| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJVRA1Qh9kM1mVYqNYCWx9uHkKiN+7fRRy48ZGx8p5sPOBp1cA@mail.gmail.com> Date: Wed, 30 Jul 2014 14:57:43 -0700 From: coderman <coderman@...il.com> To: cpunks <cypherpunks@...nks.org>, Full Disclosure <fulldisclosure@...lists.org> Subject: [FD] DEF CON nostalgia [was: going double cryptome at DEF CON 22] a hollow, decrepit shell of its former self.. ... oh the 0ld days, ;) "We'd appreciate some more ethics." - GOBBLES - https://www.youtube.com/watch?v=DAJSxOzrD1g [ GOBBLES Security - still disappointed in 2014 ... ] ---- regarding the current line up: https://defcon.org/html/defcon-22/dc-22-speakers.html "Detecting Bluetooth Surveillance Systems" - what about RFID? "Dropping Docs on Darknets: How People Got Caught" - see also, EPICFAIL "How to Disclose an Exploit Without Getting in Trouble" - if you thought ice cream had many flavors, welcome to the brave new world of 'responsible disclosure'! "NSA Playset: PCIe" - the lack of any VT-d mention makes for mediocre. TAO tools better include a VM breakout and uCode errata exploitation. (spoiler alert - i don't think this is actually dropping NSA exploits) "The Monkey in the Middle: A pentesters guide to playing in traffic" - this middle perspective, however, is absolutely a tailored favorite. a gift that keeps on giving... "Investigating PowerShell Attacks" - this is now pointless, what with pass the hash dead. IT'S ALL OVER, JUST GO HOME. *sobbing* [c.f. http://www.harmj0y.net/blog/penetesting/pass-the-hash-is-dead-long-live-pass-the-hash/ ] "Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!" - one step further to enlightenment. the industry that should not exist; better yet to become build engineer or test automationer or devops devotee and build security in at unsexy day jobs for not fame and not riches. #hashtagInfosuckprotipyolo "In the forest of knowledge with 1o57" - nothing to say here other than i'm selling 1o57's uber badge for bitcoin to highest bidder. come find me :P~ "RF Penetration Testing, Your Air Stinks" - my discriminator for a delicious sw defined deployment: a) new grc blocks or custom sdr pipeline? b) wideband and full duplex? c) opportunistic and ad-hoc capabilities? - if you answered no to any of the following please try again, with more harder! [c.f. http://www.pervices.com/buy-crimson/ dual 10GigE, 100kHz – 6GHz, <= 800MHz bandwidth, 4 x (16 bit, 370 MSPS ADCs), 2 x (quad channel, 16 bit, 2500 MSPS DAC), 10MHz, 10ppb, reference OCXO] P.P.S. if you want do your own training on "WB Quad System" without travel to FVEY facilities this is how ;) "Panel - Diversity in Information Security" - i was not invited to this panel. credibility lost. "Android Hacker Protection Level 0" - because more fingers in the dike is more fingers. "Blinding The Surveillance State" - i am soliciting donations for premium consulting expertise. i don't think Soghoian's free advice will be instrumental, but Cowboy Alexander has some sweet new shit (you get what you pay for? :) [ c.f. http://www.foreignpolicy.com/articles/2014/07/29/the_crypto_king_of_the_NSA_goes_corporate_keith_alexander_patents ] "Summary of Attacks Against BIOS and Secure Boot" - aka, why to coreboot and kill AMT with fire. ok Intel chipsec peeps i got bones to pick SEE YOU IN VEGAS --- how about the talks you want so much but will never see? those billions for your discretion clearly benefiting profitability over pervasive security. best regards, _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists