What follows is a full list of all 100 talks (in alphabetical order) that will be taking place in the three scheduled tracks at The Last HOPE! MAKE will have a booth and will be doing some talks!
Advanced Memory Forensics: Releasing the Cold Boot Utilities
This talk will cover some of the issues involved with Cold Boot attacks. A description of the multiple methods (disk, network, etc.) developed for targeting computers whose memory is being targeted for extraction. The tools used for these experiments will be released here. In addition, code will be released that was written and has improved since the initial public release of these experiments. This includes a dumper using a standard iPod with unmodified Apple firmware. In addition, an improved AES keyfinding tool has been implemented. Great caution has been taken to not stomp on important bits in memory. All of the tools will be released as free software. Possibilities for protection as well as other ideas for improvement of the attacks in software and hardware will be discussed. The paper related to this talk can be found at http://citp.princeton.edu/memory.
AntiSocial Networking: Vulnerabilities in Social Nets
Social networking sites are ripe environments for attack – there’s an implied trust of those in one’s social circle, and the client side environment is full of options for browser-based attacks. In addition to the obvious privacy implications of all of our increasingly public online personae, the growing use of “business” social networking makes it a rich source of government and organizational targets as well. This talk will reveal the results of a series of public experiments pointing out some obvious (and some less obvious) flaws in a number of social networking sites, and make some recommendations on ways to improve their security posture.
The Art of Do-Foo
The one thing that sets a nerd apart from a hacker, a dork, or anyone else for that matter is simple. Nerds seek to quantify every facet of their lives. From baseball statistics to Star Trek trivia, there’s a little nerd in all of us. But true nerds pursue the quantification of everything. The idea of this talk is to quantify successes and failures within the New York City community. By utilizing modern information theory and simple statistics, we can isolate the key factors that have both positively and negatively influenced the culture in our region. Why have specific projects succeeded? Why have others failed? What are key factors in the success of a community? This talk will have fun exploring a roller coaster of statistical exploits on what may be one of the coolest and difficult to quantify datasets our planet has ever known. Learn how to get down with your nerd self in a fun and educational foray into the hacking culture, and the numbers that comprise it.
Autonomously Bypassing VoIP Filters with Asterisk: Let Freedom Ring
Foreign governments and ISPs within Panama, Belize, the Caribbean, Mexico, Brazil, the UAE, China, India, Saudi Arabia, and others have implemented VoIP filters of some type. The effect is obvious – phone calls are effectively blocked. How can Asterisk developers and providers develop mechanisms to help maintain communication through the wake of government supported access control mechanisms?
Bagcam – How Did TSA and/or the Airlines Manage to Do That to Your Luggage?
Ever wonder exactly how TSA or the airlines managed to destroy your luggage or what security measures are actually in place once your checked luggage disappears from view? After having yet another bag destroyed while flying several months ago, algormor decided to build Bagcam to find out what happens once the airlines have control of your luggage. Bagcam is a small suitcase containing a mini-DVR and pinhole camera. This presentation will cover the construction of Bagcam, potential future enhancements to Bagcam, and issues to consider should you decide to build your own Bagcam. In addition, various security measures currently in place for commercial passenger flights and the efficacy of these measures will be discussed. Finally, select footage will be presented from flights through Washington DC’s Reagan National Airport (DCA); Ted Stevens Airport in Anchorage, AK (ANC); Sky Harbor in Phoenix, AZ (PHX); Chicago’s O’Hare (ORD); and other airports.
Biohacking – An Overview
Biological systems are large assemblies of parts that function together following rules of basic chemistry. As systems, they can be studied, modified, and engineered for novel purposes. DNA molecules contain the information used to encode living systems, and methods exist for discovering and manipulating this information. This talk will cover the basic components of biological systems, including how DNA can be modified to make new proteins or genetically modified organisms, such as fluorescent mice, therapeutic viruses, or bacteria that eat explosives or smell like bananas.
Botnet Research, Mitigation and the Law
This talk will discuss current U.S. federal laws that affect botnet researchers and IT professionals defending against botnets. Existing methods of capture, analysis, and mitigation will be analyzed from a legal perspective. Likely scenarios and outcomes will be discussed in an accessible manner.
Building a Better Ballot Box
We all know by now the folly of current election technologies from Premier and Sequoia Voting DRE (Direct Record Electronic) systems as well as some of the new, more promising systems on the horizon such as the open source OVC (Open Voting Consortium ) and Scantegrity. The question of whether we can do better will be raised. What needs to be done to make this process better than it is today? Both software and hardware methods to secure the ballot box will be discussed.
Building Hacker Spaces Everywhere: Your Excuses are Invalid
Nick Farr and Friends
Four people can start a sustainable hacker space. Whether you’re in an urban area where space is expensive, in the middle of BFE where finding four people is hard, or just outside of an active war zone in Uganda, there are few excuses left for not joining the global hacker space movement with a place of your own. This talk will cover the ten most often heard excuses for not building a hacker space and how existing hacker spaces, fab labs, co-working spaces, and other tech-oriented “third spaces” have solved them.
Citizen Engineer – Consumer Electronics Hacking and Open Source Hardware
In addition to the future of DIY, building hardware, open source hardware, and a roundup of amazing projects anyone can build, this talk will present the debut of the film Citizen Engineer – named after the HOPE Number Six talk. The session will be the first time this how-to video series for hacking is shown in public. There will also be some hands on hardware demos, hacking, and a lot of trouble.
A Collaborative Approach to Hardware Hacking: NYCResistor
Bre Pettis and Friends
In this panel, 18 members of NYCResistor will each, in turn, speak about a piece of infrastructure or project associated with their hacker space collective. By presenting 18 perspectives on the infrastructure, process, and projects, you will experience different windows into the organization. The presentation will encompass stories and pictures of cake, lasers, and drink serving robots as well as insight into such fascinating topics as book balancing, documentation, and the massive importance of failure. NYCResistor is a Brooklyn-based hacker space focused on learning, sharing, and making things.
In the 1970s, computers were still the foray of big business and government. They were known to be powerful tools, but they were beyond the reach of individuals. Though several other home computers came out in the early 70s, the MITS Altair 8800 is generally credited as sparking the home computer revolution, which in turn sparked computers everywhere. The base of another revolution in fabrication powered by hobbyists will be revealed here. The Fab@home, RepRap, and other projects will (hopefully) do the same thing for fabrication. This talk will cover community based fabrication, why it’s so cool, and how it could fundamentally alter the global economy for the better.
A Convergence of Communities
Most people in either industry already know something about the relatively recent convergence of computer technology (CT) and physical security. But they probably aren’t aware that computer professionals are increasingly assuming a leadership role in the process, as well as the management of the process. Moreover, the physical security and computer technology (CT) and information technology (IT) communities have traditionally been at odds. Computer professionals don’t know as much about physical security electronic systems and devices as they think they do. Conversely, physical security senior managers know virtually nothing about CT and some don’t want to! This session will examine the convergence phenomenon from both perspectives. It will review what is occurring, how it is happening, and what effects it has on both security and CT/IT. The effects upon, and from, the Department of Homeland Security will be discussed. The session will conclude with an in-depth analysis of Homeland Security’s shortcomings and unmet needs and the role of CT/IT in protecting the nation. The critical need to triage security resources will be examined, along with a look at how it should be done, as well as an attempt to understand why it isn’t already happening.
Crippling Crypto: The Debian OpenSSL Debacle
Dino Dai Zovi
In May 2008, a weakness in Debian was discovered which makes cryptographic keys predictable. A Debian-specific patch to OpenSSL broke the pseudo-random number generator two years ago, which led to guessable SSL and SSH keys. The vulnerability allows for impersonation of secure servers, as well as the potential to login to SSH secured systems. Since many popular derivatives like Ubuntu and Xandros are affected, the weak keys are found all over the Internet. The panel will present their approach to generating lists of weak keys using cloud computing and explain how they collected large numbers of SSL certificates of which several thousand are weak.
Death Star Threat Modeling
In the field of Information Security, the terms vulnerability, threat, and risk have specific meanings and are often misapplied and misidentified in projects. This presentation will explain threat modeling as it applies to information and application security projects, utilizing the shared memory of the Death Star trench run as an analogy to better understand these concepts. You will learn how to define risks, threats, vulnerabilities, and countermeasures; how to integrate threat modeling into a software development lifecycle; examine example threat modeling methodologies; and hear real-world anecdotes of threat modeling successes and failures.
A Decade Under the DMCA
In October 1998, the Digital Millennium Copyright Act (DMCA) was signed by President Clinton. Since that time, the DMCA was used to prevent free speech and reverse engineering. The DMCA offers patent-like protection although this is a copyright law. Many people have been adversely affected by the DMCA. Cases will be discussed and information regarding filing counter notifications will be presented.
Dirty New Media: Art, Activism, and Computer Counter Cultures
This talk presents a short history of electronic art by illustrating connections between artists, activists, and hackers. The connections and histories presented include: the demoscene and its origins in software piracy; video and conceptual artists in the 1970s and their activist work; contemporary artists working with circuit bending and other detournements of modern technologies; the Chicago “dirty new media” community; contemporary artists, hackers, and activists creating software and electronic art with a punk/anticapitalist ethos. Excerpts of work from these different artists and communities will be screened and discussed.
Earth Intelligence Network: World Brain as EarthGame
The first speaker at the first HOPE in 1994 will describe the emergence of the Earth Intelligence Network, the World Brain, and EarthGame as the triumverate that will empower We the People and make most governance and many organizations both transparent and obsolete. Emphasis will be placed on the eradication of corruption and restoration of the sovereign individual.
E-Mail: Descendant of the Telegram
The Cheshire Catalyst
The former telex hacker will take us on a verbal tour of yesteryear when telegrams meant the smell of machine oil and teletype machines. You’ll learn how the term “break text” became the equal sign and why you should indent your name five spaces to “sign” your e-mail. It’s a geek thing. Maybe you can understand.
Emergence of a New School of Thought: Brain Hacking
The human brain is an incredibly complex and advanced central processing system. Interestingly enough, in spite of its uniqueness in several respects, it has many qualities in common with modern computer systems. Like modern computer systems, the brain and ultimately the mind can be predictably influenced and even exploited. This talk will cover the basic nature of the brain in relation to computer systems and will discuss the relevance, the advantages, and the dangerous implications of this topic.
The Emperor is Naked
Virtualized technologies are being lapped up left, right, and center by corporates committed to the cash savings they promise. Sadly, the savings that can be gleaned are not without the attendant risk. Instead of nice normal networks that people can understand, many vendors are offering networks in a box. As well as being lovely single points of failure, they have a number of risks that remain largely unexplored. Research has already been conducted around platform virtualization technologies such as VMWare, but there still exists a fundamental flaw within virtualized resource technologies that no one seems to have spotted. This talk will illustrate why and how virtualization works, what the difference is between what the vendors say and how it is being implemented in RL, and will discuss a theoretical vulnerability that if it can be exploited can bring down the house of cards.
Escaping High Security Handcuffs
Everybody knows normal police handcuffs are no real challenge for lockpickers, even though it helps to know the inner workings and tiny differences of the various models in use today. Less publicly known is that there’s also a variety of “high security” handcuffs on the market, used mainly for high risk prisoners and during transfers. But those also have their weaknesses… This talk will give an overview of the products in use today and their different attack vectors – not only focusing on picking but also bypassing some of the most advanced locking mechanisms used in this field.
Evil Interfaces: Violating the User
In a perfect world, interfaces help users accomplish tasks quickly and efficiently. However, in the real world, interfaces are often designed to manipulate users into behaving according to the designer’s calculated and suspect intent. Malicious interfaces abound on the web – employing trickery, misdirection of browsing, forced viewing of advertisements, and even animations designed to trigger epileptic seizures. Evil interfaces are seen virtually anywhere profit is at stake, from desktop applications and websites to gas pumps and toothpaste dispensers. This talk explores malicious interface techniques both on and off the desktop, and aims to energize the audience to pursue positive solutions. You’ll leave with a better awareness and understanding of the problem, increased resistance to attack and ideas for generating solutions.
A regular speaker at HOPE since 2000, Jello provides a unique and charismatic look at what’s been going on in the world since the last time we all got together. Whether you’re a technologist or a technophobe, his words will almost certainly have an effect on your emotions one way or another.
The “world’s most dangerous hacker” and subject of our documentary Freedom Downtime (along with many other more sensationalist pieces over the decades) gives us an update on what’s been going on in his life since the last time he was here in 2004. (A severe case of food poisoning in Colombia forced him to cancel his HOPE Number Six appearance – which may be one of the stories he tells this time.)
Hopefully there will be no surprises this year. In 2006, privacy expert Steven Rambam’s two hour panel was disrupted by federal authorities who arrested him at the conference just prior to its commencement. In the end, he was completely vindicated and went on to finally give his talk several months later to a packed house at a local university. This year, Steven will be on for three hours, in part to make up for what you may have missed last time, but mostly because what he says about the state of privacy in our society will captivate you.
The esteemed co-host of the popular TV show Mythbusters on the Discovery Channel and “a maker of things” will give a captivating talk on the nature of his particular obsessions.
From a Black Hat to a Black Suit – How to Climb the Corporate Security Ladder Without Losing Your Soul
You want it all. You can see the brass ring and you want to jump for it. But you’re scared. You don’t want to put on a suit and watch your soul shrivel like the spot price on RAM.
There is another way.
In this session, you will learn: why you want to do this to yourself, how to get the first job (which will suck), how to turn the first job into the next job (while still having fun), how to get the top job (sooner than you thought you could), and how to do it all without feeling like a corporate whore.
You want to hack the planet? You’ve got to start somewhere.
Ghetto IDS and Honeypots for the Home User
Have you ever wondered what the heck was pounding on your Internet connection? Or what exactly was making your cable or DSL connection’s activity light blink wildly when you knew there was no traffic from you? If so, this presentation will shine a light into the dark corners of your personal tube, showing you the unending stream of junk that comes across your Internet connection as well as how to pick out the good, the bad, and the ugly. This presentation will cover the steps involved in setting up a poor man’s IDS and honeypot. Using open and freely available tools, strategies of IDS deployment on your home LAN and the setup of both low interaction and high interaction honeypots will be covered. Learn what you can expect to see, how to pluck out the signal from the noise, and generally be aware of what is flowing in – and out – of your LAN.
Graffiti Research Lab Extravaganza
GRL’s presence at HOPE this year will be represented by Graffiti Research Lab in Utah. Michael Auger (aka Love Monkey 4000) will come from the mountains of Utah to the Big Apple to run workshops, conduct technology demonstrations, screen a movie, and announce (for the first time) a new GRL project very close to his heart: One Laser Tag Per Child. The event will start with an LED Throwie workshop. Throwie workshops only last until the supplies run out, anywhere from 30 minutes to an hour. The screening of the new GRL movie (fresh from Sundance, MoMA, the Tate Modern, etc.): Graffiti Research Lab: The Complete First Season will then begin. People will be encouraged to misbehave with their throwies in the dark, yell at the screen, etc. All this will be documented so that the HOPE viewing of The Complete First Season will actually be footage for the sequel: Graffiti Research Lab: The Complete First Season II. After the movie ends, GRL Utah will come to the front of the room and introduce GRL live via webcam from Korea. New GRL technologies and initiatives will be unveiled, including (but not necessarily limited to) the One Laser Tag Per Child system.
During the course of the HOPE conference GRL Utah will man a table where interested attendees will be able to do the following: play with lasers, get trained on how to set up the laser tag system, take a closer look at the prerelease of the One Laser Tag Per Child system, download the disc image of the GRL movie (or buy the actual DVD), learn how to set up a GRL in their hometown.
Grand Theft Lazlow – Hacking the Media by Laughing at Them
A talk by Grand Theft Auto IV cowriter and coproducer Lazlow focusing on that phenomenal project as well as what’s been going on in media in the last decade. Beginning in 1996, corporations began gobbling up every newspaper, billboard, radio and TV station in the United States. Ironically, since then, readership and ratings have plummeted, resulting in entertainment executives and editors programming even more sensationalist and desperate content. Lazlow discusses how parody of the media in video games, on TV, and online can often garner a larger audience reaction than the media establishment itself. He will describe why the mainstream media invents crises, and the reaction by the media and Hollywood establishment to the growing popularity of interactive worlds where players are celebrities rather than smug starlets tittering for TMZ. How can you hack the media? In this interactive talk Lazlow talks about his work in radio, video games, and the future of the media, democracy, and the role of comedy in it.
Mark Abene aka Phiber Optik
Hackateer is an episodic adventure series about a team of hackers who are being chased by quasi-government agencies. The show blends a reality Do It Yourself tech show with a scripted spy/adventure narrative shot in anime style. Embedded within the entertainment of an episode, viewers learn how to take everyday technology and use it in ways they never dreamed of and not always originally intended. The show also features interrogations with top hackers and tech people from around the world that are kidnapped by the Hackateers. Hackateer is also unique in that the show is cast with real underground hackers and the stories are drawn from world famous hackers and their real life exploits.
A Hacker’s View of the Freedom of Information Act (FOIA)
As part of his book on the history of phone phreaking, Phil submitted hundreds of Freedom of Information Act (FOIA) requests to various three-letter government agencies. In this talk he will give an overview of how FOIA works, describe the type of documents you can get via FOIA, and discuss some of the typical FOIA stumbling blocks and workarounds to them. He will then focus on FOIA from a “hacker’s perspective” and will examine the recent launch of several FOIA/hacker related websites such as GetGrandpasFBIFile.Com, GetMyFBIFile.Com., TvShowComplaints.Org, UnsecureFlight.Com, WhatDoTheyKnow.Com, and GovernmentAttic.Com.
Hacker Space Design Patterns
How do you get a hacker space started? How do you manage it once you have a space? This talk presents wisdom collected over a decade of building sustainable hacker spaces in Germany. Through “design patterns,” Jens and Pylon will cover the essentials of assembling an initial group, finding the perfect location, and managing the community. Earlier versions of this talk have inspired the creation of the U.S. hacker spaces NYCResistor and HacDC. This version will inspire and help you create a hacker space where you live!
Hackers and Planet Earth
Technological innovations of the last few centuries have changed our relationship with Planet Earth. With fossil fuel supplies in decline, energy demand growing, and worrying climate change predictions, the future doesn’t look great. The presentation will start by briefly looking at the challenges that lie ahead. What can we as hackers, both individually and collectively, do to be more environmentally sustainable? How could we use our skills in the event of the situation reaching crisis point?
Hacking Cool Things with Microcontrollers
Microcontrollers can do your bidding. This presentation will show a few fun, simple projects that Mitch has hacked together as examples to show how fun and easy it is to create your own microcontroller projects – even for people who have never built anything in their lives. Sample projects include: The Brain Machine, TV-B-Gone, Trippy RGB Light, LED Cube, Solar BugBot, and Mignonette (a very simple handheld game platform). Basic hardware design, simple firmware design, and how to use the free, open source software available for programming the chips used will be discussed at this talk.
This presentation will provide an introduction for people wanting to participate in the ongoing workshop downstairs where Mitch will have a bunch of soldering stations with enough parts so that people can build their own Brain Machines, TV-B-Gones, Trippy RGB Lights, and Mignonettes which they can then bring home with them.
Hacking Democracy: An In Depth Analysis of the ES&S Voting Systems
Last Fall, Ohio Secretary of State Jennifer Brunner commissioned Project EVEREST, a comprehensive security review of the electronic voting technology used in her state. The project contracted several academic teams and others to examine the election procedures, equipment, and source code used in that state, with the aim of identifying any problems that might render elections vulnerable to tampering under operational conditions. The ten-week project examined in detail the touch-screen, optical scan, and election management technology from e-voting vendors ES&S, Hart InterCivic, and Premier Election Systems (formerly Diebold). Penn led the analysis of the ES&S system source code, which is also used by voters in 42 other U.S. states besides Ohio.
This talk will outline the U. Penn team’s findings, which included the discovery of exploitable security vulnerabilities in almost every hardware and software component of the ES&S touch-screen and optical scan systems. Some of these flaws could allow a single malicious voter or poll worker to alter countywide election results, possibly without detection. The team will discuss their findings and will also describe more generally the process of analyzing 700,000 lines of unfamiliar source code in less than ten weeks under highly constrained conditions.
The full 334 page report (which also includes analysis of the Hart and Premier systems done at Penn State and WebWise Security) can be downloaded from the Ohio Secretary of State’s web site at http://www.sos.state.oh.us/sos/info/EVEREST/14-AcademicFinalEVERESTReport.pdf
Hacking International Networks and System(s) using VoIP
There is an entire world of PSTNs out there that most people never bother to look into. People have a tendency to call within their area (country) and never stray or “wander” outside. This talk hopes to change that perception.
With VoIP, we have the ability to call worldwide for fractions of a penny. Why not call that X.25 network in Russia? Or India? Why not explore foreign data networks and find new and old things still out there? Think war dialing in the U.S. is washed up? Why not try a country where computers and technology are built on the hardware we’ve thrown out?
In many parts of the world, phone networks and data networks are built using the existing PSTN infrastructure. They simply can’t afford to purchase modern SONET/DS hardware. Nor can they afford to run fiber optics or coax to every neighborhood. The legal ramifications in hacking such systems are significantly less than hacking U.S. computer networks. The media is filled with reports of Chinese hackers infiltrating U.S. networks. That being said, doesn’t it make sense to return the favor?
Hacking the Mind, Hacking the Body: Pleasure
A continuation of the infamous “hacking Sex” third track presentation from HOPE Number Six. This will be a talk about sexuality, pleasure, and our bodies from a hacker’s point of view covering such diverse methods as hypnosis, BDSM, role play, sex toys, and body modification. C4bl3FL4m3 will share her in depth (and sometimes hands-on) knowledge in increasing the pleasure felt by ourselves and our partners. With brand new material as well as tried-and-true secrets, this presentation is perfect for all genders and orientations. Topics covered will include erotic hypnosis, sex toys and their usage, BDSM, body modifications, meditation and other sexual/spiritual forms of mind altering, sexual role play, sexual techniques, cybersexuality, tele and technodildonics
Hacking the Price of Food: An Urban Farming Renaissance
With the global price of food rising dramatically around the world, the number of people at risk of starvation and malnutrition will also increase. The United Nations Food Program announced earlier this year that it would not have enough money or food to meet its targets due to the cost of food. In Egypt and other parts of the world, people have been rioting in the face of food shortages and sharp increases in prices. In places like Thailand that are famous for exporting rice throughout the world, the government has announced cutbacks in exports because of shortages. A grim picture, to say the least.
Yet while this crisis seems to be unfolding, another rise has come to pass – the return of urban and community farms. How do these farms manage to exist, seemingly, outside the global game? Is their business model sustainable and is this truly a renaissance of growing and thinking locally? Through a series of podcast interviews and reports, the case is presented of how some farmers are hacking the price of food.
Hacking the Young Lady’s Illustrated Primer: Dispatches from the Field of Educational Technology
Gillian “Gus” Andrews
The takeaway message of this panel will be that the critical element in teaching with technology is people – and that hackers need to consider what this means. The talk will encourage the audience to consider the best ways to tackle the horrendous failures of current technology education. Topics to be covered: Neal Stephenson’s The Diamond Age/Young Lady’s Illustrated Primer and whether it can be achieved; the one laptop per child project and the difficulties it currently faces; hair-raising experiences writing an A+ certification curriculum; whether the Pacific Northwest Tree Octopus is real; responses from seventh-graders (or Why Johnny Can’t Read on the Internet); and Richard Feynman already taught us everything we needed to know about education – why aren’t we listening?
The History of Phone Phreaking, 1960-1980
This talk will give a brief history of phone phreaking from 1960 to 1980 – the Golden Age of the analog telephone network. After a quick introduction to the then-modern long distance network and “operator toll dialing,” you’ll see how the first “blue box” came to be, look at why organized crime loved the technology, and see how AT&T and the Department of Justice reacted to this fad in the 1960s. You’ll then follow the phreaks into the 1970s as their hobby hit the mainstream in 1971 with the publication of “Secrets of the Little Blue Box” in Esquire and the founding of YIPL, the first phone phreak newsletter. As a bonus, you’ll get to listen to some sounds of the old network! If you’ve ever used a blue box, this will be a phun trip down Memory Lane – and if you haven’t, you’ll get to listen to some great examples of hacking with tones!
Home Is Where The Heart Is? The Question of Jurisdiction
A presentation on the subject of corporate legal jurisdictions and related topics. While this sounds boring on the surface, it’s actually not – and is more and more relevant every year for those in the tech game. As physical human beings, we do in fact have a “home jurisdiction” in the legal sense, which is wherever we are living at present. However, corporations are also “people” in the legal sense but have a flexibility of where they call home. This ties into areas of international legal issues, corporate governance, privacy of company information, financial systems/banking, personal versus corporate liability, and so on. Basically, for anyone from a coder who wants “a company” to bill his clients through, all the way up to major tech projects that span multiple jurisdictions in a sophisticated way, few of us who play the tech game are not directly impacted by the question of where a company lives, where it calls home.
How Do I Pwn Thee? Let Me Count The Ways
The business world has spawned a new kind of creature, the mobile, traveling worker. This creature typically carries a multitude of wireless devices on them while traveling to and from clients. Unless special care has been taken, these devices present a plethora of ways to pwn them and their data. This talk will take a look at a worst case scenario and go through all the ways one of these business travelers can be pwn’d at a distance by a bored attacker in an airport, hotel, or other public space.
How Piracy Feeds a Starving Audience
This talk will present observations of the relationship between technology and art in a comprehensive look at how the rise of piracy and its effect on the music industry can enrich the art form as well as the global audience. Drawing from the ideology of open source and user-supported technology, this talk will attempt to demonstrate that the concept of “free music” is set to overhaul the way in which music is created and acquired. The topics to be discussed include the history of the music industry, the war with the RIAA, Digital Rights Management, Creative Commons, and more.
How to Talk to the Mainstream Media
Blogs, vlogs, podcasts, RSS, even old school websites and mailing lists – there’s never been more ways for hackers to get their message out. So why bother dealing with the mainstream media? Because that’s where the audience is. Only a tiny percentage of blogs have sizable audiences and even the biggest of those are dwarfed by the audiences for TV news, mainstream media websites, or the circulations of the larger dead-tree newspapers and magazines. If you’re interested in getting your point across to as many people as possible, this talk will improve your chances by telling you what professional journalists want and why, how you can help give it to them, as well as what pitfalls to avoid.
Identification Card Security: Past, Present, Future
Come learn how identification cards have taken over our lives, how they can be manufactured at home, and how you can start a legal ID making business. Learn all the tips and tricks about amateur ID manufacturing and pick up the first ever Complete Amateur ID Making Guide. Also, come test your ability to spot a fake versus a real and check out the newest in ID technology: polycarbonate laminates, biometrics, Teslin, and RFID. Lastly, see how corporations are affecting the identification card fiasco in the U.S. and how the Real ID Act is going to affect you. What’s in your wallet?
The Impossibility of Hardware Obfuscation
This talk will discuss several different approaches to reverse engineering proprietary algorithms from hardware. It will focus on our mostly automated approach to reconstructing functionality by using a combination of analyzing photos of chip structures and protocol analysis. Using these techniques, the Mifare RFID tags were hacked, which caused quite a bit of public discussion about proprietary cryptography and “security by obscurity”. The cryptography of the Mifare tags has several vulnerabilities including weaknesses in the random number generator and low resistance against brute force attacks. Furthermore, statistical flaws of the cipher enable very practical key-recovering attacks. This presentation will show the whole range of attacks as well as some general techniques to improve cryptographic protocols so they are more resistant.
The Innermost Unifier: Today it’s the Corporate Anthem
Using different historical and current examples (especially from the area of the hardware/software-industry), Johannes will give a theoretical and applied – and not unamusing – overview on the musical genre of corporate anthems. Come and sing along. Powernapping is welcome, too.
Installation Art in HOPE Space
In an effort to continue the knitting together of the art scene and the tech scene, Daravinne has gathered local artists to create art installations in the lobby and mezzanine spaces of the conference. Four artists are being showcased, each with their own unique spin on tech art. Albert Hwang has created a 3D Wiremap, Randy Polumbo has some electrified flowers, Erik Sanner wants us to play chess, and Sean Montgomery’s biofeedback wearables will tell you how you’re feeling.
The Intersection of Culture Jamming, Hacking, and Hacktivism
Over the past nearly 20 years, the Internet has proved to be fertile ground for projects that raise awareness, question authority, and inspire social cohesion. Culture jamming, hacking, and hacktivism have helped provoke changes in the technical, cultural, and political aspects of our society. This panel aims to provide an overview of these techniques through examples of some of the more memorable projects. Starting with the manipulation of voicemail services and leading up to denial of service attacks on government web servers, the panel will cover how these projects were organized and executed as well as the reaction that they inspired. This 90 minute panel will also include a discussion section (with audience participation encouraged) where they will contemplate what use these techniques have in light of the quickly changing Internet and digital media landscapes.
Introduction to MCU Firmware Analysis and Modification with MSP430static
The Texas Instruments MSP430 is a low-power, 16-bit microcontroller which is rapidly gaining in popularity in the embedded world. MSP430static is a tool for reverse engineering the MSP430’s firmware. Following a quick tour under the hood of this tool, this lecture will demonstrate how to analyze, modify, and reflash a black-box firmware image.
Introduction to the HOPE AMD Project
The Attendee Meta-Data Project is an attempt to study the movement, demographics, participation levels, and interests of the HOPE conference’s attendees on a grand scale. We want to give attendees an RFID chip and matching code number at registration. They will take the code number to a terminal and fill out a web survey querying biographical and interest-based data. We will then track the RFID chips as they move past certain “choke points” going into seminars and moving around the mezzanine (expo area). This biographical, interest, and movement information will be compiled in a database and be used to provide near-real time data visualization. During the conference, attendees will be able to query the database and generate their own visualizations and data comparisons, play games based on proximity to certain sensors, and find other people with similar interests during a special meet-up session. On the last day of the conference we will have a seminar to talk about the project’s original goals and the results, and to see what everyone came up with during the conference. This project will test the limits of passive RFID technology, introduce new data visualization techniques, and provide a unique dataset for further study by the global community.
Introduction to the Open Web Application Security Project
This talk will provide attendees with an introduction to the Open Web Application Security Project (www.owasp.org) as well as a discussion and demo of application security hacks based on research of common client issues discovered when performing assessments. In the end, those attending will have a better understanding of APPSEC.
IPv6, the Next Generation Network Playground – How to Connect and Explore
A replacement for IPv4 was first imagined after the 1990 report warning of IP address exhaustion was released. It took another five years until the RFC for IPv6 was released and another year before it was implemented in an operating system (BSD) and a network (6BONE). During that time RFCs meant to extend the useful life of IPv4 were killing the end-to-end connections. This includes RFC 1518 – Classless Inter-Domain Routing (CIDR), RFC 1631 – Network Address Translation (NAT), and RFC 1918 – Address Allocation for Private Internets. From that point on, many protocols required workarounds, patches, and hacks just to continue to communicate. Worse yet, each change reduced the usefulness of firewall and increased the attack surface. Now, 18 years later, we have the opportunity to test and explore this replacement for IPv4.
This presentation will discuss the basics of IPv6 including features, benefits, and addressing. There will also be a review of how to connect to the IPv6 network – even if your ISP is clueless. Discussion will include a review of tools needed to test and explore IPv6 as well as a look at the most common IPv6 vulnerabilities.
The author of Hackers: Heroes of the Computer Revolution and chief technology writer and a senior editor for Newsweek will give us his insightful perspective of hackers, technology, and history.
Kitchen Hack Lab : Interactive Food Disassembly
Open source recipe development vs. secret restaurant techniques, hacked hardware vs. expensive science toys. Food hacking is the redheaded stepchild of molecular gastronomy. With audience participation, there will be some weird cooking, documenting of tasting notes on the wiki, a demonstration of current culinary exploits with kitchen appliance hacks, and an introduction of some recent food hacking ventures including hack lab tours and some dope culinary software.
Macro Social Engineering
Macro social engineering is using social interactions, mass media, and other methods to affect wide scale social change. LexIcon will talk about leadership and the artist’s editorial voice in relation to his own efforts to improve both the hacker community and the global community.
Maintaining a Locksporting Organization and Breakthroughs in the Community
This presentation will go into detail about how to start and maintain a locksport organization and how groups like these can lead to influential research. You’ll learn how to keep everyone excited about lock picking and how to turn your club into a well oiled machine for years to come. In addition, you’ll find out what it takes to produce a good lock picker and see how anyone can influence the lock industry even after only a few months of being on the scene. Jon King’s research on high security Medeco locks will be revealed in detail. There will also be a demonstration on how to build a tool to pick high security cylinders, and how the responsible disclosure of exploits in the hardware world can make a positive impact for all involved.
Methods of Copying High Security Keys
In this two hour workshop you will learn some new and advanced opening techniques for high security locks from two key members of the locksport group Tool in the Netherlands. Special attention will be given to duplicating high security keys and detailed analysis of modern locking systems. After the presentation, some of the tools and techniques can be seen up close at the Lockpicking Village. You are invited to bring your complex locks or “impossible to copy” keys….
Monumental Women Who Influenced Today’s Technology
An historical summary of females who either participated in or were pioneers of advancements that affect the technology-driven industries of today. This talk will be covering topics including: the gender bias surrounding ENIAC and how it pushed women to show they can succeed in a “man’s world,” how “The Women of ENIAC” came to be and why, historical females in computing sorted in chronological order by birth starting in the early 1800s, the women who contributed to telephony, and ending with a short video clip borrowed from Nightline. This is designed as a 50-minute whirlwind journey exposing the estrogen-laced side of technology – women are strongly encouraged to attend and show their pride of being female geeks (a rare find in the testosterone ocean of technology).
The New York City Taxi System: Privacy vs. Utility
When people think of New York City, three icons come to mind: the Statue of Liberty, the Empire State Building, and the classic yellow taxi cab. However, even the most seasoned New Yorker barely understands the complicated system that transports over 241 million passengers every year, includes more than 40,000 vehicles, and generates in excess of $2 billion every year. During this presentation you will learn about the New York City taxi system and how the new technologies (such as GPS tracking, credit card transactions, SMS messaging, and touch screen kiosks in the car) are being implemented, including the privacy and security concerns that surround them. You’ll also take a peek at some of the proposed changes that will make the New York City taxi system more accessible and more efficient.
The best way to describe this talk is to simply quote some of what we received from its presenter:
“I’m Johnny. I hack stuff. I’ve been at it for quite a while now, and I’ve picked up a few tricks along the way. I get asked about my tricks all the time, mostly by kids who saw that movie. You know the one. But I’ve always said no. I’ve held onto my secrets as part of the pact I made with the hacker underground. I mean, I’m allowed to give talks and presentations about hacking stuff, but the secrets… the real super-cool secrets I’ve had to keep to myself. The head of the underground said so. But I got this email the other day that says I’m THIS close to getting kicked out of the underground. Seems the glare of the public eye has been on me for far too long and I’ve become a liability. So, I’m going to be proactive. I’m going to quit before they can fire me…. The underground is gonna be sooo ticked off.”
“Off the Grid” Voice/Data Communications
It’s Orwellian. We’re so conditioned to believe we’ve little choice but to rely on government-regulated, corporate-owned voice/data networks designed to log our communications traffic and content. People can be held incommunicado by routine network failures, natural disasters, and by political actions- often when communications is needed most. But modern two-way radio can provide effective and reliable short-range and global voice/data communications at relatively little cost, and it can’t be logged by conventional (CALEA) methods. This discussion will tune into the latest surprising developments in amateur (ham) radio, unlicensed spread-spectrum, and other two-way radio technologies and applications.
One Last Time: The Hack/Phreak History Primer
In 2008 2600 is 24 years old, the computer bulletin board system is a 30 year relic, and a good number of attendees of HOPE were not born when some events of the “modern” era of computers and hacking began. Historian Jason Scott of textfiles.com presents a quick primer of a large part of the basics of hacking and phreaking history, touching on those sometimes obscure or hilarious subjects that may have escaped notice in a Web 2.0 world.
Packing and the Friendly Skies – Why Transporting Firearms May Be the Best Way to Safeguard Your Tech When You Fly
After a particularly horrible episode of airport theft, Deviant made the decision to never again travel by air with unlocked luggage. Because of this he now flies with firearms all the time. Federal law allows (in fact, it requires) passengers to lock firearm-bearing luggage with non-TSA-approved padlocks and does not permit any airport staffer to open such bags once they have left the owner’s possession. In this talk, you will learn the relevant laws and policies concerning travel with weapons. It’s easier than you think, often adds little to no extra time to your schedule (indeed, it can expedite the check-in process sometimes), and may actually be the best way to prevent tampering and theft of bags during air travel.
Pen Testing the Web with Firefox
John “DaKahuna” Fulmer
Michael “theprez98” Schearer
Hacking the web has never been easier. Whether you’re using Firefox as a standalone tool for information gathering, modifying your browser with innovative extensions, or using Firefox as a web front-end for other penetration testing tools, you can hack all within the potentially anonymous cozy confines of your customized browser. Putting it all together brings your hack-foo one step further. DNS lookups, uptime reports, hosted hash crackers and online scanners are at your browser’s fingertips. With Firefox’s innovative add-on feature, a number of powerful extensions have been developed for security scanning, ethical hacking, penetration testing, and general security auditing. Finally, a number of penetration testing applications are built specifically with web-based front-ends. Add in a few recommendations for your setup and a few places to test your hacking skills, and your recipe for hack soup is complete.
PenTest Labs Using LiveCDs
Despite being discussed in both books and a magazine article, the De-ICE.net Pentest LiveCD project is not well known. To help spread the word, this talk will discuss the history and current state of the project along with ideas for the future. In addition, a new project will be presented for the first time for those interested in learning more about pPentest tools.
PGP versus PKI
Both PGP and PKI take advantage of public key technology, but they are fundamentally different in the ways they perform key management. The talk will start with a quick overview of asymmetric cryptography before diving into the details of how and why PGP and PKI are different, what audiences they serve, as well as how to get on the “PKI bandwagon.” The discussion will be focused on the key management and trust issues in both technologies.
Phone Losers of America
Rob T Firefly
The Phone Losers of America’s 15th anniversary panel will include video presentation of various prank calls, real-life pranks on unsuspecting businesses and people, audio prank calls, real-time questions and answers, as well as a history of prank calls, phone phreaking and the ways the PLA have gone about setting everything up.
Phreaking 110: The State of Modern Phreaking
An intermediate talk about phreaking today. Discussion will include information about INWARDS operators and how to reach them, along with Automatic Call Distributor phone exchanges that allow anonymous access to all sorts of weird locations (911 operators, local operators, etc.) while confusing the crap out of the people on the other line as they see you coming in from nonexistent locations. Also touched upon will be the basics of SS7, the IAM, differences between CID, CPN, and ANI plus CLIR and CLIRO. Discussion will include Caller ID spoofing, tips on how to increase your chances of getting a fully legal tour of your local CO, and other topics such as calling supervision, telephone extenders, and weird telco tie lines.
Phreaks, Confs, and Jail
In the mid to late 90s, phreaks spent a lot of time on teleconferences (known as “confs,”) created a lot of mischief, and more than a few went to jail. Fast forward a decade and phreaks still spend a lot of time on confs, create even more mischief, and still occasionally go to jail. Join TProphet for a walk down memory lane and into the present day, where practically any security can still be defeated by a smooth-talking social engineer. More importantly, learn how new technologies such as VoIP can impact the trustworthiness of the telephone system (even including critical infrastructure such as 911).
Policy Hacking: Taking Back Public Sector IT
On January 1st, 2002, Arjen tried to access the website of the Dutch national railway (www.ns.nl) using Linux. The site refused him access, saying it was IE-only. This sparked a conversation with members of parliament about the need for open standards. Over a five year period, he progressed from talking to opposition MPs to meeting the economics minister directly and was able to significantly influence national policy despite total lack of funding or any specific mandate. As a result, the Dutch public sector will move to standardize on Open Documents Format and use open source where comparable functionality is available in all new procurements as of 2008. Use of ODF as a public sector document standard will be mandatory in 2009.
This talk will tell the tale of why this was accomplished, how it was done, and how others can do it too in other countries around the world. You’ll learn how to get access to the powers-that-be, how to get non-technical people interested in the subject, and how to align your policy proposals with existing policies. While some of the political reasons for wanting open standards and open source in government IT will be touched upon, the focus of the talk will be mainly on how to get results.
Port Knocking and Single Packet Authorization: Practical Deployments
Port Knocking and its big brother, Single Packet Authorization (SPA), can provide a robust additional layer of protection for services such as SSH, but there are many competing Port Knocking and SPA implementations. This talk will present practical usages of fwknop in Port Knocking and SPA modes, and discuss what works and what doesn’t from a protocol perspective. Integration points for both iptables and ipfw firewalls on Linux and FreeBSD systems will be highlighted, and client-side support on Windows will be demonstrated. Finally, advanced functionality such as inbound NAT support for authenticated connections, sending SPA packets over the Tor anonymity network, and covert channel usages will be discussed. With SPA deployed, anyone scanning for a service with Nmap cannot even tell that it is listening; let alone target it with an exploit (zero-day or not).
A review of the United States Postal Service discusses numerous mail-related issues. What is the heaviest thing that you can send in a flat rate box? What happens if you mail a sphere? What are the mysteries of digital postage meters? A look at how modern automation allows you to send a letter 3000 miles for only 42 cents and what security vulnerabilities might exist in that infrastructure. How the new “PLANET” barcode will track all mail in the future. It’s all 100 percent legal, but sure to make the mailman wonder. Postal inspectors welcome.
Programming Your Mobile Phone for International Calling
The Cheshire Catalyst
Many people are not aware of the nuances of setting up their mobile telephone for use in telephone networks overseas. Whether they plan to call their correspondents before they leave the states, or if they plan to call friends back home once they are there, The Cheshire Catalyst will explain how to program telephone numbers in the Contact List of a mobile phone so they will work no matter where the call is placed.
Telephreak was a group that was never meant to be. That is, it wasn’t started as a “group” or “club” for dorks. It just ended up that way. It started as a conference system that could be used to talk with other like minded individuals around the world. This club of dorks now encompasses several projects, mostly due to the members’ diverse interests. These include OpenVMS clusters (public access) and VoIP related projects (Asterisk add-ons) to X.25 networks. This panel will also be discussing “Project Telephreak” that’s located in the Mezzanine area. They will also discuss other projects currently being worked on, such as iWar, the Deathrow Project, various Asterisk projects, and non-VoIP projects.
Pseudonymization Methodologies: Personal Liberty vs. the Greater Good
Jon-Michael C. Brook
Think of four facts that can separate you from the rest of the general populous: name, address, date of birth, or Social Security Number perhaps. They are all likely what’s currently referred to as Personally Identifiable Information (PII). In the data privacy realm, PII disclosure is the CSI trace evidence that corporations are increasingly finding themselves as silhouettes within blood splatter patterns on the wall. These PII disclosures may be avoided through the use of anonymization, or more importantly, pseudonymization. This talk will focus on the history, methodology, benefits, risks and mitigations, and current players, as well as provide a demonstration of the technology.
REAL ID Act and RFID: Privacy and Legal Implications
Tiffany Strauchs Rad
Radio Frequency Identification (RFID) is a practical and useful technology for locating items without the requisite close proximity as needed with older technology, such as bar codes. However, new technologies such as RFID “powder,” internal and external pre-crime detectors, and insertion into children’s clothing and other personal items have pros and cons associated with the practicality of its use. In addition, RFID use in access control, identification documents, and banking cards, while convenient and illegal to jam, may lack important security features to prevent unauthorized scanning and usage of the data contained. The REAL ID Act mandates using RFID in ID cards that most Americans should carry for domestic airline travel and must carry for international travel. This discussion will examine current RFID technology and security concerns as well as how the RFID technology implemented in REAL ID Act cards and passports may pose privacy and security risks.
One would think that, after being online for six years, an e-zine would have a few stories to tell, and the Reprimand does. There will be nothing technical on this panel. It will be a lighthearted look back over those six years, the beginnings of the zine, and some of the adventures that were had. Come listen to the culture jam, and be with friends talking to friends.
RIAA Litigations: How the Tech Community Can Help
This talk will be an update on RIAA litigations against ordinary individuals based on allegations of p2p file sharing. It will focus on the RIAA’s legal theories and how they threaten the Internet, the RIAA’s reliance on “junk science” to make its case, and what the tech community can do to help.
Despite many appearances in film and television, fairly little is widely known about how safes can be opened without the proper combination or key. This talk will attempt to address some of the questions commonly asked about the craft, such as is it really possible to have a safe open in a minute or two using just a stethoscope and some clever fingerwork? (Yes, but it will take a bit more time than a few minutes.) Are the gadgets used by secret agents in the movies ever based on reality? (Some of them.) The talk will cover several different ways that safes are opened without damage, as well as the design of one lock that is considered completely secure.
Sharing Your Love of Technology With Normal People – Prometheus Radio Project Tips
Prometheus Radio Project, based in West Philly, builds radio stations with farmworkers’ unions, civil rights groups, neighborhood associations, and others who want to free the media from corporate control. They have built radio stations in Guatemala, Kenya, Mexico, and Tanzania, as well as all over the United States. In Greek mythology, Prometheus was the one who stole fire from the gods, who had been hoarding this powerful technology, and taught humanity to use it. Representatives from Prometheus Radio will discuss their work building radio stations and fighting to change the laws so that more groups can have access to the airwaves. In this talk, they will particularly focus on their practices in demystifying technology with groups that lack prior technical training. Prometheus has built 11 stations in “radio barnraisings,” where over 200 volunteers converge to build a full operating radio station over a three day weekend, with most participants having never touched a soldering iron before in their lives. While focusing on Prometheus’ experience with radio, this presentation can be helpful to any nerd who has tried to explain a technical subject to people who lacked technical knowledge or skills. Are there things that geeks can do that can help normal people share our fascination with technology? It’s magical when someone who thinks they know nothing about a technology suddenly realizes that they understand it and can use it just as well as the rich and powerful can! Prometheus will share the tricks of popular technical education they’ve learned over the years.
Simulating the Universe on Supercomputers
This talk will describe recent progress in the field of cosmic structure formation and will mainly focus on computational problems and methods carrying out such large simulations on the fastest supercomputers available today. It will also present very recent results on a new simulation of the Milky Way dark matter components. There will be a discussion of virtual maps of gamma-ray annihilation radiation seen by a NASA satellite. If this satellite can discover dark matter by its annihilation, this would mark a new very large step in science.
The Singularity: Focus on Robotics and Hackers
Ben Sgro aka mr-sk
The 1970s was an era of technological breakthroughs. Exciting projects and groundbreaking discoveries were made by hackers, government, and commercial entities. Today we should consider ourselves lucky to be sitting in the front row for the birth of the robotics industry. Nearly 40 years after the birth of the computing industry, our lives are merged with the Internet. Similar to the 1970s computing industry, early robotic developments are complex and their practical applications are rare. Less than 40 years from now, our bodies and minds will be merged with the robotics and technologies we are creating today. In our lifetime, we will see software merged with robotics that mimic humans, surpass them, and proceed to yield creations of their own. There will be no distinction between human and machine or between physical and virtual reality. AI, robotics, and other emerging technologies will result in the Singularity; a fundamental paradigm shift for human kind.
This presentation will dive into the Singularity, current and emerging robotics, and discuss where hackers fit into all this. Various robotic platforms will be on display as well.
In a tradition that began at the very first HOPE conference, the art of social engineering will be discussed and demonstrated against random hapless victims over the telephone live for your entertainment.
Spy Improv: Everything You Ever Wanted to Ask and Did Not Know Who to Ask
The recovering spy and ass-kicking critic of everything stupid will range wild, interspersing comments on 9/11, Dick Cheney, Rudy Guliani, and other misfits, with straight-up, no bullshit answers to any question.
Starting Your Own Con for Fun and No Profit: A How-to
Paul “Froggy” Schneider
Jodie “Tyger” Schneider
One of the core values of the hacker scene is the concept of DIY. If you don’t like something, whatever it is, get busy, do it yourself, and do it better! In this presentation there will be a discussion of the experiences in starting Notacon in Cleveland from the ground up with little to no experience. A look at some of the problems and pitfalls encountered, as well as some of the things Jodie and Paul did to save themselves tons of headaches. Along the way they will touch on the concepts of taxes, law, organization, human nature, and even some of the stupid shit people have done at previous events. This will