Things have been busy around the Renderlab, but this week, things just went off the deep end. My friend, hacker family member, and fellow aircraft system security researcher Chris Roberts was unceremoniously pulled from a domestic United airlines flight, interrogated for 4 hours and all of his (thankfully encrypted) electronics without a warrant. After that he was informed that he was banned from United flights for life. The EFF Deep links blog has details and is representing Chris. The FBI and TSA released a Private Industry Notification (PIN) warning to be on the lookout for suspicious activity onboard flights. That includes references to ADS-B which is the territory for my research. As a result I am considering myself under investigation and increased surveillance.
As a precaution and part of good security practices I've revoked my gpg subkeys and generated new ones off my original key. I updated the various key servers and made updates to the key on my site. Please update your keyrings. Fingerprint 1987 EE05 B430 B4CA CC84 D2D3 2683 DEDC F155 84AC
I'm not stopping my research or censoring my public statements. I want to be proven wrong. I want to know that Chris and I are wrong and air travel is safe as is claimed by the airlines and other authorities. No one has done so to mine or anyones satisfaction to date. Would'nt it be easier to give Chris and I access to a plane or test lab and let us test our theories and release the results either way as a show of transparency. If they are so sure things are safe and that we are wrong, what is the harm in proving us wrong?
Happy New Year from Hamburg, Germany! Here for 31c3, which is amazing by the way.
I am finally posting my brain dump about the events at Derbycon 4 in regards to my public admissions about Depression and how the Hacker family has literally saved my life. I'm putting alot out here with the hopes it herlps others in my situation to seek help. Read my story about Depression and Derbycon here
The Google Hangout seems to be working. Sometimes no one there, sometimes a few people. I think I need to write up better instructions. I should have assumed that hackers would eshew Google plus and not know how to connect or have accounts.
In other news, I am writing up a reply essay to Dr. Phil Polstra's talk at Defcon that tried to refute my findings on ADS-B. I'm waiting for the video to be released so I can be accurate, but the short version is; He provided assertions, not evidence. He also failed to grok that our attacks were not aimed at full hijacking, but at influencing cockpit behaviour. He also engaged in a great deal of'Reductio ad absurdum', taking our theories to the absurd as proof they are wrong.
I however encourage his point of view in that it generated debate and renewed interest. My assertions still stand and I still have the challenge out there of wanting to be proven wrong by letting us have access to the euipment and actually test our theories for real and be public about the results either way the end up.
Back From Defcon/Blackhat. Still sorting out all the post-con mess and getting photo's up and such.
I've setup an experimental permanent Google+ hangout for Defcon people and Hacker family in general to join and chat face to face more than once or twice a year. It's like IRC but with video and voices.
It is currently an experiment. It could turn all sorts of horror show, but nothing ventured, nothing gained.
The event with hangout link is here
Join the hangout and feel free to chat with whoever is there. Slightly more detail and instructions are avaiable HERE