Spread the word!
Audio from the all of the presentations is now available!
NOTE: DUE TO EXTREMELY HIGH DEMAND, WE HAVE TO TEMPORARILY SUSPEND THE AVAILABILITY OF THE HIGH FIDELITY MP3S. YOU CAN STILL ACCESS THE COMPACT SIZE MP3S. IF YOU WOULD LIKE A DVD OF THE HIGH FIDELITY MP3S, WE HAVE ONE AVAILABLE AT OUR INTERNET STORE. WE APOLOGIZE FOR THE INCONVENIENCE AND HOPE TO BE ABLE TO RESTORE THIS SERVICE IN THE NEAR FUTURE.
A bittorrent of the high fidelity MP3s is now available at: http://tracker.pseudohacker.org:6969
HOPE Number Six was this summer's hacker conference sponsored by 2600 Magazine. Presenters and artists from all nationalities and disciplines participated in this forum. HOPE Number Six covered all aspects of hacking, the community surrounding it, and its effects across the world. For three days, The Hotel Pennsylvania was the nexus of discussion, planning, and activity for hacker ideas, opportunities, and understanding.
There were three tracks running throughout - two scheduled and one for talks scheduled on the spot. In addition, there were a number of tables for folks who want to be able to display or sell their wares. Here is the current lineup:
2600 Meetings: A Valuable Resource or a Waste of Time?
Since they began in 1987, 2600 meetings have sprung up all around the world. They inspired the movie "Hackers," helped to launch a number of federal and state investigations, provided journalists with fodder for all sorts of wild and crazy stories, and brought all sorts of hackers together who might otherwise never have met. But is this a good thing or a bad thing? Do the meetings actually strengthen the community or do they expose it to hostile elements that help to destroy it? You will hear a number of perspectives as well as stories on things that have happened at the many meetings that have taken place. If you've ever attended a 2600 meeting, we'd like to hear your feedback at this panel.
Aether Madness with the Prometheus Radio Project
The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations. Over the years, Prometheus has sued the FCC to stop media consolidation, built stations in places like Venezuela and Tanzania, and experimented with using off the shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands for. Prometheus fights for change by going straight to the pileup where technology, politics, and the media crash into each other. This panel will help bring you up to date on the political debates in Washington about low power FM, reforming the spectrum for wireless broadband access and other uses, and the grassroots organizing that can be done to reshape the media. A picture show of community radio barnraisings and stations that Prometheus has worked on around the world will be included.
Alienation and Engagement
The hacker sense of social responsibility is undermined by our alienation from the mainstream. From bad school experiences in childhood to the content property grab of today, we infer the world to be hostile and corrupt. Unwilling to become sociopaths, yet unable to find avenues for social change, we are tempted to withdraw from civil society and limit ourselves to technical contributions. A discussion of three non-technical areas where hackers can make positive contributions and where we might find principled people: journalism, economics, and law. The next civic establishment has to come from somewhere and this should be our historical era. So we might as well participate - or maybe just take over.
The Art of Electronic Deduction
Basics of Forensic Recovery
This presentation will introduce the basic model for forensic recovery of data in civil and criminal contexts. Technical challenges of acquisition and analysis will be briefly covered but the primary emphasis will be on the requirements of bringing data to court. Common tools will provide examples to illustrate the model. There will also be a brief discussion of provisions of the enforcement mechanisms of the Digital Millennium Copyright Act and recent case law dealing with failures to comply with production of evidence.
Binary Revolution Radio
Stankdawg and Guests
Binary Revolution Radio is a weekly Internet radio show that has been around since early 2003. The show covers topics that are of interest to the hacking community including hacking, phreaking, programming, digital rights, social engineering, and everything in between. The beginning of season four of this show coincides with HOPE Number Six this year and this will be an episode of the show recorded in front of a live studio audience! There will be lots of special guests, audience participation, and maybe... just maybe... punch and pie. You have to show up to experience it live and see why "The Revolution Will Be Digitized!"
(This panel ran past midnight which was when our trusty archiving team finally succumbed. As a result, this recording ends at the 73 minute mark with about 10-15 minutes left. If you have either an audio or video recording of this remaining section, please contact us.)
Bin Laden, National Intelligence, and How NOT To Spend the Taxpayer's Treasure
This presentation will address the Ten Threats, Twelve Policies, and Eight Challengers. And if you want to find out what all that means, you'll just have to attend. Robert was our keynote speaker at the original HOPE in 1994 (and our very first speaker ever) and has continued to rivet audiences ever since with stories and facts about national intelligence.
Biometrics in Science Fiction
The buzzword at the moment is biometrics. Everyone is talking about it and consumers get laptops with shiny fingerprint scanners. In reality, biometric systems often don't work. In the movies we can see what biometric recognition systems will look like and how they will work in the future. You can have your eyeball or face scanned and then you can easily walk through high security gates. The biometric system works flawlessly - until your eyeball gets stolen.
Thanks to the movies, we also know biometric scanners are easy to defeat. Examples will be shown from movies like Mission Impossible or Charlie's Angels where the nifty biometric security software is tricked by simple contact lenses, or stick-on fingerprints.
Friday (night) 0030
(This panel was rescheduled from Friday afternoon and there is no recording available due to the late hour of the panel. If you have a recording, please contact us.)
Breaking Down the Web of Trust
The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have key signing parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory.
Seth will take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better) and the current "correct" practices for establishing trust (and why they could be a lot better). To finish, Seth will talk about some of the many bad trust policies that have managed to become mainstream and commonly accepted, even by many self-described "computer security professionals."
Building a Hacker Space
By pooling resources, hackers can get bigger and more impressive toys to accomplish bigger and more impressive projects. This talk focuses on setting up and managing collectives for fun and profit - from finding a space to keeping it going. Presented by people who did it in Massachusetts, New York, and Pennsylvania.
Building the Anti-Big Brother Databases
Databases don't need to be huge collections of personal information waiting to be exploited. This talk will show how a few simple encryption functions can build a database that answers questions for the legitimate users but locks out all illegitimate users including those with the root password. The techniques make it possible to build privacy-preserving systems with much less complexity and overhead than conventional techniques.
Can Security Detectors Be Hacked?
Today we are challenged by a multitude of security detectors. But can they be beaten? This talk will deal with their vulnerabilities. The electromagnetic spectrum will be explained along with how waves propagate. Security systems like X-ray backscatter and mm wavelength microwave will be discussed along with possible defenses. Most of the talk will focus on the ubiquitous metal detector - the walk-through and handheld variety.
The question of whether radio frequency devices can compromise security will be explored. Front door and back door attacks (coupling modes) will be defined. The urban myth of radio frequency devices/weapons will be discussed. It will all top off with a discussion of Carl Jung and King Hubbert and how they relate to terrorism.
This talk is dedicated to Paul's cousin Tommy Farino, a New York Fire Department captain who died on 9/11.
Citizen Engineer - Consumer Electronics Hacking and Open Source Hardware
This is a hands-on session on all the things you're not supposed to do (but want to) with the gadgets that fill our drawers and shelves: transform an old VCR into an automatic cat feeder, use open interfaces to control Roomba robotic vacuums. Projects like these (and others, such as WRT54G hacking, iPod Linux, car-computer hacking, etc.) are part of a growing trend where consumers are going back and hacking what they buy. Just as computer hacking is closely tied to the Open Source software movement, so can such embedded gadget-hacking lead to an Open Source hardware movement.
Comparison of WAN Routing Protocols
A comparison of three members of a class of WAN routing protocols called "interior gateway protocols." Each member of the class - RSTP, OSPFv2, and IS-IS - is bound to a different kind of datagram: Ethernet frames, IP packets, and OSI CLNP datagrams respectively. Most companies with large WANs use one of the first two protocols for two purposes: to route around failed redundant links and to automatically find the correct path to a destination address on a large network with many hops. Including RSTP in the comparison is a realistic acknowledgment of the way L2 switching is abused these days. Including OSI in the comparison should reveal some habitually irritating aspects of switched IP networks that are mere accidents of history, and others that are more fundamental. Miles will provide background about how Ethernet switching works, what an IGP is, and what the now mostly-abandoned supposed-future OSI world feels like.
Constructing Cryptographic Protocols
J. Salvatore Testa II
This lecture will show how to construct advanced cryptographic protocols. Beginning with a set of requirements for a communications protocol that includes immunity from replay attacks, traffic analysis resistance, and resiliency against partial compromise, the audience will be shown how a naive protocol can be iteratively improved into a protocol satisfying those requirements.
The price of everything has become too expensive. As retailers feel they need to cater to the lowest common denominator, you are held prisoner in artificially antiseptic environments, customer service is a mockery of intelligent discussion and basic common sense, and yet somehow we now live in a consumer-driven economy. This presentation attempts to provide an understanding of how you can fight back - how to understand what you are really seeing when you walk into a supermarket, a "big box" mass merchant retailer, or even a local mall. It will also address "coupons," how you can read the barcodes with the naked eye and decipher them, and how you may use them to get nearly anything for free, or almost free.
The CryptoPhone Project
In 2003 a group of enthusiasts turned a standard PDA phone into a military grade voice encryption device. Unlike other players in the secure communications market, CryptoPhone decided to publish the complete source code for review. Not only that but a software-only client that will turn your PC and modem into a CryptoPhone is available for free download. The product range has expanded to landline and satellite solutions. What is next?
E-gold - As Misunderstood As Hackers
Internet Commerce is a wonderful concept. So is Internet Privacy. They clash where the government can access private bank records. E-gold allows private transactions to remain private. Unfortunately the Bad Guys want their transactions to be Most Private, giving e-gold and their financial brethren a bad reputation.
Exploring Your World with Open Source GIS, GPS, and Google Maps
Digital mapping is the ideal information sharing medium for urban explorers, war walkers, and travelers alike. Powerful open source geographical information system (GIS) software such as GRASS exists for users of all computer platforms to explore, analyze, and digitize custom maps. A brief overview of mapping will be given and then GRASS will be used to demonstrate how to make an annotated bike trip map around New York City. The Google Maps API for making customized maps will also be explained and demonstrated.
Europe Has Hackers Too
There are hackers on the other side of the pond too! This is a view of parts of the European hacker scene, especially that of Germany and the Netherlands. The Chaos Computer Club will be discussed along with other European hacker groups. You will learn about the major differences between the American and European hacker scene, see what the different lifestyles are like, and get a good look at some of the European hackers' nicest projects. There will also be details on upcoming European conferences which you are cordially invited to. After the presentation an open discussion will permit you to ask any questions about all of those fancy countries on the other side of the pond.
Everything You Ever Wanted to Know About Spying and Intelligence
This is an update of Robert's famous informal presentation, completely unstructured, which will address all sorts of specific details about spying, information, intelligence, emerging threats (hackers are NOT one of them), strategy, anti-Americanism, and the destruction of the treasonous Republican and Democratic parties.
Flash Sucks for Advertisers - The Digital Divide
While the contention is that Macromedia Flash sucks for consumers who can't download Flash, it actually means that the advertisers using it are not getting their message out to those consumers. This will be a discussion of Internet access and The Digital Divide, with emphasis on the Internet's role in special education.
The Future of Wireless Pen Testing
Frank ("Thorn") Thornton
The future of wireless pen testing and vulnerabilities of 802.11 networks, RFID, and Bluetooth, including a then-and-now perspective of the past five years of development in wireless vulnerabilities and research, pet peeves, the future of wireless protection standards, and topics from the audience.
The Geek Comedy Tour 3000
Picture what happens when you give the kids who were picked last for dodge ball a microphone and some stage time. The Geek Comedy Tour 3000 is just that. A collection of some of the best standup comedians from the Washington DC area, this group comes to the stage with a high-energy approach as well as topical, intelligent material that is accessible to both techies and non-techies alike.
(These guys are available for bookings - visit their site at http://www.geekcomedytour3000.com.
The Geeky, Personal, and Social Impact Sides of Creating Defensive Technology
Ever wish you had the power to turn off a TV in a restaurant or disable an intrusive cell phone? Social defensive technologies are "reality hacking" devices that give us the sort of sociopathic control we've come to enjoy on the Internet alone. Three years ago, Mitch decided he'd had enough of televisions and designed the TV-B-Gone, a universal "off" keychain remote. Around the same time, Ladyada designed a personal RF jammer. Together they will discuss these projects in the context of reclaiming personal space, culture-jamming, and how we can design technologies that do what we really want. Don't expect good WiFi/cell reception.
Ghosts (and Zombies) in the Machine
What do dark fiber, zombie networks, web ghosts, and net spooks have in common? They're all scary! Boo! Come for a fun and wide-ranging survey of largely unrelated Internet phenomena, from computers zombied by script-kiddie rootkits to MySpace pages and blogs left after their creators have died. Is there really a ghost in the machine? Maybe not, but there's definitely a lot of bizarre stuff around the edges.
Hack the Palate! How to Set Up a Kitchen Hack Lab
Chefs are a lot like hardware hackers. Both geek out, absorbing the specs of vegetables/technology for the purpose of creating something that nobody else has: innovative food/new machines). So what kind of food comes out of a kitchen that's turned into a hack lab? Something delicious. Something geeky.
Hackers And Academia
Adam J. O'Donnell aka Javaman
In many ways, the hacker community and the academic community don't appear to get along. The classical view of how both academia and the hacker community operate seemingly are mutually exclusive, with the academy priding itself on rigor and proof while the hacker community espouses a "proof by example" methodology. The relatively slow pace of academia turns off hackers, and the lack of rigor of hackers does the same for academics. During this panel discussion, we show how the two worlds are not that far apart and present individuals who are actively trying to bridge the gap between the two. Current students, past students, professors, and hackers, one in the same, will be present for the discussion.
Hackers in Prison
Mark Abene aka Phiber Optik
For the first time ever, the three most famous imprisoned hackers of the 90s appear together on the same panel. Mark served ten months in 1994, bernieS was locked up for 14 months in five maximum security prisons in 1995 and 1996, and Kevin was held for nearly five years. Each of these cases received a lot of exposure from 2600 and "Off The Hook" which wound up getting the attention of mass media and the public. But these cases are only the tip of the iceberg. You'll hear some of the background, learn about what's going on today with some other cases, and maybe even hear some prison stories.
(Kevin Mitnick unfortunately wound up in a hospital in Colombia for the entire conference and is replaced here by Darci Wood.)
Hacking Copyright and Culture
Taking things apart, reusing, and remixing the old in order to create the new are tenets of the hacker ethic. But these impulses have also been at the heart of artists, musicians, and writers since the beginning of human creativity. Complete access to copy, reuse, and remix work is necessary for cultural and technological progress, a progress that the current state of copyright and the increasing ubiquity of DRM threatens to permanently undermine.
This fight has become political. From protests to boycotts, from lobbyists to students, there is a movement underway and an increasing number of ways to get involved and fight for your digital rights beyond sending $15 to the EFF and running GNU/Linux (which you should already be doing).
This talk will be about the current state of the Free Culture student movement and events being organized in the area, including the first ever anti-DRM protests, a Creative Commons art show, and a DVD remix contest.
Hacking the Mind: Hypnosis, NLP, and Shellcode
The similarities between the methods used to exploit a computer network and the language patterns involved in hypnosis and neuro linguistic programming (NLP) are striking. In this talk, nCircle's director of vulnerability research Mike Murray (who is also a Master NLP practitioner and certified clinical hypnotherapist) will demonstrate the use of hypnotic language patterns, metaphors, and other patterns of influence, as well as showing how a good hypnotist structures inductions in a similar way to the methods of a skilled computer hacker. Hypnotic analogues to buffer overflows, shellcode, and other types of computer attacks will be demonstrated, leaving the audience with a deeper appreciation for language patterns and their effect on the human mind.
The HOPE Net: What Worked and What Didn't
This is where we review what it took to put the network together. There are bound to be some fascinating stories to share as far as what went on over the weekend. This network is by far the biggest ever attempted at any hacker conference on this side of the ocean with more bandwidth available than many countries have. This makes the stories even more entertaining. The network gurus of HOPE will have a lively discussion on the challenges of running a network at a hacker conference right before it all gets taken apart.
HOPE Number Six Closing Ceremonies
The tradition continues. Instead of going home early, we encourage people to stay late and celebrate the conclusion of the conference. (Consider Monday a lost day.) You will hear some of the highlights of the past three days and get one last chance to see people before the next time we decide to do this. It's also a chance to win all sorts of prizes by demonstrating skills and abilities or just by being at the right place at the wrong time. And most importantly, you will finally learn who Number One is.
How to Steal Someone's Implanted RFID - And Why You'd Want To
Annalee will talk about how she got an RFID implant to demonstrate some of the basic security problems with these devices. These are problems that the companies who make RFID systems are either ignoring or outright lying about. She'll discuss the process of implanting the RFID, including getting the surgery and unpleasant dealings with VeriChip. She will also talk about the many problems with security used for implanted RFIDs (and security problems with RFIDs used as access control devices). Then Jonathan, the RFID-hacking expert who cloned Annalee's RFID, will talk about how he did it and (hopefully) he'll be able to give a demo. He'll describe how he made his device and how it can also be used for proximity card cloning. He also has a new cloner which he may or may not want to talk about in detail.
How to Talk to the Mainstream Media
Blogs, vlogs, podcasts, RSS, even old school web sites and mailing lists - there's never been more ways for hackers to get their message out. So why bother dealing with the Mainstream Media? Because that's where the audience is. Only a tiny percentage of blogs have sizable audiences and even the biggest of those are dwarfed by the audiences for TV news, mainstream media websites, or the circulations of the larger dead-tree newspapers and magazines. If you're interested in getting your point across to as many people as possible, this talk will improve your chances by telling you what professional journalists want and why, how you can help give it to them, as well as what pitfalls to avoid.
IBOC vs. DAB-T: In-Band vs. Multiplexed Digital Radio
More and more U.S. stations are going digital using "In Band On Channel" methods where the data is sent with the analog radio station. But a lot of the rest of the world uses a different frequency for the digital version of the station. This talk describes the transmission methods technically, discusses the pros and cons of the different methods as well as the commercial implications, and focuses on how community radio can fit into the changing landscape of radio.
Will the U.S. and its listeners lose out by using different systems than most other countries? A look at this question, why IBOC has been adopted, and how digital radio helps and hinders reception.
Kevin Mitnick Unplugged
In this interactive talk, Kevin updates the world on how his life has changed since his release from prison in 2000, what the hacker community means to him, some of the crazy places he's found himself visiting, where he sees the world of technology going, a few of the scary laws that could be used to prosecute you, and how he managed to start a successful career despite the wishes of the authorities.
(Due to Kevin being in a hospital in Colombia, this talk had to be cancelled.)
Keynote Address Friday
"Free Software and the Hacker Community"
Keynote Address Saturday
"Using eBooks to Break Down the Bars of Ignorance and Illiteracy"
Keynote Address Sunday
"Hacked by Uncle Sam, Vote Fraud, and the End of Democracy"
Law Enforcement Wiretaps: Background and Vulnerabilities
The politics of wiretapping is a hot topic (again) lately. But how do the police actually tap telephones anyway? How might tapping technology fail? Telephone wiretap and dialed number recording systems are used by law enforcement and national security agencies to collect critical investigative intelligence and legal evidence. This talk will examine the technology of (legal) wiretapping and show how many of these systems are vulnerable to simple, unilateral countermeasures that allow wiretap targets to prevent their call audio from being recorded and/or cause false or inaccurate dialed digits and call activity to be logged. An exploration of possible workarounds, as well as the broader implications of the security vulnerabilities in evidence collection systems.
The Life and Times of Alan Turing, Father of the Computer
Alan Turing was an intriguing guy whose life was as tragic as it was amazing. Known as the father of the computer, the man who broke the Enigma code, and a sad victim of British homophobia in the 1950s, Turing serves as a role model for many hackers, computer scientists, and mathematicians. This talk tackles three subjects: Turing's role in breaking the German Enigma code, Turing as the father of the computer, and Turing's personal life (and death). A look at Turing's life in chronological order, focusing on events which had profound effects on his thinking and feelings. Turing's story is ultimately a sad one, but along the way you'll see a breakthrough in cryptography and the birth of the computer. You'll also want to fight much harder for freedoms that we still take for granted, despite the fact that they are disappearing fast.
Lockpicking: Exploits for Mechanical Locks
Barry "The Key" Wels
Marc Weber Tobias
Every mechanical lock, no matter how sophisticated, can be bypassed. And here you will learn how. A wide variety of opening techniques will be demonstrated. Ranging from "lock decoders" that are in use by the intelligence community to till tools and techniques that allow a layman to open a wide variety of locks with little training and using only inexpensive tools. Even the opening of some state of the art electronic locks will be demonstrated on stage. If you're willing to learn then simply join one of the training sessions during the conference (in the lockpick village) to have Barry and his friends teach you how to pick and bypass locks yourself. You are invited to bring your own locks and find out if they are any good.
Low Level Firmware Analysis and Hacking
A presentation using examples from John's experience reverse engineering disposable digital cameras. Hardware disassembly, reading firmware from the flash chip, firmware disassembly, figuring out hardware registers, and how to identify and circumvent lock codes will be among the topics touched upon. The CVS camcorder lock and the vulnerability that hacked it will also be discussed.
Magnetic Stripe Technology and the New York City MetroCard
Curious what's on all those magnetic stripes in your wallet? Learn how magnetic stripes work and how you can use parts from your "junk drawer" to build a simple reader. Joe's reader design is easy to build and is capable of reading proprietary formats that most commercial readers can't. The software, which runs under Linux and requires only a sound card, does most of the work and is easy to tweak. Also included in the lecture will be a discussion about the New York City MetroCard and how its proprietary encoding was reverse engineered with this reader design.
Making Reliable Links Using WiFi
Ever wondered exactly how much engineering goes into professionally installing WiFi links to 99.999 percent availability? In this talk, Catonic will be covering calculating path loss, Fresnel zones, gain, power, and other topics which when combined are used to design RF links between two locations. The information in this talk is useful for VHF, UHF, and microwave link planning. Additionally, Catonic will be providing an analysis of some of the factors considered when iFiber Redwire planned and then executed last year's record WiFi shot of 125 miles.
Managing Your Company's Intellectual Property: An Introduction to IT Security
Data is every company's most valuable asset and its protection is imperative for survival. This presentation gives managers and other business leaders the practical foundation they need to secure their intellectual property, properly comply with legislative requirements, and maximize the overall value their IT strategies provide.
The Monochrom Collective
A talk medley from monochrom, a worldwide operating collective from Vienna dealing with technology, art, context hacking, and philosophy which was founded in 1993. They specialize in an unpeculiar mixture of proto-aesthetic fringe work, pop attitude, subcultural science, and political activism. Their mission is conducted everywhere, but first and foremost "in culture-archaeological digs into the seats (and pockets) of ideology and entertainment."
This session will be a little tour-de-farce about their projects and political motivation. A joyful bucket full of good clean fanaticism, crisis, language, culture, self-content, identity, utopia, mania and despair, condensed into the well known cultural technique of a gala show.
Among their projects, monochrom has released a leftist retro-gaming project, established a one baud semaphore line through the streets of San Francisco, started an illegal space race through Los Angeles, buried people alive in Vancouver, and cracked the hierarchies of the art system with the Thomann Project. In Austria they ate blood sausages made from their own blood in order to criticize the grotesque neoliberal formation of the world economy. Sometimes they compose melancholic pop songs about dying media and they have hosted the first annual festival concerned with cocktail robotics. At the moment they're planning a conference about pornography as one of the driving forces of technological innovation. They also do international soul trade, propaganda camps, epic puppet theater, aesthetic pregnancy counseling, food catering, and - sorry to mention - modern dance.
Network Monitoring and the Law
A discussion of federal and state criminal law as well as civil penalties, expectations of privacy at work, and the relative rights and duties of employers, employees, and IT workers. Also included will be an explanation of network monitoring and the Wiretap Act.
The New Engineers of Graffiti
The Graffiti Research Lab is dedicated to outfitting graffiti writers, street artists, and protesters with open source technologies for urban communication. The goal of the G.R.L. is to technologically empower individuals to creatively alter and reclaim their surroundings from unchecked development and corporate visual culture. During 2006, the G.R.L. has toured across the globe demonstrating and teaching new graffiti technologies and DIY skills to diverse public audiences. Their work has been featured in alternative and mainstream news sources like the New York Times, Wooster Collective, TIME Magazine, Visual Resistance, and The Village Voice. In May 2006, Ars Electronica gave the G.R.L. an Award of Distinction in Interactive Art. You can find their work at http://www.graffitiresearchlab.com.
This panel will give an introduction to geek graffiti and focus on the Eyebeam OpenLab with particular attention to public domain DIY hardware hacking, GNU software, and Creative Commons content. Some GRL tools will include LED "throwies," the "night writer," the "electro-graf," and more.
A free LED "throwie" workshop will be held downstairs throughout the conference, guaranteed to grab your attention.
"Off The Hook" - The Indecent Version
Featuring the "Off The Hook" Cast
Yes, that's right, the acclaimed WBAI radio show does an edition that the FCC won't permit us to air. Restrictions on what we're allowed to say over the radio will be addressed in a very "direct" manner. Over the years the American broadcast media has become increasingly government-controlled with the federal authorities determining what is decent and what is not. The result has been a whole lot of blandness and conformity, not to mention a good dose of fear and paranoia behind the scenes. While we may not be allowed to say a lot of things over the air, we CAN say them in a room full of people. At least for now. One day perhaps this edition will be allowed to be heard on the radio. For now, though, you can win a prize by figuring out just how much we could be fined and imprisoned if this show were to make it to air. In all honesty, we believe it will be a pretty "decent" hour. You can even bring the kids.
Password Cracking and Time-Memory Tradeoff
An in-depth explanation of the applications of time-memory tradeoff when applied to password cracking and its relevance to the future of the IS industry. Also, a demonstration of what quite possibly could be the fastest web-based MD5 password cracker on the planet.
Phone Phreaking 101
Have you ever caught yourself thinking "Gee, I wonder how this phone thingy works?" Do you often dream about what's inside that building downtown with your local phone company's logo emblazoned upon it? Do you find yourself confused when people start talking about "op-diverting," "setting up 8s," or "getting on the bridge?" If so, then this presentation is for you.
Ever since the early 1990s, most people have thought that phone phreaking was dead. They have thrown their black, red, and blue boxes out with their trash and have dismissed the idea of "phone phreaking" with the same zeal that they dismissed the idea of the Easter Bunny and Santa Claus. But phone phreaks still survive to this day! The phone network was one of the first great networks. Yet today it just sits there, only explored by a handful of people.
This presentation is an attempt to change all that. It will answer basic questions and clear up common misconceptions about phreaking, the phone system, and telephony in general. It will also attempt to clear up urban legends that continue to exist today and show people that phreaking is not a dead art. Topics covered will include history, basic phone network operation, VoIP, myths and misconceptions, general phreaking, and stupid phone tricks.
Privacy Is Dead - Get Over It
Gerard P. "Jerry" Keenan
Reginald "Reggie" Montgomery
This will be a wide-ranging lecture covering databases, privacy, and "computer-aided investigation." Steven is the owner of PallTech, the largest privately held online investigative support service in the U.S. This talk will include numerous examples of actual data and secret databases as well as a demonstration of an actual online investigation done on a volunteer subject. During the second hour, Steven will be joined by a four member panel of investigators and intelligence experts.
Privacy Is Dead - Get Over It Revisited
When the Steve Rambam talk at HOPE Number Six was disrupted by his arrest minutes before he was scheduled to go on stage, we vowed to make sure it would one day be presented to the public. That day occurred on Thursday, November 16, 2006. HOPE Number Six finally came to an end with a three hour talk at the Stevens Institute in Hoboken, New Jersey that focused on just how much information on each of us is readily accessible to virtually anyone. Steve also revealed all of the information he was able to find on a volunteer "victim" and answered all sorts of questions from the standing room only audience, including what really happened back in July.
Privacy through Technology: A Hands-On
Until recently, using cryptography to protect your privacy when using the web, email, or instant messenger while connecting your laptop all over the world from very insecure and untrusted networks was a daunting task that most people could never set up. For those who could, it proved impractical to use over a longer period of time. Fortunately, things have changed a lot in the last year. But the notion that cryptography is too difficult to use is still a widespread belief.
In this presentation, Aldert and Paul will demonstrate how easy it is these days to use cryptography. They will bring a Windows and an OSX laptop, and demonstrate how to set up encryption tools from scratch. After the presentation, a slide show version of their presentation will be available as download for everyone to take home.
Topics will include how to secure email using GPG with Thunderbird and Mail.app, how to protect IM traffic using OTR with a variety of IM clients such as Gaim, Adium, iChat, Trillian, or other clients using the OTR proxy, how to encrypt your browsing using Tor and Privoxy, how to build an L2TP VPN to encrypt all your traffic while browsing at Starbucks by using your home DSL, how to encrypt your VoIP calls using Gizmo and Zfone, how to enable WPA/WEP security on your wireless network, and how to use an encrypted hard disk using FileVault or Windows software. Finally, they hope to be able to show you the first IPsec encrypted WiFi mobile phone.
This presentation will be a hands-on training. That means no slide shows on how things work in theory, but demonstrating live to you that it only takes a few minutes to set up the cryptographic tools to protect your privacy.
Proactively Secure Programming Techniques
J. Salvatore Testa II
This lecture will teach several proactively secure programming methods that can be applied to direct-memory languages like C and C++. These methods are an application of the fundamental defense in depth principle that can provide an extra level of security against common buffer overflow attacks, double-free vulnerabilities, and logic errors.
Mark Abene aka Phiber Optik
This project began in late 2005, when the website www.phonetrips.com came to Mark's attention. On that site one can find old recordings of phone sounds: call-progress tones, clicks, ker-chunks, all sorts of things. Someone had traveled around the country back in the 70s capturing these magical sounds. In addition, there were a handful of actual recordings of blue boxing recorded in a narrated "radio show" format for all posterity. Hearing those tones brought back memories of when Mark himself experimented with blue boxing back in the 80s. Blue boxing can best be defined as directly signaling those legendary MF tones across analog trunks in the old telephone network, exploring the inner workings through pure sound alone.
After repeatedly listening to these "phonetrips," Mark thought to himself, "It's a shame all that's gone now. No more analog trunks or MF signaling, no more 2600Hz. SS7 and the completely digital, intelligent routing network are the order of the day." And that's just the way things are. But wouldn't it be cool if there was some way to bring it all back?
This presentation is the daring story of how Mark used Asterisk and VoIP to bring back blue boxing - essentially a fully working model, connected to the public telephone network, of analog signaling in all its glory. We can all blue box again and Mark will show you how you too, with some Asterisk and VoIP experience, can use his code modifications to Asterisk to set up your very own working analog trunks and vintage routing codes, and ultimately recreate a piece of history for all telecom enthusiasts, MFers, and phone phreaks to enjoy.
Pseudonymous Software Development and Strong Distribution
V. Alex Brennen
A talk and tutorial on cryptographically strong pseudonymous software development and distribution models with the intent being to show hackers that when developing software is forbidden by law, developers can use PGP and other tools to continue to safely exercise their right to free speech in the form of source code. There will be a description of software release, upgrade cycle, security advisories, development team collaboration, and how to handle the reception of bug reports and patches from users. In addition you will learn how software developed by cypherpunks like the anonymous re-mailers, onion routing network implementations, and PGP key server networks can be used. See how the software works in theory (not command line options, etc.) covering topics like public key cryptography, digital signatures, zero knowledge proofs, and reputation systems. There will also be a discussion of the use of not commonly used cryptographic technologies such as ring signatures to prevent successful rubber hose attacks by authorities.
Quantum Cryptography and Computation
Quantum based computation and cryptography provide capabilities beyond their classical counterparts. Quantum computers are exponentially faster than classical computers for the solution of certain problems while quantum cryptography makes effective eavesdropping on communications impossible. Shor's factoring algorithm will be discussed along with schemes for quantum cryptography using entangled photons.
(This talk was cancelled by the presenter.)
Radio Communications for Hackers, Amateurs, and Activists
Sometimes cell phones, telephone lines, and Internet connectivity just aren't good choices for communications. Whether those networks are down, unreliable, too expensive, or you just don't trust carriers or ISPs to not hand over all your communications records to Big Brother's data-mining program, there ARE alternatives. Amateur (ham) radio, GMRS, FRS, MURS, Part 15, and other technologies can provide free and effective short-range or even global voice/data communications. This panel will explain how you can use the magic of radio to take control over your communications.
A regular feature of HOPE conferences, this year's retrocomputing panel will reminisce about bulletin board systems. The dial-up BBS was how many people sent their first email, read forum posts, and found the electronic communities that would later migrate to the Internet.
Sellam will also give a brief introduction of the history of computing and talk about the various eras since the invention of the first modern day computers in the 1950s with an introduction to Babbage's work in the 1830s. Also discussed will be hacker history, phreaking history, how the culture sprang up, and what it has morphed into today.
RFID Privacy - Old Threats and New Attacks
A look at the challenging requirement of anonymity in RFID systems. After a discussion on proposed solutions to the privacy threat you will see how easily such solutions can be circumvented or completely broken. By looking at the physical characteristics of the tags, Karsten will demonstrate how new attacks can circumvent these solutions, some of which have been implemented in a lab. There will then be a look at the back-end infrastructure of the RFID system which will show that the currently outlined implementation will compromise privacy in ways that have never been anticipated - basically allowing for customer tracking over the Internet by everyone.
Selfness-Copyfight: From Censorship to New Business Models
Pro-copyright cartels use direct extortion, among other methods, to keep their outdated business models and views alive. Yet the "copyfight" goes on and more and more examples every day prove that their view is not only very shortsighted, but dangerous. "Selfness" is the extreme opposite of copyright, not only practically (it is currently being used as a business model), but also philosophically.
Emmanuel Goldstein and Others
Once again we continue the tradition of not only explaining what social engineering is, but demonstrating it to the throngs as well. Emmanuel has been confusing people on the telephone for many years and gets a whole lot of pleasure out of tricking total strangers into giving him information he has absolutely no business having. And after you see this in action, you'll be able to do it too! We always appreciate suggestions on who can be targeted. All sorts of special guests may drop by this panel.
In a time where bureaucracy can hold you back against a foe that is more agile, fast, and who definitely doesn't care about the laws they break, a new method of forensics is being developed. TrackSploits have been used against phishers, malware authors, and distributors as well as "black hat" hackers to gain intelligence on them in a passive, yet active, manner. These techniques do not break the law, but they will bend them and test the law's resilience. Techniques include tracking attackers behind proxies, breaking encryption algorithms to unmask IP addresses, stealing data back from the phishers in real time, and using cross-site attacks to track malware authors. This talk will open your eyes about intelligence gathering and counterespionage against relentless entities dedicated to causing havoc and profiting from it.
Under The Desk at MIT
V. Alex Brennen
A formal announcement of the creation of the Public Domain Software Foundation (PDSF). The PDSF is meant to be a parallel to the Free Software Foundation. It is being started to advocate and support the placement of source code and documentation in the public domain rather than under the GNU licenses. This presentation will include an explanation of how cryptographic management of identity makes many licenses unnecessary. Package and patch management solutions are becoming much more automated with Linux distributions as well as with various software packages. An explanation of why this trend is making the public domain a necessity for many types of modern software.
Underground Documentaries: The Art of the Interview and the Access
This panel will cover what it takes to make your own underground indy documentary - from asking "attack questions" to recording industry execs to approaching historical legends to sit down with you and be interviewed. Topics will include the equipment required, legal no-nos, the Creative Commons, editing, distribution, and how to do it all on the cheap.
Urban Exploring: Hacking the Physical World
John and Laura Leita
A continuation of The Fifth HOPE talk that will cover more urban exploring. Topics will include how to find and navigate university tunnels and how certain aspects of society work/worked by looking through ruins. This presentation will include pictures and videos of various urban exploration sites. There will also be a discussion of urban exploring photography, ethics, laws, and safety.
Virtual Private Servers and the (Free) Open Source PBX
Mark S. aka Skram
Mark will show how VPS virtual server technology can combine with the Asterisk PBX to replace your expensive, proprietary phone system - while still using the same server to run your website! Not only does this exciting technology apply to old school Nortel sysadmins (with large corporate budgets) but phreaks at home can try this too!
Voice over IP (VoIP) services such as Vonage, AT&T CallVantage, and Packet8 have recently gained popularity. Unfortunately, there's a catch: your VoIP phone only works with the phone company you bought it from. In this live demonstration, TProphet will show you how to free a D-Link DVG-1120M VoIP adapter from the chains of AT&T CallVantage service. He will also demonstrate FreeWorldDialup, a free alternative to paid VoIP services.
Vulnerabilities in a Connected Future
This presentation deals with the vulnerabilities of emerging connected technologies and their uses. As manufacturers continue to pump out new technology without properly assessing the risks, those risks end up affecting customers. The focus of this presentation deals with vulnerabilities and attacks on Smarthomes and Smartcars taken from analyzing these emerging technologies. Vulnerabilities also exist in these technologies from how users interface with and utilize them. Modern connected technologies are intrusive and it is important that everyone understand the dangers. This presentation also delivers a healthy dose of problems with the next generation IP protocol, dealing with problems in its implementation and future. IPv6 will play a big part in the connected future with integration into previously mentioned technologies and mobile devices. Lastly, the presentation will discuss problems with biometric authentication technologies and refute how these devices are being touted as security silver bullets.
(There is a seven minute audio gap in this panel due to a microphone malfunction. We've edited out the silent bit on the audio archive and it appears as silence on the DVD. If you happen to have a recording of the missing section, please contact us.)
This panel will deal with technology that is a bit off the beaten path, technology of the government, private sector, and the home brew variety, as well as the legalities and affects of all this weird tech.
Wireless Security Flaws
Wireless security flaws are commonplace but not many people realize just how much of the inner workings of infrastructure and management traffic for large networks are often accessible over wireless. Working as a team of professional penetration testers, the first time these three saw routing protocols and management traffic visible over 802.11, they thought the client really lacked clue. The tenth time, it wasn't so funny anymore.
This session will show you the common switching, routing, and management traffic commonly present in urban wireless environments, discuss the security risks (from information disclosure to remote exploit), and show you how to prevent this sort of highly critical data from leaving your network by way of your access points. Using examples from the last five years of growing urban wireless presence, this talk will show the initial signs of backbone control traffic creeping out of poorly secured access points and present statistics on overarching protocol trends over time. The talk will then take a more serious turn, showing the sorts of damage that a malicious attacker can wreak on a network with the information provided in just a few routing protocol packets. Lower level attacks such as switching and CDP will also be covered. Finally, a ray of immediately practical hope will be offered, giving recommendations on actions that will prevent this sort of critical data from being advertised out of your wireless access points.
Did you miss the speaker deadline?
Did you arrive at the conference and were inspired to talk?
We have a special third track for people in just such a position. It doesn't get scheduled until the conference actually begins.
Information on how to schedule your talk will be available at the registration desk. It's first come, first served, so be sure to arrive early!
We're making available a number of tables for folks who want to be able to display or sell their wares. These tables will be located in a highly-trafficked area of the second floor. We hope that a variety of groups will be able to take advantage of this opportunity to reach our attendees, and that our attendees will be able to see some neat products they might not otherwise get to know about.
Tables cost $250 each for commercial organizations; discounted rates are available for non-profit or personal projects. The commercial rate includes admission to the conference. We will provide tables, chairs, and tablecloths if you want them. To register for a table, or for more information, please email firstname.lastname@example.org. Let us know who you are, what you are planning to sell or show, and if you will need electricity or a connection to the Internet (wireless or ethernet).
Plan your weekend!
|Time||Area A||Area B|
|1000||Network Monitoring and the Law||Flash Sucks for Advertisers - The Digital Divide|
|1100||Hackers And Academia||RFID Privacy - Old Threats and New Attacks|
|1200||How to Steal Someone's Implanted RFID - And Why You'd Want To||The Life and Times of Alan Turing, Father of the Computer|
|1300||Magnetic Stripe Technology and the New York City MetroCard||Building the Anti-Big Brother Databases|
|1400||Lockpicking: Exploits for Mechanical Locks||Hacking Copyright and Culture|
|1500||The Monochrom Collective|
|1600||Keynote Address Friday: Richard Stallman||Proactively Secure Programming Techniques|
|1700||The Art of Electronic Deduction|
|1800||Europe Has Hackers Too||Bin Laden, National Intelligence, and How NOT To Spend the Taxpayer's Treasure|
|1900||The Future of Wireless Pen Testing||Weird Technology|
|2000||"Off The Hook" - The Indecent Version||Hacking the Mind: Hypnosis, NLP, and Shellcode|
|2100||Aether Madness with the Prometheus Radio Project|
|2200||2600 Meetings: A Valuable Resource or a Waste of Time?||How to Talk to the Mainstream Media|
|2300||The Geek Comedy Tour 3000||Binary Revolution Radio|
|0030||Biometrics in Science Fiction|
|Time||Area A||Area B|
|0900||E-gold - As Misunderstood As Hackers|
|1000||Radio Communications for Hackers, Amateurs, and Activists||Low Level Firmware Analysis and Hacking|
|1100||Wireless Security Flaws||Under The Desk at MIT|
|1200||Citizen Engineer - Consumer Electronics Hacking and Open Source Hardware||Phone Phreaking 101|
|1300||Retrocomputing||IBOC vs. DAB-T: In-Band vs. Multiplexed Digital Radio|
|1400||Keynote Address Saturday: Michael Hart||Making Reliable Links Using WiFi|
|1700||Privacy Is Dead - Get Over It||Password Cracking and Time-Memory Tradeoff|
|1800||Alienation and Engagement|
|1900||Hackers in Prison||Constructing Cryptographic Protocols|
|2000||Project MF||Breaking Down the Web of Trust|
|2100||Law Enforcement Wiretaps: Background and Vulnerabilities||Hack the Palate! How to Set Up a Kitchen Hack Lab|
|2200||Building a Hacker Space||Virtual Private Servers and the (Free) Open Source PBX|
|2300||Everything You Ever Wanted to Know About Spying and Intelligence||The New Engineers of Graffiti|
|Time||Area A||Area B|
|0900||Managing Your Company's Intellectual Property: An Introduction to IT Security|
|1000||The Geeky, Personal, and Social Impact Sides of Creating Defensive Technology||TrackSploits|
|1100||Urban Exploring: Hacking the Physical World||Can Security Detectors Be Hacked?|
|1200||Basics of Forensic Recovery||Privacy through Technology: A Hands-On|
|1300||Exploring Your World with Open Source GIS, GPS, and Google Maps||Vulnerabilities in a Connected Future|
|1400||Social Engineering||Ghosts (and Zombies) in the Machine|
|1500||Keynote Address Sunday: Jello Biafra||The CryptoPhone Project|
|1600||Pseudonymous Software Development and Strong Distribution|
|1700||Underground Documentaries: The Art of the Interview and the Access||Selfness-Copyfight: From Censorship to New Business Models|
|1800||The HOPE Net: What Worked and What Didn't||Comparison of WAN Routing Protocols|
|1900||HOPE Number Six Closing Ceremonies|