Event begins at 10:00 Friday, runs until 18:00 Sunday, and will be open 24/7.
You can also download the schedule in PDF and Excel formats. (Thanks to Peter Capek)

A Conversation with Edward Snowden

Sat, 19 Jul 2014 14:00:31 +0000 (Manning, Serpico, and Olson)

Download Audio: 16kbps or 128kbps

We had to keep this bombshell quiet til the last minute since some of the most powerful people in the world would prefer that it never take place. (Even at this stage, we wouldn't be surprised at mysterious service outages, but we believe the hacker spirit will trump the unprecedented might of the world's surveillance powers. Fingers crossed.) Daniel Ellsberg has been an inspiration to Edward Snowden and Ellsberg himself has expressed his admiration of Snowden's actions in releasing information revealing the extent of NSA's spying on civilians around the globe, including within the United States. Ellsberg changed the conversation in the height of the Vietnam War through the Pentagon Papers - by revealing deceptive practices by the government. Snowden has also dramatically changed the conversation on surveillance and intelligence-gathering with his revelations. We're honored and proud to have HOPE be the forum via which these two American heroes converse. Snowden is, of course, still unable to leave Russia because of the threat he faces from the authorities in the United States. So he will be joining us and speaking on a video link right after Daniel Ellsberg's keynote. Speakers: Edward Snowden; Daniel Ellsberg; Trevor Timm

Keynote Address – Daniel Ellsberg

Sat, 19 Jul 2014 13:00:36 +0000 (Manning, Serpico, and Olson)

Download Audio: 16kbps or 128kbps

We're thrilled that the whistleblower of all whistleblowers - Daniel Ellsberg - will be one of our keynote speakers this year. Ellsberg was the cause of one of the biggest political controversies ever seen in the United States when he released the Pentagon Papers in 1971 and changed history. We are honored that Daniel Ellsberg recognizes the value and importance of the HOPE X conference and it's great to know that he'll be able to speak in person to a whole new generation of individuals who will also shape the direction of the world one day. We can only hope they'll also be ready to stand up for their convictions, no matter the cost. Speakers: Daniel Ellsberg

The Hacker Wars – A Conversation with NSA Whistleblower Thomas Drake

Fri, 18 Jul 2014 14:00:38 +0000 (manning)

Download Audio: 16kbps or 128kbps

Vivien Lesnik Weisman, director of the upcoming documentary film The Hacker Wars [1], speaks with Drake on the confluence of hacktivism and whistleblowing. Depending on one's perspective on who should regulate information, hacktivists and whistleblowers are either criminals or freedom fighters. Drake will discuss his own case and the dystopian dynamic that ensued when the criminal justice system was used as an instrument to destroy him. In light of his personal experience with the state, he will discuss the importance of specific stories of young hacktivists, along with that of whistleblower Edward Snowden, including their battles with the U.S. government. Speakers: Thomas Drake; Vivien Lesnik Weisman [1] http://thehackerwars.com/

#radBIOS: Yelling a Database across the Room

Sat, 19 Jul 2014 10:00:24 +0000 (olson)

Download Audio: 16kbps or 128kbps

How can you distribute digital information using only sounds and computers? Frustrated by the lack of compatibility of wireless hardware in the wild, it was concluded that the audible spectrum was the One True Way to distribute knowledge. This talk will introduce Groundstation, an append-only graph database, and detail the journey of integrating it with the unambiguous encapsulation research of Ossmann/Spill to achieve its ultimate goal - the audible sharing of digital knowledge. Speakers: Richo Healey

(Geo)location, Location, Location: Technology and Countermeasures for Mobile Location Surveillance

Sat, 19 Jul 2014 15:00:18 +0000 (serpico)

Download Audio: 16kbps or 128kbps

We all know that law enforcement (and private companies, for that matter) can track you through your mobile phone. But how exactly does tracking work? How precise are they? When can they get this data? And is there anything you can do to obscure your movements without moving into a Faraday cage? This talk will discuss the various technologies that law enforcement, intelligence agencies, and private industry use to track individual movements. There are a surprising number of different techniques. Many involve the signals emanating from - and records created by - mobile phones, but there are more specialized - and surprising - tracking techniques in use as well. The tower data information contained in cellular call detail records, E911 "pings," tower dumps, IMSI catchers, aggregate metadata analysis, Wi-Fi and Bluetooth-based locators, traditional RF and GPS trackers, and some of the sophisticated "implants" used by intelligence agencies will all be discussed. Can you opt out without opting out of the Information Age? Not always, but there are a few countermeasures that work, as well as a surprising number that don't. There will be an analysis of a number of real-world cases of tracking, as well as tips on how to learn from the mistakes of others. Speakers: Matt Blaze

A Beautiful Mosaic: How to Use FOIA to Fight Secrecy, Explore History, and Strengthen American Democracy

Fri, 18 Jul 2014 12:00:50 +0000 (serpico)

Download Audio: 16kbps or 128kbps

The Freedom of Information Act (FOIA) is a simple but powerful tool that permits any citizen to find out more about what their government does, permitting more informed participation in American society and government processes. This presentation will show how public records released under FOIA have been used to expose questionable surveillance programs, domestic drone programs, and even an exploding toilet. It also highlights the availability of an array of free, public resources to explore millions of pages of government records that have already been released, so you can see the results of your tax dollars at work. This talk will also review ways of overcoming some common agency roadblocks to get the records and data you want. Examples will be drawn from the GovernmentAttic.org and Muckrock.com web sites. Two comprehensive workshops will follow: Basic FOIA Workshop, and FOIA Advanced Strategies and Tactics. Speakers: Michael Morisy; Michael Ravnitzky

A Sea of Parts

Sat, 19 Jul 2014 20:00:47 +0000 (olson)

Download Audio: 16kbps or 128kbps

Have you heard of Self Re-Configuring Modular Robotics (SRCMR)? This new technology enables robotic modules to configure themselves into whatever you need, whenever you need it, which offers many benefits. If we could create a common pool that modules can be drawn from when they are needed and returned to when they are not, we could further leverage the benefits of SRCMR. The challenge is that the pool is not intrinsic to an SRCMR system; we need to create it. We need a new understanding of our common resources and an acceptance for sharing them. If we can create the pool or "a sea of parts," it will bring the same benefits to physical systems that shared web hosting has brought to the web. This will allow quick and cheap development and deployment of new ideas. Speakers: Per Sjoborg

A Story of Self Publishing Success

Sun, 20 Jul 2014 16:00:42 +0000 (olson)

Download Audio: 16kbps or 128kbps

Just days before HOPE Number Nine, John Huntington released a self-published version of his book, Show Networks and Control Systems. Several months before, his publisher had decided that they were not interested in an update after three successful editions, so Huntington got his publishing rights back and did a whole new edition himself using Amazon's Createspace for printed copies and Kindle for e-books. And it's been a success - Huntington has made far more money self publishing this one edition than the royalties on all three of the previous editions with the publisher combined. More importantly, he has had a far higher level of engagement with his readers, and has been able to do things he never could have done with the publisher, like putting free lecture videos for each chapter on his website, or giving copies away (which he will do at the end of this talk). Huntington will share sales figures, compare the economics and issues related to both printed and e-book editions, and lay out the challenges, pitfalls, and successes of this process. Speakers: John Huntington

Apophenia: Hunting for the Ghost in the Machine

Fri, 18 Jul 2014 14:00:09 +0000 (serpico)

Download Audio: 16kbps or 128kbps

This discussion will look at the practice of exposing anomalies in network communications and computer processes in order to find evidence of interference (or intentional communication) from beyond the grave. Known as Instrumental Trans-Communication (ITC), the practice has roots as far back as the 1930s and has survived into the digital era. We will look at how these same methods are now being applied to Wi-Fi networks, custom software development, remotely networked sensors, and digital spectrogram systems designed to capture images of the spirits of the deceased. (The discussion will be accompanied by a basic circuit workshop where participants can build a simple device with accompanied software to collect data and test the methods discussed in the presentation.) Speakers: Wil Lindsay

Are You Ready to SIP the Kool-Aid?

Fri, 18 Jul 2014 10:00:16 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Session Initiation Protocol (SIP) is the gateway drug to VoIP (Voice over Internet Protocol). You will see how such a phone call is set up, and will witness an in-depth discussion of Asterisk, the open source PBX software that represents the new age of telephone switching in the 21st century. Speakers: Richard Cheshire; Gaston Draque

Art under Mass Surveillance

Fri, 18 Jul 2014 20:00:43 +0000 (serpico)

Download Audio: 16kbps or 128kbps

!Mediengruppe Bitnik are contemporary artists. In their talk, they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London. Speakers: !Mediengruppe Bitnik

Ask the EFF – This Year on the Internet

Sat, 19 Jul 2014 11:00:30 +0000 (manning)

Download Audio: 16kbps or 128kbps

Hear from lawyers, activists, technologists, and international policy analysts from the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. Since HOPE Number Nine, much has happened on the Internet. From Aaron Swartz' tragic death to Edward Snowden's revelations, from TPP to Stop Watching Us, they will put it all in context and answer your questions. This session will include updates on current EFF issues such as their efforts to end mass spying both at home and abroad, their fight against the use of intellectual property claims to shut down free speech and halt innovation, a discussion of their technology projects to protect privacy and speech online, updates on their cases against the NSA, litigation and legislation affecting security research, what EFF is doing to open access to scholarly works, how they're fighting the expansion of the surveillance state, and much more. Half the session will be given over to Q&A, so it's your chance to ask EFF questions about the law and technology issues that are important to you. Speakers: Nate Cardozo; Kurt Opsahl; Adi Kamdar; Peter Eckersley; Eva Galperin

Barrett Brown and Anonymous: Persecution of Information Activists

Fri, 18 Jul 2014 12:00:35 +0000 (manning)

Download Audio: 16kbps or 128kbps

Barrett Brown, a Dallas-based writer and freelance journalist, was arrested in late 2012 and indicted several times on charges including the publication of a hyperlink. He was earlier pegged by the media as an "unofficial spokesperson" for the hacktivist collective known as Anonymous. But who is he really and what was he trying to uncover that made him a target of the feds? The prosecution was widely regarded as excessive and included a gag order, subpoenas, charges issued against family members, attempts to seize defense funds, and criminal counts so flawed that they were later dismissed. This talk will explore Brown's work, what happened during his case, the dynamics of his interactions with Anonymous and its implications for other journalists who work with hackers, and why his case outraged many of those who care for free speech and freedom of press. Speakers: Kevin Gallagher; Ahmed Ghappour; Gabriella Coleman

Biohacking and DIYbiology North of the 45th Parallel

Sat, 19 Jul 2014 20:00:32 +0000 (manning)

Download Audio: 16kbps or 128kbps

In the past few years, there have been foundational developments enabling hobbyists and seasoned professionals to research and develop the life sciences outside of classical institutions. Known as DIYbiology or biohacking, this shift in the bio-world takes its inspiration from mature hacker and open source cultures. In this panel, Canadian biohacker successes and struggles will be presented. Current legal, economic, and political landscapes that affect Canadian and global biohackers will be discussed and compared. What constraints and challenges are faced when it comes to doing synthetic or molecular biology outside of its conventional confines? How is the community membership growing and what does it take to accelerate this growth? Lastly, what growth are we anticipating for independent and open biotech research, as well as inter-laboratory and international collaboration? And how can the audience and other hacker communities get involved in this exciting shift? Speakers: Kevin Chen; Connor Dickie

Bless the Cops and Keep Them Far from Us: Researching, Exploring, and Publishing Findings While Staying out of Legal Trouble

Sat, 19 Jul 2014 10:00:48 +0000 (manning)

Download Audio: 16kbps or 128kbps

We all like to tinker and explore. Hacking, exploring, and publishing findings is important to our community as well as the world at large. Unfortunately, law enforcement and the operators of the systems you investigate may disagree and use the legal system to threaten or silence you. How can hackers, pen testers, and security researchers all protect themselves? Can you reverse engineer a device you just purchased? Can you investigate a security hole in another's web server? What can you tell others about your findings? This talk will consider how current U.S. laws affect one's ability to explore systems, collaborate, and publish findings. Q&A will follow. Speakers: Alexander Muentz

Blinding The Surveillance State

Sun, 20 Jul 2014 17:00:17 +0000 (manning)

Download Audio: 16kbps or 128kbps

We live in a surveillance state. Law enforcement and intelligence agencies have access to a huge amount of data about us, enabling them to learn intimate, private details about our lives. In part, the ease with which they can obtain such information reflects the fact that our laws have failed to keep up with advances in technology. However, privacy enhancing technologies can offer real protections even when the law does not. That intelligence agencies like the NSA are able to collect records about every telephone call made in the United States or engage in the bulk surveillance of Internet communications is only possible because so much of our data is transmitted in the clear. The privacy enhancing technologies required to make bulk surveillance impossible and targeted surveillance more difficult already exist. We just need to start using them. Speakers: Christopher Soghoian

Bootkits: Step-by-Step

Sun, 20 Jul 2014 12:00:31 +0000 (olson)

Download Audio: 16kbps or 128kbps

Basic Input/Output System (BIOS) is firmware that boots older machines. Unified Extensible Firmware Interface (UEFI) is a combination of firmware and a boot-loader that boots newer machines. As a result of the leaks by Edward Snowden, the possible existence of rootkits that can affect the BIOS and UEFI has been widely reported. Both of these technologies exist in memory that is not typically accessible remotely, which makes infection particularly difficult. The location of these technologies is even difficult to reach by the operating system, which makes detection of such an infection at this level also a difficult problem. This talk will explore all of the steps that need to take place in order to accomplish this feat, review creative measures malware has taken to tackle these problems, and review methods for detection of these kinds of infections. Speakers: Eric Koeppen

Bringing Down the Biological System: How Poisons Hack the Body

Sun, 20 Jul 2014 11:00:22 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Poisons can kill... but how? Why are some chemicals beneficial in small quantities but lethal in large amounts? How does a sometimes miniscule amount of chemical bring the whole system down? And how can these processes be counteracted such that the system may survive? Learn about how the complex cellular network of our body works and what happens when this network is disrupted. Speakers: Jennifer Ortiz

Building an Open Source Cellular Network at Burning Man

Fri, 18 Jul 2014 19:00:14 +0000 (manning)

Download Audio: 16kbps or 128kbps

There is literally nowhere else on earth where you can run an experimental mobile phone network with a potential 50,000 users and get away with it (legally). Nowhere else can you learn so much in as short a timeframe about people's relationships with their mobile phones or what makes a mobile network tick. Since 2006, the folks behind OpenBTS have been running the Papa Legba camp at Burning Man, providing fully licensed independent (free) GSM cellular service in the most unlikely of places. Johnny and Willow will go through the hardware and software tools they deployed in 2013, along with a discussion of lessons learned and future plans. Speakers: Johnny Diggz; Willow Brugh

Can You Patent Software?

Fri, 18 Jul 2014 16:00:29 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Patent law is a subject of general loathing among hackers and those in the open source movement. While a few grudgingly agree that some things might be worthy of patents, the idea of patenting software seems to offend core values of our community. Despite that fury, it is difficult to pin down exactly what a software patent is. To what degree is a patent directed to software instead of a new and useful machine? How can you separate out those two concepts? This talk aims to present the core problems of software patents in a way that is accessible to hackers and other technologists and, in particular, will address the Alice Corp. decision by the Supreme Court in June. This talk is an academic discussion of patent law and should not be construed as legal advice. Speakers: Ed Ryan

Closing Ceremonies

Sun, 20 Jul 2014 19:00:49 +0000 (manning)

Download Audio: 16kbps or 128kbps

Every year, people make the same mistake. They book their return trips too early on Sunday. If you've done that this year, we encourage you to pay whatever the fee is to change your ticket and stick around. The HOPE closing ceremonies are always a blast, as well as an opportunity to win lots of cool prizes that we have accumulated over time. We'll also wax sentimental about how we (hopefully) managed to pull off yet another one of these events. So stick around Sunday evening. Think of Monday as a holiday - and beg forgiveness on Tuesday.

Codesigning Countersurveillance

Sat, 19 Jul 2014 22:00:42 +0000 (olson)

Download Audio: 16kbps or 128kbps

Recent revelations about massive data collection by the National Security Administration have brought sustained popular attention to the rise of pervasive surveillance systems. We have entered a moment of important dialogue about the surveillance state, the role and ethics of technology companies, the potential harms of mass surveillance to civil liberties and human rights, and the need for interventions involving technology, policy, and social practice. At the same time, the voices of communities that have long been most explicitly targeted by surveillance have been largely excluded from the debate. There are multiple, overlapping surveillance regimes, and they disproportionately target people of color, low-income, and working people, as well as activists in general. State, military, and corporate surveillance regimes are growing in scope, power, and impunity, not only in countries such as Iran, Syria, and China, but also within liberal democracies such as the United States, India, and Brazil. This talk will focus on projects and process from the MIT Civic Media Codesign Studio (codesign.mit.edu), which works with community-based organizations to develop civic media projects that connect to grounded strategies for social transformation. Speakers: Sasha Costanza-Chock; Emi Kane

Community Infrastructure for FOSS Projects

Sun, 20 Jul 2014 16:00:40 +0000 (serpico)

Download Audio: 16kbps or 128kbps

At HOPE Number Nine in 2012, James spoke to people about how to build community infrastructure to provide support at a scale larger than just one project at a time. Then he went and built some. This talk is about lessons learned - how to replicate the successes and avoid the failures he's experienced in the last two years. The focus will be on his two case studies: 1) the formation of a localization community for anti-censorship and anti-surveillance tech (which went reasonably well) and 2) creating a heavier-weight code auditing organization for anti-censorship and anti-surveillance tech (which had some hiccups). There are lessons in both and they will be the basis of discussion here. The goal is to also seed some ideas on how to build this kind of infrastructure for other niches and the wider free software community. Speakers: James Vasile

Community Owned and Operated Cellular Networks in Rural Mexico

Fri, 18 Jul 2014 18:00:40 +0000 (manning)

Download Audio: 16kbps or 128kbps

Why try to avoid them spying on us on their networks when we could just build our own? This is what the Rhizomatica project has done in rural Mexico, where they help to build and maintain community owned and operated GSM/cellular infrastructure. Come and hear about experiences in the field and how to deal with the technological, legal, social, and organizational aspects that come along with operating critical communications infrastructure from a community emancipation and autonomy perspective. If you enjoy freedom, community, and dismantling the corporations and governments that seek to monitor, control, and exploit us, then this presentation is for you. The talk will not be overly tech-focused, so don't worry if you haven't got the faintest idea or couldn't care less how a cell phone network operates. If you want tech and geekiness, you can also attend the workshop: "How to Build and Run Your Own Cellular Network." Speakers: Peter Bloom; Maka Muńoz

Crypto for Makers: Projects for the BeagleBone, Pi, and AVRs

Fri, 18 Jul 2014 21:00:50 +0000 (olson)

Download Audio: 16kbps or 128kbps

As more devices join the Internet of Things, it is increasingly important that these devices remain protected from surveillance and compromise. This talk will show how to add specialized, commercially available, crypto Integrated Circuits (ICs) to improve the security of your BeagleBone, Pi, or AVR based platform. ICs such as a Trusted Platform Module, I2C authentication chips, and hardware random number generators will be discussed. The CryptoCape, an Open Source Hardware daughterboard, made in collaboration between SparkFun Electronics and the presenter, will be presented in detail. Lastly, this talk will describe the experience of running a Tor relay on a BeagleBone Black for over 200 days. Speakers: Josh Datko

Cultures of Open Source: A Cross-Cultural Analysis

Sun, 20 Jul 2014 15:00:11 +0000 (manning)

Download Audio: 16kbps or 128kbps

While a common philosophical and cultural thread ties all of us in open source together, the ecosystem is as diverse as the world itself. In fact, open source projects are a kaleidoscope of cultures that influence how they are approached, how teams interact, outcomes, and what type of people they attract. At the same time, open source is suffering greatly from a lack of diversity. Three percent are women, and many users from non-English subgroups feel their voices are not heard in the OS ecosystem. This panel will discuss: how open source projects can build bridges to help incorporate people from non native English speaking communities, examples of when lack of cross-cultural sensitivity goes wrong, descriptions of patterns and regional differences observed in various open source communities, and why the Dutch are some of the best open source volunteers ever. Speakers: Sandra Ordonez; Bryan Nunez; Douwe Schmidt

Cyber Security in Humanitarian Projects as a Social Justice Issue

Sun, 20 Jul 2014 10:00:43 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Without secure code and implementation, humanitarian projects can be used against the very people they are designed to help. This is a basic problem of social justice. If security is only available to people with money, privilege, and the fortune to not be in the midst of a disaster, then there is no security. As Internet crime rises and security solutions gain momentum, vulnerable populations are left out of the protection that the privileged few enjoy. Issues of trust, budgetary restrictions limiting low-barrier digital security tools, and the mass surveillance/digital disenfranchisement of the non-elite are the obstacles to a secure commons. Community building and resource sharing on the Internet is only accomplished when we take part in building social justice by using our skills to improve open source code security and its implementation across the humanitarian ecosystem. Speakers: Lisha Sterling

Dark Mail

Fri, 18 Jul 2014 21:00:39 +0000 (manning)

Download Audio: 16kbps or 128kbps

The Dark Mail Initiative represents a collaborative effort to bring about a new generation of standards designed to provide automatic end-to-end encryption for email. The presentation will cover the "dmail" architecture, with a focus on the key elements of the design that allow it to overcome some of the most problematic traditional usability issues, all the while preserving a world-class guarantee of security. Dark Mail stands in a unique position against most competing technologies because of its commitment to complete transparency, both in the proposed open dmail specifications and in the open source implementation that is targeted for release later this year. The talk will also include a short discussion of the Lavabit legal saga that precipitated the dmail development effort, the design goals of the project, and an explanation of why these goals are important, both to the computer security community and to society at large. The discussion will conclude with a short update on the status of the reference implementation development effort. Speakers: Ladar Levison; Stephen Watt

Disruptive Wearable Technology

Sat, 19 Jul 2014 15:00:06 +0000 (manning)

Download Audio: 16kbps or 128kbps

As technology becomes ever more embedded in the fabric of our society and even our clothes, we must grapple with ever more complicated tradeoffs regarding privacy and security. This talk will highlight disruptive wearable technologies that creatively and assertively address these modern technological and societal changes. Come learn about underwear that that tattles on a TSA agent's wandering fingers during a secondary screening, makeup that makes you imperceptible to facial recognition software, and eye-tracking glasses that let a paralyzed graffiti writer tag again. Most projects featured are open source or how-to guides, and span the last ten years. Becky Stern's intention is to inspire HOPE X attendees to think more about the physical body as a canvas for hacking, social engineering, fashion, and wearable tech. Speakers: Becky Stern

DIY Usability Research: A Crash Course in Guerrilla Data Gathering

Sat, 19 Jul 2014 19:00:18 +0000 (olson)

Download Audio: 16kbps or 128kbps

Good news: it's becoming abundantly clear that more and more people want to use surveillance circumvention tools to protect their privacy. Bad news: most people can't figure out how to use them. Thankfully, usability research is no longer difficult to arrange or afford. Anyone - developers, designers, and project managers alike - can conduct user testing at any time, in any setting. In this presentation, you will learn everything you need to know to get started on your own qualitative user research, how it can help you understand and solve for your users' needs, and what it means for the future of surveillance circumvention technology. Speakers: Kaytee Nesmith

Drop It Like It’s Hot: Secure Sharing and Radical OpSec for Investigative Journalists

Sun, 20 Jul 2014 15:00:30 +0000 (serpico)

Download Audio: 16kbps or 128kbps

As developer-journalists, Harlo and Aurelia work with sensitive information about critical investigations of governments, institutions, and individuals - domestic and foreign. Barton Gellman of the Washington Post is one of three journalists who received classified NSA archives from Edward Snowden. The security and reliability of the information these panelists handle is of the utmost importance. Managing their resources and notes while maintaining the privacy and safety of their sources can be complicated as they work on collaborative teams of varying technical and subject expertise. This talk will go over how journalists collaborate covertly in the newsroom, reviewing some tools and applications for dead-dropping data, and protecting privacy where possible, at places like the Washington Post, the Guardian Project, the New York Times, Ushahidi, and Internews Kenya. Speakers: Harlo Holmes; Aurelia Moser; Barton Gellman

Echoes of Returns Lost: The History of The Telecom Digest

Sun, 20 Jul 2014 17:00:24 +0000 (olson)

Download Audio: 16kbps or 128kbps

This talk is a brief history of the people and events which shaped The Telecom Digest's history, presented by its current editor. (The Telecom Digest is the oldest continuously running electronic magazine about telecommunications on the Internet - and one of the oldest mailing lists still on the Internet in any category.) Bill will discuss the previous moderators and the events that led to his stewardship. There will be anecdotes from the archives, some discussion of the personalities that formed the digest, and brief speculation about its future. There have been some truly memorable posts over the years which will be focused upon. The day-to-day workflow will be described, along with the ways things have changed over the years, from manual efforts to Usenet access to the current Majordomo II list management software. Hear about the evolution of the digest from a mostly "Bell" centered e-zine, to the Wild West days of MCI and Sprint, up to the re-consolidations now underway. In addition, Bill will explain his philosophy of moderation and the ways he goes about it while seeking to lighten the moderator's technical workload, automate manual procedures, and his preparations to adapt for the new YaGooMail "walled garden" paradigm. Speakers: Bill Horne

Electric Waste Orchestra: Learning and Teaching Music, Electronics, Programming, and Repurposing

Sat, 19 Jul 2014 17:00:51 +0000 (serpico)

Download Audio: 16kbps or 128kbps

The technology to turn e-waste into musical instruments is free, open source, and waiting to be fully explored. At this talk, you'll learn how the computer junk piling up in IT departments everywhere can be transformed into novel input devices, allowing kids and adults alike to create physical instruments to control electronic music. Speakers: Colten Jackson

Elevator Hacking: From the Pit to the Penthouse

Sun, 20 Jul 2014 12:00:06 +0000 (manning)

Download Audio: 16kbps or 128kbps

Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don't do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it's easier than you think!), these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work... allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than a staircase as far as building security is concerned! Speakers: Deviant Ollam; Howard Payne

Ergonomic Human Interface Hacking

Fri, 18 Jul 2014 20:00:56 +0000 (olson)

Download Audio: 16kbps or 128kbps

Do you experience numbness or weakness in your hands? Do you have a permanent case of Emacs pinky? Are you playing vi golf for your health? Since the release of the Macintosh 30 years ago, mainstream human-computer interfaces have changed little, and hardcore computer users (hackers, coders, gamers, etc.) are paying the price. This talk will examine potential solutions to the repetitive strain injuries commonly experienced by computer users, including: head-based cursor control, ultra-ergo keyboards, foot pedals, and other optimizations. Speakers: Carl Haken

Ethical Questions and Best Practices for Service Providers in the Post-Snowden Era

Sun, 20 Jul 2014 11:00:16 +0000 (manning)

Download Audio: 16kbps or 128kbps

Service providers have always had to shoulder a tremendous ethical burden because of the volume of personal information they hold, including files, metadata, and geolocation data. Some, like Calyx and Lavabit, have been willing to take extra steps to protect their customers' privacy rights. After Edward Snowden's revelations about the U.S. government, some larger providers have become more willing to fight for their users in court or speak publicly about surveillance demands. But many court dockets remain sealed. This talk will explore the telecommunications privacy landscape as we now know it, including the extent of the surveillance regime that some of us suspected all along. The focus will be on best practices for service providers at many levels: software design, API design, network design, policy, and more. Speakers: Nicholas Merrill; Ladar Levison; Declan McCullagh

Fuckhackerfucks! An Audience Bashing

Sun, 20 Jul 2014 13:00:57 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Johannes of art tech group monochrom will indulge in a public rant about hacker culture and why it has to be saved from itself. Expect strong language, indecency, and valid critique of the status quo of hackdom. (No wonder his 2008 Google Tech talk got censored and never made it onto Google's YouTube channel.) Speakers: Johannes Grenzfurthner

G-code: The Programming Language of Machining and 3D Printers

Fri, 18 Jul 2014 18:00:31 +0000 (olson)

Download Audio: 16kbps or 128kbps

This talk will provide an explanation of the G programming language commonly known as "G-code." G-code was originally developed in the 1950s to allow numerical control of industrial manufacturing equipment. G-code's major user base is not traditional programmers or software engineers, but machinists, manufacturing programmers, and those who own 3D printers. In modern times, it is used to control everything from a home-built RepRap to massive CNC milling machines to make anything you could possibly imagine. Speakers: Todd Fernandez

Hacking Money, from Alexander the Great to Zerocoin

Sat, 19 Jul 2014 18:00:04 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Cryptocurrencies are here. Bitcoin is in the news and in the courts, and many other currencies are following, offering everything from anonymous transactions to redistributive economies to monetary sovereignty to, of course, doges. Related platforms promise to reinvent DNS, cloud storage, voting, contracts, even the corporation itself. To really understand what's happening, and how we can steer cryptocurrencies towards accomplishing social and political goals, we need to connect the breaking news with the deeper history of the technology of money. This will be a look back - before Hashcash and DigiCash, before Chaum, May, Diffie, Hellman and Merkle - and forward, into the future to plausible scenarios and speculations for launching projects now. What connects Belfast pubs in 1970 with the vault of the New York Federal Reserve, trading networks of the Islamic golden age, an Austrian ski village during a global depression, willows by the Thames, and an extraterritorial fortress on the outskirts of Singapore Changi Airport? Why are survivalists filling ammo boxes with rolls of U.S. nickels? Why do the differences in hash algorithms matter, and what covert software agreements underwrite the verification of physical bank notes? Money is one of the most significant social technologies that humans have invented, and cryptocurrencies are an opportunity to hack on the architecture of trust, verification, value, and credit that shapes how we can live. This talk, and conversation during and after, will explore what we can do with this opportunity. Speakers: Finn Brunton

Hacking the Patent System: The Vulnerabilities That Allow for Bad Patents and How to Stop Them

Fri, 18 Jul 2014 15:00:41 +0000 (serpico)

Download Audio: 16kbps or 128kbps

We are hearing about the problems of software patents everywhere: in the tech blogs, in the mainstream news, from the President, and even out of the Supreme Court. We hear stories of patent trolls destroying technology companies and small businesses with patents on such simple ideas as scanning to email or in-app purchases. How did we end up with a patent system that generates patents that become the tools of legal abuse? This talk will look at the patent system like an insecure OS, one rife with vulnerabilities in dire need of patching. Just as an unsecured computer can be misused to the ends of malicious users, vulnerabilities in the patent system allow clever lawyers and patenters to obtain patents on simple ideas, ones that anyone with an ounce of programming skill would find obvious. We will look at how to get a patent on comparing and adding two numbers - a patent that actually exists right now. We will consider the flaws in the system that allow aggressive patent holders to exploit weak patents and extract money from real innovators. And we will talk about how to fix that system - but only with the help of all of us who care about the future of technology. Speakers: Charles Duan

Hearses and Hand-Held Calculators: The Unlikely Connections That Shaped Modern Technology and Tech Culture

Sat, 19 Jul 2014 11:00:26 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Explore unlikely connections between well known milestones in technology, tech culture, and seemingly mundane things and events that helped bring them into being. The importance of these seemingly insignificant sparks could not have been imagined at the time of their introduction. The discussion starts with the story of how the Casio mini calculator led directly to the formation of the software giant Microsoft. Next, the talk will explore how early 1970s minicomputer field techs accidentally invented the first personal microcomputers, predating the Altair, IMSAI, and Apple I. The conversation will move to the hidden connections between Datapoint computer company CEO Harold O'Kelley, the Intel 4004 processor, and the eventual dominance of the Ethernet networking protocol over token ring and ARCnet. The presentation will conclude with a story of unlikely connections between a 1963 hearse, the Commodore 64 version of the Ghostbusters! software package, and the true uncredited originator of the story that the film and game was based on. Speakers: Bill Degnan

How to Prevent Security Afterthought Syndrome

Fri, 18 Jul 2014 22:00:40 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Outside of the hacker community, security as an afterthought has always been the norm. Too often we see the following: systems designed without thought for security, then later that system is compromised, and finally a hastily created patch is released (if we're lucky). But did you know that this "security as an afterthought" approach is what we currently teach in schools? Yes, even many of the best schools teach and treat security as a separate topic, leaving it for an advanced class that interested seniors or graduate students might choose to take as an elective. It is all too easy for an undergraduate student to gain a computer science degree without ever learning about the security concepts relevant to their specialty. Security is an integral facet of just about every topic in computer science. Rather than treating security as an afterthought, something that we address after all the foundations are fully in place, it should be treated as an integral part of networking, programming languages, operating systems, and just about every other computer science discipline. Especially offensive aspects! Fixing the way we teach security is a tall order, but it's a more lasting solution. Most short term solutions are Band-Aids on the root problem. Perhaps most encouragingly, we have an existence proof of security being successfully integrated in other fields. This talk will cover computer science curricula, how security is taught and integrated throughout course work in academia, and evaluate an exemplar in a different science where security is being integrated in early curriculum. Speakers: Sarah Zatko

HTTP Must Die

Fri, 18 Jul 2014 17:00:00 +0000 (serpico)

Download Audio: 16kbps or 128kbps

We all know that HTTP is insecure, but the Snowden revelations of 2013 showed that insecurity runs far, far deeper than most of us could have imagined. It's bad enough, in fact, that anyone who still supports it is contributing to the weaponization of the Internet by government spy agencies. The speakers believe that nobody at HOPE X has any excuse to be using plain HTTP instead of HTTPS in 2014. In this talk, they will summarize what the Snowden revelations mean for protecting data in transit: scary stuff like how supposedly secure cookies on social network sites can be turned into custom beacons for marking victims of targeted malware. They'll talk about what every web service provider needs to do at the very minimum to mitigate these attacks, and what clients can do to protect themselves. Finally, they will share some success stories from the last year that show how Edward Snowden has raised the bar for web security and created a safer online landscape for the average user. Speakers: Yan Zhu; Parker Higgins

I Am The Cavalry: Lessons Learned Fuzzing the Chain of Influence

Fri, 18 Jul 2014 22:00:31 +0000 (olson)

Download Audio: 16kbps or 128kbps

I Am The Cavalry is a relatively new grassroots organization with volunteers from around the world, focused on issues where computer security intersects public safety and human life. Their mission is to ensure that these technologies are worthy of the trust we place in them. Manufacturers of medical devices, automobiles, home electronics, and public infrastructure have been quickly adopting computing technologies. Our dependence on computer technology is increasing faster than our ability to safeguard ourselves. Our technology has advanced to the point where we no longer have to ask "can we?" but we rarely ask "should we?" The hope is to fix this through education, outreach, and research. Hear lessons learned from fuzzing the chain of influence, getting root in the C-Suite, escaping echo chamber sandboxing, initiating two-way handshakes, and building human protocol-aware processes, etc. Speakers: Geoff Shively; Beau Woods; Jen Ellis; Andrea Matwyshyn

Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices

Fri, 18 Jul 2014 16:00:40 +0000 (olson)

Download Audio: 16kbps or 128kbps

The iOS operating system has long been a subject of interest among the forensics and law enforcement communities. With a large base of interest among consumers, it has become the target of many hackers and criminals alike, with many celebrity thefts of data raising awareness of personal privacy. Recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the NSA, of whom some subjects appear to be American citizens. This talk identifies the most probable techniques that were used, based on the descriptions provided by the media, as well as today's possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, several services and mechanisms will be identified that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may, in fact, be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques. Speakers: Jonathan Zdziarski

Jumping the Carbon-Silicon Boundary for Fun and (Mostly) Profit

Sun, 20 Jul 2014 18:00:59 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Kevin Warwick made history in 1998 with an RFID chip implanted under his skin. He went on to use sophisticated electrodes to control a robotic arm, achieved human to human nervous system hookups, and even tried transatlantic teledildonics with his wife. Fast forward to 2014 as eager consumers strap on wearable fitness monitors and allow Samsung's creepy eye icon to track their gaze, just so their video will pause when they look away. Worried about Google learning your habits from your Nest thermostat? Your Nike+ FuelBand probably knows a lot more about you, like those times you burned 150 calories at 3 am without taking a single step. Japan's smart toilets realize you're getting sick before you do, and they can tell your doctor. Or, perhaps, your insurance company. This talk presents some of the most intriguing privacy-invading body technologies and looks forward warily to the near future, when the skin cells you leave on a store's PIN pad might be DNA sequenced without your knowledge. You won't believe how many people are after your body-data, and how much it's going to be worth on the open market. There are things you can do to protect your bio-privacy, but you have to start now! Speakers: Tom Keenan

Keeping Old Code Alive: The Venerable LambdaMOO Server in 2014

Sun, 20 Jul 2014 10:00:06 +0000 (olson)

Download Audio: 16kbps or 128kbps

The LambdaMOO server, the application server that still powers the LambdaMOO online community and that was the engine for hundreds of other text-based virtual worlds (MUDs), was first released over 20 years ago, in 1991. MUDs (Multi-User Dungeons) were the first networked virtual worlds; and they were popular long before Second Life, Word of Warcraft, and MMORPGs in general made their appearance. Even though much of the code in the current LambdaMOO server is unchanged from the early 90s, people today still download the code, compile it, and build little worlds with it. Motivated by a desire to build simple little immersive experiments that users could interact with and extend via programming, but frustrated by LambdaMOO's lack of features as well as source code that was several decades away from modern best practices, Todd spent the last four years modernizing the server, and building applications and a library of application building blocks. The result is a fork of the codebase called Stunt that speaks HTTP (instead of telnet), includes up-to-date cryptographic primitives, and sports language enhancements like multiple inheritance and garbage-collected, anonymous objects. On top of this platform, he built a simple, modern MVC web framework. In the process, he learned quite a bit about maintaining, evolving, and extending old code, and about interacting with a small but passionate community of longtime users! Sharing these learnings, rather than talking about the specific technical details, is the purpose of the presentation. Speakers: Todd Sundsted

Lessons Learned from Implementing Real Life Whistleblowing Platforms

Sun, 20 Jul 2014 10:00:24 +0000 (manning)

Download Audio: 16kbps or 128kbps

Whistleblowers and online whistleblowing platforms have received quite a bit of attention recently. Discussions range from the feasibility of implementing a sufficiently secure platform online for whistleblowers, to the changing role of journalism, to the ethics of whistleblowing itself. The lessons learned from implementing multiple whistleblowing platforms in various contexts will be presented here. The main experience is from Publeaks, a Dutch whistleblowing system based on the GlobaLeaks platform, launched in September of 2013. (Publeaks now has almost all of the national press on board.) The development of other leaking sites - like Wildleaks in Africa - will be discussed. Globaleaks and SecureDrop will be introduced and compared. The panel will reflect on social and legal challenges that your group might be facing if you try to implement a whistleblowing platform. You will get some practical and theoretical insight into how you can create your own platform, whether for internal whistleblowing in an organization or for broad multi-stakeholder installations like Publeaks. Speakers: Jurre van Bergen; Sacha van Geffen

Lockpicking, a Primer

Fri, 18 Jul 2014 15:00:22 +0000 (manning)

Download Audio: 16kbps or 128kbps

If you're curious about what lockpicking is all about, this is the talk for you. Several different ways of opening a lock will be shown (picking, bumping, snapping, key impressioning) and explained in detail. No prior lockpick experience or knowledge is needed. This talk will start at ground level. Lockpicking has a clear analogy with the digital world (you have a firewall, therefore you are secure; it has a lock, therefore it must be safe). Consider that physical access will, in lots of cases, render your digital security measures obsolete. After this talk, expect to start rethinking your physical security. Speakers: Doug Farre; JGor; Babak Javadi; Ray; Jos Weyers; Deviant Ollam

Media, Popular Misconceptions, and the CSI Effect – What Does It Mean for InfoSec and Tech Policy?

Fri, 18 Jul 2014 11:00:15 +0000 (manning)

Download Audio: 16kbps or 128kbps

Forensics is tedious and occasionally mind numbing. Exploit discovery and development is extremely detail oriented, and requires strong coding skills. Good Blue Team defensive strategy and implementation is team based, precise, and careful. But put a white lab coat on and, apparently, it's all magic! From Abby's "It's commercial encryption, so it's Cracked!" to CSI's famous, "Enhance! Magnify! Enhance!," the tropes of the popular entertainment world follow Arthur C. Clarke's famous saying" "Sufficiently advanced technology is indistinguishable from magic." So let's make all techs wizards! How does this popular view of tech wizardry help our hacker world? How does it hurt us, when we have to enter the courtroom, either as an expert witness, or as a defendant? How can you, when put into one of these situations, defuse these tropes and make them work for you, or at least not hurt you? Does this distorted world view hurt or help technical people, companies, organizations, and agencies, in the world of tech policy, governmental regulations, and National Security Letters? Let's talk. Speakers: Sandy Clark (Mouse); Joshua Marpet

Movie: “Algorithm”

Sat, 19 Jul 2014 23:59:19 +0000 (manning)

Download Audio: 16kbps or 128kbps

A feature-length movie about computer hackers directed by Jonathan Schiefer Running time: 91 minutes (trailer at www.thehackermovie.com/trailers) "The geeks have inherited the earth... the rest of you just don't know it yet." In San Francisco, nine months before Edward Snowden leaked documents that prove the NSA spies on everyone, Will, a freelance computer hacker, specializes in breaking into secure systems. During a job, he stumbles across a way into Emergent See, a top-secret government contractor. Will downloads all of their recently developed software, including the conspicuously named Shepherd. Every time Will attempts to access Shepherd, bad things happen, starting with his apartment burning down, kidnapping, etc. Will makes it his mission to break into Shepherd and find out why someone is willing to go to such extremes to keep it secret. Free vegan popcorn supplied by director Jonathan Schiefer, who will be on hand after the screening for a question and answer session followed by movie prize giveaways. Speakers: Jonathan Schiefer

Movie: “Die Gstettensaga: The Rise of Echsenfriedl”

Fri, 18 Jul 2014 23:59:00 +0000 (manning)

Download Audio: 16kbps or 128kbps

A post-apocalyptic science fiction nerd agitprop comedy feature directed by Johannes Grenzfurthner. Running time: 72 minutes. Languages: English and German (with subtitles). (more info at www.monochrom.at/gstettensaga) The growing tension between the last two remaining superpowers - China and Google - escalates in the early 21st century and results in the global inferno of the "Google Wars." Civilization came to a grinding halt. But there is still hope. This is the story of a new beginning.... Furtherfield calls it "hackploitation, reimagining the makerspace as grindhouse." Film Threat gave it 5/5 stars and calls it "the must-see indie of 2014." Cory Doctorow praises it as "surpassing and delightful weirdness." Jason Scott calls it "the best kind of low-budget filmmaking... it is like watching an absurdist play by Beckett, if Beckett decided to work on the Mad Max franchise." Richard Kadrey thinks it is "a mad post-collapse satire of information culture and tech fetishism." And Jens Ohlig (CCC, Wikimedia) says it's "impressive." The film was co-produced by art tech group monochrom and the media collective Traum and Wahnsinn, and created for the Austrian television channel ORF III. Speakers: Johannes Grenzfurthner

Movie: “The Internet’s Own Boy: The Story of Aaron Swartz”

Sat, 19 Jul 2014 22:00:38 +0000 (manning)

Download Audio: 16kbps or 128kbps

A documentary directed by Brian Knappenberger Running time: 105 minutes (trailer at www.takepart.com/internets-own-boy) The story of programming prodigy and information activist Aaron Swartz. From Swartz's help in the development of the basic Internet protocol RSS to his co-founding of Reddit, his fingerprints are all over the Internet. But it was Aaron's groundbreaking work in social justice and political organizing, combined with his aggressive approach to information access that ensnared him in a two-year legal nightmare. It was a battle that ended with the taking of his own life at the age of 26. Aaron's story touched a nerve with people far beyond the online communities in which he was a celebrity. This film is a personal story about what we lose when we are tone deaf about technology and its relationship to our civil liberties. Director Brian Knappenberger will be in attendance for a question and answer session after the screening. Speakers: Brian Knappenberger

Movie: “War on Whistleblowers: Free Press and the National Security State”

Fri, 18 Jul 2014 23:59:04 +0000 (serpico)

Download Audio: 16kbps or 128kbps

A documentary directed by Robert Greenwald Running time: 67 minutes (more info at www.waronwhistleblowers.com) This hacker-relevant film highlights four cases where whistleblowers noticed government wrongdoing and took to the media to expose the fraud and abuse - only to be prosecuted and persecuted. Features interviews with no less than three HOPE X speakers (Thomas Drake, Daniel Ellsberg, and Jesselyn Radack), along with many others known to the hacker community. Director Robert Greenwald will give a special ten minute prerecorded intro about this important film, exclusively for HOPE X attendees. Official Trailer: http://www.youtube.com/watch?v=1foRjGgEcL8&feature=kp

North Korea – Using Social Engineering and Concealed Electronic Devices to Gather Information in the World’s Most Restrictive Nation

Sun, 20 Jul 2014 16:00:28 +0000 (manning)

Download Audio: 16kbps or 128kbps

North Korea prevents its citizens from accessing any form of independent media or information. Any citizen who attempts to access foreign broadcasts to seek information from the outside world risks being interned in one of the state's notorious prison camps. The very few visitors allowed into the country are strictly forbidden to bring any radios, GPS receivers, or other communications equipment. As a result, little independent and objective information about the propaganda-based mass media of the country has been gathered and published. Over four successive trips into each province of the DPRK, Mark has smuggled electronic equipment in and out to capture, monitor, record, and analyze hundreds of hours of local and regional domestic radio and television broadcasts used by the North Korean regime as a prime instrument of control over the population. This will be a fast-paced interactive audio/visual presentation of rare video, audio, and still photography together with an explanation of the social engineering techniques he used to successfully travel throughout North Korea and covertly gather information with concealed electronic equipment. Speakers: Mark Fahey

Obfuscation and its Discontents: DIY Privacy from Card Swap to Browser Hack

Fri, 18 Jul 2014 12:00:48 +0000 (olson)

Download Audio: 16kbps or 128kbps

Data collection, aggregation, and mining have dramatically changed the nature of contemporary surveillance. Refusal is not a practical option, as data collection is an inherent condition of many essential societal transactions. In this talk, we discuss one response to this type of everyday surveillance, a tactic called obfuscation. Tactical obfuscation can be defined as the strategy of producing misleading, false, or ambiguous data with the intention of confusing and/or inhibiting an adversary. Because obfuscation is relatively flexible in its use by average citizens as well as by experts, it holds promise as a strategy for DIY privacy and security. This talk presents a brief overview of obfuscation as political theory, including contemporary and historical examples, then focuses on two recent systems that address data collection: TrackMeNot, which shields searchers from surveillance and data profiling, and Ad-Nauseam, which targets advertising networks that track users across the web. The talk concludes with a consideration of the ethics of obfuscation as representative of a class of strategies whereby weaker parties can both protect against and confront stronger adversaries. Speakers: Daniel C. Howe

Per Speculum In Ćnigmate

Fri, 18 Jul 2014 17:00:41 +0000 (olson)

Download Audio: 16kbps or 128kbps

In the fall of 2013, artist Maximus Clarke was inspired by news of government and corporate surveillance to create an art project about privacy that could also function as a secure messaging system. The result is "Per Speculum in Ćnigmate" - Latin for "through a glass darkly" - combining stereo imagery and PGP encryption. Each project image is an anaglyph 3D photo of a nude model, obscured by pixelation and overlaid with an encrypted message sent by one of the project participants. Message recipients are able to download images from the project site (http://psiae.tumblr.com) and decrypt the embedded texts, without the artist ever reading them. This presentation will showcase the project images in glorious old-school red/blue 3D (glasses will be provided), and discuss the concepts, technologies, and processes involved in their creation. Speakers: Maximus Clarke

Postprivacy: A New Approach to Thinking about Life in the Digital Sphere

Fri, 18 Jul 2014 19:00:50 +0000 (olson)

Download Audio: 16kbps or 128kbps

The social construct of privacy is rather new, a result of the civil society. It was supposed to protect people from the state and/or government and its overreach, a "right to be let alone," as one of the central legal texts defined it. Privacy promised a safe space for the individual to develop new ideas without premature criticism and discrimination, a space where individual freedom unfolded. Did it really deliver on that promise? And was that the promise we needed as a society? Privacy isn't dead as some people might want to tell you, but it has changed significantly in its definition, in its relevance. And it no longer works as the central foundation of our social utopias. Private people are alone, powerless, and often invisible when faced with exactly those powerful entities that the Internet was supposed to help us fight (corporations, government agencies, etc.). Under the blanket term #postprivacy, some people have started developing ideas on how to rethink how we can harness not only the power of the Internet but the powers, ideas, and skills of each other. How will we as a social structure work between social networks, government snooping, and encryption? How can we save and form the future? This talk will give you a few new ideas. Speakers: tante

PRISM-Proof Email: Why Email Is Insecure and How We Are Fixing It

Sun, 20 Jul 2014 14:00:56 +0000 (manning)

Download Audio: 16kbps or 128kbps

We have had the technology to make email secure against criminals and government spies for decades. Microsoft, Netscape, and Apple have all shipped products with built-in encryption for over 15 years, yet almost nobody uses these features. Millions of people were very upset by the recent Snowden revelations - why aren't millions of people using secure email and, more importantly, how do we fix it? A part of the reason for the lack of email security is rooted in politics. During the 1990s, cryptography rights activists battled with the NSA and FBI for the right to use strong cryptography, a series of events known as the cryptowars. One part of the problem is that two email security standards emerged rather than one, neither of which is capable of fully replacing the other. But the biggest part of the problem is that any system which requires the user to be thinking about security is too hard to use. This talk will be looking at the history and future of email encryption technology. No prior knowledge of cryptography will be assumed. Speakers: Phillip Hallam-Baker

Privacy-Friendly Hypertext? Do Not Track, Privacy Badger, and the Advertising-Funded Web

Sun, 20 Jul 2014 18:00:41 +0000 (manning)

Download Audio: 16kbps or 128kbps

This talk will introduce the design and implementation of Privacy Badger, EFF's new browser extension that automatically blocks both invisible trackers and spying ads. It is intended to be a minimal- or zero-configuration option that most Internet users can use to prevent nonconsensual third party collection of their reading habits from their everyday browser. Privacy Badger couples the recently developed HTTP Do Not Track opt-out header with a number of heuristics for classifying the behavior of third parties to automatically determine which should be blocked, which are needed but should have cookies blocked, and which are safe from a privacy perspective. Peter will also talk about the bigger picture on the role that nonconsensual commercial surveillance has come to play in the business and technical infrastructure of the Web; and what we can do to build better alternatives. Speakers: Peter Eckersley

Project PM: Crowdsourcing Research of the Cyber-Intelligence Complex

Sat, 19 Jul 2014 16:00:31 +0000 (serpico)

Download Audio: 16kbps or 128kbps

In April 2013, the FBI sought information on what the journalist Barrett Brown was doing with an open source collaborative wiki that he founded called Project PM, and were equally as curious about what kind of dirt he had on his hard drives about the government contractors and intelligence firms he investigated on that site. Edward Snowden's leaks about the NSA have since exposed only the tip of the iceberg with regards to how much the U.S. intelligence community is capable of, and those efforts are largely assisted by the likes of companies who Project PM set out to research: Ntrepid, Abraxis Hacking Team, Cubic, Endgame, Palantir, and others. Now, more than ever, is the time to collect and analyze open source information about the shadowy companies who operate on behalf of the U.S. government, often without being held accountable. Speakers: Andrew Blake; Lauren Pespisa; Kevin Gallagher; Joe Fionda; Douglas Lucas

Reverse Engineering – Unlocking the Locks

Sat, 19 Jul 2014 18:00:59 +0000 (olson)

Download Audio: 16kbps or 128kbps

If you can't tear it apart, drive it, or modify it, do you really own it? This talk seeks to free a Kwikset PowerBolt and show you how to reverse engineer and take back control of your life. The Kwikset PowerBolt lock has support for a Z-Wave module. You will learn how to diagram the function of all the ICs on the Z-Wave daughter board and the Kwikset main board, how the interfaces are used across the board, how the components are connected to each other, how to spy on the traffic, and finally how to replace the Z-Wave module with your own daughter board created in gEDA. This knowledge will give you the freedom to lock and unlock your front door in any way you can imagine. This talk will teach you how to use a multimeter to test for continuity and voltage, a bus pirate to quickly test protocols, logic analyzer tools to sniff traffic on the board, and other electrical tools. You will learn how to diagram a system at the flow chart and schematic level and best practices on how to learn a system. Speakers: Matthew O Gorman aka mog

Rickrolling Your Neighbors with Google Chromecast

Fri, 18 Jul 2014 21:00:02 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Take control over your neighbors' TVs like in the movies! The Google Chromecast is a handy little gadget that lets you stream video to your TV from a variety of sources like Netflix and YouTube. It also happens to allow streaming from nearby hackers. This talk will demonstrate how to hijack any Google Chromecast - even if it's behind a secure Wi-Fi network - to do your bidding. A new tool will also be released to fully automate the hijacking and playing of arbitrary video to the victim's TV. Let the prank war commence. Speakers: Dan Petro

Screening: “Nowhere to Hide” (working title: “Rambam Gets His Man”)

Sat, 19 Jul 2014 12:00:20 +0000 (serpico)

Download Audio: 16kbps or 128kbps

The world premiere of the Investigation Discovery (ID) TV series, based on incidents surrounding the FBI arrest of Steve Rambam at HOPE Number Six. It all took place at the Hotel Pennsylvania, shortly before his panel covering how to track down an evasive person. (His talk was rescheduled by HOPE staff four months later at Stevens University to a standing-room-only audience.) Charges were later dropped, then refiled by DOJ, then dropped again. The lead FBI Special Agent on case was later arrested on 20 felony fraud counts. This world premiere will be followed by a question and answer session featuring Steve Rambam and some of the people behind the series.

SecureDrop: A WikiLeaks in Every Newsroom

Sat, 19 Jul 2014 12:00:29 +0000 (manning)

Download Audio: 16kbps or 128kbps

SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. The platform has been deployed and is being actively used by an array of journalistic organizations to provide a secure and usable platform for whistleblowers to get in touch with journalists while protecting their own identity. The talk will begin with a broad overview of the project and then go into more detail: what does the network architecture look like, what does it provide, and what cryptographic primitives are used? Speakers: William Budington; Garrett Robinson; Yan Zhu

Securing a Home Router

Sun, 20 Jul 2014 15:00:59 +0000 (olson)

Download Audio: 16kbps or 128kbps

Routers sit between all your computing devices and the Internet, making them a perfect target for abuse (Glenn Greenwald has written about the NSA hacking into them). The presentation will explain some of the configuration options in home routers that can make your Local Area Network more secure. Among these are locking down access to the router, Wi-Fi security, firewalls, DNS, and hiding on the Internet. Also covered are known security flaws in routers and how to defend against them. Some of the covered flaws are: WPS, UPnP, port 32764, Heartbleed, and smartphones leaking Wi-Fi passwords. Speakers: Michael Horowitz

Shortwave Pirate Radio and Oddities of the Spectrum

Fri, 18 Jul 2014 13:00:12 +0000 (olson)

Download Audio: 16kbps or 128kbps

Radio has become marginalized and governments are curtailing international shortwave broadcasting, yet these bands remain one of the most anonymous and inexpensive ways to convey information within and across international borders. This presentation will include background information about shortwave radio, its range, what types of stations are on the air (broadcast, military, weather fax, spy numbers, amateur, and more), and finally pirate radio. It will include background information behind pirate broadcasting stations on the air, how stations attempt to maximize their signal quality and range while avoiding detection by the authorities. Some of these tactics have ranged from transmitting from ships, to leaving battery-powered transmitters on public lands, to installing equipment at highway billboards. In an age when IP addresses, GPS, and cell phones track people as well as data, pirate radio is one of the few means of sending untracked, anonymous information. Speakers: Andrew Yoder

Showing Keys in Public – What Could Possibly Go Wrong?

Sat, 19 Jul 2014 20:00:51 +0000 (serpico)

Download Audio: 16kbps or 128kbps

If a reporter wants to get the point across that certain people shouldn't have access to a particular key, would it be wise for said reporter to then show that key to the world? Like the New York City subway key? The key to the subway? On the Internet?! This and other media fails will be shown. And maybe even one or two non-fail examples.... Several cases of key-copying-by-sight will be discussed with lots of pictures and videos. How this can happen will be explained, as well as what to do to prevent it. Speakers: Jos Weyers

Skeuomorphic Steganography

Sat, 19 Jul 2014 17:00:54 +0000 (olson)

Download Audio: 16kbps or 128kbps

Skeuomorphic steganography is spawned in the terrain where art, code, and digital media interbreed. Steganography is the ancient art, revitalized in the digital age, of hiding messages in plain sight. Skeuomorphism is the use of design elements that include features inherent to an earlier design, for example, images of leather binding in on-screen calendars, or faux wood grain printed on vinyl tiles. This talk puts forth the theory that steganography finds a natural home inside skeuomorphism. Sometimes, when one is looking for hidden data, one has to know where to look. This is especially true outside the digital realm. An idea for a new convention will be proposed: Let's have skeuomorphism show us where to look. Joshua will show how printed skeuomorphic steganography can be decoded with simple tools. The dream is of a world, just slightly more fun than this one, in which skeuomorphism takes on a new life, not as kitsch, an eyesore, or some wigged-out aberration at Apple Inc., but as a hint of a possible invitation, a bread crumb left by a new friend. Speakers: Joshua Fried

Social Engineering

Sat, 19 Jul 2014 21:00:14 +0000 (manning)

Download Audio: 16kbps or 128kbps

The tenth incarnation of this panel, which officially makes it a tradition. One of our biggest draws, this session always delivers something memorable. The panel will tell stories of the magic of social engineering, predict what may or may not be possible in the future, and make a few live attempts over the phone to gain information they have absolutely no right to possess. Sometimes it works and sometimes it fails horribly, as is the very nature of social engineering. You'll learn how to recover from being denied or busted and how to push forward, gaining tiny bits of information until you possess more knowledge about your target than you (or they) ever thought possible. Speakers: Emmanuel Goldstein and friends

Solve the Hard Problem

Fri, 18 Jul 2014 11:00:57 +0000 (serpico)

Download Audio: 16kbps or 128kbps

The biases run deep: from early in our school careers, we're taught that "smart people" go into math, science, and tech. There's an unspoken hierarchy many of us have drilled into our heads, with particle physics at the top of the academic food chain, engineering lower down but still higher than that weird squishy stuff in biology and the even squishier stuff in sociology, etc. "Smart people" tackle the "hard" problems, and the hard problems involve a lot of math, "hard" science, and empirical evidence. Well listen, J. Random Hacker, if you're so goddamn smart, why haven't you built a tool that makes it easy for people to encrypt their email yet? Why is adoption the major barrier to secure communications? Why haven't the tools you've built evened out the digital divide? Is the hard problem infrastructure scaling or the Traveling Salesman problem, or is the really hard problem dealing with the people you could never get to understand what you're doing? This talk will be an exhortation for hackers to overcome the traditional biases many of us have in favor of technical projects and against human-factors work. It's a call for more people to think about usability in open source software, particularly on the privacy and security tools we care so much about. Gus will tease apart the deep-seated socialization we have about what work "smart" people do, what "good" science looks like, and why studies of human social interactions must have different criteria than "hard" sciences in order to be effective. Speakers: Gillian (Gus) Andrews

Spy Improv: Ask Me Anything

Sat, 19 Jul 2014 23:00:16 +0000 (serpico)

Download Audio: 16kbps or 128kbps

The former spy, honorary hacker, former candidate for the Reform Party presidential nomination, and #1 Amazon reviewer for nonfiction, again takes on any question. His record, set in 2010, is eight hours and one minute. This year, the formal program provides for two hours. Speakers: Robert Steele

SSL++: Tales of Transport-Layer Security at Twitter

Fri, 18 Jul 2014 20:00:54 +0000 (manning)

Download Audio: 16kbps or 128kbps

You've enabled HTTPS on your site. Now what? How do you protect against sslstrip attacks, CA compromise, and the dangers of mixed content? @jimio will share some approaches they've taken @twitter: Strict-Transport-Security, "secure SEO" with canonical link elements, Content Security Policy, and certificate pinning. There will be code, exploits, and open source! There will be a few fun stories to share as well, and since this is an SSL talk, you KNOW there's gonna be heartbleed. Speakers: @jimio

Steepest Dissent: Small Scale Digital Fabrication

Fri, 18 Jul 2014 14:00:15 +0000 (olson)

Download Audio: 16kbps or 128kbps

High precision in fabrication is often required for building useful hardware and tools - including hardware and tools that can be used for dissent. Craftsmanship is valued for its precision and attention to detail, but mastering a craft is inherently slow. 3D printers evoke a Star Trek replicator-esque, hands-off solution for instantly creating precise tools, but in that image also become a transparent technology. However, digital fabrication technology as it exists today is anything but transparent, as digital fabrication tools are difficult to access, interface with, modify, and even use as intended. In a way, lack of access to precision fabrication is in itself a form of control. This talk will be about how digital fabrication enables personal fabrication, and how we are getting closer to being able to truly use digital fabrication in technologies for dissent. Speakers: Nadya Peek

Stupid Whitehat Tricks

Sun, 20 Jul 2014 17:00:26 +0000 (serpico)

Download Audio: 16kbps or 128kbps

How can you improve security at companies that haven't hired you or given you permission to test their systems? Non-intrusive methods such as Google searches and observing headers can detect some serious problems without trespassing on networks. Sam found problems at thousands of websites, including dozens of companies and big-name colleges that are currently under hostile control. These problems included SQL injections, website redirectors, Wordpress pingback exploits, and more. Many of the systems were being used by criminals to perform attacks. He notified the companies. Most ignored the notifications. Some of them fixed the problems, a few complained, and one made a serious effort to silence him. In this talk, Sam will show how he found the problems, how he notified the administrators, and how they reacted. Whitehatting can be useful and rewarding, as long as you have realistic expectations and a thick skin. Speakers: Sam Bowne

Surveillance, Sousveillance, and Anti-Surveillance: Artistic Responses to Watching

Fri, 18 Jul 2014 11:00:19 +0000 (olson)

Download Audio: 16kbps or 128kbps

It's impossible to imagine a world without surveillance. Its presence reflects a symbiotic relationship with the State and hegemony as a whole. For years, artists have been using surveillance and surveillance technologies to engage and disrupt the surveillance apparatus. This talk will explore works by artists such as Steven Mann, Banksy, The Surveillance Camera Players, and many more working in the medium to answer the question of "how are we to engage with a surveillance society?" Speakers: Gregg Horton

Teaching Electronic Privacy and Civil Liberties to Government

Sun, 20 Jul 2014 12:00:08 +0000 (serpico)

Download Audio: 16kbps or 128kbps

Privacy advocates and government officials are often at odds. Ironically, both groups want the same thing - a safe and free democracy. This will be an exploration of how government employees can better make protection of privacy and civil liberties part of the calculus considered when making security decisions - not just due to legal compliance constraints or fear of a backlash from privacy advocates, but due to a true appreciation that privacy and civil liberties are as important to democracy as is security. This talk will cover initial successes in exposing government employees to electronic privacy and civil liberties material in the classroom, and sketch the outlines of open source training materials. The ultimate objective is to inform and inspire government employees worldwide to propagate legal reform inside the system without taking extreme approaches. The presentation will be interactive, so please come with ideas for content and educational strategies that might be used to educate government employees at all levels and in a wide variety of countries on the importance of electronic privacy and civil liberties. Speakers: Greg Conti

Technology and Jamming of XKEYSCORE

Sun, 20 Jul 2014 19:00:52 +0000 (olson)

Download Audio: 16kbps or 128kbps

XKEYSCORE is possibly the most "big-brother" tool in the NSA arsenal, eavesdropping on network traffic around the world producing around 100 billion records per month. Recently, code snippets were leaked, allowing us deeper insights into how the system works. This talk will be in three parts. The first part will be an overview from what we know from public disclosures, how the packet-sniffer reads network traffic and indexes it for automated systems and human analysts. The second part will walk through the disclosed source code, comparing it to public deep-packet-inspection tools, in order to get a detailed understanding of the internals. The third part will look at jamming the system, both the specific fingerprints in the disclosed source code, but also other fingerprints that might exist. The unexpected ways that the source may indirectly run afoul of FISA regulations will also be investigated. Questions from the audience are encouraged. Speakers: Robert Graham

The Hidden World of Game Hacking

Sat, 19 Jul 2014 21:00:53 +0000 (serpico)

Download Audio: 16kbps or 128kbps

A common misconception in the world of online gaming is the idea that the only game you can play is the one in the title. Contrary to this, game hackers find enjoyment playing the game that hides behind the curtain: a cat-and-mouse game of wits between game hackers and game developers. While game hackers work to reverse engineer game binaries, automate aspects of game play, and modify gaming environments, game developers combat the hacker-designed tools using anti-reversing techniques, bot detection algorithms, and heuristic data-mining. This talk highlights the fight put up by game hackers, and the advanced methods they have engineered to manipulate games while simultaneously eluding game developers in the dark corners of their own software. Speakers: Nick Cano

The Internet Society Speaks – The History, Futures, and Alternate Directions of the Internet and Its Governance

Fri, 18 Jul 2014 18:00:28 +0000 (serpico)

Download Audio: 16kbps or 128kbps

In 1992, TCP/IP co-inventors Vint Cerf and Robert Kahn founded the Internet Society, instilling their belief that "the Internet is for everyone" into the policies and operations that the institution has championed ever since. The Internet Society has become the de-facto organization that maintains attention and lobbies on behalf of the public interest on all issues of Internet policy. Thanks to SOPA, Snowden, and the recent FCC rulings, issues of Internet policy are now very much in the public eye, but certain details have been misunderstood or misrepresented in the frenzy of discussion and reports. This talk by members and employees of the Internet Society will help to inform and educate HOPE attendees, providing them a solid knowledge base and history of Internet policy to work from. The three panelists each maintain different areas of expertise within the field of Internet studies: Jeremy has researched and written on the early history of the Internet's development and the policies discussed by the Clinton administration that brought the technology into everyday use; David has long been active in grassroots Internet efforts and can speak to some of the less traditional perspectives on Internet governance; Avri will speak to the worldwide governance efforts and the deliberations around the Internet among several countries. The panel will examine the history of the Internet, the policies around it and some of the key initiatives it has helped to spark. Speakers: Jeremy Pesner; David Solomonoff

The Many Faces of LockSport

Fri, 18 Jul 2014 16:00:41 +0000 (manning)

Download Audio: 16kbps or 128kbps

In the past decade, the hacker subculture of LockSport has seen a tremendous explosion. What was once the purview of dedicated specialists, far-flung hobbyists, and college students meeting in secret is now featured prominently at technical conferences, family-oriented science fairs, and even TV shows. The Open Organisation Of Lockpickers now has nearly 20 chapters across the Netherlands, the United States, and Canada. Sportsfreunden der Sperrtechnik is still going strong with hundreds of members. Locksport International has meetup groups in major cities. Regional groups like the Fraternal Order Of LockSport, the Longhorn Lockpicking Club, the FALE Association of Locksport Enthusiasts, and more conduct local meetings and engage in joint ventures with larger organizations. At the annual LockCon conference, sport pickers from over a dozen countries gather to learn from one another and compete head to head. Despite the shared interest and community between all LockSport groups, there is great variation between the cultures and values of these participants. This panel discussion will feature some of the key figures from various locksport organizations around the world and will hopefully highlight some of those differences and offer the audience a chance to ask questions about locks, LockSport, and competitive lock-opening. (A primer on basic lock-picking and lock-opening techniques will be offered very quickly at the start of the session if you've never learned these kinds of skills before!) Speakers: Doug Farre; JGor, Babak Javadi; Ray; Jos Weyers; Deviant Ollam

The Repair Movement

Fri, 18 Jul 2014 10:00:56 +0000 (manning)

Download Audio: 16kbps or 128kbps

Mending (or fixing/repairing) - part of the spectrum that includes hacking, alteration, and making - can become a political act in a time of cheap goods, outsourced labor, and low wages. What is mending's role in a new model of production and consumption, one where artisans and individuals face off, perhaps quixotically, against mass production? Can repair become economically viable? How does mending contend with goods that are poorly made in the first place, when globalization undermines local resources, when companies design objects AND supply chains to be repair-resistant? Panelists from the repair movement will discuss the opportunities as well as the barriers to making repairs in the human realm: social (habits and systems), economic (prices, labor), and technical (parts, design). Repairing things, rather than discarding or putting up with broken objects or systems, connects deeply to the hacker/maker movement and to sustainable ecology. Panelists will address how repair can be beautiful as well as potentially disruptive. This panel includes activists and artists, attorneys and organizers - drawn to repair as process and performance. An act of repair has the possibility of political significance or an act of resistance, and brings the possibility of transformation to ordinary objects and larger systems alike. Speakers: Sandra Goldmark; Vincent Lai; Miriam Dym; Tiffany Strauchs Rad

The Science of Surveillance

Sun, 20 Jul 2014 13:00:30 +0000 (olson)

Download Audio: 16kbps or 128kbps

The National Security Agency is bound by legal constraints. It hasn't always followed the rules, to be sure. But when it does, are constitutional and statutory safeguards effective in protecting our privacy? This talk presents empirical computer science research on the NSA's legal restrictions, including results cited by President Obama's intelligence review group. We find that present limits on bulk surveillance programs come up far short. Authorities intercept international Internet traffic and enable the monitoring of ordinary Americans' online activities. The domestic telephone metadata program reaches much of the population, and allows for drawing extraordinarily sensitive inferences about medical conditions, firearm ownership, and more. Speakers: Jonathan Mayer

The Sex Geek as Culture Hacker

Sat, 19 Jul 2014 22:00:16 +0000 (serpico)

Download Audio: 16kbps or 128kbps

"Being a nerd is not about what you love; it's about how you love it." Wil Wheaton's words ring true for many self-identified geeks and nerds. But what happens when what you love is "love," or even "lust?" Geeks have never been more cool, but mainstream culture is full of negative messages about sex and pleasure. Combining nerd enthusiasm and geek know-how with erotic experiences results in writings, DIY toys, citizen science, and other projects which can promote sex-positivity and consent culture. In this talk, Kristen "where did this b!tch get her doctorate" Stubbs shares stories from the sex geek trenches: the awesome, the awkward, and the randomness in between. Speakers: Kristen Stubbs

The Web Strikes Back – Fighting Mass Surveillance with Open Standards

Fri, 18 Jul 2014 23:00:52 +0000 (serpico)

Download Audio: 16kbps or 128kbps

After the Snowden disclosures, it was revealed that the NSA and NIST were subverting the open standards process by intentionally weakening the security of the core standards that form the foundation of the web and Internet. Now, more than ever, we need cryptographically strong standards and verified open source libraries for these standards. The humble origins of the IETF and the W3C will be discussed, as will the efforts taken by open standards to combat pervasive surveillance via workshops like STRINT and the "perpass" mailing list, and the new standardization work that is likely to result. In particular, the focus will be on the myriad problems implicit in putting cryptography into the web security model with the W3C Web Cryptography API, as well as attempts to analyze properties of this JavaScript API by using techniques from formal proof-proving. There's also new work from the W3C on decentralized social networking - and all the security problems that entails! Most importantly, you'll learn how you can get involved to help build open standards to build what Tim Berners-Lee calls the "Web We Want" - and stop the web from being subverted. Speakers: Harry Halpin

This Is the X You Are Looking For

Sat, 19 Jul 2014 10:00:33 +0000 (serpico)

Download Audio: 16kbps or 128kbps

When you hear you are being profiled for which books you check out in a library, what do you do with this knowledge? Do you tell your friends to "evade," to not check these books out, or to find other means of getting this content? No. You tell everyone in the world to deliberately check these books out (and now we have had the pleasure of reading Catcher in the Rye). This talk is about looking signature detection in the face and confusing or saturating the tool or analyst. A number of techniques will be explored, including a fun malware signature trick called a tumor (it's OK, it's benign), and others focusing on open source Intrusion Detection Systems. There may be some random banter about grocery loyalty cards, too. Although this talk intends to be just as technical as expected at a conference like this, it will also be light, fun, and philosophical in nature. Expect a gratuitous slide deck, lots of terminal action, signatures in the nude, hex, and beautiful regex. Speakers: Eric (XlogicX) Davisson

Threat Modeling and Security Test Planning

Sat, 19 Jul 2014 11:00:26 +0000 (olson)

Download Audio: 16kbps or 128kbps

How do I figure out if the application I've designed is secure? What do I need to test? When do I need to start thinking about security? How does what an application is designed to do affect how it's tested? How do high-level security goals relate to protocol bugs? How do I know when I need specialist review? How do I figure out if my users will be able to use my application securely? If you've found yourself asking questions like these or if you're just realizing that maybe you should be asking them, this talk will give you tools to work with. The work that a security analyst does can be opaque, but understanding it will save you time and help you build a more secure application. This talk will cover threat modeling (both on its own and as a driver of high-level test planning), when and which kinds of low-level tests you should be including, with special attention paid to parser/protocol bugs. Examples will be shown from both the commercial space and the world of software designed for high-risk users, with specific focus on some of the particular challenges of the latter arena. Speakers: Eleanor Saitta

Thwarting the Peasants: A Guided and Rambunctious Tour Through the 2600 DeCSS Legal Files

Sat, 19 Jul 2014 16:00:15 +0000 (manning)

Download Audio: 16kbps or 128kbps

In 2000, a whole lot of movie companies sued a whole lot of people over the coding of a routine called DeCSS, which would allow the access and playback of DVDs in Linux and any other platform that felt the burning desire to watch Hollywood movies. The full name of the court case has a name too long for this description, but by the time it was over, a whole host of individuals had dropped out, leaving 2600 Magazine and the rest fighting over the point of whether linking to infringing materials is itself infringement. The case was decided in Hollywood's favor, and passed into the realm of history. A decade later, the extensive files related to this case were slated for disposal, and Jason Scott volunteered to take possession of them. These files are now being scanned in, and contain all manner of amazing material, some highlights of which will be shown in this presentation. The case was a time capsule of an industry expecting yet another rolling over of the populace as to who truly owned the media. It didn't quite work out that way. Expect a level of excitement not usually found in court transcripts and evidence collections. Speakers: Jason Scott

Travel Hacking with The Telecom Informer

Sun, 20 Jul 2014 14:00:17 +0000 (serpico)

Download Audio: 16kbps or 128kbps

When people talk to TProphet (also known as The Telecom Informer) about how he travels and lives all over the world, experiencing destinations from Armenia to Antarctica, they often say something like "I could never afford that!" If you think like a hacker, though, travel doesn't have to be expensive. You will learn how tickets for an around-the-world trip were booked for under $219, and how you can also travel for little or nothing. The world is an incredible place to explore. This talk will encourage you to get out and see it! Speakers: TProphet

Unmasking a CIA Criminal

Fri, 18 Jul 2014 22:00:05 +0000 (manning)

Download Audio: 16kbps or 128kbps

"Her name is Alfreda Frances Bikowsky." While those six words may seem innocuous, according to the Central Intelligence Agency, if made publicly, they might have sent Ray and his journalist colleagues to prison. On September 8, 2011, they received the first in a series of phone calls and emails from CIA's media rep Preston Golson. "We strongly believe it is a potential violation of federal criminal law [the IIPA Intelligence Identities Protection Act] to print the names of two reported undercover CIA officers whom you claim have been involved in the hunt against al Qa'ida." They had used this approach successfully several times in the past to persuade some of America's most respected journalists - Jane Mayer of The New Yorker, Adam Goldman and Matt Apuzzo of the Associated Press, among others - to withhold her name from the public. Seeking advice from the ACLU's National Security Project, its lead attorney Ben Wizner made them aware that she had become something of an open secret in his world. They had stumbled onto a hornet's nest. Bikowsky, as it turned out, was the person credited internally with the greatest PR coup of the Obama White House, the successful assassination earlier that year of Osama bin Laden. As chief of the Global Jihad Unit, she reportedly runs the nation's drone strikes program. She is a through-line running from the failure to prevent 9/11 to the push for war in Iraq to the development of the CIA's renditions, black sites, and torture program and continuing to today's targeted assassinations in countries around the world. Through her story, we can see the details of a devolution in the rule of law and the justice system in America, as well as the impetus for and birth of what some call the "war on whistleblowers and journalists." For 20 years, she has been at the center of history, yet the covert nature of her job has prevented that history from ever before being told to the public in one place. Doing so is necessary for a democratic citizenry to have an informed discussion about national security and intelligence policy in America's continuing fight against terrorism. Speakers: Ray Nowosielski

Updates from the Online Identity Battlefield

Sat, 19 Jul 2014 23:00:03 +0000 (olson)

Download Audio: 16kbps or 128kbps

At HOPE Number Nine, aestetix gave a general introduction to the world of nyms (short for pseudonym) and NymRights (the group he created to promote online self-expression). Things have changed a lot in the last two years. More services are moving online, and there are a lot of discussions about how to securely "verify" users, how to prevent fraud/harm, and how to do all of this while keeping our civil liberties intact. There have also been developments with the National Strategy for Trusted Identities in Cyberspace (NSTIC), an Obama strategy designed to promote these discussions in places like health care and social security. The White House is finalizing points on their Cybersecurity Framework (which includes NSTIC) and, in the meantime, a bunch of web services are implementing "verification" solutions, some with better success than others. In light of fundamental "nym" ethics, the discussion will take a look at these strategies and solutions, show which work better than others and why, and introduce some things the panelists have been working on as well. Speakers: aestetix; Kaliya "IdentityWoman"

Usable Crypto: New Progress in Web Cryptography

Sat, 19 Jul 2014 15:00:20 +0000 (olson)

Download Audio: 16kbps or 128kbps

This talk will provide an outline of the pitfalls, dangers, benefits, and progress when it comes to doing encryption in JavaScript in the browser. Nadim has been working on this problem for the past three years in collaboration with Mozilla, Google, and the W3C. The solution is still far away, but there have been many interesting (and, most importantly, educational) challenges that have been faced. After giving an overview of how browser cryptography has advanced in the past year, Nadim will reveal a new open source encryption software project during the talk. Speakers: Nadim Kobeissi

Using Travel Routers to Hide in Safety

Fri, 18 Jul 2014 23:00:57 +0000 (manning)

Download Audio: 16kbps or 128kbps

In light of the past year's NSA revelations and the long history of SIGINT, safe network use is a serious concern, especially for international travelers. Open source and commercial tools to hide one's identity when traveling will be described here, in the face of both blanket surveillance and targeted, intense monitoring. You will learn about tools which can be comfortably taken through restrictive border regimes and carried openly in war zones without attracting undue attention - as would suit a journalist or human rights worker. While these tools tend to be complex, the true challenge is the threat model: a single slip-up, undetected at the time, can doom the user and the user's contacts to discovery, interrogation, or worse. Speakers: Ryan Lackey; Marc Rogers aka cyberjunky

Vigilante Justice: Masks, Guns, and Networks

Fri, 18 Jul 2014 23:00:12 +0000 (olson)

Download Audio: 16kbps or 128kbps

This talk will cover the state of vigilante action around the world; what they fight with, who their targets are, how they stay anonymous, and how they organize. Without condemning or condoning any single act, these radically unique responses to crime and corruption deserve our attention. How much power are they wielding? Is nonviolence winning out over violence? Is anonymity giving way to irresponsible action? And what should we expect as these networks deepen? There's a growing list of options being explored, and these explorers have dramatic and largely unknown stories to tell. Speakers: Zimmer Barnes

Visualization for Hackers: Why It’s Tricky, and Where to Start

Sat, 19 Jul 2014 12:00:23 +0000 (olson)

Download Audio: 16kbps or 128kbps

Computer-based visualization systems provide visual representations of datasets designed to help people carry out tasks more effectively. Visualization is suitable when there is a need to augment human capabilities rather than replace people with computational decision-making methods. The design space of possible vis idioms is huge, and includes the considerations of both how to create and how to interact with visual representations. Vis design is full of tradeoffs, and most possibilities in the design space are ineffective for a particular task, so validating the effectiveness of a design is both necessary and difficult. Vis designers must take into account three very different kinds of resource limitations: those of computers, of humans, and of displays. Vis usage can be analyzed in terms of why the user needs it, what data is shown, and how the idiom is designed. Tamara will discuss the implications of all this trickiness for systems visualization, where the datasets include trace logs, network traffic, and semi-structured text in addition to the classic big table of numbers. One good way forward is to think hard about how to transform your original data into a form that's well suited for addressing the user's problems before you dive into the details of exactly how to draw any pictures. Speakers: Tamara Munzner

When Confidentiality and Privacy Conflict

Fri, 18 Jul 2014 15:00:02 +0000 (olson)

Download Audio: 16kbps or 128kbps

We have many mechanisms to provide confidential communications so that network operators and other would-be surveillance regimes can't inspect the content of our traffic. But some of those mechanisms actually reveal more about who is speaking than cleartext communication would, especially over longer periods of time and large datasets. Information about who is speaking to whom is so valuable that large organizations devote huge amounts of resources to assembling network graphs of this "metadata," even without the content of the communications. Clearly this information is worth something; it is probably worth protecting. Why should privacy (hiding who you are) conflict with confidentiality (hiding what is being said)? This talk will look at specific instances of privacy and confidentiality conflicts, and describe patterns that create this tension. There will also be a discussion on some approaches to resolve the conflict and outline ways to improve privacy while preserving confidentiality. Speakers: Daniel Kahn Gillmor

When Whistleblowers Are Branded as Spies: Edward Snowden, Surveillance, and Espionage

Fri, 18 Jul 2014 13:00:08 +0000 (manning)

Download Audio: 16kbps or 128kbps

When The Guardian and Washington Post published the first stories exposing the National Security Agency's surveillance operations based on revelations from the whistleblower Edward Snowden, the world learned that U.S. government officials told a series of misleading half-truths and outright lies to conceal what has become a U.S. surveillance industrial complex. The revelations revealed massive waste, fraud, abuse, illegality, and an equally massive loss of valuable intelligence. In response to the understandable public outrage about their mass surveillance, the NSA chose not to investigate the officials who needlessly and in secret sacrificed the privacy of hundreds of millions of innocent people. Rather, the intelligence community has spent untold resources investigating and attempting to discredit Snowden. It is a predicable response for an institution to focus on the messenger rather than the message. It can be an effective distraction to focus the media and public attention on one individual rather on exposing systematic, widespread illegality in a powerful government agency. Whistleblowers in all corporate and government spheres risk choosing their conscience over their careers, but under the Obama administration, national security and intelligence whistleblowers face choosing their conscience over their very freedom. The Obama administration has prosecuted more people under the Espionage Act for alleged mishandling of classified information than all past presidential administrations combined. The Espionage Act is an arcane, vague, and overbroad World War I-era law intended to go after spies, not whistleblowers. NSA whistleblower Thomas Drake objected to mass surveillance using internal channels and was charged under the Espionage Act. Central Intelligence Agency whistleblower John Kiriakou objected to torture and was charged under the Espionage Act. He is now serving 30 months in prison. Army Private Chelsea Manning helped expose war crimes and is serving 35 years after facing Espionage Act charges. Because of this pattern of persecution, Edward Snowden was forced to leave the United States and seek asylum in Russia after the U.S. government left him stranded in the Moscow airport last year. This talk, by a member of Snowden's legal team, will address all of this and more. Speakers: Jesselyn Radack

When You Are the Adversary

Sat, 19 Jul 2014 19:00:16 +0000 (serpico)

Download Audio: 16kbps or 128kbps

If your name isn't Barton Gellman, Laura Poitras, or Glenn Greenwald, chances are that while the NSA may be a rights-violating threat to all, it's not your actual, day-to-day adversary. Real world adversaries tend to be spouses, parents, bosses, school administrators, random drive-by malware, and maybe local law enforcement. While federal threats create a terrible security culture, they aren't stepping into the lives of most people. And while obsessing over various intelligence agencies and trying to build tools against them makes you feel like a badass, it doesn't help most people. Fixing Flash and building easy to use communication tools does change the lives of countless people. This talk will focus on the infosec needs of the 99 percent - who aren't geeks. This talk will touch upon the value of bad crypto when it lets someone escape an abusive spouse, and the common situations where tools that let people sidestep the requirements of their IT departments make the world a better place. Yes, the big bad guys still matter, but fighting a billion little bad guys probably matters more. Speakers: Quinn Norton

Why the Future is Open Wireless

Fri, 18 Jul 2014 19:00:00 +0000 (serpico)

Download Audio: 16kbps or 128kbps

How do we begin the movement to create a world of ubiquitous open wireless, where sharing and openness is the norm? How do we get it to spread? Speakers from EFF's activism, legal, and technology teams will describe the open wireless movement (https://www.openwireless.org) and the specific challenges their open wireless router campaign is solving. The first hurdle is convincing the world that sharing Wi-Fi with guest users is, as security expert Bruce Schneier puts it, a matter of "basic politeness." Another perceived roadblock is the belief that running an open network could subject the host to legal liability. Lastly, even proponents of open wireless lack easy technical solutions to safely enable private and anonymous guest access without reservations. To that end, EFF is developing an easy to set up, secure Wi-Fi router. But, in order to truly realize our open wireless future, they will need your help. Speakers: Adi Kamdar; Nate Cardozo; Ranga Krishnan

Will It Blend? How Evil Software Clogs the Pipes

Sun, 20 Jul 2014 11:00:58 +0000 (olson)

Download Audio: 16kbps or 128kbps

During an investigation, Michael discovered an attacker who was emailing himself from an infected user's account. He sent and received emails under the radar via Outlook extension malware. Countless times Michael has seen attackers forced to blend their malware communications with the noise on his clients' networks. The talk will start with a brief history lesson on malware and its use of the network for command-and-control and data theft. Then there will be some fun opening his malware vault to explore interesting specimens from the wild such as the Outlook Assistant and malware that tweets! The presentation will close by discussing how you can find and analyze malware that communicates on the network and why traditional network monitoring isn't enough - attackers will find a way out of your network no matter how small a funnel you put them through. Speakers: Michael Sikorski

Wireless Meshnets: Building the Next Version of the Web

Fri, 18 Jul 2014 13:00:37 +0000 (serpico)

Download Audio: 16kbps or 128kbps

This panel will feature discussion and debate about the exciting current state of wireless meshnet technology, with a particular focus on how to build and join local urban wireless networks separate from the traditional Internet. A short tutorial of the project as well as how to connect to a local meshnet - including an overview of the necessary open hardware and software required - will be provided at the beginning of the panel. After the tutorial, a discussion will occur regarding the scope and impact of the global meshnet project. Technology covered will include the CJDNS project, Hyperboria, installing the Meshberry image on a Raspberry Pi device, configuring Ubiquiti NanoStation M5 routers featuring the OpenWrt software, and other relevant topics. Whether you're a new user or an enthusiast, this is a great place to learn more about the technology driving new free and secure private networks. Speakers: Kevin Carter; Peter Valdez; Kurt Snieckus

You’ve Lost Privacy, Now They’re Taking Anonymity (aka Whistleblowing is Dead – Get Over It)

Sat, 19 Jul 2014 17:00:20 +0000 (manning)

Download Audio: 16kbps or 128kbps

Government and private entities are working to shred privacy and warehouse personal, relationship, and communications data. Once unimaginable surveillance technologies are being perfected and implemented. The most intimate details of lives are routinely and unthinkingly surrendered to data-gatherers. Is it still possible to be an anonymous whistleblower? Is it still possible to be anonymous at all? Your physical location and activities for the past ten years are known and have been logged. If you attend a church or synagogue or mosque or a demonstration or visit an abortion clinic or a "known criminal activity location" or meet with a "targeted person" or a disliked political activist, it is routinely recorded. Your finances, sexual orientation, religion, politics, habits, hobbies, and information on your friends and family are gathered, indexed, and analyzed. Facial recognition, camera analytics, license plate readers, and advances in biometrics allow you to be de-anonymized and remotely surveilled 24/7/365 by machines. Forensic linguistics, browser and machine fingerprinting, and backdoors substantially eliminate the possibility of anonymous Internet activity. Thanks to "The Internet of Things," your thermostat and electric meter report when you arrive home and your garbage can reports when you throw out evidence to be collected by the few remaining human agents. "Predictive profiling" even knows what you will do and where you will go in the future, so the data collection bots can be waiting for you. Data collection now begins at birth. And no data gathered will ever be thrown away. And none of the data gathered belongs to you or will be under your control ever again. An internationally-known private investigator and longtime HOPE speaker, Steve will describe in frightening detail how the last shreds of everyone's anonymity are being ripped away. Real world examples will be used. Surprises can be expected. Speakers: Steve Rambam

Your Right to Whisper: LEAP Encryption Access Project

Sat, 19 Jul 2014 16:00:20 +0000 (olson)

Download Audio: 16kbps or 128kbps

The LEAP Encryption Access Project is dedicated to giving all Internet users access to secure communication. Their focus is on adapting encryption technology to make it easy to use and widely available. Like free speech, the right to whisper is a necessary precondition for a free society. Without it, civil society languishes and political freedoms are curtailed. As the importance of digital communication for civic participation increases, so too does the importance of the ability to digitally whisper. When you attempt to secure your communications online, you are faced with confusing software, a dearth of secure service providers, and involuntary leakage of critical information. For aspiring service providers, barriers to entry include the high cost and technical complexity of setting up secure servers. LEAP's goal is to transform secure online communication from an exercise in frustration into an automated and straightforward process for those whose access to information and free expression depend upon confidentiality, authenticity, and the protection of their social networks. Come to this talk to hear about LEAP's unique strategic infrastructure approach taking federated standards and open protocols to tackle these problems and find out how you can too. Also, there will be pretty pictures of birds. Speakers: Micah Anderson