.

Notacon - Day 1

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Apr 30, 2007 12:17 am

Notacon - Day 1

Below are Brian's notes from Day 1. Not many editing changes, but since Brian asked, I did my job.  :)

Notacon - Day 1

Here are the notes from 3 of the sessions I attended on Day 1. I do have to say that I expected more from this con. There were not a lot of people there in my opinion (like 200 or so maybe). A lot of the sessions were heavy with opinions and not too much of a geek factor. A lot of the other sessions started late or had issues getting started at all. This is only their 4th year doing this con, so we’ll cut them a little slack. But what follows are my notes from those 3 sessions:

8080 Corruption (Presenter: Jim Leonard)

Using an old PC (the first home PC from IBM) Jim was about to display higher end graphics. It was cool to see such an outdate PC used to display higher end graphics. 8088 corruption is a 4 MHz (1981) CPU with 16 fixed colors. This is why it is so outstanding, because the graphics processing is so old school and Jim has been able to make full motion video.  To accomplish this task you have to research the hardware and what kind of programming is needed to get to display the video.

Jim then goes on to explain the difficulties of hacking the hardware and the human mind to make sure the video displayed is able to be comprehended. He shows the group how different fames per second in video and bits per second sound can be lowered to save bandwidth and resources so his 8088 computer is able to display the video and sound we are able to comprehend. Now the video displayed for his presentation was boxy and grainy, but you where able to understand and see what was happening. The trick according to Jim is that the human mind will see things it recognizes and then built the rest of the image for you so you see more than just the little colored boxes moving around the screen.

One of the technical areas he discussed was how to make more colors out of the 16 supported colors the systems has by default. He also talked about the processes he tried in order to get the video to work where the images’ bit rates were viewable and comprehendible.

All in all the talk was interesting and goes to show how dedication to achieving a goal has no limits and older computer hardware might still have some cool uses for hardware hacking.

Grid Computing with Alchemi & .NET (Presenter: Kn1ghl0rd)

Kn1ghl0rd started his talk by explaining how grid computing works and the difference between industrial grids and the lower-end, home-brewed Alchemi grids. He then explained the different components of grid computing and how they work together.

Grid computing is used a lot by the science and research communities. They use the processing power to do high-end research that signal computers do not have the power to handle. But with Alchemi you can gain a certain level of grid computing at home or over the internet with the help of friends.

Alchemi is open source grid computing platform for the .Net Framework. It only needs 2 parts to build a grid:

1) Manager: Handles storage of threads and allocations to the nodes.
2) Executer: Runs threads in a sandbox on one or more of the client computers.

Kn1ghl0rd explained what .NET is and how it works. He covered the different versions of .NET and the functionality of each version of .NET

• .NET version 1 (NT, 95, 98, ME)
• .Net Version 2 (2k, XP, & 2K3)
• .Net Version 3 (Vista)

He then touched on Visual Studio for Microsoft and explained the basics of .Net coding and the pros and cons to it.

Concerns with Communications:

Network Traffic: For obvious reasons.

PC Performance: The program will check to see if the computer is ideal first before accepting threads. It waits for 2 minutes to make sure the PC is ideal and then it starts a thread. If the PC starts to be used during a thread it will stop operation after that thread is completed.

Harmful Threads: Since all threads are run in a sandbox the risk of malicious code on your computer is next to none.

Overview

Kn1ghl0rd covered the basics on how .Net works the different versions of .Net. He also went through how to install and setup Alchemi grid computing. His attention to detail was outstanding as he covered the pros and cons of Alchemi including the possible security concerns with how the grid communicates and how some of the execution threads being sent over the internet pass username and password in plaintext. But since the execution threads are launched in a sandbox, you should be safe.

Patterns in the Net (Speaker: Valdias Krebs)

Social Network Analysis or SNA is a visual and mathematical analysis of how people interact, exchange info and learn.

Prolog (Coding):

Best Language for “hacking sociology”

Declarative
Descriptive
Relational
Experimental
Interpretive

He explained how he used Prolog coding to map and analyze social networks.

Snowball Sampling

• Follow the data
• 2 steps out from the staring point
• ask X: who do you interact with?
-X answers “y & Z”
• Ask Y and Z: Who do you interact with?
• Six degrees vs. two steps or degrees

Note: Step one & two are the truly important contacts or info. Anything further out is not reliable.

You can use mapping software to view you network of contacts.

He then shows us some of his mapped networks of different kinds of data from social networks and then compared it to Routing AS networks (routing protocol like BGP or OSPF). His trending showed that man made or artificial networks tend to look like hub and spoke networks and natural networks (mapping people to people like the 6 degree theory) tend to be much more random looking.

This presentation kind of reminded me of the TV show, “Numbers,” because this guy sounded like the actor on that show. He kept pushing the idea that math can figure out everything. He explained that how after 9-11 he made a network of contacts from the different suspects of 911 via names he pulled out of the media. It was interesting how he built his network from just public media reports, but I felt that the data from the media is not always accurate.

He also kind of leapt from math into politics and tried to show how the US is divided by left and right wing. The basis of information he used was from Amazon Books selections and what books people buy. I began to feel that the network charts he made were not very accurate, because the source data he was using was not verifiable. On a positive note, he did keep the attention of the room. In the end the session was interesting, but the speaker did tend to go off on a political path. It seemed as though he was trying to use the networks he mapped to justify his feelings on all kinds of world events.

Final Thoughts: Day 1

As I always say, the best part of going to these cons is meeting people from the security community. And this was no different as I was able to meet up with a special agent from the Air Force hoping to learn more on computer forensics. It was cool networking with him, and we stayed up most of the night going over different hacking tools. I was able to demonstrate my last paper with the free WiFi from Layer 2 (MAC) security. So all was not lost, and I look forward to Day 2.


Be sure to add your comments,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Tue May 01, 2007 4:43 am

Re: Notacon - Day 1

so aside from networking are we giving this a thumbs down?

didnt seem like it was that interesting from the speaker line up (i realize interesting is really in the ear of the listener).  i didnt dig too much into the site, was the intent not to have technical or research talks or what?  i also realize that hacking is more than busting shells with 0-days, worth going to next year?
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue May 01, 2007 11:43 am

Re: Notacon - Day 1

From a Security Engineers stand point there was not too many sessions related to computer security. I did enjoy the con and a few of the sessions where top notch but if you plan on going to notacon for security training you might just want to goto Chicagocon. There are a lot of positives to this con as it caters to a diverse crowd like Music, Art, Hardware hacking, Lock picking, Games, Video, and much more.

I would give it a thumbs up because the attendees made the con worth it!

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

Return to Wilson

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software