[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] DEF CON nostalgia [was: going double cryptome at DEF CON 22]
- To: cpunks <cypherpunks@xxxxxxxxxx>, Full Disclosure <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] DEF CON nostalgia [was: going double cryptome at DEF CON 22]
- From: coderman <coderman@xxxxxxxxx>
- Date: Wed, 30 Jul 2014 14:57:43 -0700
a hollow, decrepit shell of its former self..
... oh the 0ld days,
;)
"We'd appreciate some more ethics." - GOBBLES
- https://www.youtube.com/watch?v=DAJSxOzrD1g
[ GOBBLES Security - still disappointed in 2014 ... ]
----
regarding the current line up:
https://defcon.org/html/defcon-22/dc-22-speakers.html
"Detecting Bluetooth Surveillance Systems" - what about RFID?
"Dropping Docs on Darknets: How People Got Caught" - see also, EPICFAIL
"How to Disclose an Exploit Without Getting in Trouble" - if you
thought ice cream had many flavors, welcome to the brave new world of
'responsible disclosure'!
"NSA Playset: PCIe" - the lack of any VT-d mention makes for mediocre.
TAO tools better include a VM breakout and uCode errata exploitation.
(spoiler alert - i don't think this is actually dropping NSA exploits)
"The Monkey in the Middle: A pentesters guide to playing in traffic" -
this middle perspective, however, is absolutely a tailored favorite. a
gift that keeps on giving...
"Investigating PowerShell Attacks" - this is now pointless, what with
pass the hash dead. IT'S ALL OVER, JUST GO HOME. *sobbing* [c.f.
http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/
]
"Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty
Hunter!" - one step further to enlightenment. the industry that should
not exist; better yet to become build engineer or test automationer or
devops devotee and build security in at unsexy day jobs for not fame
and not riches. #hashtagInfosuckprotipyolo
"In the forest of knowledge with 1o57" - nothing to say here other
than i'm selling 1o57's uber badge for bitcoin to highest bidder. come
find me :P~
"RF Penetration Testing, Your Air Stinks" - my discriminator for a
delicious sw defined deployment: a) new grc blocks or custom sdr
pipeline? b) wideband and full duplex? c) opportunistic and ad-hoc
capabilities? - if you answered no to any of the following please try
again, with more harder! [c.f. http://www.pervices.com/buy-crimson/
dual 10GigE, 100kHz – 6GHz, <= 800MHz bandwidth, 4 x (16 bit, 370 MSPS
ADCs), 2 x (quad channel, 16 bit, 2500 MSPS DAC), 10MHz, 10ppb,
reference OCXO]
P.P.S. if you want do your own training on "WB Quad System" without
travel to FVEY facilities this is how ;)
"Panel - Diversity in Information Security" - i was not invited to
this panel. credibility lost.
"Android Hacker Protection Level 0" - because more fingers in the dike
is more fingers.
"Blinding The Surveillance State" - i am soliciting donations for
premium consulting expertise. i don't think Soghoian's free advice
will be instrumental, but Cowboy Alexander has some sweet new shit
(you get what you pay for? :)
[ c.f.
http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents
]
"Summary of Attacks Against BIOS and Secure Boot" - aka, why to
coreboot and kill AMT with fire. ok Intel chipsec peeps i got bones
to pick SEE YOU IN VEGAS
---
how about the talks you want so much but will never see? those
billions for your discretion clearly benefiting profitability over
pervasive security.
best regards,
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/