lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 15 Apr 2008 01:57:18 +0100
From: n3td3v <xploitable@...il.com>
To: "The Dark Tangent" <dtangent@...con.org>, 
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>, 
	full-disclosure@...ts.grok.org.uk, n3td3v <n3td3v@...glegroups.com>
Subject: Re: DEF CON 16 Retro Announcement! Back to Bang!

On Sun, Apr 13, 2008 at 4:23 AM,  <Valdis.Kletnieks@...edu> wrote:
> On Sat, 12 Apr 2008 17:06:28 BST, n3td3v said:
>
>  > Any criminal hackers who go are just stupid and don't realise what
>  > they are actually attending.
>  >
>  > The U.S Security Services will have hidden cameras and befrienders in
>  > place to grab as much information out of people as possible.
>  >
>  > These conferences have just turned into a 'human honeypot' for the
>  > intelligence services.
>
>  *JUST*??!? Or did you just fall out of the tree?
>
>  There's been enough feds at Def Con that they've had a yearly 'Spot the Fed'
>  contest since (probably) you were still in diapers.

In this day and age when cyber terrorism is a concern for the
intelligence services, a security conference which openly has "meet
the fed" or "spot the fed" becomes increasingly outdated and
irrelevant.

If the concept of Def Con really worked, wouldn't MI6 and the CIA have
an islamist terrorist version, which invited real world terrorists to
come show off their suicide bomber skills or tell about their cyber
terrorist techniques---that had a "meet the CIA" competition, would
the bin laden's of the world come? Try it and find out.

No, they wouldn't---and what i'm saying is---back in the day Def Con
used to be in date and relevant, but in this day, there are new
threats emerging, which we have never seen before.

Can we care about a conference that openly admits to federal
surveillance? It sounds more like a conference for the lower spectrum
of the security community than any real threat vector that anyone
needs to care about.

So, because a real world terrorist clone of Def Con wouldn't work, the
same goes for Def Con "human honeypot"ing of ---cyber terrorists, who
are today the direct threat to corporations and government, not the
once before believed bedroom hacker of which Def Con originally was
formed from.

Threats are changing--- Def Con was setup when the bedroom hacker was
seen as the threat, that is no longer, folks see Def Con as the stupid
bedroom hacker conference that used to be relevant that nobody cares
about anymore.

See http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061450.html
to see how the bedroom hacker is no longer the threat and that the new
threat to the internet is world government's and its intelligence
services.

The way Def Con works is, the organizers think because they openly
admit there are feds at their conference that there is no need for any
further discussion relating to the admission.

It also apprently means the folks attending have given up their civil
liberties and human rights because they are attending the conference.

To be honest, does everyone who attends Def Con know there is a "spot
the fed" competition and, what the implications of what a government
led surveillance operation might mean to their lives post-conference?

A lot of the folks attending Def Con are adolescents and think of a
"spot the fed" as a funny at the time of execution of the event, but
they might not be fully aware of what the feds are actually doing and
how it intrudes into their lives.

To underline, the parents of the adolescents might not realise their
child has put their home IP address onto a federal watch-list---and
the  adolescents might not realise how much their human rights and
liberties have been given up by entering into such a 'human honeypot'
to which the terms and conditions of such a human honeypot isn't
publically defined.

And---we know whatever "fed" is placed into the "spot the fed" arena
won't be a top line undercover secret service fed, and there is no
need to say that fed means "undercover surveillance officer", but to
the adolescent they might think fed always means dark undercover
surveillance--- when really "fed" accounts for anyone in government
who deals in cyber security---like my friend who worked on the U.S
Navy for six years, he wasn't an undercover cop, but he could of been
defined a fed.

So does "spot the fed" as an admission really give the government free
legal way to do any operations they want at Def Con, ---think again..
in this day and age it is no longer fun and games and there are real
people aiming at civil liberties and human right violations.

This also underlines security conferences as a whole as having an
irrelevant need in the security community---and only serves now as an
advertising platform in the security industry who wish to setup trade
stalls to promote a product or company.

Security conferences no longer have the meaning they used to, and
thats why i'm calling for Def Con to be shutdown.

n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ