Nothing major to update. Been focusing on getting life together and some stability. Derbycon in September rocked and the Crystal Method show there was amazing. I forgot how much fun small cons are.
I've switched to using gpg for secure email. My public key for render AT renderlab
Yeah. Over a year, I know. @Ihackedwhat is my Twitter handle and alot of minor things go up there now.
I'm slowly revamping the site as I get time (which is precious little) but in the mean time, I'm fighting depression in myself and within the Hacker community. The Verge did a great write up about the issue.
The Internet archive via Jason Scott hooked me up with permanent high bandwidth storage for the WPA Cracking Tables. Direct links to Tarballs and the .torrent are HERE!!!
Holy crap. I made the front page of Slashdot. Been involved with projects that ended up there, but this is the first time by name.
As I noted in my talk, I want to prove to myself that ADS-B and NextGen Air Traffic Control is safe. If you look through my slides and can prove me wrong somewhere, please provide me with evidence (reports, technical information, studies, etc) that I can share publically. I have no problem admitting I am wrong. In this case, I'd be happy to do it. render [AT] renderlab [DOT] net is my email, feel free to contact me.
Back from Defcon, still unpacking and catching up on sleep
Short version: My presentation "Hackers + Airplanes = No Good Can Come Of This about hacking ADS-B and the NextGen Air Traffic Control rocked the con and the aviation community in general. Slides and the infamous POC video are up in various formats at http://www.renderlab.net/projects/ADS-B/ which will hopefully become a clearinghouse for more research into the topic.
Links to media and other fallout later. Need sleep
As usual, I'm behind on updates here.
I published the results of my Bi-Annual wireless scan of West Edmonton Mall with Infosec Institute as a trial run with them. The article is here. I will be posting an updated version that includes the fact that many of the "Secure" networks may be vulnerable to Reaver and other WPS attack tools.
It was revealed today by the New York Times that it was Netstumbler creator, Marius Milner, who was the Google engineer who wrote the software from the Google Streetview Wifi debacle. Wired asked for my comments. On a personal note, The media is making more of this than it needs to. He has all my sympathy for having to deal with people who dont understand that no damage was done, so no harm, no foul.
Local media got a hold of the Shaw Wifi advisory and called Shaw to ask them about thier side. They assert that adding an extra layer of encryption is a good thing. I still assert that giving away the key to that layer makes it useless and more dangerous due to a false sense of security. Read the article here.
I was also interviewed briefly in December about the City of Edmonton looking to pilot some form of E-voting for municipal elections. Read the article here and decide foryourself if the city can do it right the first time.
Holidays were good to me, providing a great deal of entertainment. Shaw Communications has launched a public WiFi trial. Thier 'secure' option is far from secure. In fact, it's utterly useless. My writeup is available here
I took Dark Tangent up on his request for ideas on how to make Defcon better for DC20. The result is an 8 page essay I sent him after con. I'm now sharing it with the rest of the community to spark discussion. The essay is a PDF up HERE. Please constructivly comment and Join the discussion
I wrote up details and build details for my costume from Defcon 19. I repaired (and promptly broke the arm wire) on my EL wire cenhanced coat from last year. This year I added some more headgear. I upgraded my Goggles with uOLED screens and a voice reactive LED respirator. I also made my own screen faithful reproduction of the Castor / Zuse cane from Tron:Legacy to enhance the ensemble. Code, pics and build details in my own usual stream of conciousness fashion in the above links
I also did a write up for my custom, MOLLE compatible Kilt, designed and built to hacker specifications. It is what I consider the first Tactical Kilt
I should also mention, a few months late but I am now on twitter, mostly to document the security fails I see in my travels. I am not one of those people who tweet what they had for breakfast. It's very one way as well, I follow very few people. My username is @IHackedWhat, which is best said as a question: "I Hacked What?"
Back from Blackhat/Defcon, tired, sore, the usual. An interview with Unlimited Magazine got posted while I was gone.
Expect some updates and writeups about my costume from Defcon. My EL Wire coat got upgraded with some new accessories.
Ok, no updates for 7 months, yeah, I suck. Rather than a big long write up on the front page, I've written up a summary in my Rants. Short version is I have been speaking all over Canada and the world and got robbed along the way.
In recent news, I was interviewed about the whole Lulzsec campaign in Macleans magazine. I had hoped they would use more of my comments to show how our security models, spending and mindsets are stuck in the last century. But I have no control over the final edit.
Back in February, I worked with Global news on a segment about the dangers of geo location in cell phone photos. A text version of the article is up here