After all was said and done, it was time to say goodbye.  We were told it would be a somber occasion, and after a moment of silence, a preacher could be heard at the other end of the auditorium.  The voice sound like something out of the HBO show, “Carnivale”.  He screamed things like, “yes, lower your head” and “feel free to cry, let it out”.  Behind this man of the cloth, was a procession of 6-8 people, carrying a coffin.  Once the coffin reached the foot of the stage Emmanuel Goldstein, the founder of HOPE, started his presentation.

He showed the crowd slides of the first HOPE, and all others after that.  Then came the slide with the definition of last, “final, there is no more”, not easy words to read, until he quickly flipped to the 'other' definition of last, “previous, former” and then he brought it all home with a Boondock's cartoon.  The caption read, “Did you go to the Last HOPE”  and the other character said something along the lines of, “No, but I will be at the next HOPE”.  This led to the final slide www.thenexthope.org Summer 2010.  The crowd erupted, and the good times began, yet again. Emmanuel explained that the Hotel Pennsylvania demolition plans have been put on hold indefinitely; and after having the most successful HOPE ever he would be crazy not to do it again.  To add to the good times, Emmanuel called up Johannes, a hacker from Austria, who wants to create a hacker theme song.

Johannes, has dug up a german techno song, that he feels is the perfect anthem for hackers everywhere http://www.monochrom.at/hausmacher/nullprozentkult/eurocats_surfenmultimedia_hausmacher-monochrom.mp3 Below is translation of the lyrics, I would be interested to hear everyone's opinion:

Surfen Multimedia
Lyrics (translation):

Suring surfing through the world with multimedia
Suring surfing, day and night
on the data highway

Come join me on the internet tonight
I'm already waiting for you
Dude, be a user, go online
You'll meet me in the email

And should you lack some megabytes
You’ll find them here with me
Be it interface or cyberspace
I'll gladly share with you

With bits and bytes
With mouse and click
We are going on a tour
In the World Wide Web
We'll follow each new hint today
I would like to point out that people were dancing on the table on stage and in the aisles!

That's right, there will definitely be a "Next Hope" in 2010!!!  I will have a more in depth explanation, but before crashing, I wanted to share the good news

The true beauty of HOPE is the constant sharing of information, and the openness of it's design.  In addition to three structured tracks, a fourth free form track is open to the public.  Anyone interested in being a presenter signs up next to an available time slot, along with a brief description of their talk.  Topics are extremely varied,, most tend to be grey hat leaning more towards black hat, however  I attended a session on polyamorous relationships which is at the other end of the topic spectrum.

Polyamory (poly for short) is a lifestyle in which you have several boyfriends or girlfriends, and they in turn have several as well, with the key difference being that everyone knows about each other.  The point of the discussion was to educate people about the poly lifestyle.  The speaker, *Sabrina, was quick to point out that these relationships involve romantic love, and are not purely sexual, like the swinging lifestyle tends to be.  Sabrina, describes herself as a pomosexual (post modern sexual), in that she is not comfortable with being labeled bisexual, though she is into both men and women.

The discussion was fascinating and very different from my own experience.  As a serial monogamist, I was amazed by the openness of the relationships.  Sabrina brought her primary partner, who explained the complexities of figuring out who you are dating and when.  He mentioned that a tracking program would be helpful because of all the logistical challenges with the poly lifestyle.

Sabrina was a wealth of knowledge and recommended the following two websites for the poly curious:

1.www.okcupid.com – This website allows people that are dating others to signify that they are in relationships, and that they are open to additional connections
2.www.fetlife.com – Once you are a member of this site, you can choose to find individuals which share the same fetish interests.

In addition to the websites, Sabrina's primary partner recommended a book entitled, “The Ethical Slut” he found it to be very informative and helpful.

Though I did find the discussion fascinating, I would caution anyone not familiar with this lifestyle, to tread lightly.  As was discussed at various times, the poly lifestyle is fraught with complications and frustrations.  Something as simple as a family dinner, can lead to a minor catastrophe.  Also keep in mind that if you become poly you will need to keep track of multiple birthdays, anniversaries, etc.  This is a very complex way to live, but is increasing in popularity.

*Sabrina is not the name of the presenter, I have changed it to protect her privacy, Sabrina if you read this and would like your name in the post, please feel free to contact me

Day 2 Highlights

Stopped by the Hackerspace Village for a chat with Mitch Altman  He is a very approachable, mellow guy.  He explained a little bit about the Brain Machines, how they work as well as a game he made (Mignonette) and a vibrating bug.  It is really impressive how he made all these different “toys” from the same kit that is used to create a tv-b-gone.  My favorite is the glasses, a display pair is available so you can try them out, and with the lights flickering and the sound turned up, it is a wild experience.  It is a little overwhelming, but is fun to try, and if I had an hour and a half (the approximate amount of time to build one) I would have walked away with a pair.  I am becoming more and more interested in hardware stuff, and once I find some free time I think a subscription to Make and a sunglass kit are in my near future. 

While killing time between lectures, I decided that I wanted to take a spin on a Segway.  It is amazing how well these things react to the slightest body movement.  They are silent, and give you the sensation  that you are floating a foot off the ground.   There is virtually no learning curve, and can be mastered in less than a minute.

Another area that caught my attention was a digital art project that created virtually shapes based on manipulation of a laser pointer.  I watched several people take turns draw random shapes into what looked like the Paint application.  These explorations into art have been a real treat and have helped to further the experience at HOPE.

If there was one thing that I would say was a minor let down, it is the absence of Jolt.  It just doesn't feel like HOPE without one.  Apparently, I am just a little nostalgic though, since a new drink has made its way into the hacking culture, it's name is Club Mate http://club-mate.us/.

Club Mate is the color of beer, and tastes like a watered down ginger ale.  It has a descent amount of caffeine and less sugar than most soft drinks (about 27 grams per bottle, which at hope is a .5 liter bottle).  I overheard in the elevator that after you finish one, you will be hooked for life.  I would not say that I am hooked for life, but I am willing to drink it the rest of the con, and see how I feel towards the end about it.

#1 The first club mate was okay, I was expecting something that tasted very earthy, thankfully it was much milder than I anticipated.  It did give me that little boost I was looking for to get me through the day.  Overall I can tolerate it, but will be keeping my eye open for a Jolt (yes I could pick up a Jolt at Rite Aid, but it just isn't the same; and more importantly won't be as cold).

#2 The second was drank in record time, it is over 95 degrees in New York and at that temp if it's drinkable, then it is perfect. 

#3 After quenching my thirst, I focused on the actual taste, which wasn't bad.  I really started to enjoy the club mate, and one thing is for sure the colder it is, the better it tastes.

In conclusion, I am not hooked on the mate, but I would definitely drink it again. The little amount of sugar and considerable amount of caffeine make it a great alternative to sodas and sports drinks.  Yet another way in which the good people of HOPE continue to expand our horizons.

I wish I could say that I was psyched to get to the Hotel Pennsylvania, but do to an impromptu late night; I was more interested in a few more hours sleep.  However, I pride myself in being professional (whenever possible)  so I dragged myself out of bed, and got there much earlier than I would have liked.  A funny thing happened though as I began to ascend to the second level, a feeling of indescribable happiness overcame me.

It quickly became very clear how much I love HOPE.  As I walked around, taking in the sites, I realized there was no where else I would rather be.  Being surrounded by all this creativity is a tonic for a lack of enthusiasm, and a spark for the imagination.  Two pieces in particular that blew my mind were http://artmagnitude.com/orb.php and http://wiremap.phedhex.comfeature.php?feature_id=update

The description and picture does not do this creation justice, I never like to be that person; but the orb is something that needs to be seen up close and personal.  If you ever have the opportunity, and you enjoy digital art, please do yourself a favor and see it. 

The second project, "Wire Map" is also an amazing sight.  The video gives you a taste, but when you see it in person, you get a true appreciation of what is involved.

In addition to these two pieces, are several colorful and creative sculptures that add to the overall vibe of what makes HOPE what it is.  I was unable find URL's for these other exhibits, but I will look around tomorrow, so I can share these as well.

For anyone not able to make it, I am hoping to paint a picture of all that is going on at the last HOPE in subsequent posts.  First things first, despite the name, there is a good chance that this is in fact not the last HOPE.  It was mentioned throughout the day that the name of the con, is just that, a name.

It may mean the end of this amazing event; but more likely just a new beginning.  There is no concrete evidence that this is the case, but even the conference program alluded to it.  If I hear anything solid, I will let everyone know. For now though, fingers crossed...

Definately check out LSO, from time to time they will have rootwars open to the public, and chock full of knowledgable people.  Also leverage the ability of vitual environments to create a varied and large network.

Provided you have the requisite ram with two "victim" machines, the possibilities for different OSes are staggering. 

However there is so much more to infosec then pentrating a network.  Take some time to work on enumerating networks, and getting to figure out all the information that is out there...google google google

Why do you want to do that? In my experience users will always try to take advantage of the situation.  Yes, you could create a group policy that allows users to d/l and install certain apps on their own; but that is a lot of work and once you start you will never stop. 

If manually installing it (remotely with vnc) is not an option, take the .exe file and create an msi (good explanation here http://www.mcse.ms/message948078.html), then push it to the users when they log in using a kixscript www.kixtart.org/.  After authenticating to the network, the user logs in, the package will be installed and least privilege is still maintained. 

Once you have the initial leg work done, you will have a managable system for deploying anything; without giving up an ounce of control to the users.

Hack_80,

The easiest way is to right click the program, select 'run as' click 'run', click 'the following user' radial button then enter the username and password for administrator.  Off you go.

Also, you can make a user a 'power user' and meet most applications requirements without making a user a local admin, but beware that a power user can make themselves an admin. 

Never give a user more rights than they need to get their job done; unless you absolutely (read:someone that can end your employment) have to.

Ummm, well yeah...I guess that is why you are the editor  

I honestly searched up and down for a freeware checksum verification tool, and Verifier was all I found.  Clearly I need to brush up on my google hacking skills, b/c what you found is more recent (and most importantly relevant). 

I have never claimed to know everything, and based on this thread I am not going to start now I have not d/l this prog yet but it is on my short list of to do items.

Don,

Thanks for making this avail. to those of us that couldn't make the conference.  I have run Back Track before, and am totally pysched to have the very latest version that is EH branded.  Please everyone forgive the pandering, but it is unbelievable what has been accomplished in a short amount of time.

Yes it is true, I am a contributor (which makes Don my boss) but honestly what other site does this much for its members?

Also, 7-zip is great! I have been using it exclusively for a while.  7-zip allows you to easily vacillate between windows and *nix enviroments.

Jimbob,

I can appreciate the tools you mentioned, but they mostly are singular in nature.  I like the idea of having one tool that can do it all. 

Also, I agree PGP is the way to go, but most vendors barely provide md5 or SHA1 hashes; I think we are a few years away from PGP becoming the norm for the average vendor.

Black hats have become more and more clever, what once seemed the stuff of hollywood movies, is now reality; good software is being packaged with malware.  A quick google search will reveal that major software repositories (even the likes of sourceforge) have been compromised and unwanted payloads have often been passed off as the regular code that users of the site were looking to download. This is not a new issue, but it is becoming more prevelant and wide spread. As time consuming as it sounds, we have no choice but to verify that the package is what the publishers intended it to be.  The problem is that the programs used for checksum verification cost more than most budgets are equipped for (usually $1.00 past free).

Once again I have to plead poverty, and by I, I mean my organization.  It may seem trivial to some, but spending $25-30.00 on a "security tool" is unconscionable. For that reason that I had to forgo a lot of very reliable tools, until I found verifier.  I had almost given up hope, when finally the right combination of search terms brought me to this amazing tool, found here http://sourceforge.net/projects/verifier/ Verifier works on 63 hashing algorithms including MD5, SHA-1, Ripemd, etc.  It is an impressive list.  Overall it is a great piece of open source software, but their is one major drawback...it's old.  The next version was due out Sept. 6, 2004 but apparently that wasn't to be. I am using it with cautious optimism, hopefully some of you will take the plunge as well.

Big Bur,

I have been reading hackin9 mag since its first issue. The original articles are not written in english, and the translations can be a little off.  This magazine tends to be very linux heavy, if you are not familiar with linux I recommend http://tuxmagazine.com/ and other sites geared toward novice linux users like http://www.justlinux.com/

Overall the articles will get you thinking and hopefully push your day in a different direction.

I like have a hard copy as well, but you could always print out the latest x posts from eh.net and carry them with you, for reading on the go