Year: 2014

Watched this. Take-aways:I’m going to blame the speaker for being a Failcons’ fan. No, I don’t know that for sure, but he is from Georgia.

Rules of Evidence aren’t just a judge’s whim.

“Putting the air inside ping-pong balls is kind of an old school black programs inside joke.

Not going to hate too much, because it’s unfair.

1. Judges don’t just make snap decisions on evdience admissibility. These things are published. Since you don’t know that, it’d be smart for lawyers on both sides to try to exclude your evience just because you might testify.
2. The presentation focuses on admissibility of physical disks, and the data stored on them. Hashing ca work at the file level, then the machinations of what’s going on underneath aren’t important anymore. My question was: why would you ever go lower than the lowest admissible layer?

But I’m not going to hate too much. The last presentation is going on right now.

Went and watched about forty minutes of this. After that long of the speakers not getting to the point about how they’re making attackers’ activities expensive, I gave up and left.

Wow, that’s an awesome app signature tool you found in your Microsoft class! I’m sure its mere existence dissuades people from trying to write malicious things. I mean, it’s totes hard to get a copy of VS!

Yes, you have to make it difficult for malicious stuff to run. I understand that. How are you costing the attackers anything? Their shit won’t run on your network; how are you costing them money, really? Quantify it.

For things like malicious embedded attachments, bouncing group messages indiviually would quickly fill thier mail queues. Maybe an automated method to report them to ISC, get them added to blacklists galore?

SMH.

I did get one response on Twitter about my keynote reax. I’ve written about Eddie the Ops Guy before, and don’t have much to say about him. Many of the “revelations” should be things people have long suspected.

From my perspective, the question isn’t so much if or whether this sort of thing is done — it’s how much of it is admissible in court. Are people losing lives or property because of it? That’s a question the detractors seem to shy away from. To put it another way, I’ll be upset when Chris Dodd starts getting geoloc data, and the Air Force starts targeting Kim Dotcom.

Schneier’s talk also focused on more encapsulation of data to prevent the government’s prying eyes. I think it’s something you can spend a bunch of time and money on without terribly concrete results.

Would it be more effective to increase the data volume, making juicy things tougher to find? Go ahead and seed that UbuububububububnttuDebian Testing torrent. In 2GB chunks, it wouldn’t surprise me if it has the same effect as a 25M DB dump.

Obviously, he’s got a lot of credibility in the Infosec world, so I won’t judge too harshly. I am slightly disappointed at the lack of political analysis, though. I can recall 2009, when the fresh-faced kids were all abuzz about how this new president was going to be fundamentally different. How quickly people forget.

---

I also watched the talk on USB Mass Storage devices. Good talk, though I don’t have the time, money, or energy to do any of that stuff, myself, anymore. I never’d considered the information about the flash drives being downsized to meet the advertised capacities. Makes sense, but, just something I’d never thought of.

I wonder if the same is true of SATA solid state drives; might could do some interesting things, then, if so….

---

I sat in on the first part of DJB’s elliptical curves talk. Unfortunately, my body wasn’t cooperating with me, and it was reminding me of my futile attempts to help my wife with her calc homework earlier this week.

The maths — they are not my strength.

I went to see this after seeing this story a few weeks back.

In my current gig (and I’m still more than open to something else *hint*), I’m planning to use these sorts of things for something.

I guess what I was looking to see was whether it might still be possible to use these sorts of hardware crypto devices to augment software, even if they’re insecure. Yes, with my BSD mention, you might think that I’m a gray-bearded fat guy, but, I do remember the FDIV Bug. Even if you somehow still have one of those chips, there’s ways to work around the bug, but still use the co-processor, not turning your Pentium into a 586SX.

I was hoping to see plans for something like that. On the lesser platforms that lack a buggy crypto device, you can still do everything in software.

No dice; this was focused more on enterprise-grade crypto jank. Very few people ever find themselves using such hardware. Ever.

But the presentation was still pretty good. I just think the target audience was rather limited.

Disclaimer: I nodded off, and missed the first fifteen minutes of it.

With that said, I have doubts about whether it could have been much better than what I actually did see. Maybe somebody will tell me what amazing things I could have seen there that I failed to see in the last 45.

Major take-aways:

• Most applications use insecure communications
• Edward Snowden figured out that TOR isn’t sekur
• TPM is infiltrated
• A brower makes it harder to use a self-signed cert than it is for someone malicious to get a signed cert that the browser won’t complain about
• Hardware manufacturers are lazy
• Fuck you, right? Okay?

Yes, the last one is snark pure and simple, but it is one of my pet peeves. No, actually it isn’t right, and what you said doesn’t get smart just because you asked me if it was right after you said it.

My two major points:
1. Not all communications need to be secure, even if many endpoint devices have the muscle to support that. There’s a reason SIP uses UDP. There’s also a reason your mother uses http:// when she watches that cute cat video for the eightieth time.
2. It’s completely unrealistic to expect vendors to change to meet your amazing idea about the way things ought to be done.

I’m kind of hanging back in the room until the keynote, after watching the opening.

A single thought comes to mind — maybe the thing was better last year just because the “break it” track was gone?

One of the things that really bothered me a couple of years ago was the focus on destruction. To me, so much emphasis is placed on building these monolights that destruction becomes job number one

Maybe in the past it was smart to worry about how to get rid of things, keep them from prying eyes. I really wonder now if that’s true.

Thinking about my own gear I have with me. I get hacked, and…? Congratulations, you got some of my music library, and endless revisions of my resume.

Getting the former might entice you to go see them play a show. Getting the latter might entice you to call me for an interview. And?

The keynote appears to be about what steps you, as an individual, can take to prevent getting pwned. Guess what — you can’t completely avoid it, short of moving to a cabin somehwere in Montana. If the speaker focuses on what strategies are most effective, it’ll be a worthwhile talk.

I’m not holding my breath, intentionally, at least. (My diaphragm does its own thing from time to time.) I’d like to see something where someone actually does the research to quantify the risks and effectiveness.

So, your endpoint device is locked down tight? Give me a minute to find the fuck I’m not giving since nothing important is stored there these days.