Slowly getting my life together and the time and ability to tackle projects. Hopefully some new technical content soon.
Switched from NGINX to Apache2 for the website. Redirect to SSL should be universal now. Let me know if you have any issues.
2015 can officially suck it. A terrible, terrible year for me on many fronts. However, I'm still here, still employed, still not under indictment (that I know of) and still pissing people off by doing what I do. 2016 will be better for me or I will set it on fire.
I've been hosted for many years by my friend Audit and I thank him for it. I'm the last site he's hosting and the time has come to move hosts. I'm now on a VPS that allows me the ability to do things like, offer SSL by default for free on my site thanks to Let's Encrypt!.
More news and rants to follow in the near future about my 2016 so far, all I have to offer is a write up of How I Found United States Marine Corp security plans at Shmoocon
Discussions at Derbycon inspired me to finish a response rant to Valsmith's blog post on Stunt hacking. I contend that Stunt hacking is not always media/money whoring.
Life's been rough in 2015. Been focusing on sorting out my life and keeping myself (realativly) sane. As a result, been a bit quiet around here
I'm in Vegas right now hanging out with the hacker family before Defcon. I felt inspired to just say "Screw It" and release my archive of interesting ADS-B documents for others to draw their own conclusions from. Originally I wanted to annotate and comment on many of them, but I'm far to busy and I'll likely never get to it.
To all doubters, detractors and haters: Here's my evidence for my conclusion. Where's yours?
ADS-B document archive as of 8-3-15
Updated ADS-B page with links to newer slides and video of presentations
Things have been busy around the Renderlab, but this week, things just went off the deep end. My friend, hacker family member, and fellow aircraft system security researcher Chris Roberts was unceremoniously pulled from a domestic United airlines flight, interrogated for 4 hours and all of his (thankfully encrypted) electronics without a warrant. After that he was informed that he was banned from United flights for life. The EFF Deep links blog has details and is representing Chris. The FBI and TSA released a Private Industry Notification (PIN) warning to be on the lookout for suspicious activity onboard flights. That includes references to ADS-B which is the territory for my research. As a result I am considering myself under investigation and increased surveillance.
As a precaution and part of good security practices I've revoked my gpg subkeys and generated new ones off my original key. I updated the various key servers and made updates to the key on my site. Please update your keyrings. Fingerprint 1987 EE05 B430 B4CA CC84 D2D3 2683 DEDC F155 84AC
I'm not stopping my research or censoring my public statements. I want to be proven wrong. I want to know that Chris and I are wrong and air travel is safe as is claimed by the airlines and other authorities. No one has done so to mine or anyones satisfaction to date. Would'nt it be easier to give Chris and I access to a plane or test lab and let us test our theories and release the results either way as a show of transparency. If they are so sure things are safe and that we are wrong, what is the harm in proving us wrong?
Happy New Year from Hamburg, Germany! Here for 31c3, which is amazing by the way.
I am finally posting my brain dump about the events at Derbycon 4 in regards to my public admissions about Depression and how the Hacker family has literally saved my life. I'm putting alot out here with the hopes it herlps others in my situation to seek help. Read my story about Depression and Derbycon here
The Google Hangout seems to be working. Sometimes no one there, sometimes a few people. I think I need to write up better instructions. I should have assumed that hackers would eshew Google plus and not know how to connect or have accounts.
In other news, I am writing up a reply essay to Dr. Phil Polstra's talk at Defcon that tried to refute my findings on ADS-B. I'm waiting for the video to be released so I can be accurate, but the short version is; He provided assertions, not evidence. He also failed to grok that our attacks were not aimed at full hijacking, but at influencing cockpit behaviour. He also engaged in a great deal of'Reductio ad absurdum', taking our theories to the absurd as proof they are wrong.
I however encourage his point of view in that it generated debate and renewed interest. My assertions still stand and I still have the challenge out there of wanting to be proven wrong by providing documentation that is publically available, or letting us have access to the equipment and actually test our theories for real and be public about the results, either way the end up.
Back From Defcon/Blackhat. Still sorting out all the post-con mess and getting photo's up and such.
I've setup an experimental permanent Google+ hangout for Defcon people and Hacker family in general to join and chat face to face more than once or twice a year. It's like IRC but with video and voices.
It is currently an experiment. It could turn all sorts of horror show, but nothing ventured, nothing gained.
The event with hangout link is here
Join the hangout and feel free to chat with whoever is there. Slightly more detail and instructions are avaiable HERE