geert lovink on Fri, 10 Aug 2001 07:25:47 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> Presenters and Sessions at HAL2001 |
International conference "hackers at large" Speakers and sessions: Alex Alex writes code to make music, mostly using perl and linux, as part of the distorted collaboration slub. Session: Hacking Sound performance. process based music "Without software, a computer is like a stone. Consider a program that generates organised sound - what could it be but a music score, composed by humans? I suggest that ultimately, software can be nothing but human expression". Alex wrote a paper about hacking sound, which gives an idea about the ideas he's interested in sharing, see http://www.sound-hack.org/hacking.html. His session will be a speaker/demonstration hybrid with audio output and possibly video as well. Alien Tim Session: Soundscape Umberto Annino Aktuelle Kamera is a group of german guys who have started a "watch-the-video-surveillance" project in several german cities. The german URL for the project is: http://www.aktuelle-kamera.org. Umberto Annino (Switzerland) was inspired by Aktuelle Kamera to start a similar Swiss mapping-the-camera's project. He also presents the swiss big brother awards (excerpt from last year awards, and look-forward to this years awards). Session: Camera & Video Surveillance Aktuelle Kamera will mainly speak about video surveillance and what can be done with those tapes (i.e. face-recognition etc.) Stefan Arentz Session: IPSec at HAL Stefan Arentz, member of the IP Sec team of HAL2001 will explain the IPsec setup used at HAL and talk about IPsec in general. Walter Belgers Walter Belgers started hacking UNIX, Internet, BITNET and other stuff in the late eighties and hasn't stopped since. The first five years of his professional life were dedicated to developing, deploying and managing Internet firewalls for large internationals. Currently, he enjoys playing with UNIX (he has 19 systems running UNIX at home) and teaching UNIX and security to IT professionals for his current employer AT Computing. Session: Introduction to the FreeBSD operating system In this short introduction, the speaker will explain why FreeBSD is such a fantastic operating system. Several mindboggling features and uses of FreeBSD will be discussed. The speaker hopes that those in the audience running another OS will be tempted enough to try out FreeBSD for themselves and see if it can compete with the OS they are currently using. Session: IPv6 At HAL'2001, IPv6 connectivity is easily setup if your OS supports it. The IPv6 workshop will give an introduction to IPv6, after which you'll understand that more IP addresses are not the only thing IPv6 is about. After the introduction, the speakers will tell you more about the IPv6 related topic you would like to hear more about, be it the underlying technique, or more practical things like how the deployment is going. Eric Blossom Session: GNU Radio, a free software defined radio Andreas Bogk Session: The Dylan Programming Language Dylan is an advanced, object-oriented, dynamic language that supports the rapid development of programs without sacrificing performance. Nearly all entities in Dylan (including functions, classes, and basic data types such as integers) are first class objects. Additionally Dylan supports multiple inheritance, polymorphism, multiple dispatch, keyword arguments, object introspection, and many other advanced features. This workshop gives an overview of the language and the Open Source Dylan compiler from the Gwydion project. Peter Busser Workshop: Do It Yourself Linux Peter Busser (NL) has been working for VPRO Digital for a long time, and gives a workshop about basic Linux Security, together with Thorsten Fenk and Kurt Seifried. C. C. (Germany) is the spokesperson of CCC, the Chaos Computer Club. Jon Callas Jon Callas (USA) is an American cryptography expert who used to work for a.o. Apple, Pretty Good Privacy and Counterpane Internet Security. Jon Callas is a Senior Systems Architect at Wave Systems. Jon Callas is a premier figure in the world of Internet security. He produced RFC 2440 (the IETF standard for OpenPGP), created the architecture for a unified PGP and X509 certificates, and has worked to get PGP software available worldwide. His current passion is the Digital Millennium Copyright Act and its effects on security, testifying before the U.S. Congress in 1998. Session: The effect of anti-circumvention provisions on security Callas explores security design, copyright, and shows how the two can be reconciled. One of the properties of digital Intellectual Property (IP) is that it can be easily reproduced, modified, and transferred. In response, IP owners have created new security technologies for controlling the digital works. Inevitably, this creates an opportunity for those who can circumvent those technologies. Recent changes in copyright law attempt to address this on-going battle by prohibiting circumvention of these technologies. Unfortunately, this well-meaning provision has a number of unfortunate effects on development of security systems, including techniques that protect intellectual property itself. Justing Cheung Justin Cheung (USA) from the CNET (ZDNET) Linux Hardware Database will cover a broad range of issues dealing with the design and implementation of high-security linux server appliances. Cheung will talk about what kind of hardware to use, how to turn an insecure default install of Red Hat 7.1 Linux into a high- security operating system with a few easy steps. Session: Designing and Maintaining a High-Security Linux Server Appliance This session will cover hardware/software installation, configuring an out-of-box Linux, setting up mandatory access controls and restricted accounts, managing network services, and permissions as well as IDS, honeypot, setting up landmines and so on. A demonstration of security patching and how to conduct your own security audit will follow. Hugh Daniel Session: Opportunistic encryption in IP security Ariane Dekking Mouse Athlets RSI prevention course Sven Dietrich Sven Dietrich is a renowned security expert. He talked at length about the Shaft DDoS tool at USENIX LISA 2000, in addition to the quick work-in-progress talk at USENIX Security 2000. Dietrich is a Member of the Technical Staff at the CERT Coordination Center. Panel: DDoS panel Session: DDoS: analysis, detection & mitigation techniques Sven Dietrich gives an introduction to DDoS, Distributed Denial of Service, its detection, analysis, and possible prevention/mitigation techniques, exemplified by real-life DDoS scenarios. Jeroen Dekkers Paul Dinnissen Paul is 31 years of age and has (next to working careers at KPMG EDP auditors and DigiCash Corporation) a long entrepreneurial history in new media, being co-founder of Hack-tic Magazine, WebNet / EuroRSCG Interactive and ITSX. As a guest lecturer, Paul has given more than 150 presentations and lectures in 5 continents on Internet, digital payment systems and information security. http://www.maptive.com/. Panel: Privacy & location data in mobile telephony Dave Dittrich Dave Dittrich (USA) is a Software Engineer and Consultant for the University of Washington's Computing Communications Client Services group, consulting mostly on system security, UNIX system administration, and X Window System related issues. Panel: DDoS panel As an expert on DDoS he's a well-loved panelist. At http://staff.washington.edu/dittrich/talks/cert/ you will find the outline of a CERT workshop he gave on DDoS in november 1999. More background information: http://staff.washington.edu/dittrich. Interview by Slashdot: http://slashdot.org/interviews/00/02/16/1836215.shtml. Peter Eckersley Peter Eckersley (Australia) is doing a postgraduate thesis on alternatives to the intellectual property system - ways of paying artists, authors, and hackers, without giving them monopolies over their creations. Session: Designing an economy without (intellectual) property In this talk, he'll be discussing alternative digital economic structues which would reward creation automatically, without the evil mess that results from trying to establish unnatural "property rights" in ideas. Thorsten Fenk Workshop: Do It Yourself Linux Thorsten Fenk (Germany) organises a basic Linux security workshop. The goal isn't 100% security, just an introduction to basic Linux Security. This does not include kernel patches or the like, it's more about disabling unnecessary services and setting up ipchains. Intended audience are people, who just got a linux cd and like to secure their system. Niels Ferguson Niels Ferguson is one of the designers of Twofish, an AES finalist that lost to Rijndael. He spent several month attacking Rijndael, which resulted in the papers on which this talk is based. A veteran of both DigiCash and Counterpane, he is currently writing a book on cryptography. Session: How secure is AES/Rijndael? AES is the new block cipher standard. Should you use it? Hear the details of the best known attack on AES, the simple algebraic structure of AES, the dangers this structure might imply, and some advise on which block cipher to choose. Halvar Flake Halvar Flake likes to take apart stuff. Furthermore he has an absurd fascination with things that fail/break in a spectacular (and normally complex) way yielding unexpected results. Originating in the field of copy protection he moved on to reverse engineering with special regards to finding bugs which allow illicit execution of code or manipulation of the internal logic of running programs. He thinks about joining the OpenBSD development to help them remove a few of the nastier exploitable conditions in their code. Session: Binary and source code auditing Miek Gieben Miek Gieben (NL) from NLNet labs is co-organiser of the DNSSec workshop, together with Olaf Kolkman and Paul Wouters. John Gilmore John Gilmore (USA), one of the founders of the Electronic Frontier Foundation, is a man of many many talents, not easily described in 3 lines. Take a look at the impressive overview of his activities at http://www.toad.com/gnu/ Gilmore presents on 3 different topics.: Session: What's wrong with copy prevention See http://www.toad.com/gnu/whatswrong.html Session: Drugs & thought crime Quoting John Gilmore: "The US policy on "illegal drugs" has been a terrible, hurtful sham for my entire life. Today there are more than 2,000,000 people in prison in the United States -- supposedly the freest country in the world. One quarter of the world prison population is imprisoned in the US. We have imprisoned a larger number AND a larger percentage of our citizens than in every single other country. Minorities are imprisoned at large multiples of their actual incidence of criminal behavior. (...) Besides the practical issues, there are fundamental rights involved. The right to speak freely is irrelevant if the citizenry does not have the right to think freely." For more information see a.o. http://www.toad.com/gnu/ecstacy-sentencing.html. Session: Opportunistic encryption in IP security Together with Hugh Daniel, Gilmore is presenting the latest achievements of the FreeS/WAN project, release 1.91, which allows for opportunistic encryption. "This is where you don't have to setup by hand each secure link with someone else, it just happens if both of ends set up their reverse DNS correctly. It's not fully done, but you can (and should!) start playing with it! See the documentation file .../freeswan-1.91/doc/opportunism.howto to get started." See http://www.freeswan.org/. Emmanuel Goldstein Emmanuel Goldstein is the editor-in-chief of 2600: The Hacker Quarterly and host of a weekly radio program in New York called "Off the Hook". CNN Question & Answer Round: http://www.cnn.com/TECH/specials/hackers/qandas/goldstein.html. Session: Cybersquatting versus Freedom of Speech Panel: Hacker Culture 1984-2001 Rop Gonggrijp Rop Gonggrijp was editor-in-chief of HackTic Magazine. Later on he was one of the founding fathers of XS4ALL, the first internetprovider catering to the public in the Netherlands. Later on, he founded security company ITSX. His new company is NAH6, working on voice cryptography and mobile crypto tools. Panel: Hacker Culture 1984-2001 Session: SEMS open standard for secure SMS SEMS is a proposed open standard for Short Messages in GSM networks. We use RSA directly to provide a bigger payload. Because of this a lot of cryptographical problems have to be solved. Bart de Gruyter Session: Provisioning Portal for multicast satellite communication Bart de Gruyter works at Cast4All; a Belgian start-up that is developing a provisioning portal for multicast communications by satellite (DVB platform). Session: Provisioning Portal for multicast satellite communication During the session Cast4All will give a demo of this multicasting platform, the provisioning portal and some multicast applications plus some introduction on how to get things working on linux and win2000. Cast4All will also discuss our architecture. Also, during HAL they will either stream all presentations through satellite or show a closed loop demo. Robert Guerra Formerly Director, CryptoRights Foundation Head, Latin American Directorate. Presently Director, Computer Professionals for Social Responsibility (CPSR). Conference Co-chair, 8th CACR Information Security Workshop & 2nd Annual Privacy and Security Workshop. "The Human Face of Privacy Technology". November 1-2, 2001, The University of Toronto, Toronto (Canada). Session: Protecting human rights with crypto tools in Guatemala Job de Haas Session: SMS Security Fun & Games with Solaris kernel modules Arjan van den Ham Arjan van den Ham (NL) is a consultant for Deloitte. Together with his colleague Huub de Jong (NL) he will present a legal overview of, and a technical introduction to encryption. Session: The qualified digital signature Topics: What is a digital signature from a legal and from a technical perspective, The EU directive dealing with (qualified) electronic signatures, National workgroups and legislation, Certification of Trusted Third Parties, Requirements for qualified digital signatures: a technical or a legal issue? Prerequisite for this session is a knowledge about Public Key Infrastructures. Session: Public Key Infrastructures, a technical introduction In the technical introduction to Public Key Infrastructures Arjen van den Ham will discuss Secret key encryption, Hashing, Public Key encryption, Algorithms and its strengts and weaknesses, Key lengths, X.509 v3, Private key storage, Certificate storage, Certification Authority and its requirements and Registration. Jo Hastings Jo Hastings (USA) is the marketingmanager of Sealand/HavenCo, the independent internetprovider (co-location) on a small offshore near the coast of Great Brittain. Session: The story of Sealand/Havenco Harl Vaughan Session: Hacking the Brain: From Reverse Engineering to Optimisation This talk will cover the methods by which cognitive neuroscientists use to reverse engineer the brain and ways in which mental performance can be enhanced especially when completing 'high load' or difficult tasks. Gerrit Hiddink Richard Higson Demonstrate Hercules running Linux/390 (Debian) Richard Higson (Germany) will demonstrate Hercules running Linux/390 (Debian) on an i586 Laptop, Poorman's Mainframe, (MVS 3.8j or VM Rel6), discuss "Large scale Linux" if people are interested. Jaap Henk Hoepman Jaap-Henk Hoepman is assistant professor at the University of Twente. His research interest include cryptography, security and fault tolerance. Besides this theoretical work, he also likes to hack (as in: write programs for fun). His last project involves a Java based mind mapping tool. See http://www.xs4all.nl/~jhh Session: Privacy by Design We will discuss what privacy is, why it is important, and why keeping private becomes harder and harder. We will discuss how privacy can be protected by designing systems in certain ways. We will use the road tariffing system (Pieper's "MobiMiles") as a good, and Snellen's DigiBox as a bad example. Maria Hogberg Maria Hogberg (Sweden) gives a DNS tutorial together with Vesna Manojlovic. She works as a ccTLD-technican (at NIC-SE, who administrates .se). Besides covering DNS history, they will also be talking about DNS-sec, ipv6, the fact that you indeed can "shut of" the internet by pressing the right buttons and also some general political /administrative issues in the DNS- world. Don Hopkins Don Hopkins is a game developer who worked on The Sims with Will Wright at Maxis. He will discuss the design and development process, how it ticks on the inside, how to hack it and how to create your own content. At http://www.lushcreations.com/Transmogrifier.htm you will find a tool he developed that allows players to create their own objects for The Sims Hopkins will also talk about pie menus (http://www.piemenu.com), a user interface widget that he's been researching and developing since 1987, and that he implemented in The Sims for controling the behavior of the simulated people. Zoltan Hornak Zoltan Hornak is teaching at the Budapest University of Technology and Economics in Hungary. He is leading a security laboratory called SEARCH. The Security Evaluation Analysis and Research Laboratory is specialized in mobile network security. Within this Lab he has been executed several security audits and evaluations of different mobile phones and WAP-related systems. Session: Mobile Security - Dangers and Visions Hornak will talk about current and future dangers and visions of the mobile world. Bruce Hoult Session: The Dylan Programming Language Dylan is an advanced, object-oriented, dynamic language that supports the rapid development of programs without sacrificing performance. Nearly all entities in Dylan (including functions, classes, and basic data types such as integers) are first class objects. Additionally Dylan supports multiple inheritance, polymorphism, multiple dispatch, keyword arguments, object introspection, and many other advanced features. This workshop gives an overview of the language and the Open Source Dylan compiler from the Gwydion project. Gus Hosein http://is.lse.ac.uk/staff/hosein/za_ict_sub.html Francisco van Jole Francisco van Jole (NL 1960) is a journalist, who specializes in Internet coverage and works for print, tv, radio and online media. He co-hosts the national radio show 'TROS Radio Online' and has a bi- weekly column in de Volkskrant, a major Dutch national newspaper. Van Jole lectures regularly about a wide range of subjects concerning the impacts of an online society. Currently he works on a new book. More information on http://www.2525.com/. Huub de Jong Huub de Jong (NL) is a consultant for Deloitte. Together with his colleague Arjan van den Ham (NL) he will present a legal and a technical overview of encryption. Session: The qualified digital signature In the legal overview De Jong and Van den Ham will talk about The EU directive dealing with (qualified) electronic signature, National workgroups and legislation, Certification of Trusted Third Parties and requirements for qualified digital signatures: a technical or a legal issue? Topics: What is a digital signature from a legal and from a technical perspective, The EU directive dealing with (qualified) electronic signatures, National workgroups and legislation, Certification of Trusted Third Parties, Requirements for qualified digital signatures: a technical or a legal issue? Prerequisite for this session is a knowledge about Public Key Infrastructures. Zoltan Kincses Zoltan Kincses is working in the SEARCH Lab at the Budapest University of Technology and Economics in Hungary as a researcher. He had organised several security and smart card related seminars at the University of Eotvos Lorand in Budapest, Hungary. He is in finishing phase of his Ph.D. studies. Session: Mobile Security - What is possible now and in the future? Kincses will talk about several circumvent possibilities of GSM security. Olaf Kolkman Olaf Kolkman is a Scientific Programmer with the RIPE NCC. He is responsible for RIPE NCC's DISI project. He will give an introduction to DNSSEC and is co-organizer of the DNSSEC workshop with Paul Wouters and Miek Gieben. Ryan Lackey Ryan Lackey is from the offshore colocation provider Havenco. Session: The story of Sealand/Havenco Those seeking to host controversial content (scientology-related websites, investment information, security advisories, online gaming, whistleblower information about environmental abuse, political views, etc.) have a difficult choice: where and how to host. Fundamentally, the choices are to host onshore (in one's own jurisdiction) and try to make a political/legal stand, to host in offshore jurisdictions with more favorable laws (not just islands in the Caribbean -- for many, the US has favorable laws), or to host online -- using privacy- protecting technologies, p2p file sharing, etc. to be censorship resistant. We will present several case studies of different kinds of content and how they've been hosted, successfully or otherwise, and show how to choose the best way to host arbitrary content, before the lawyers come knocking on your door. Pete Shipley Member of the driveby hacking panel on sunday. Simon Lelieveldt Simon Lelieveldt is a former policy analyst of De Nederlandse Bank and De Postbank. Extensive information about this panel at http://gold.vanrein.org/e-banking/. Vesna Manojlovic Vesna Manojlovic is working for the RIPE NCC as a "trainer". In her talk she will cover the following topics: Internet Registry Structure (historical overview, CIDR, ICANN & Internet Governance & RIPE); Where to get IP addresses; the IRR and Reverse DNS. Akita Mata Session: computer created music/sound environment Digital folk culture. Digital sounds made on machine. Scott McIntyre Scott McIntyre (UK) works for the dutch internetprovider XS4ALL as the Security Officer. In his talk he will give an overview of the daily security practice at an ISP. Mixter Mixter is a 22 year old german male, who likes to code in C, and to develop other things related to security. He's currently employed with an IT security company. He is planning a short discussion about the upcoming generation of automated exploit tools, explaining the technical details and the scope of exploit automation as well as the implications on security. Possibly it will include the release of the first public tool for automated exploits and penetration testing. Take a look at http://mixter.warrior2k.com/ and at http://packetstormsecurity.org/distributed/tfn3k.txt for an extensive text about DDoS. Interviews with Mixter: (English) and (Deutsch) http://www.zdf.msnbc.de/news/48705.asp?cp1=1. Andy Mueller-Maguhn (CCC) Panel: Hacker Culture 1984-2001 Greg Newby Greg Newby, assistant professor in the School of Information and Library Science, University of North Carolina. Session: Can Hacker Ethics be taught and what are hacker ethics anyway? Workshop: Fundamentals of C/C++ programming Stop being embarassed that you don't know how to program. Instead, attend this tutorial, where you will learn what you need to write basic C and C++ programs. The tutorial will cover basic C and C++ syntax, functions, data types and (for C++) the STL. A small library of programs will be available on the Web for your exploration during or after the session. Bring your Unix/Linux systems, and you'll be writing programs by the end of the session! There are many programming languages in the world, but C and C++ are the languages of choice for most operating systems, server software and applications. With C and C++ skills, you will be better prepared to install, maintain, create and investigate security holes on Unix and non-Unix systems. In addition to the fundamentals of C and C++, we will demonstrate the basis of many security problems: the buffer overflow. Buffer overflow code will be written, and basic intrusion payloads will be demonstrated. Noir (Noir Desir) Alberto Escudero Pascual Pascual is working at the Royal Institute of Technology - Sweden. Anonymity, Untraceability and Privacy is Pascual's main research area at Kungl Tekniska Högskolan. It focuses on anonymizing techniques, protection of personal identifiable information (PII) and other privacy related issues. From January 2000 Pascual has been working in privacy in the field of mobile internetworking (location privacy) and since March 2001 in a joint research effort with Zero Knowledge Systems to extend the Freedom[tm] protocol. Read more on http://www.flyinglinux.org/ Session: Location privacy in mobile internetworking (untraceability). This session is about security and privacy. Please check http://www.flyinglinux.org for an abstract about Wireless LAN security. Information on the Big Brother Project pdck Pim van Pelt Pim 'Da P' van Pelt. Starting his Unix carreer as a member of the Board at the MCGV Stack computing club at the TU/Eindhoven, Pim discovered much of his interrests regarding the Internet. Working for various companies such as Track Internet, Wegener, Freeler and Intouch, he designs and deploys IPv4 and IPv6 networks and tries to advocate the use of BSDs within the various Dutch corporations. Some of Pim's spare time hobbies involve the organisation of a mediumscale PC Demoparty (www.takeover.nl), IPv6 deployment (www.ipng.nl) and Unix interoperability (#unix, #linux and #*BSD on the IRCNet) His daytime job involves development of datamining and informationm retrieval software at WiseGuys BV, and network consultancy and IPv6 design for Intouch NV. Rena Pengers Big Brother Awards International Sharad Popli Sharad Popli is the CTO and founding director of QuantumLink Communications Pvt. Ltd. (QLC), a five year old software company (based in Bombay, India), with a focus on Internet technologies and a specialization in Java. Sharad, an old timer on the Net (more than 10 years now) is the chief architect behind PostMaster, a popular mailserver with more than 1500 installations across the world. A strong advocate of Open Source, he has been an early adopter of various open source technologies and software (including Linux since its 1.0 days and PHP when it was known as PHP/FI :)) Sharad writes from time to time (when persuaded enough!) His articles have appeared in most publications in India and also on CNETs international sites. He is an oft-invited speaker at various seminars and conferences and has addressed numerous conventions on subjects including: Java Technologies, Servlets, Linux, Email, Security issues, MTAs on Linux, Advertising on the Net, and other generic net-based topics. When not ensnared by the Net, he enjoys reading, music and the great outdoors. Session: Basic introduction to privacy & security issues Security & privacy are critically important issues in todays digitally connected age. The typical netizen is blissfully unaware of the dangers that lurk each time he or she gets connected. Others consider security to be a "black art", too complex to understand - and therefore studiously avoid anything to do with it. This session serves as an introduction to the dangers that abound in today's networked existence. Besides presenting an overview of various attacks, the talk tries to demystify them by explaining the "how it works" of the attacks. We move from basic to more sophisticated attacks, cover a "proof of concept" case study and consider the counter measures possible. The session aims to serve as a starting point for all those interested in safe guarding their online existence, for those responsible for their organiztion's security issues and for just about anyone who is interested in security. Niels Provos Steganography is the science of hidden communication. It can be used to hide messages in images. Posting such images on the Internet permits secret communication to somebody who knows the secret key to retrieve the message. This is safe unless a third party were able to determine which images contain hidden content. In his talk, he will discuss how to detect steganographic content in JPG images. Starting with an outline on how messages can be hidden in JPG images, he will continue on how to discrepancies in such modified images can be found by statistical tests. Stegdetect is a tool that he developed to automatically find images that seem to have hidden content. While "stegdetect" does not guarantee that the detected images have hidden content, it acts as a filter. To ascertain that images really have hidden information, Provos developed software to launch large-scale distributed brute-force dictionary attacks against these images. He will talk about his motivation and experiences while developing and using these tools. Fjalar Ravia (aka fravia+) Session: Web wizard searching techniques, anti-advertisement galore and software reversing tips In his session Fravia (active in the software reversing and web-searching scene since 1994) is trying to explain how important it is to search effectively the web, and how annoying is the commercial crap you find on the web and in the software you use when searching knowledge and info, and hence how to nuke it reversing javascript snippets or software code you do not happen to have the source of. More info: http://www.searchlores.org/paris/paris.htm. Jim Rees Jim Rees (USA), works for the University of Michigan. His workshop will be about Smartcard Security, Applications, Directory Structure, Communication and Scanning, Javacard programming, Kerberos & ssh, Webcard, Secure Internet Smartcard. He can supply max 20 students with a card and reader. Students must provide a computer with rs232 port running BSD or linux. If you're interested in participating please prepare and read http://www.citi.umich.edu/hal2001/. You can subscribe for this workshop the minute you arrive at the INFO stand. First come, first serve! Rees doesn't mind if more people sit in, but the presentation will be aimed at the 20 subscribed people. Rick van Rein Rick van Rein is currently finishing his PhD in computer science at the University of Twente. He is the inventor of the BadRAM patch that makes Linux run smoothly on top of broken memory, and aside from a lecture on that, he also organises a session on electronic banking at HAL. Konrad Rieck Konrad Rieck (Germany) will give an introduction into kernel programming techniques under the Solaris 8 Operating Environment. Implementing security mechanims or even trojan/backdoor code in kernel space. Frank Rieger Frank Rieger (Germany) has a wide field of interests and activities. He was a speaker for the german Chaos Computer Club for several years with special focus on developing a hackers perspective on Information Warfare and global intelligence- and crypto-politics. Currently his main interest is in his company that developes next generation location based applications for fixed and mobile devices. He will talk about the effects of the availability of high-resolution satellite images in the civilian market. The talk will give an overview of sources, methods of analysis and uses by practical example and try to summarise what is publicly known about satellite imagery in the military and intelligence field. Brief excurses into shutter control politics, the upcoming UAV field and aerial imagery are also included. Guido van Rooij Ip-filter is an Open Source packet filtering engine that is available for a number of operating systems, including Solaris and {Free,Open,Net}BSD. Ip-filter comes with stateful packet filtering. In the TCP case, the state engine not only inspects the presence of ACK flags, or looks at source and destination ports, but it includes sequence numbers and window sizes in its filtering decision. This greatly reduces the window of opportunity for malicious packets to be passed through the packet filter. The original state engine had a number of problems. This speech will shortly discuss these problems and then move on to the design of the new state engine. This will be followed by discussing implementation consequences. The session will conclude with experiences with the state code, and future work on the state code. Peter de Ruiter Peter de Ruiter, website developer and initiator of www.cyberacties.nl. Session: How to organise cyberactions Cyber actions and how to set a succesful one yourself The internet is the perfect medium for fighting for a good cause and to organize people to support this cause. All means for cyber actions are available free and virtually without technical barriers. Which cyber actions are succesful and how can you set up one yourself? Peter De Schrijver Peter de Schrijver (BE) will give a work-in- progress presentation about Porting linux to non- Intel architectures. Besides running on the ubiquitous IA32 architecture, linux also runs on a variety of other platforms ranging from wristwatch to mainframe. But how do you tackle a port to an up to now unsupported machine ? How do you setup a cross compile environment ? Where do you find documentation? How do you debug the thing? How do I write code for linux which also runs on non IA32 machines? Moritz Schulte Moritz Schulte (DE) will talk about the GNU/Hurd OS (the idea, the design/architecture, the implementation, ...). The Hurd is a very interesting OS project. It's a multi server OS running on top of the Mach microkernel. The Hurd project needs more help of hackers, such talks can help to make it more popular. Scut Having been interested in security for the last five years, scut has spend his free time with research since then. First starting with copy protection mechanisms and cryptography he has slowly converted to a network security enthusiast. His focus in this broad field are security vulnerabilities at source level and complicated exploitation scenarios on a variety of architectures. He has a rock-solid understanding of the C language and has developed strong source code auditing skills. His past works include technical articles, exploitation software and actually 'useful' software ;). Kurt Seifried Workshop: Do It Yourself Linux THC Detailed quiz information and a way to preregister for the quiz, see http://www.thehackerschoice.com/events/hal2001/. Solar Designer Solar Designer is the author of several popular security tools for Unix-like operating systems. He is better known for his password security tool set which includes John the Ripper password cracker, and for the Linux kernel "hardening" patches, although those aren't necessarily the most interesting things he's done. ;-) Solar is currently the team leader for Openwall GNU/*/Linux. Session: SSH Traffic Analysis This presentation covers several weaknesses in common implementations of "secure" (encrypted) remote login protocols, with SSH (Secure Shell) protocols as the particular example. When exploited, these weaknesses allow an attacker to obtain sensitive information by passively monitoring encrypted remote login sessions. Such information may later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive login sessions. The traffic analysis attacks will be demonstrated. Countermeasures to reduce the impact of traffic analysis are proposed. Dug Song Dug Song is Security Architect at Arbor Networks, where he works on wide-area traceback, monitoring, and various active countermeasures to threats against network availability. He is also a frequent contributor to various open-source security projects (including OpenBSD and OpenSSH), and is the founding member of an online, international monkey cult. Session: SSH Traffic Analysis This presentation covers several weaknesses in common implementations of "secure" (encrypted) remote login protocols, with SSH (Secure Shell) protocols as the particular example. When exploited, these weaknesses allow an attacker to obtain sensitive information by passively monitoring encrypted remote login sessions. Such information may later be used to speed up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive login sessions. The traffic analysis attacks will be demonstrated. Countermeasures to reduce the impact of traffic analysis are proposed. Nikolay Sturm Nikolay Sturm (Germany) gives a workshop on OpenBSD, with an overview from a security point of view, sample installation, configuration overview, packet filtering, and IPSec. David Szego Session: biometrics hardware and practical usage A general overview of practical day-to-day usage of biometrics, and the demonstration of an affordable, portable fingerprint recognition device. Christiaan Alberdingh Thijm Christiaan Alberdingh Thijm (NL) is a lawyer specialised in intellectual property cases. He currently works for the dutch office SOLV, with customers such as KaZaa and XS4ALL. Thijm regularly writes columns and articles for Emerce. Tille (Machtelt Garrels) Tim Timewaster Session: Hacking Digital Watermarks A Digital Watermark is a technology that can be used to try to prevent digital data from being copied. Examples are SDMI, DVD copy protection and even Playboy's dirty pictures. Companies are spending tons of money on this kind of technology, but does it really work? In this talk, a brief overview of watermark technology will be given and a simple watermarking system will be examined. Note: AFAIK the system that will be analyzed is not in use for copy protection at the moment. Attacks against it have (hopefully) been known to researchers in this field before the DMCA was adopted. Geoffrey Turk Geoffry Turk works for the American company Goldmoney. Extensive information about this panel at http://gold.vanrein.org/e-banking/. Liz Turner Liz Turner (UK/NL) is a webdesigner. She's responsible for the look & feel of the HAL website. Mouse Athlets RSI prevention course Unicorn Drew Vallas Drew Vallas (USA) will talk about biometrics, the technology, the shortcomings and different applications. John Viega John Viega (USA?) lectures about his project RATS, a UNIX-based library for secure programming, focused on ease of use. It attempts to offer a wide array of high-level security functionality to software applications. We will show how this library can make programs more secure and yet easier to write. In his talk, he will also briefly examine the different types of strategies used to try to make programming in C safer. Tom Vogt Tom Vogt "target" of the movie mafia, an activist for freedom as well as a security professional, was involved in the DeCSS case from the start. His talk wil also be about the general impact on copyright-issues of the Digital Millennium Copyright Act. Tom Vogt (DE) is one of the earliest involved in the DeCSS party (defendant in cal, creator of the decss mailing list, top-3 hit on google for "decss"). He will give an overview of the history and move on from there to background and legal futures, such as WIPO documents we found during the past 1 1/2 years or the european copyright directive ("euro-dmca"). Web.fm (.at/.de/.net) Manuela Framer and Yuri Kliedejimas Session: Network sonification An hour of listening to network traffic, and systems in action. during this informal performance, web.fm subunits will present and discuss methods for bringing network processes, events and system activity into the audible realm in various forms. Applicable to system or network monitoring/analysis, ambient information presentation and mindless entertainment. http://subnet.web.fm. "With the aid of electronic computers, the composer becomes a sort of pilot: pressing buttons, introducing coordinates, and supervising the controls of a cosmic vessel sailing in the space of sound, across sonic constellations and galaxies that could formerly be glimpsed only in a distant dream." (iannis xenakis 1971) Stephanie Wehner Ruediger Weis Ruediger Weis (Amsterdam) has studied math and to avoid having to work for a boring company he also did his PhD in computer science. At the moment he is the chief cryptographer of the cryptolabs Amsterdam. His main research interest are cryptography, computer insecurity and wireless gadgeds. He is also a longtime member of the CCC. Session: "Open Source" Crypto hardware using JAVA Cards. Java cards make is possible to store small crypto hacks on the card. We show how we can provable add security to existent protocols and applications (e.g. gpg) and present some "you-can-trust-one-of-many" constructions. Barry Wels Harald Welte Harald Welte is the founding father of the Linux 2.4 firewall Maurice Wessling Jonathan Wignall Jonathan Wignall (UK), from the independent Data and Network Security Councel, is the organiser of DNS4 the uk's conference, now rescheduled to run 1 week after HAL to avoid clashing with this event. He is also a prior speaker at Defcon and H2K Brenno de Winter Brenno de Winter (NL) is the owner of De Winter Information Solutions. He's a very experienced lecturer. At Defcon this year he did a presentation on IPV6 security. More information on www.dewinter.com. Session: Security & IPv6 According to the market IPv6 is solving many issues and is ready for a more secure and business like Internet. But also the first issues related to IPv6 have occured. What is really new and how secure can we be with that? Marcus Wohlschon Student of computer-science from Rostock/Germany, interesred in wearables as a hobby, wrote one of the bigger wearable-software-projects. Marcus Wohlschon (Germany) can be found in the Main Tent, showing some wearable computing. Marcus plans to give an introduction to wearable computers in the form of a presentation and then join the audience to let everyone try out the hardwear he just showed. He hopes to get a discussion and maybe some on-site-hacks going. See http://www.informatik.uni-rostock.de/~mawol/hal2001/index.html Paul Wouters Paul Wouters runs a small ISP based on Free Software, and supports the opinion that ISP's are not capable of fullfilling the role of judge, police officer, lawyer nor religious leader, and aims to "just provide". As such, he got involved in various tapping issues in the Netherlands. Session: Transport of Intercepted IP Traffic On the 3rd of April this year, an anonymous posting appeared on the net which contained the tapping requirements and specifications for Dutch ISPs, which will likely become a European standard as well. Wouters will explain the legal requirements (FuncSpecs) and the technical details of the protocol (TIIT) and will share his feelings regarding certain aspects of these requirements. Stefan 'SEC' Zehl Stefan 'SEC' Zehl and friends organise a Hacker Jeopardy, similar to the Jeopardy round with hacker Questions on the CCC Congress 2000. Jeopardy (if you don't know it) is basically a simple question-answer game. We have 9 candidates three rounds with three candidates each, and one final round with the three best. There are small prizes involved as an incentive ;-) Candidates are recruited by advertising on a blackboard at the INFO stand. We are three people, our Mother tongue is German, but we plan to hold it entirely in english. Phil Zimmermann Phil Zimmermann, founding father of PGP, is involved as a consultant for Hushmail 2.0, a secure and anonymous webmailsystem. Zonkee Team Zonkee Team consists of Menso Heus, Sandor Heman, Frank van de Velde and Stephanie Wehner Session: The Storyspace Introduction to the story space concept. This is about a story telling experiment. See http://www.zonkee.com/ for more info. # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: nettime@bbs.thing.net