Are Flagan on Fri, 26 Jul 2002 06:50:25 +0200 (CEST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> H2K2 - Hope (Hackers on Planet Earth)


A report from H2K2 ­ HOPE (Hackers on Planet Earth) Conference, July
12-14, Hotel Pennsylvania, NYC, New York.

Presumes no previous knowledge of hacking and hopefully expands on some
previous knowledge of hacking.

-af

+ + + + +

Read_Me

H2K2 is only the fourth conference of HOPE (Hackers On Planet Earth) and
the third at Hotel Pennsylvania in New York City. From a relatively modest
start in 1994, the conference has gradually and quite impressively grown
in size from occupying only a small amount of hotel real estate to breach
the capacity of an entire floor during the most popular events. While the
earliest hacker ³conferences² (usually abbreviated Con, as in SummerCon
1987) were very informal and, sadly, often marred by arrests, the gradual
recognition of the hacker enterprise and ethic has led to large public
events like HOPE that are comprised of 12 quite exhausting but equally
invigorating hours of programming per day. Unlike other hacker gatherings
that have taken a very commercial turn, such as the DefCon extravaganza in
Las Vegas (which sidelines as the security industryıs
peek-at-the-underground showcase), HOPE is heavily invested in the social
and political agendas that motivate and support hacker activity. The list
of speakers and topics is consequently not only cloaked in handles and
obscure network acronyms. It also includes authors and industry experts
that, respectively, have sales ranks on amazon.com and command six-figure
salaries. The common thread is a belief in a free and open society that
readily shares information and knowledge to collectively improve on the
world we live in. Faced with the oppressive culture of security and
secrecy that currently sweeps this nation, the concerns raised, the
information shared, and the stories told at HOPE resonate with an
unprecedented urgency when one considers the increasingly analogous
relations between computer networks and society at large. Each
fundamentally operate according to constantly developing and
intermittently agreed-upon protocols that can be equated with democratic
principles, but each of these are also increasingly controlled by
corporate and legislative interventions. When a bona fide, public forum
like HOPE compels some audience members to cover their faces with bandanas
(others, presumably jokingly if black humor counts, sported silly false
noses and moustaches) to hide from the Feds seated watchfully in the back,
the debated lines of contention drawn in session after session found its
mirror image in the assembled crowd. You cannot ask of a conference to be
more real and relevant than this surreal scenario advertised.

Computer hacking is by all accounts driven by compulsive and obsessive
behavior that does not rest until a problem is solved or curiosity is
satisfied. It was perhaps fitting then that sessions ran back to back on
two overlapping tracks with a third track offering an open forum for
anyone to speak their mind or report on the latest exploits. Those whose
ability to absorb knowledge was not already besieged by this bit-rate
could linger in the network, workshop and merchandise area, which also
featured what amounted to an archeology of hardware available for
nostalgic experimentation. Most, however, came equipped with their own
top-of-the-line laptops and the organizers had kindly installed a wireless
network to support the impromptu groups that formed to share their
experiences at the command line. As such, any gaps in the already
overwhelming flow of input were incredulously filled with computation and
programming at an advanced level, and considering that many participants
seemed to have taken part of their summer vacation in New York City, the
sheer endurance of these attendees should bluntly have silenced any
academic, or parental for that matter, concerns about falling standards
and endemic ADD. Not everyone is of the MTV generation and the Daytona
Beach spring break crowd it seems. There were even family values on
display by hacker mums and dads who splurged on 2600 (the sponsoring
magazine) caps for their offspring and sat through complex talks on
ICANNıs increasingly dubious future with them.

This is not to suggest that HOPE was a tech-savvy version of Bible camp.
But considering the avatar nature and negative representation of
³hackers,² the uninitiated (counting yours truly) may be excused for
initially commenting on the normality and, gender excluded, diversity of
the scene behind the screen. And the educational aspects indicated above
are not really an attempt to repackage hacker activity in a wholesome glow
suitable for wholesale consumption: education, as a transaction in
knowledge, actually sketches the very foundation of hacker activity. The
central document that supports this claim, commonly known as ³The Hacker
Manifesto² (search Google and you will find it by the thousands), was read
aloud and commented on by its author in a session entitled ³The Conscience
of a Hacker,² which is the original title given the text when it first
appeared in Phrack magazine. Written when The Mentor was not much more
than a child himself, it bemoans a disillusionment with the educational
system and its stifling standards, which are overcome by independent
experimentation with computers (this is only a short quote from the text,
which was written on January 8, 1986, shortly after The Mentor was
arrested): ³Iıve listened to teachers explain for the fifteenth time how
to reduce a fraction. I understand it. ³No Ms. Smith, I didnıt show my
work. I did it in my head.² Damn kid. Probably copied it. Theyıre all
alike. I made a discovery today. I found a computer. Wait a second, this
is cool. It does what I want it to do. If it makes a mistake, itıs because
I screwed it up. Not because it doesnıt like me. Or feels threatened by
me. Or thinks Iım a smart ass. Or doesnıt like teaching and shouldnıt be
there. Damn kid.² The Mentor added his own statistics to the latter
Manifesto point by estimating that of the roughly 150 teachers he had been
in contact with during his career as a student, only two had left an
inspirational and inquisitive mark on him through their teaching. Despite
its staccato flow and basic language, the relative simplicity of the text
hides very complex relationships between institutions and individuals, as
well as technology and society. It is fundamentally the failure of living
up to the responsibilities of these relations that is being criticized in
The Hacker Manifesto, and technology takes on the role of realizing a new
set of human relations, born from individual responsibility, that truly
value freedom and education. Perhaps easily dismissed, 17 years after it
was written, as a conventional litany against authority, the Manifesto
nevertheless had a young HOPE audience repeatedly nodding to its message.
One can suspect that the approval partly stems from the politiciansı
feebleminded, and still ongoing, attempts to improve the public school
system through testing, testing, testing, testing, testing, testing,
testing and testing. Meanwhile The Mentor has come of age to comply with
some institutional dictums, notably those of Sigmund Freud, by actually
marrying a public school teacher, but he is putting all destructive
suspicions about his early text to shame by scavenging for discarded
computer parts in his spare time to build, in collaboration with his wife,
computer labs for the kids. It appears that ³The Conscience of a Hacker²
has always been a solid work in progress.

There were other proposals aired to integrate a hacker ethic into the
school curriculum from a K-12 level. Greg Newby, a professor at the
University of North Carolina, who made an overtly strong case for hacker
respectability by wearing a tuxedo, proposed that base concepts of
information value, privacy, security and secrecy should be taught
alongside basic computer literacy. As students progress, he suggested that
these concepts would get increasingly complex with attention lent to data
integrity and credibility. He also strongly favored a move from an
interface and end-user mentality toward a curriculum that exposes the nuts
and bolts of computing. Newby fundamentally invoked the curious, motivated
and talented hacker, and his or her community of peer group communication,
as a role model for such an expansive approach. The prime lesson taught in
schools, he noted, must be that honest exploration does not get you into
trouble, but serves as the very cornerstone of progressive learning.

As the introductory paragraphs suggest, the purpose of HOPE is to share
knowledge and Javaman ambitiously kicked off the conference with ³The
Shape of the Internet.² He proceeded to dispel any fears that what was
coming up would be cloaked in technical terms and incomprehensible code
snippets by bravely drawing ³live² on an overhead transparency to
illustrate his points. Despite being blinded by the projected light, he
managed to adequately trace, with a felt tip pen, various scientific
models for how the shape of the Internet has been imagined and mapped.
Similar projects have also been undertaken by a number of net artists with
varying degrees of success. Those familiar with Starrynight, for example,
will partly recognize what Javaman arguably deemed the most advanced and
persuasive attempt. By utilizing the BGP protocol, essentially a connect
list that each server maintains based on received routing information, it
is possible to define the number of edges, or chosen connections, that
radiate from each node. Using the premise that every edge that can exist
between nodes does indeed exist, it is then possible to compile a graph to
express the relations. The result poses all kinds of questions about how
the Internet is actually shaped and how its shape is growing, and some
findings revealed what we might have suspected: most servers seek to
connect via the popular networks and, secondly, routes are chosen for
economic reasons. An offshoot is that 1% of ISPs control 99% of the
traffic and bandwidth is consequently centralized, which makes it more
prone to both failure and surveillance. However, with the recent collapse
of some Internet backbones due to corporate bankruptcies, the
subject-to-failure part of the theory disproved itself as nodes
immediately found new routes when the previous hubs disappeared: the
Internet did not collapse. Javaman offered some very interesting
alternatives for networking protocols that included various peer-to-peer
methods, such as the ³Fisheye² protocol that maintains only cursory
routing information toward the periphery of the network. Perhaps the
future of what we today subsume in the Internet lies in these types of
configurations?

One of the most vocal sessions came in the form of ³Crypto for the
Masses,² a panel compiled of Matt Blaze, Greg Newby, Anatole Shaw and a
fourth unknown party who declined the honors of putting HOPE on the
resume. It sought to investigate methods whereby personal identity,
anonymity and the right to privacy may be preserved in a network
environment, and furthermore to discuss the hurdles faced by crypto and
its adopters. After covering the tried and tested, but somewhat hard to
implement for the less computer literate, PGP (Pretty Good Privacy)
schemes that are in the process of disappearing, the encryption built into
Web browsers became a topic. Primarily developed to satisfy a consumer
demand for secure credit card processing, it was deemed laughable from a
security point of view. More show than tell, it is primarily there to lend
an appearance of security, and the panelists unanimously agreed that it
is, perhaps unbeknownst to most computer users, rather pointless to embed
security into an otherwise insecure environment, such as, to quote the
favorite hacker example, the Windows operating system. Metaphorically and
simplistically speaking it amounts to installing a steel door in a paper
building.

Privacy, however, loves company and the question is if encryption is
really needed or desired for the vast majority of byte transactions that
take place over the Internet daily. It is a public space and most people
want to be seen and heard while browsing and expressing themselves in its
passages. While few disagree with this sentiment, it becomes problematic
when encryption is by design denied some, like regular computer users, and
made available to others, like government. Failed government schemes like
Key Escrow, which was outlined by Matt Blaze in the session ³Educating
Lawmakers: Is it Possible?,² speaks of an authoritarian paranoia that is
afraid of encryption on the grounds that it will deny (it) access to
information. Key Escrow involved the prototype production of a Clipper
chip with a proprietary encoding algorithm embedded that moreover demanded
all encryption keys to be passed on to the NSA through a backdoor.

In the ³Crypto for the Masses² panel Blaze had already made a strong case
for why widely available encryption might be a good thing all around.
Recognizing that the Internet will always be the subject of surveillance,
he suggested that encryption would only slightly diminish surveying powers
by crucially demanding that agents take an extra step to access this type
of information. On the flipside, and to the benefit of those collecting
what in their view amounts to evidence, more sensitive information will
arguably be passed along encrypted channels over the Internet, which will
make it open to a subpoena.

But if it is at all possible to educate lawmakers about such pros and cons
was perhaps inadvertently answered by fellow panelist and journalist
Declan McCullagh (www.politechbot.com) with his hilarious, and equally
shocking, anecdotes about ignorance in D. C. How about the legislative
body of Dianne Feinstein, a Democrat from California, that let out a
squeamish scream when the word mouse crept into the technology dialog and
was mistaken for a stray rodent? And as Lamar Smith, a Republican from
Texas and the sponsor of the Cyber Security Enhancement Act passed by the
House of Representatives on July 15 (the CSEA imposes the possibility of
life sentences for ³reckless² hackers), commented earlier this year:
"Until we secure our cyber infrastructure, a few keystrokes and an
Internet connection is all one needs to disable the economy and endanger
livesŠA mouse can be just as dangerous as a bullet or a bomb." Somehow,
and perhaps not so surprisingly, the instrumentality of knowledge and
education has been replaced by a somewhat irrational fear of plastic
pointing devices (that are easily confused with furry animals, or weapons
of mass destruction).

A heated-to-the-point-of-boiling discussion that crept across both
security-related panels was the forthcoming introduction of the Microsoft
Palladium standard. Essentially an updated version of the principles
employed by the failed Key Escrow plan, it involves, through an already
ongoing collaboration with the chip manufacturer Intel, the implementation
of hardware controls under what has been billed as a ³trusted² computing
platform. Problem is that you may as well pay a lot less and get a nice
color TV that remains similar in scope and is less hostile to its owner.
Microsoft and its cohorts will essentially decide what you may or may not
do with your machine, and it is not even a qualified guess to suggest that
built-in monitoring and digital rights management will fit the bills that
support the unilateral trust being built here. While the science of the
project was described as retarded by those in the know, it will of course
adversely affect how the majority of users experiences computers in the
not so distant future. Put succinctly, the Microsoft advertising slogan of
³Where do you want to go today?² becomes even more of a dumb rhetorical
question. A contention was offered, however, that owners would hate their
dictating machines with such vigor that widespread tinkering with the
control mechanisms will turn the end-user population as a whole into
³hackers² and launch a new, open collectivity in computing. Similar
concerns were expressed with regards to privacy. If there were a serious
spill of some proportion, consumers would demand cryptography applications
to protect their identities and communications, if and when desired. Both
projections resound as feasible, but it would certainly be preferable to
bypass potential bankruptcy or disaster and go straight to the decent and
desirable products that respectfully take their owners and users into
account.

Hackers have always believed that computers and technology have a vast
potential to make peopleıs lives better. But rather than dwelling on
cyberpunk utopias and futuristic projections of the lofty metaphysical
kind, hackers have developed the skills to actually approach this
fundamental premise from a very pragmatic angle. Hacking is not, at its
philosophical and practical core, a destructive enterprise, but rather a
directed quest for the improvement of existing systems. Given how central
the cause is for the application of knowledge and skills, there were a
number of talks that addressed, as already noted, the current network
environment in analogous relation to society at large.

Sida Vaidhyanathan, a cultural historian and media scholar moonlighting as
a professor at New York University, called his keynote crack at this
equation ³Life in a Distributed Age.² After collecting the usual cheers
for lamenting the loss of free speech and progressive scholarship due to
copyright and technical anti-circumvention provisions, Vaidhyanathan
returned to the roots of western civilization in ancient Greece to outline
an alternative social model based on cynicism. Derived from the philosophy
of Diogenes, cynicism maintains that virtue is the only good and its
essence lies in self-control and independence. This freedom from
convention coupled with moral zeal would, according to Diogenes, allow for
a highly practical politics that finds its expression in a borderless
polis, a decentralized, self-regulating, informed and competent political
body-at-large. Our projected cyberspace fits this revolutionary corpus,
but its realization in the Internet has of course led to limitations that
force the negotiation of more modest goals than those inspired by the
cynical mold. Returning to what brought him the first accolade,
Vaidhyanathan quoted numerous sources that seek to limit the vast
hospitality of the Internet as a decentralized and responsible space with
demonizing rhetoric. The goal is to persuade the public that the Internet,
and technology in general, is dangerous unless it is used with the proper
level of supervision and control. Statements like: ³Our enemies are
prepared to use our technologies against us,² which was made by Richard
Clarke, President Bushıs Office of Cyber Security Director (also known for
his ³electronic Pearl Harbor² analogy), in relation to the 9/11 tragedy
are both hopelessly vague and frighteningly encompassing. They raise the
usual questions of who ³we² are and how ³technologies² became ³our[s].²
Furthermore, Vaidhyanathan contested, if the Internet helped the
terrorists buy airline tickets it was box cutters that initially performed
and aided their gruesome deed. Legislation limiting sales of sharp or
pointed utensils should according to this logic be forthcoming, but it is
of course more likely to concentrate on areas that may limit the power and
profits of the few, such as open computing and democratic networks.

A similar demonizing was noted by author Doug Rushkoff in his ³Human
Autonomous Zones: The Real Role of Hackers.² After the dot-com pyramid
schemes failed so miserably (for some) and the Internet mercifully
shrugged off business, corporations and mainstream media have increasingly
started to load it with negativity. Symptoms abound and Rushkoff noted
that as early as the Atlanta Olympics we were subjected to what the media
termed an ³Internet-style² bomb. Obviously quite misleading from a
technical point of view (the bomb was presumably not modeled after the
Internet but its construction may have been available on the Internet, and
no doubt elsewhere), the language and context thrives on ignorance and
lack of contestation to support the reporting mediaıs role in bringing
³accurate² and ³truthful² stories. Storytelling consequently formed the
locus of his talk. Stories compete for believers and those that control
the stories we live by essentially shape our reality. Rushkoff quoted
numerous examples of proprietary oral traditions and Walter Cronkiteıs
signature byline at the end of his newscasts, ³thatıs the way it is,²
summarizes most of them. Within this closed and one-directional economy of
exchanges, hackers emerged as autonomous voices in a climate where
independence was outlawed. By breaking the spell of programming and
feeding broadcasts into a feedback loop, they demystified technology
through shareware and made it available for uses and contexts that were
not supported by the hierarchical structure whereby stories were, and
still are, disseminated. Current attempts at legislating the Internet and
the airwaves, and even hardware (see notes on the Microsoft Palladium
standard above), seek to restore the bullhorn mentality that hackers
passionately resist. As computer interfaces and operating systems have
become increasingly opaque to produce more end-users with entertainment
terminals rather than computing platforms, hackers have maintained
knowledge of computing and not lost sight of the broader social
interaction that encodes choices and spreads information. Here rests the
autonomous zone that remains the real role and function of hackers.

Another panel presenting the Indymedia network of Independent Media
Centers (IMC) brought some of this philosophy to a practical solution.
Indymedia was developed as a continuation and expansion of an online
newsroom offered during the pro-democracy protests in Seattle. It revolves
around an evolving open source code that is distributed by participating
Indymedia Web sites in many countries. The code supports the upload of
rich media content such as images, and the sites consequently offer users
the ability to post their own news stories with a local and personal
flavor. Some translation and cross-posting takes place. Links to sites on
the global IMC network are available at www.indymedia.org.

But pockets like the Indymedia network are unfortunately becoming
increasingly rare on the Internet as licensing restrictions and fees limit
Web casting and the forceful influx of corporate interests are seeking to
silence and dominate it. Several talks dwelled on these developments and
although the topics were different, the methods encountered displayed a
clear pattern where lawyers are replacing individual policing of copyright
and trademarks for federal legislation intended to represent their
interests. How a democratic body can become the executive branch of select
corporations has of course already been answered by the recent revelations
surrounding White House ties to industry.

The panel titled ³Bullies on the Net,² featuring Emmanuel Goldstein, Eric
Grimm and Uzi Nissan, first covered the 30 lawsuits brought by Ford Motor
Company against virtually every domain name that could in some way be
associated with any of its own or subsidiary car models or brand names. A
Swede selling used spare parts for classic Volvo vehicles (a company part
own by Ford) was consequently sued for pursuing a modest and
entrepreneurial livelihood under www.classicvolvo.com. Likewise, fans of
the endangered jaguar at www.jaguarcenter.com (currently featuring a nice
big-cat drawing by Amanda, age 13) were slapped with a suit to avoid
confusion between things that purr and things that rev. Uzi Nissan, who by
the merits of his own last name claimed Nissan.com in 1994 to advertise a
computer business, Nissan Computers, which he started in 1991, talked
about his own collision with the car industry. Five years later after his
entry in the domain name root, Nissan Motor Company, also known as Datsun
(unlike Nissan who has always been known as Nissan), sued him for 10
million dollars. The legal back and forth is still ongoing and Nissan, the
man, is 2.2 million dollars in the red as a result. Due process in this
type of litigation involves intimidation followed by an attempt to exhaust
the opponentıs resources, and it has obviously established precedents that
have little to do with basic fairness under the law.

For those interested in subversive uses of media and still remain somewhat
puzzled by the contention last year that bin Laden was inserting hidden
messages in his video broadcasts (rather than straightforward arguments
that Americans should not hear), would have enjoyed the talk Peter Wayner
(www.wayner.org) gave on steganography, which translates as the art and
science of hiding information in digital data. Although he was hard
pressed to define ³hidden,² and was shrewdly hiding his lack of a
definition behind Goedelıs theorem that prevents us from being logical
about detection, the methods outlined were elucidating enough to bypass
such premises. Generally, to hide data in data means that it must be
inserted in places where it will not be detectable unless you know where
and how to look for it. In some respects (and just to confuse matters
further), you essentially need to know what has taken place to describe
what has happened. The Catch-22 can look like this: in a standard image
file data can be replaced up to a threshold without affecting how the
image appears to the viewer. Examining the distribution of tones, however,
may indicate certain levels of suspicious patterns, but this is not a
guarantee that something secret or evil has been embedded; it may be the
work of a benign compression algorithm, for example. Of the methods
covered, the least technical from a non-computer science point of view was
the replacement of digital noise, or redundant information, with a
message. Wayner showed illustrations of how he had written algorithms to
perform such tasks for image files. It basically involves replacing the
least significant bit in the bit plane with one that belongs to the
³hidden² message; i.e if a value of 255 is changed to 254 in a binary
notation the result goes from 11111111 to 11111110, where the last digit
signifies the alteration of data. Without direct references or a
comparative analysis that point to this manipulation, the conundrums of
detection discussed above are obviously haunting any claims about secret
transmissions (for example in relation to the aforementioned video tapes).

Interestingly, researchers looking to embed digital watermarks in
copyrighted content have embraced steganography to turn the copying of
digital files into an ally in their protection schemes. One not-so-secret
message here is that any unauthorized use of images, for example, can be
successfully contested in a court of law, as the steganographic content,
once unveiled, can be submitted as evidence that the offending file is
indeed controlled and owned by the prosecuting party. Uses of the same
science have essentially gone from being banned to becoming highly
desirable once the rights to secrecy are reversed.

An emerging term that borrows from its hacker roots is hacktivism. Broadly
it covers activities that primarily use the Internet, although it arguably
covers technology in any form, to stage demonstrations. Treating
cyberspace as a public arena, activists turned hacktivists seek to engage
issues over the network, just like people have assembled and marched in
the streets to voice their opinions or misgivings. In a presentation
entitled ³Digital Demonstrations: DDoS attack or Cyber Sit-in?,²
Maximillian Dornseif offered a thoughtful and balanced overview of this
kind of action. The benefits of moving protest online, as he presented
them, were the increased visibility of the protest to a larger number of
people; the lack of a physical presence (anyone with the inclination and
an Internet connection can take part); increased anonymity for those
involved; and a reduced investment with regards to time and money.
Although ³demonstrators² are not easily counted online, advertising the
actions in advance can compensate for this shortcoming, and consequently
attract hungry-for-novelty media attention to these new forms of protest.
The agenda is inadvertently reported even if the format feeds the story.
Many online demonstrations have already taken place. Dornseif gave
technical beta on how demos have occurred in the past (mainly through
service overloads generated by reloading Web sites repeatedly or seeking
processing that quickly exhausts the system resources), but he stressed
that the future of online protests should take other users into account
and avoid denial of service attacks. The point is to forcefully make a
case, not to damage it. Of the technical scenarios he offered, the
prospects of ³communicating slowly² (as he named the self-explanatory
method) seemed the most promising. By communicating with the server one
character at a time, the system resources are slowed to a painful crawl.
Comparing the plan to one where, for example, office workers ³strike² by
doing their duties in slow motion (the analogy is not applicable to
certain bureaucracies, as time will cease to exist), these protests could
be explained legally within already existing guidelines and in keeping
with more traditional forms of demonstration. Protesters would less likely
become victims of persecution and prosecution as a result.

No hacker conference is of course complete without a set of presentations
dealing with the art and craft of hacking itself. These were usually high
on entertainment value and quite intriguing with regards to the science,
but they were outnumbered by talks addressing social and political issues
concerning the hacker community. A couple of presentations dealing with
computer viruses and the security of wireless networks are worth
mentioning to expose precisely how futile ant-virus software can be and
how networking through 802.11b can, almost, be equated with public
broadcasting.

Robert Lupo, with the you-guessed-it handle of Virus, gave a PowerPoint
overview of what viruses are, i.e. self-replicating code that attaches to
a host, and how viruses may be defined, as malicious code that executes on
behalf of the user but without his or her knowledge or approval. The
number of viruses eventually accumulated in this talk and their various
methods of implementation (some spoken of with open admiration) were
enough to make any computer user feel like a hypochondriac. Adding to the
earliest virus discovered in 1981, there are now about 71,000 known
viruses (currently increasing with about 1000 ³official² viruses per
year), but only a handful have reached any kind of notoriety in the wild.
Working as an anti-virus programmer, Lupo reported that the anti-virus
companies receive about 400-800 viruses per month that they have to
neutralize. The offshoot of all this is that your anti-virus software
always works retroactively; it provides a cure for an already known virus
that rarely remains in circulation for very long. Or in common cold terms:
the epidemic has passed by the time you have paid for and received your
flu shot. Of course, stray strands may still be around, but the risk of
infection is dramatically reduced. The most advanced anti-virus
applications actually update their protection files continually to reduce
the risk of exposure. For common users, such practices are of course
impractical, but they are reflected in how desktop software is starting to
link their applications to servers that update files of known viruses
regularly. As for more drastic improvements, Lupo discussed software that
detects any hostile activity in a system and alerts the user before it is
able to execute. Unlike the applications used today, this will provide
more general security against malicious code. The best protection of all,
however, it to leave the anonymous messages that say ³I love You² or ³How
would you like a million dollars?² alone before you remove them.

As far as hands-on hacking without entry goes, the ³Fun with 802.11b²
panel was a live performance with plenty of part numbers and DIY gadgets.
Pointing a network sniffer in the general direction of Midtown Manhattan,
Dragorn, Porkchop and StAtIc FuSiOn projected the findings behind them as
a streaming backdrop of data packets from hundreds of networks in the
area. Only about half actually encrypted their traffic, and quite
incredulously a quarter had maintained the default factory settings for
access (the consequences of which were not explored but remain clear). Fun
and games were also at the presenting hackers own expense, however, as the
sniffer was picking up local traffic from the conference network and this
did, of course, not go unnoticed for long by the equipped crowd. Soon
messages communicating room numbers for explicit purposes dominated the
packets. But somewhere in the audience someone brilliantly mixed up
accepted file path syntax with language and cleverly pitted it against the
crazed paranoia of secrecy, monitored networks and criminalized hacker
activity by forwarding usr/local/bin/laden. That action appropriately and
succinctly sums up HOPE.





#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime@bbs.thing.net