The Edge of I-Hacked

via Gadget Lab from Wired.com.

“There are zillions of people around the world doing this,” says Altman, referring to the swell of interest in do-it-yourself projects and hacking. “It’s a worldwide community.”

At the center of this community are hacker spaces like Noisebridge, where like-minded geeks gather to work on personal projects, learn from each other and hang out in a nerd-friendly atmosphere. Like artist collectives in the ’60s and ’70s, hacker spaces are springing up all over.

There are now 96 known active hacker spaces worldwide, with 29 in the United States, according to Hackerspaces.org. Another 27 U.S. spaces are in the planning or building stage.

Located in rented studios, lofts or semi-commercial spaces, hacker spaces tend to be loosely organized, governed by consensus, and infused with an almost utopian spirit of cooperation and sharing.

“It’s almost a Fight Club for nerds,” says Nick Bilton of his hacker space, NYC Resistor in Brooklyn, New York. Bilton is an editor in The New York Times R&D lab and a board member of NYC Resistor. Bilton says NYC Resistor has attracted “a pretty wide variety of people, but definitely all geeks. Not Dungeons & Dragons–type geeks, but more professional, working-type geeks.”

Here is my ESTIMATION for the talks that I plan to attend, however as in all the past ‘cons I have attended my schedule could be described as “Aggressive”. This is one of those years that there are so many talks that have my interested, there is plenty of times I wish there was three of me. The speakers and organizers of Defcon have really put up a good show this year.

I will be twittering (tweeting?) the talks that I end up in — if nothing else for a reminder incase I somehow “misplace” those memories later that night.

FRIDAY: Ah the first day of defcon. Probably will be nursing a hangover, so kinda keep it down ok guys?

10am
Ben Feinstein – The Wide World of WAFs. May bounce to “Welcome by DT & Making the DEFCON 16 Badge with Joe “Kingpin” Grand”

11am
I plan on bouncing between:
Joe Cicero – Hacking E.S.P., Panel: Hacking in the Name of Science, and The Phreaking Callenge. and LUNCH.

12pm
Roger Dingledine – Security and anonymity vulnerabilities in Tor: past, present, and future

13:00
Tough call but I think I am going to hit Greg Conti – Could Googling Take Down a President, Prime Minister, or an Average Citizen?

14:00
Really looking forward to this one: Nathan Hamiel & Shawn Moyer – Satan is on my friends list: Attacking Social Networks.

15:00
Need a break time.. Probably will be finding some beer & hitting the vendor booths. If I dont need a break, I will be attending Wendel Guglielmetti Henrique’s Playing with Web Application Firewalls talk.

16:00
DEAR DEFCON. I HATE YOU! How do I choose between David Maynor & Robert Graham – Bringing Sexy Back: Breaking in with Style, Blake Self & Durandal – Free Anonymous Internet Using Modified Cable Modems, & Fyodor – NMAP-Scanning the Internet?? Right now I am thinking I will hit Blake & Durandal’s — but I have never forgiven myself for missing Maynor & Graham’s last talk. (and Fyodor is just a pimp)

17:00
Matt Yoder – Death Envelope: Medieval Solution to a 21st Century Problem,

18:00
Guy Martin –Sniffing Cable Modems

18:50
um.. “social” time. Let me apologize in advance. Possibly hitting the securitytwits dinner.

SATURDAY: Man, its 10am already? But.. Um, we never went to sleep!?

10am
Joe “kingpin” Grand & Zoz – BSODomizer or Nelson Murilo & Luiz “effffn” Eduardo Beholder: New WiFi Monitor Tool… Still undecided.. (((JG hook me up with a pcb =)))

11am
Thomas d’Otreppe de Bouvette “Mister X” & Rick Farina “Zero_Chaos” Shifting the Focus of WiFi Security: Beyond Cracking your neighbor’s WEP key.

12:00
Jay Beale -Owning the Users with Agent in the Middle. Probably going to pop over to Jur1st’s for a bit (CCCKC Represent)

13:00
Alexander Lash – Taking Back your Cellphone & Lunch

14:00
I never miss a Major Malfunction talk, therefore I will be feeding my SAT Monkey.

15:00
Mati Aharoni BackTrack Foo- From bug to 0day.

16:00
Mike Perry 365-Day:Active https cookie hijacking.

17:00
Don Blumenthal What to do when your Data winds up where it shouldn’t.

18:00
Setting up for the Podcasters Meetup & I-Hacked Party!

21:00
LIVE PODCAST

22:00 PARRRRRRRTY!

Sunday: ugh.. I am too old for this. Seriously why did I think that was a good idea last night?

10am
Bruce Potter -Malware Detection through Network Flow Analysis.

11am
Dan Kaminsky TBA?

12:00
Simon Howard – Race-2-Zero Unpacked.

13:00
Paul Craig – Compromising Windows Based Internet Kiosks.

14:00
Panel: Black vs. White: The complete life cycle of a real world breach. & Lunch!

15:00
Taylor Banks & Carric. – Pen-Testing is Dead, Long live the Pen Test.

16:00
Tottenkoph, Rev & Philosopher Hijacking the Outdoor Digital Billboard Network.

17:00
Awards Ceremonies hosted by Dark Tangent

WHEW! Thats a lot of talks — I cant wait!

from PodcastersMeetup.com

Well, this year marks the first annual DEFCON Podcaster’s Meetup, and we will be doing it in STYLE. For those of you who made it out to the second annual Podcaster’s Meetup at ShmooCon, we ran into some hitches like sound, but as we grow, so do the problems. Let me start off by telling you some sweet news. We are nailing down time in a SkyBox So we will have plenty of room, piece and quite for recording, and a nice view over the con, plus NO WALKING TO THE PARTY. We will have it right there in the box

To Podcasters,
I need to know as soon as possible how many already are set to go, those intending on getting set up and those who can’t make it. Also, if the idea of getting in free pushes you over the ‘going’ edge, we may be able to work that as well. Also, on that note, please forward this, like a Microshaft chain letter to any other podcasters that may be going, give them my email address so we can start a dialog and work out any kinks in their plans.

To Potential Sponsors,
I have included you in this email because I want you to understand the possibilities of this event. It will be at DEFCON 16. The most well known security / hacker conference. If you want to send fliers, stickers, drinks, money, or prizes, we can work out the details. We will be recording and broadcasting a live show from DEFCON which usually brings in 100 local and up to 500 remote viewers. It is then rebroadcast on which ever podcasters or vidcasters distribution that wants to and that could range from 10,000 to 1 million potential viewers.

As information is updated and confirmations come in, I will be updating the collaboration site: http://www.podcastersmeetup.com/ . Feel free to post or forward this information on to who every you like.

If you would like an account in order to broadcast your presence at the event, please signup and I will upgrade your user level.

For those who may not know: DEFCON 16: August 8-10, 2008

Thank you for your time, and I look forward to hearing from you,
Rob Fuller, a.k.a. Mubix

I-Hacked will be the host for the Podcaster’s meetup, and will be throwing a party later that night.. Any and all are invited. Those I-hacked readers that find us might get something special.

from Sean Bonner
[via Hack a Day]

As builders of improvised electronic devices, we’re worried that we may find ourselves running afoul of the law. Lucky for us, we’ve got the advice of Regent University Law Professor James Duane on using the 5th amendment. He runs through many examples where saying anything at all, truth or otherwise, can get you into trouble. Embedded below is the other side: Officer George Bruch discussing some of the interview techniques he uses.

from Irongeek.com

Finding Promiscuous Sniffers and ARP Poisoners on your Network with Ettercap

Most of you are familiar with using Ettercap for attacking systems, but what
about using it to find attackers? This tutorial will cover using Ettercap to
find people sniffing on your network. The plug-ins we will be using are
search_promisc, arp_cop and scan_poisoner.  Have fun detecting network
sniffers.

If the embedded video below does not show RIGHT click here to save the file to your hard drive.

from Iron Geek

A cryptographic hash function takes an input and returns a fixed size string that corresponds to it, called a hash. Cryptographic hashes have a lot of uses, some of which are: detecting data changes, storing or generating passwords, making unique keys in databases and ensuring message integrity. This video will mostly cover detecting file changes, but I hope it gets your mind going in the right direction for how hashes can be used. Specifically covered will be tools for creating MD5 hashes in Windows and Linux.

After spending a few days at Shmoocon, I have officially claimed the title Badge Hacker or maybe ConSocial. The talks were very educating and ranged from “almost hacking your own company” to “0wn1ng a business man every which way”. It was great to see that what is being exposed is actually being used to make change. Deviant of http://deviating.net/lockpicking/topics.html spoke out that companies such as Master Lock are making changes to their locks after exposing how easy it is to bump a lock.

I meet up with Johnny Long and we chatted about his new book and how 100% of his proceeds will be going to Africa. We hooked him up with some i-hacked.com swag for his new foundation hackers for charity. I did meet up with Muts from offensive-security who did show off some of his bad ass BackTrack skills. I must thank him for his time and the swag. If you want Back Track training offensive-security is the place to go.

Later that night I met up with the pod cast crew of hak5. After many “non-alcoholic” (yeah right) drinks I talked everyone into crashing “katsucon”. For those like my self that have no idea what the hell I am talking about, it’s a con for animation. To make a long evil story short – we got in, we partied like rock stars and we were amazed at the huge arcade that they had. Props to the DJ of katsucon who mixed in samples of Anonymous. Check back soon for the video of the CON.

Photos

Eric D. Schabell » Linux courses
The following Linux courses have been created by me, released under the GFDL . They can be viewed in slide format online, but for a more complete introduction to the material I am available for teaching contact information is listed at the bottom of this page. I have taught these courses commercially…

from Howstuffworks

On August 10, 2006, authorities in Great Britain announced that they had arrested several people in connection with a plot to attack airplanes with liquid explosives. The attackers planned to disguise the explosives as ordinary liquids and smuggle them aboard. For this reason, authorities in both the United States and Great Britain warned all passengers that liquids would not be allowed in carry-on luggage until the crisis passed. The ban on liquids included hair spray, shampoo and beverages — items people travel with all the time.

So what exactly are liquid explosives, and what do they do? Most explosives work in basically the same way. They burn or decompose very quickly, producing lots of heat and gas, which rapidly expands and can tear things apart. Usually, an explosive material requires some kind of stimulus, like heat or shock energy, to get the process started. You can learn more about different types of explosives in How Bombs Work.

Many people don’t think of explosives as liquids, though. Most of us imagine them as solids, like gunpowder or C-4. But you’ve probably heard of one liquid explosive already — nitroglycerin. Nitroglycerin was invented in 1847, and it’s made by adding acids to glycerin. Since exposure to it dilates people’s blood vessels, it’s used as a medical treatment for angina pectoris, or heart pain.

from Max Kiesler

With the popularity of AJAX growing every day I’ve had the opportunity to collect and try out many more tutorials in the last several months. These examples and how-to’s represent the best tutorials that I’ve personally used or otherwise had the opportunity to work with out of the overall group. This post is intended for individuals who learn best by example. Most of the listed tutorials come complete with instructions and source code. I’ve also categorized all of the tutorials for easy browsing. Enjoy!