledge of regular expressions he thwarts much of the spam coming on to his network.
With this knowledge he will be presenting "Spam: Chew without Choking" which will review how many email systems filter spam. Areas of focus will include Vopmail (now ModusMail) by Vircom and QMail (an open-source alternative for sendmail.) Attendees of his speech will receive copies of his automated mail system install for most *nix systems. This package includes the increasingly popular Spam assassin. IBurnMyCd will be in presenting "Spam: Chew without Choking" at 1500 on Friday in Room A with a whole bunch of CDs.
|
|
|
|
|
|
|
|
|
|
|
|
|
Denis A. Baldwin is 50% cyborg, 50% bullshitter and 50% womanizer, with a dash of curry and two tablespoons of flaming homosexual. By day, he roams the streets as a tow truck driver. At night, he is part of a covert task force in charge of protecting the real identity of one Jeffery Paul. Don't fuck with the fat man in the trench coat. No, not Darkcube. The other one.
Mr. Baldwin will be participating in panel discussion, "The state of the tech economy" at 1000 on Saturday in Room B.
Mr. Baldwin will also be participating in panel discussion, "Digital rights and the DMCA: Don't tread on me" at 1600 on Friday in Room B. Mr. Baldwin will also be participating in panel, "Full disclosure: Drawing a line in the sand" at 1000 on Sunday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Born and raised on the rough streets of northeast Wyandotte, this notorious gangster has most definitely earned his "white boy gangsta appeal" from traveling from the south end of Michigan to the northern most suburbs of the city we like to call Detroit. After multiple initiations to lots of bad bad gangs, Slim mo glock 9 is here at Rubi Con, where the hallways of the hotel are dangerous, and the cristal is always poppin.
Slim mo glock 9 will be doing a presentation on "Thug life: I am a wannabee gangsta with tha skillz" at an undetremined time and place. Outlining such things as street terminology, rolling techniques, and how to outfit yourself for an all out street war. Maybe even touching on the subjects of how to keep yo bank rollin, and how to deck yo car out phat yo.
Mo = formerly Glitch9x
|
|
|
|
|
|
|
|
|
|
|
|
|
Bio pending.
Skaphreak will be presenting "Demo of Xstrings" at an undetermined time and place.
|
|
|
|
|
|
|
|
|
|
|
|
|
after being sold to the us government for an ultra rare pokemon cards the Japanese JDF turned him over just on a lease for a few combined operations. After many futile attempts by many governments to steal him to have all ended in flowers being sent to the embassy of the enemy. after being taped to eliminate ""his new mission is to infiltrate a subversive group "rubi-con" and eliminate its leaders and one undisclosed target that is attending the event. his cover is that of a young "hacker" and member of the local hacker "underground" he has managed to stay undetected for many years.
who knows when he will strike or who will be his target.
ech0 will be presenting, "David vs. Goliath: My gun is bigger than yours." ech0 will speak on the advancement of technology in warfare. The speech will be an open debate on technologies place in war the history of the progression of weapons of war high tech vs lo tech armies. And a look at the tools of the trade both N.A.T.O and Soviet bloc made items.
|
|
|
|
|
|
|
|
|
|
|
|
|
A network engineer at an online supply chain management ASP. He has witnessed his company ascend to great heights, only to get too large too quick, and almost kill itself. He has seen more colleagues get their jobs, work hard as they can, and get laid off. Prior to this job, he entered the tech field professionally in 1999 during the height of the .com boom. He watched the company proceed without a business plan, or customers, and rode the company into its decent towards eventual failure during the .com fallout of 2000. He has witnessed more corporate mismanagement in the last two years than some have seen in their entire lifetime. As such he has noticed several mistakes that set growing companies up for failure.
Mr. Timmins also works in the security field, running the firewalls and defining security policy at several corporations in the Metro Detroit area. He has witnessed several attacks first hand, both being a victim of them, as well as watching them being performed on others. He know what works, and what doesn't. He feels that full disclosure helps in making intelligent decisions to mitigate risk. Mr. Timmins has been interested in the security field ever since watching Wargames in the early 1980s.
Outside of work Mr. Timmins often experiments with security, researches wireless networks (802.11b and ricochet), and play with phones.
Mr. Timmins will be participating in panel discussion, "Full disclosure: Drawing a line in the sand" at 1000 on Sunday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
Now you will receive us. We do not ask for your poor or your hungry. We do not want your tired and sick. It is your corrupt we claim. It is your evil that will be saught by us. With every breath we shall hunt them down. Each day we will spill their blood 'til it rains down from the skies. Do not kill, do not rape, to not steal. These are principles which every man of every faith can embrace. These are not polite suggestions, these are codes of behavior and those of you that ignore them will pay the dearest cost. There are varying degrees of evil. We urge you lesser forms of filth not to push the bounds and cross over into true corruption, into our domain. But if you do, one day you will look behind you and you will see we three, and on that day you will reap it. And we will send you to whatever god you wish. And shepherds we shall be, for thee my Lord for thee, power hath descended forth from thy hand, that our feet may swiftly carry out thy command. We shall flow a river forth to thee, and teeming with souls shall it ever be. In nomine patrie, Et fili, Spiritus sancti.
Project Nexus will be giving a speech on how to take avantage of every day situations. Making a tazer out of a disposable camera, basic entry stratigies, and much more. Project Nexus will be presenting "Project Nexus' Guide to Life" at 1200 on Sunday in Room B.
|
|
|
|
|
|
|
|
|
|
|
|
|
As part of the advanced scouting mission and vanguard to the invasion army, "Jim Nieken" spends his days collecting intelligence on Earth peoples. From defensive capabilities and governmental mechanisms, to natural resources and analyzing the potential for 6 billion new slave laborers. At night he dreams of crushing this abhorrent rock, shackling it forever under the tyranny of the Imperium. When the war fleets arrive, blood will rise like a tide. Under blacked skies and scorched earth, humanity will kneel before our falchion as they are slaughtered mercilessly. By the thousand hands of God, this planet will be purged! "Jim" wishes only to complete his mission and return to the tender embrace of the home world.
"Mr. Nieken" will be participating in "Rubi Con: Our black history" at 1300 on Saturday in Room B. With fellow co-conspirators Ron, Darkcube, RijilV, and other assorted pranksters, jokers, and professional knuckleheads, we will careen down memory lane to bring you all the nefarious and shockingly illegal tactics that went into making Rubi Con a reality, and before that, bringing the very idea of Rubi Con to life. Expect fist fights.
"Jim Nieken" may be presenting "All users must die: Tales from tech support" if a need presents itself. "Mr. Nieken" will address systems design with a user focus. The session will discuss why interfaces fail, why most modern software is insufficient to meet the needs of users, and why simple is better. The adage, "It's the designers fault that users are stupid" will be explored. The presentation will include numerous examples of systems failure from "Mr. Nieken's" illustrious, 20 year career supporting users at a very large U.S. based automobile manufacturer.
"Jim Nieken" will also be on call in the event of an absent speaker. He will sing, dance, and violently extract the cerebrospinal fluid of random audience members to quell his ever-growing hunger.
|
|
|
|
|
|
|
|
|
|
|
|
Linux wars: My distro is better than yours
You already know your distro is vastly superior in every respect, so why not let everyone else know? This panel will explore the popular (and not so popular) Linux distributions available today, and compare their strengths and weaknesses. Do you have a grudge against Caldera? Do you swear by Bastille? Do you have a particularly funny Red Hat joke? Our panel of Linux wizards and their violent opinions will lead this discussion on the merits of different technologies and competing designs. Our moderator will keep the discussion moving with comments and questions from the audience. Dogma and ideological slants welcome. Panel "Linux wars: My distro is better than yours" will run at 2100 on Friday in Room B. Participants include RijilV and rious. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: General information on every distro from ALT to Yellow Dog at DistroWatch (http://distrowatch.colug.net). Commentary from Slashdot, "What are the Real Differences Between Distributions?" (http://ask.slashdot.org/article.pl?sid=02/11/27/0740214&mode=thread&tid=106). Satirical, but poignant, commentary,"Elite Nerds Create Linux Distro From Hell" (http://humorix.org/articles/may00/hellix.shtml).
|
|
|
|
|
|
|
|
|
|
|
|
The state of the technology economy
This panel will explore the conditions for technology workers today. We may never again see the soaring opportunities (and equally soaring salaries) available at the turn of the century. What is there left? And what is there left to do? Our panel will discuss suggestions for dealing with a leaner technology industry, and where it appears to be heading. Our moderator will keep the discussion moving with comments and questions from the audience. Personal stories are welcome, both good and bad. Have a horror story (like leaving a good support job for Phoenix for no good reason...) or a success story (like $110,000 annually for number tricks)? Panel "The state of the technology economy" will run at 1000 on Saturday in Room B. Participants include Paul Timmins and Karl Mozurkewich. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: Low expectations from USA TODAY, "Pessimism rules once-euphoric tech sector" (http://www.usatoday.com/life/cyber...). Better prognosis from TheStreet.com, "Where's the Tech Sector Headed? Up, Say These Fund Skippers," (http://www.thestreet.com/funds/mutual...).
|
|
|
|
|
|
|
|
|
|
|
|
Peer to peer: Issues of legal and technological significance
Is peer to peer good for anything besides piracy and porn? Maybe. This panel will explore the legal and technological state of peer to peer networks. This technology has galvanized the recording industry into the RIAA, and is said to be mainly responsible for creating the DMCA. Peer to peer is also a democratizing force, seemingly immune to corporate ownership. This panel will ask: Are peer to peer advocates nothing but whining pirates? And are corporate interests crushing the most significant democratizing technology since the birth of the Internet? The panel will also address the scalability and usefulness of competing technologies, and what makes peer to peer significant. Moderator Karl Mozurkewich will keep the discussion moving with comments and questions from the audience. Panel "Peer to peer: Issues of legal and technological significance" will run at 2000 on Saturday in Room B. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: Some general information from Internet Technology, "Week 1 Report: Peer to Peer Networking Technology" (http://www.ics.uci.edu/~abhor/ics243d/p2p.htm). A discussion of the technical risks associated with peer to peer from Network Magazine, “Emerging Technology: Peer-To-Peer Networking Security” (http://www.networkmagazine.com/article...).
|
|
|
|
|
|
|
|
|
|
|
|
Wireless: Convenience versus risk
From the promise of Bluetooth to the rush of Wardriving, we are as familiar with the explosion of wireless networking technology as with the vulnerability of wireless networks. And to the user, the issue is this: the thrilling convenience of new technology, balanced against the high risk of attack. This panel will explore these issues, and address these questions: Is it worth the risk to adopt wireless technology? What, if anything, can be done to make wireless as secure as traditional networks? Do hackers have an obligation to address security vulnerabilities beyond exploiting them? Our moderator will keep the discussion moving with comments and questions from the audience. Panel "Wireless: Convenience versus risk" will run at 1800 on Saturday in Room B. Participants include Brian Deline, rious and Tony (AKA Xam R. Time). Those interested in participating should contact one of our speaker organizers.
|
|
|
|
|
|
|
|
|
|
|
|
IDS: The state of current technology
Intrusion detection systems and firewalls are the gatekeepers of protected networks. IDS has advanced considerably in the last several generations, and this panel will explore some of the technical aspects of available products and procedures. HIDS and NIDS will be discussed, as well as how IDS integrates with the firewall, and with the enterprise network. Advances in the latest generation of products will be addressed and new techniques for anomaly detection and signature recognition. Our moderator will keep the discussion moving with comments and questions from the audience. Panel "IDS: The state of current technology" will run at 1400 on Saturday in Room B. Participants include Brian DeLine, Reverse Corruption, and Jason Damron. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: Robert Graham offers the helpful, "FAQ: Network Intrusion Detection Systems" (http://www.robertgraham.com/pubs/network-intrusion-detection.html). Network Computing offers an informative review of the leading IDS contenders, "Dragon Claws its Way to the Top" (http://www.networkcomputing.com/1217/1217f2.html).
|
|
|
|
|
|
|
|
|
|
|
|
Digital rights and the DMCA: Don't tread on me
Are the DMCA and Palladium the evils they are made out to be? Probably. Are governments bowing to the dark, Orwellian fantasies of profiteering corporations? Probably not. Though this issue stands as among the most pivotal the computer literate have (and possibly will) ever face, there must be some middle ground, or room for debate. Take a stand: Copyright holders have rights. Those rights are attacked by widespread copying of media across electronic and personal networks. Copyright holders have, among their rights, the right to defend their economic interests. Enter the DMCA and Palladium. Take a stand: Consumers and the Public (with a capital "P") have rights as well. Those rights include the right to choose our sources of media and information, and to consume that media as we see fit. The Public has the right to defend their rights with protest, activism, and other refusing to abide by unjust laws. Enter the vocal movement against the DMCA and questionable DRM implementations. Corporations would accuse consumers of piracy and theft. Consumers would accuse corporations of profiteering and forcing self-serving legislation through Congress. This panel will explore these issues, as well as the technical aspects of DRM technology such as Microsoft's Palladium, and the DMCA. Our moderator will keep the discussion moving with comments and questions from the audience. Panel "Digital rights and the DMCA: Don't tread on me" will run at 1600 on Friday in Room B. Participants include Denis Baldwin and Karl Mozurkewich. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: The very forward thinking 1997 short story by Richard Stallman, "Right to Read" (http://www.gnu.org/philosophy/right-to-read.html). A nice discussion of Palladium at anti-dmca.org, "Microsoft DRMOS Palladium --The Trojan Horse OS" (http://anti-dmca.org/DRM-OS.html). LearnAboutLaw.com offers the helpful, "A Digital Millennium Copyright Act Primer" (http://www.learnaboutlaw.com/learnaboutDMCA.htm).
|
|
|
|
|
|
|
|
|
|
|
|
Full disclosure: Drawing a line in the sand
There is tension here: Security through obscurity is no security at all, and all security is security through obscurity. Proponents of the full disclosure argument assert that exposing vulnerabilities not only hastens their repair, but promotes developers to write better code (Microsoft having very famously shifted focus to provide security at the core of their software, for instance.) Detractors point out that full disclosure merely delivers weaknesses and weapons into the hands of hackers (the rather famous proliferation of BackOrifice, in its time, and similar tools, for instance.) This panel will address these issues and explore the questions: Is full disclosure simply "information anarchy," as Microsoft's Scott Culp states? Are developers deserting their responsibility by ignoring vulnerabilities, finding it cheaper to do nothing than to release patches? Does the practice of publicizing vulnerabilities help more than it hurts? Does the practice of releasing scripts and tools that exploit vulnerabilities help more than it hurts? Panel "Full disclosure: Drawing a line in the sand" will run at 1000 on Sunday in Room B. Those interested in participating should contact one of our speaker organizers.
Supplemental reading: Bruce Schneier's insightful addition in the November, 15 2002 Crypto-Gram Newsletter (http://www.counterpane.com/crypto-gram-0111.html). SecurityFocus offers, "Full Disclosure is a necessary evil" (http://online.securityfocus.com/news/238). CNET offers an interesting interview with Scott Culp, program manager for Microsoft's Security Response Center, "Security woes: Who is to blame?" (http://news.com.com/2008-1082-275588.html).
|
|
|
|
|
|
|
|
|
|
