OK Computer

Defcon is now over. As you'd expect, the bottom line is that security is nonexistent, blatant holes are everywhere, and we should move back to paper and pencil communications (or maybe even stone tablets). The usual.

The conference was great. Here are some of the highlights of Defcon 15:

- 11 hours of classes with no breaks--yaay! Those of you who don't know me probably think, "surely she's being sarcastic." I'm not, for once. I like technology, I like classes and lectures, and I don't like breaks. I'm not just a workaholic, I'm an infoholic. If I'd taken a break, I would have missed something! I got tons of notes, too.

- The badge, as I mentioned in an earlier blog. Though sometime yesterday mine started freezing up. I noticed that the same thing was happening to other people too... I guess they followed the Microsoft model when they developed it. "Reboot required." (despite the glitch, the badge is still awesome)

- The whole issue with the NBC Dateline reporter. Yeah, I know, I talked about that already, too. It seemed to be the unintentional theme of Defcon 15.

- The poor guy in the "Hacking Social Lives: Myspace.com" (Rick Deacon's "assistant") who accidentally typed both his username and password in the login box... for a couple thousand people to see. Time to change the password for that account! And for all the other accounts that use the same password... :)

- Speaking of revealing passwords, I found the Wall of Sheep very entertaining. That's where they sniff the network for people using insecure logins for various things. They post the username and password (redacted, of course) for all to see. Hmm... searching "Wall of Sheep" on flickr led to this picture. What I actually meant was this.

- The wedding at the end of the award ceremony, for the new game, "Marry the Fed." IMHO, they should raise the bar next year by adding an extra rule: require that the two people who get married at the end of the conference must demonstrate that they were not dating at the start of Defcon. Hmm, I sense reality show material here...

- Priceless quotes (accurate? close enough). Sergey Bratus - "I developed a converter to convert Klingon to English so I could read the text of Hamlet like it was in its original Klingon." Jason Scott - "Wikipedia: It's like you built a really nice car, and then let 12-year-olds drive it into a wall repeatedly 24 hours a day."

- The TCP/IP Drinking Game was amusing. I actually knew some of the answers that the intoxicated experts didn't get (so maybe I had a sobriety advantage)...

- Entertaining shirts, various nerd slogans. "Legolas is my house elf." "Bic Pen Tester." (the latter was actually at Black Hat, not Defcon)

- The Black and White Ball. Great for people watching!

- Last, but not least, really good information. My favorites were "Aliens Cloned My Sheep," "CiscoGate," "Social Attacks on Anonymity Networks" (partly because I think Nick Matthewson has a great voice), "The Inherent Insecurity of Widgets and Gadgets" (though the speakers kept cracking jokes that the audience wasn't reacting to, like "If you're a werewolf, like I am, you probably are interested in adding a widget to tell you when the moon is full." No audience reaction.), and "Storing and Serving Malicious Content from Well Known Web Servers." I'm too tired to post recaps right now. Maybe later...

And I'll end this blog by posting a video to enlighten you on the grand beginnings of the Defcon enterprise:

Blondes are not to be trusted

The big news from Defcon 15 is that an NBC Dateline reporter snuck into the conference, pretending to be "just another attendee." Apparently she was planning this big expose, trying to find some 13 year old and make him confess to breaking into the Pentagon computer with his PSP (as the Dark Tangent described it). Nice. Understandably, people were not pleased. So the Defcon organizers established a new game: Spot the Reporter!

Early in the day they showed pictures of this reporter. Eventually they outed her, and she fled from the conference. This article contains a video of what went down. Note that you can see my rental car when there are 26 seconds left in the video.

Honestly, though, I was absolutely ecstatic about this entire event from the start. First thing in the morning, they flashed this picture on the screen of a thin, pretty blonde woman and said, "Don't trust her." As a brunette woman, I was very pleased with the effect. It was as if the organizers decreed, "OK, you thousands of attractive male nerds out there... be suspicious of any pretty blonde woman you see. Blonde women can't be trusted. Go for brunettes instead." Thank you, Defcon organizers, for encouraging a healthy fear of blondes.

Now if only that could just spread a bit wider...

My Defcon 15 Badge

This thing is awesome. The display starts out saying "I <3 DEFCON 15," but you can program the lights to display a <= 16 character scrolling message. Hmm. I want to figure out how to make animated characters.

Let's see... what else is on this thing?

At the bottom, on the back, it says "0100011101001111001000000101011001001111010010010100001101000101" ("GO VOICE" in ASCII).

The coordinates 42.34202 -71.069441 are at the top of the badge. According to Google, that's on Waltham Street, in Boston, MA. The closest address I can find is 44 Waltham Street, which appears to be the address of "Boston Pest"...?

Hmmm... gotta think thru this...

Update (8/4/2007):

After Kingpin's "Making of the Defcon Badge" session yesterday morning, people asked about the geocoordinates and "GO VOICE" in binary. He didn't explain the geocoordinates (said it was a part of hacker history that we should all know), but he did explain "GO VOICE." It's a tribute to the good ol' days of the Internet--after talking to someone on IRC or in your trusty BBS, you'd say "go voice" instead of "call me." Too bad; I was hoping it was something awesome like secret voice activation (visions of Denholm at the end of Yesterday's Jam run thru my mind).

No luck yet with the "hacker historical reference." I've googled names, technologies, locations... nothing. Let me know if any of you out there figure it out.

Update (8/5/2007, really, really early in the morning):

Aww, maaan, it was so obvious! I even thought of it earlier, but apparently didn't google the right things. 42.34202 -71.069441 are the geocoordinates for the old location of "l0pht heavy industries" (which later became @stake, which was even later sucked into Symantec). Kingpin, the badge designer, was in l0pht. They were located at 46 Waltham Street, Boston. I was so close!! Sorry for the delay in getting the info out. I'll do better next time, I promise.

I will add that Google Maps thinks 44 Waltham Street is at that location, not 46 Waltham Street. Bad software. Bad!! No treats for you.

Allez Fuzzing!

Sadly, Black Hat 2007 is now over. My first Black Hat. I learned lots. It inspired me to become even more of a nerd than I currently am. I <3 U, technology. Here's the short version ('cuz I wanna go play with my defcon badge. more on that later):

Black Hat low points:
- The annoying "Hackistan" guy. Seriously. Obnoxious.
- Too much red meat. Three out of four lunches this week were beef. What, did the organizers think all those nerds needed to beef up a bit? Sheesh.

Black Hat high points:
- Iron Chef: Black Hat. It was by far my favorite session. It was the static exploitation tool guys versus the runtime guys. The static guys found way more vulnerabilities, but weren't able to get an exploit tool running in the allotted 45 minutes, so the runtime guys won. Awesome. I hope they bring Iron Chef back next year!
- No-Tech Hacking with Johnny Long.
- Web 2.0 is fundamentally flawed. Amazing that most fancy new sites (gmail, hotmail, and whatever else uses Ajax and authenticates up front then pushes you into an insecure session) are vulnerable--just sniff the URLs visited, pull out one with a sessionid, paste it into your browser, and you're in their account! Doesn't matter if they change their password--you're in anyway! Gmail users--turn on SSL. For other sites... well, let's just hope that talk inspired people to secure their authentication systems!
- Satellite navigation injection attacks. I'd read about this on The Register several months ago, but it was entertaining to see their demos. I love the fact that you can broadcast a message like "bullfight in progress" and have it display in the middle of a freeway or something. Oh, I mean, what a terrible vulnerability. Shocking.

Enough for now. I'll probably think of more later.

Sorry, I've gotta take this call

You're out on a date. You didn't really want to go out with this person... it's mostly a pity date. You can only take so much conversation from this person.

Your phone rings. Relief!! "Sorry, I've gotta take this call." You answer.

So, who saved you? Technology! Yaay, technology. All you have to do to be saved from conversation misery is arrange to have the Popularity Dialer call at a pre-specified time.

That's even more useful than the Rejection Hotline. Hmm, that reminds me... I may need to bring that number with me on this upcoming trip...

Order v. Chaos

Beauty is in the eye of the beholder, as Margaret Wolfe Hungerford wrote. So today is all about art. The problem is that I can't decide which type of artwork I like best: order or chaos. Order? Islamic art, aka geometric art. Chaos? Fractals, aka nerd art.

Let's see what you think.

Geometric design #1

Fractal #1

Geometric design #2

Fractal #2

Geometric design #3

Fractal #3

Geometric design #4

Fractal #4

Geometric design #5

Fractal #5

So... which is better? Order or chaos?

Find True Love

I have discovered the secret to a happy and fulfilled life. And I have Google to thank! I wish I had known years ago what I know now. The secret is Google Maps. It will show you where you can find any of mankind's greatest desires. It's true! Here's what I get in my search for items on my wish list (and a few on the "avoid" list):

- Men: Brenoux Station, France
- True Love: Akron, Ohio
- Prince Charming: Amsterdam, Netherlands
- Power: Pagosa Springs, CO
- Fortune: Arkansas
- Happiness: Memphis, TN
- Wisdom: Montana
- Chivalry: Surrey, UK
- Life: Henderson County, TN
- Jealousy: US Virgin Islands
- Sadness: Knoxville, IA

Hmmm...

Hen Lotto

It's that time. Time for a recap of current TV shows! Yaay! These are the ones I consider noteworthy right now:

- Food shows. Three of them, to be exact. The Monday night boring pointless yelling one on Fox, and then the two I like. Let's contrast them. Next Food Network Star ends on Sunday night. I'm all for having guys pluck unruly eyebrows, but this guy is outta control. Put the tweezers away! Oh, right--the show. I'd prefer to have Amy win. In contrast, there's Top Chef, featuring this season's TALL GUY. Best line:

Guest Chef Judge: Wow, you're really tall.
CJ: Thanks for noticing.

- On The Lot. It's an anagram for Hen Lotto. Despite my Hollywood brother-in-law's feelings on the show, I've found the show to be entertaining. I like Will and Zach best. And I can't believe America has already voted all the girls off! Anyway, these are the films I've liked the best:

* Lucky Penny
* Nerve Endings
* Die Hardly Working
* Spaghetti
* Polished
* Dough: The Musical
* Danger Zone
* Worldly Possessions
* Broken Pipe Dreams
* Dr. In-Law

- Pirate Master. It's an okay show. They do have some interesting strategery going on. For instance, the current captain magically acquired a really fake British accent as soon as he put on his captain's jacket and hat. Plus they've already kicked off all the hot guys. Shame. UPDATE: I like the twist they added in today's episode, because it negated a significant portion of the strategery used by the captain and his mates. They brought back the eliminated players as "ghost pirates," and raced them for the treasure. Considering that they've been eliminating all the people they determined were their strongest competition, they've ended up creating quite a competition for themselves. Hmm, the show may be getting more interesting...

- Last Comic Standing, the International Version. Best line so far, from the Sydney tryouts:

I was watching a DVD the other day, and it had all this anti-piracy information at the beginning of it, you know? It was saying things like, “You wouldn’t steal a car, would you? You wouldn’t steal someone’s wallet, would you?” And I was thinking, “You know, that’s right! I wouldn’t steal a car.” But you know, if a mate of mine called me up and said, “Hey, I just got this new car, would you like me to burn you a copy??” I reckon I might consider it...

- Doctor Who. Creative as always. And, thankfully, I do like his new companion! Better than Rose? We'll see...

- Psych. It's back on! Hooray!

- Eureka. Nerd humor. Ridiculous and infeasible, but typically entertaining.

- Just for Laughs. I'm not impressed. It's an identical copy of the Just for Laughs that they show on BBC America periodically (though I think the show is originally Canadian).

- I almost forgot: Traveler! I watched the first few episodes of this show. It was painfully boring. Dumb plot line, and the frat boy main characters aren't interesting or cute. Even the dark haired blue eyed one (my favorite combination) isn't that attractive, with his googly eyes and perpetual confusedness. The show is now on my "please cancel" list. I never had a "please cancel" list before now.

Things that will be on soon:

- Dressed Up Crazy People and a Cheesy Host. Last season prompted much eye rolling. I haven't decided whether I'm going to watch this one yet.

- The IT Crowd. I love this show enough that I'm kinda expecting a disappointment. They're recycling British Moss. I wonder if he'll use an American accent for the show, like House. I bet his unique fashion sense will overtake the US IT community. Heck, it even makes ME want to wear a short sleeved checkered shirt with an ugly tie!

And I'll end on an IT crowd note. This is one of the reasons I love the show:

sudo this, sudo that.

Last week I bought a new computer. It's a fantastic laptop. OK, it's a laptop, but it's not fantastic. It was the cheapest one I could find. It doesn't actually have the minimum requirements to run Vista, but it came with Vista pre-installed. So the first thing I did was wipe the hard drive and install Linux (Ubuntu, since it has a pretty solid user base).

I'm now remembering why I stopped using Linux a few years ago. I like the open source movement and all, but I have to admit that I really like the fact that most hardware is automatically supported in Windows. And most software is easier to install on Windows. Under Linux, it's sudo everything. It took two days and a whole bunch of Googling, trial and error (mostly error), and vi under text mode, just to get the OS to recognize the cheap video drivers (sort of) and display at something other than 800 x 600. I probably should have written down which site had the instructions that finally worked. And if you want to run Java in Firefox on Ubuntu, I strongly recommend totally ignoring Sun's installation instructions and going directly to the Ubuntu user forums. Oh, and some network TV stations' online video options are only available to Windows or Mac users. Grr, so I still can't watch the "last" two episodes of Drive!

The trials of Linux. But at least this laptop runs faster than my other computer...

Like watching a real episode of House!

It's all there.

What's your candy preference?

Now's your chance to have your say. Vote for your favorite candy at the "Tourney of Sweets" on greaze.org!

OK, now I need to go to work.

Song of the Day

Plain White T's - Hate (I Really Don't Like You)



(posted for contrast. I like this song better.)

What will it cost you?

This will likely inspire you to do some shopping:

Please Help Save Emily

One day last week I saw a commercial for the local 11:00 news. They were talking about a new not-quite-official-yet disorder, known as Adult Picky Eating Disorder. After the 10 second clip and basically no additional background research, I have decided that my sister Emily must suffer from this. When she lived with me, the freezer was always stocked up with Smart Ones brand Three Cheese Ziti Marinara, and not much else.

Wondering how you can help expand her culinary horizons? I'm accepting donations. Simply send me a small donation (something ending in at least two 0s, on the left side of the decimal point) and I will do my best to encourage her to eat a wider variety of food. I plan to model her new taste in gourmet foods based on the culinary travels of Andrew Zimmern. I can't wait to see the look on her face when she tries mangrove worms or tripe soup for the first time. She'll love it. And she'll love us for encouraging her to try new things. It's all about being charitable.

Need help with your math homework?

Free tutoring over the phone!