Friday, July 29, 2005

DefCon 13 Part I

It doesn't usually take eight hours to fly direct from Seattle to Las Vegas, but it does when thunderstorms in Las Vegas cause your flight to be diverted to Ontario, California. Even that wouldn't have been so bad except for the fact that the flight crew had started at 3:00 am, so we had to wait for new pilots to arrive from LA. The flight attendants were continuing on to Anchorage, so their day was far from over.

The line for cabs at the Las Vegas airport was insanely long, like Disney World long. It took over an hour just to get a cab. I'm sure I could have walked to the hotel faster, but the temperature was still in the mid 90's and I had overpacked as usual, so the hike had less appeal than the insane snaking line. I got to the Hard Rock Hotel just before midnight, and had dinner in the "casual dining" restaurant while watching the ESPN coverage of a July 4th hotdog eating contest. I'm not sure which was more surreal, the contest or the generic sports commentary of it. All the clich├ęs and buzz words were in there: the rookie who held up under the media pressure and was worthy of watching in the future, the world champion described as "the Lance Armstrong of the sport," the lengthy background on the (female) challenger who might unseat the favorite. About two-thirds through, one contestant was having a very obvious struggle, holding is hand over his mouth and looking very distressed, the commentator explained, "you can't have a reversal at this stage under the rules of this competition." I experienced a morbid curiosity in wondering whether I was about to watch some guy's prolific hurl displayed on multiple wide screens for the viewing pleasure of the restaurant's dining customers. (The favorite did win with 47 hot dogs consumed in 12 minutes, although he didn't have his best game that day. His personal best is 53. The challenger placed second with high 30's, setting a new US record. But keep your eye on the rookie, he's the future in this sport.)

The late arrival meant I missed the Electronic Frontier Foundation pre-event, but they had a pretty strong presence at the conference so I got to hear updates on their work later.

Friday morning started bright and early, hoping to get through registration before it got mobbed. I wasn't there when the opened at 8:00, but getting there at 8:30 worked nicely.

DefCon two years ago was horribly overcrowded and I missed some of the sessions I most wanted to hear because the fire marshal has these fussy rules about how many people you can back into a room. The sessions run in three tracks and at least two of them looked to be quite popular. So, I headed to the conference room for the one I had cared the most about and camped out for the 10:00 session to start. Phillip Zimmerman, inventor of PGP, was set to announce his next big project.

Unfortunately, a) he was told that the talk was scheduled for 11:00 and b) he was stuck in the line for a taxi at Ceasar's Palace. So, he was late (or on time for the 11:00 talk if you prefer). His next big project is Secure Voice, doing secure phone calls with Voice-Over-IP peer-to-peer without needing an intermediate server. This could be a problem for the feds who want to keep things simple by requiring all phone service providers to have back-doors for wire taps.

In the impromptu session to fill the first time slot in Phil's absence, we heard about how biometric security systems work and how to attack them. The most interesting observation was that if you use your fingerprint to buy groceries and log onto your online banking account, then anyone who can break into the grocery store's system can get the biometric data needed to breaking into you bank account as well. Be careful to whom you give your fingerprint, retinal scan, voiceprint, etc.

The snafu in the morning caused one of the three conference tracks to slip by an hour. After lunch, I took advantage of a break in interesting session to take a catnap. When I got back to the conference for the next session on my list, I found that the schedule had been shifted back, so instead of being 30 minutes early, I was 30 minutes late to a sold-out session. Such is DefCon.

The EFF had a nice long presentation with Q&A. There was lots of good stuff there, too much to try to summarize here.

After dinner, I popped into the end of what looked like a very interesting session. He's been hired by a company with major bandwidth to do Internet security research and presented some interesting findings. The bit that I heard (and was able to understand) explained how some simple-minded anti-intrusion methods can lead to even more serious vulnerabilities. If Big Bank has intrusion prevention software the blocks access from an IP address sending malicious packets, an intruder can send packets with fake IP addresses so they look like they are coming from the DNS server for a major ISP. When Big Bank stops responding to requests from the ISP's DNS server, the attacker can then much more easily spoof fake answers to DNS queries for Big Bank's online banking server and start doing really bad things.

The last activity of the evening is Hacker Jeopardy. While they're setting up for that, I'll talk about food. At least in this small segment of Vegas it's amazingly difficult to escape cigarette smoke, especially in restaurants. Finding vegetarian fare is also challenging. Sitting down for a plate of token vege fare in a smoke-filled restaurant is not that appetizing. After exploring the Hard Rock Hotel, which is very smoky in all the public areas, and knowing what I found in other local establishments last time I was here, I finally decided to give the new German restaurant a try. It's the Las Vegas edition of the famous Haffbrau House in Munich. Not expecting much from a Germany restaurant, I was pleasantly surprised to find some reasonable food and a non-smoking section. So, I had fish and chips for lunch. Beer seemed like a reasonable lunchtime beverage (when in Munich, do as the Germans do), but 17 ounces seemed like a bit much, so I ordered the 10 ounce beer. It came in a cute little mug that reminded me of childhood mini root beer mugs at A&W restaurants. For dinner, I ordered the middle-sized 17-ounce beer, a cold cucumber salad and a creamy mushroom dumpling dish.

Ok, they've found the bottle openers. I looks like Hacker Jeopardy is ready to start. More later...

0 Comments:

Post a Comment

<< Home