The Glider

I had a thought, since mainstream media is completely ignoring SOPA, PIPA, NDAA (etc) maybe we can make it very uncomfortable for them to continue to do so. I thought, what if people, a lot of people started posting on the facebook pages of media outlets (local, national, comedy relief -- like the daily show, colbert report, etc) messages asking "why aren't you covering these stories" maybe they would get the hint that the public at large cares about these issues and they should be talked about.

We could force the media essentially to "awaken" the general public about these very important issues by hacking them.

Social media can be a very powerful tool to effect change, a very effective tool to hack the mainstream media.

Talked to a security guy that had info on how poor some ATM machines are secured.
This only works on ATM's that you can see the lock on the 1st outermost door and aren't enclosed in a case.
Firstly, he said the better of the ATM machine thieves wear a mask and gloves. The camera is decent enough to get you if you don't.
The 1st door lock can be bypassed with a mac machine key which can be bought off the net.
Once you get that door open your faced with 2 alarms:
1, the callback alarm to the bank's security
2, a GPS notifier in case you think you're walking out the door with the machine
Once opened you have at most 5 minutes to get in and out
The safe can be found easily and can be picked or opened with the same master key
A typical ATM carries about 30 grand

Jackpotting is what they call it

I had the most peculiar dream last night.

I dreamt that #defcon20 was being held in Worthing (South Coast UK), and the Defcon Goons were all there, sipping tea and sitting on chairs in the cricket pavillion, while everyone else had gone to the Rio at Las vegas because they thought the location sent out to everyone was just a Goon joke. There was a miniture train that ran across the cricket pitch, but it wasnt on rails, and it kept running people over, then reversing over them.

There was also a section where I was sitting on a toilet on the cricket pitch, and someone stole all the toilet roll, but the less said about that the better!

I must stop taking such strong cold medicine just before I go to sleep... or maybe I need to take more.. MUCH MORE...

Dont ask me what it all means, I really have no idea. Anyone like to try to interpret this, feel free :)

This is a particularly interesting security vulnerability because it relies on the algorithmic properties of the data structures people use to build their applications:

http://jruby.org/2011/12/27/jruby-1-6-5-1

tl;dr: if an attacker knows an application uses a particular hash function and can make that application hash data, it can ensure all the values it sends wind up in a particular "bucket" within the hash table. Normally hash tables solve this problem by expanding the number of buckets and rebalancing the data, however an attacker with sophisticated enough knowledge of the hash algorithm being used can craft keys which will always hash to the same bucket.

Flooding a particular bucket with data negates the algorithmic properties a hash table normally affords, and could be used to selectively make particular data in a system unavailable by flooding the bucket it's in with garbage data.

This is interesting in that it's not just a specific attack on a particular framework/platform, but an idea that can be applied to any systems that hash user input with known algorithmic properties.

A friend of mine is putting a DCTV Filler / TV Carnage-style clipreel of all the hilariously stupid shit TV shows and movies do when they try to portray hacking / digital forensics.

Here's the first little bit he put together... tracing IP addresses:

http://www.youtube.com/watch?v=MHT-i...53AUAAAAAAAAAA

He's looking for help locating clips... he has an old copy of the DCTV Filler and he's looking for things that aren't already all over YouTube.

It might be nice for him to get in touch with someone who does DCTV too (deviant ollam?)

http://www.foxnews.com/scitech/2011/...s-demonstrate/

I'm not sure what prompted HP to think that using unsigned updates was a good idea, but this ranks up there with the ad about hackers being able to explode your monitor and fill your face up with glass.

I did speak a few years ago to a red team guy that told me they once attacked printers to pull SNMP strings from the configs to help further their attacks into a blue network but this article from this HIGHLY CREDIBLE news sources makes me chuckle a little inside. This is the only other real printer hack I've heard of out there.

I for one would like to see this demonstrated at defcon 20, and if the hack doesn't work I'll bring some gasoline and help you burn the printer down :D

Greetings all,

I'm fairly new to the Defcon thread, but I have been lurking on and off for a while. I had a quick question about DC20.

I'm 18 at the moment, and I was wondering if there is any point in me going this year, or if I should hold off till I'm 21 so I can attend the parties as well. Opinions would be greatly appreciated

Thanks,
Star6966

There has been plenty of on-again, off-again talk about this in the past... but now some folk have come together and officially started maintaining a dedicated Hacker Con calendar.

Little did i know, some folk in the past have been actually using my personal schedule as a sort of hacker con guide, etc. I do get to a lot of events, but come on... there's plenty more that deserve to hit your radar! :wink: So we hope that this new calendar will be a useful resource.

The response has been great already, and with some tweaking I hope this can turn into something even more useful. As i mentioned earlier on the HackerCons twitter account, we could seriously benefit with something of a proper backend. Right now, folk are just sending me emails and i'm manually inputting items. I'd really like it if people were filling out a CGI-powered form which would drop entries (if they included all required fields) into a list of some sort. Then, folk with admin rights could log in and green light certain items via a web interface.

That is my ultimate vision (heh, maybe even with a tie-in to a Twitter Bot, etc!) but for now we're happy with the simple and easy to use calendar. If you think you can help with the bigger plans, feel free to let me know.

Or, if you just want to comment on the project and suggest new features, we'll listen to that, too. :biggrin:

Today, the ICM Registry released a statement outlining that online porn company Manwin, originally called Brazzers, who own many well known porn sites such as YouPorn.com, PornHub.com, Brazzers.com and Twistys.com will plan to file an antitrust lawsuit against ICM Registry and ICANN in conjunction with the .XXX domain Top Level Domain.

The ICM released the statement:
Source: http://www.thedomains.com/2011/11/16...cann-over-xxx/

https://www.eff.org/deeplinks/2011/1...break-internet

It's amazing the things the RIAA and MPAA will try and push through congress. This is akin to the great firewall of China, just over here now.

There's links to send letters to your congressmen(women), if you haven't already contact your representative and let them know what you think :)

I know this is a little political, but, I'm hopeful it's not a rule violation.