Birthday weekend wrap up.

  birthday conference dancing hacking shmoocon spellbound sushi weekend

Rather than stay home for my birthday (which I've done for the past few years) I decided to make things interesting this time 'round the sun. Sitwon and Haxwithaxe had secured a hotel room and passes for Shmoocon in downtown DC last weekend, so I threw my hat into the ring more or less at the last minute. Shmoocon is an excellent hacker conference, don't get me wrong, but I don't ordinarily get much out of it. It is, as they say around here, above my pay grade. That said, I decided to go solely to see what I could …

Read more...

Shmoocon 5 pictures are now online.

  pictures badges barcodes convention dc hacdc passes shmoocon vampire_tap

I've finally put the pictures I took at Shmoocon 5 online.

I should note, persuant to the photography policy of Shmoocon, that all people I photographed gave explicit permission for me to do so. Shmoocon doesn't permit photography in any of the presentation areas, and they don't like you taking pictures of people anywhere else unless the subjects give the OK. Taking pictures of inanimate objects, however, is permissible.

Shmoocon 2009: ...duck!!

  barcodes botnets convention conversation credit_cards dc ethernet funny hacdc hackers hijinks law live_and_learn mapping parties registration rfid shmooballs shmoocon software vampire_tap wifi wireless wiring_magick

It's been six hours since I got back from Shmoocon, and I'm still readjusting to a low information density environment. Shmoocon is DC's premiere hacker con, held early every February by a security research outfit called the Shmoo Group, which seems to have an odd interest in moose (judging by the repeating moose motif all over the place, from the free stickers to the laser cut acrylic convention badges). I've wanted to go for a couple of years but various and sundry things kept me from attending, so when I finally was able to score a ticket I jumped at …

Read more...

Source code to Javascript botnet agent leaked!

  agent botnet hoffman javascript jikto leaked noscript schroll shmoocon web_browsers

Remember the software that Billy Hoffman demo'd at Shmoocon 2007 - the Javascript that turns any capable web browser into a zombie?

One Mike Schroll snagged a copy while in the audience and posted it to his website. From there, about 100 somebodies downloaded copies, which no doubt have spread farther.

You can bet that this is going to find illicit use soon. For Firefox users, I strongly suggest that you look into installing a plug-in called NoScript, which lets you decide whether or not to execute the Javascript embedded in a particular web page.

As always, read the documentation.

Cross-platform droneware: Bots written in Javascript.

  agent botnet hoffman javascript jikto shmoocon web_browsers

Billy Hoffman of the security outfit SPI Dynamics unveiled the fruits of his research at Shmoocon last weekend (which I'm still miffed about not being able to attend), botnet software written in Javascript that runs on any modern web browser. His prototype botnet agent is called Jikto, and it searches for cross-site scripting vulnerabilities in websites after beginning execution when the user looks at a malicious website or e-mail message. Periodically, it will phone home with vulnerable URLs and details of same. This means that even Net-capable cellphones can unwittingly be turned into botnet members.

Javascript can hypothetically be dropped …

Read more...

What a day. I'm going back to bed as soon as I can.

  bladeless friends shmoocon tired work

Because Bladeless Axe was in town for Shmoocon this weekend just past, we gave it our best shot to hang out while she was around here, which wound up in a couple of near misses culminating in Lyssa and I spending the evening hanging out with her last night until rather later than any of us had hoped. To the tune of finally going to bed at 0200 EST5EDT today because we went out for rather a late dinner...

I'm getting old. I can't get by on four hours of sleep anymore. My ass, and most of the rest of …

Read more...