 Hello? Hey, um, can everyone quiet down a little bit? Can everyone hear me fine? What? I'm not very, what? I'm not, like, very good with technology or anything, so I apologize. Um, can everyone hear me now? No? The other mic? Is this okay now? This is better? Okay, this sort of sucks. Before I get started, I'd just like to thank a few people for some things. First of all, I'd like to thank my good friend Dave Aetel for everything. Dave, he's looking for a job. He needs work. On the subject of Dave, he hosts our website, a mirror of it. So, like, if any one of you think you're cool for, like, breaking into that or something, you're just, like, about as cool as OpenBSD developers. So, yeah. On the subject of OpenBSD, um, if you're an OpenBSD developer, could you come up here right now? And the OpenBSD developers, come on. You said you wanted to, like, hassle me and stuff. Yeah, come on up. How's it going? Are you getting it up? Would you? No, wait. Theo's gonna see that. It'll kick my ass. What was that? I said Theo's gonna see that. It'll kick my ass. Jason, Mark, could you guys come up here? Niels, my friend from, you know, the University of Michigan. Niels? Okay. I'd like to thank Mark Litchfield from Next Generation Software for buying my ticket so I could get here. I'm going through all this stuff at the beginning of the speech because I'll be shot soon. And I just want you all credit to go where it's deserved. So, while I have the chance, um, anyhow, this will be fun. Yeah, um, let's see it. I've got a couple friends here who are gonna help out with this speech. Um, yeah, the first I'd like to introduce my friend Sylvia. And, um, my good friend, um, associate, the Unix Terrace coordinator of Project Mayhem. Um, let's see here. What else was I gonna talk about? Okay, yeah, I suppose we can start now. You guys make sure your mics work and... Yo, Mic Check. Mic Check 1-2-1-2. What's up? I'm the Unix terrorist. So, without further ado, I'm gonna hand it off to Gobbles. He's gonna continue the speech, you know what I'm saying? I just want to test if my mic is working. Um, Eric, can you hear me okay? Okay. Um, so where do we want to start? Like, what do people want to talk about? Like, what are the myths of computer security? Because I think the Gobbles people, the elite people, even though a lot of people... Sure some respect. So, like, a lot of people are probably pretty pissed off with the Elate 3, uh, with the Gobbles postings. Um, I'm not actually a member of Gobbles or Elate, but I am definitely a supporter. Um, it's... I feel that was very inappropriate. So, so what do people think of Elate 3? Like, there's so many myths in computer security, such as, um, the government, the vendors, they all really care about computer security. Um, Elate 3 was pretty enlightening. The Gobbles posts have been pretty enlightening into what actually is being done in computer security and how much the computer security vendors, uh, you know, the corporate sponsors of computer security people, how much they actually care for the industry and what they try to do and what they tell people, um, in respect to this. Um, there's a lot of examples. Uh, Elate 3, um, you know, pissed off a lot of people, but this stuff actually happens. Um, Elate 3, um, it's a... I'd like to point out real quick that hackers hack. That's, that's still yet to be decided, I'm afraid. But if you look at Elate 3, there's, there's a book of, like, logs. Um, you know, it's, maybe it's fiction. Um, I wish I could write that much fiction, um, you know, and keep on pumping it out because these things actually happen and there's definitely, um, a lot of things that the corporate sponsors, the government, is trying to do, um, and is not telling people. Um, Silvio hasn't been drinking yet today, by the way. Yeah, I did all that on Friday, so today I've been, like, um, just having a couple glasses of water, um, trying to relax, but it's very hard at a conference like this. Another important topic we're going to be discussing is Project Mayhem. As you may know, I'm the UNIX terrorist. And bringing terror to the internet is my game, you know? I come from the heart of darkness. I'd just like to share that with security focus, with all the mailing lists. So we're going to discuss some techniques that you can use at home to wreak havoc. So... I think we're going to start with the hit list now. It's pretty long, so we better get started. So we got, like, probably going to have, like, a mad fucking question section X. You know, we might even have an ethics panel. So it all depends on what we have time for. As you know, this is the last speech, so... I mean, if you guys want to chill out here, Project Mayhem and Gobbles, that's cool. But if you want to be a bunch of pussies and catch your flights home, you know, I understand. What do people want to talk about? Like, what do they think computer security is? I do have a speech prepared. Yo, break it down, Gobbles. Show some respect, please. This is Silvio. I just work here. I'm 22. Do you know who this man is? You pioneered the UNIX virus. And I must be a UNIX terrorist. I must be a UNIX terrorist because I've written some virus. That that's why I've been in a late state often, and that's why there are so many logs and so much evidence to say what's been going on. What do people really think computer security is? What do people think computer security is? Yo, Silvio, I think you're out of control. You need to calm it down a bit. We're going to have time to get time, you know what I'm saying? So it's like, let's get to our first topic now. Silvio is not a drug abuser either. The first thing I'd like to talk about are media whores who try to represent the hacking world. The first thing I'd like to talk about are all of the dead cows. As I'm sure you all know, the cold little dead cow people, they... I don't know if they're even in here. They might still be drying off from the pool. There was the death festival. He can't code. Yo, yo, CDC, holla back at me. What's up, doc? You know what I'm saying? Give us a shout out. The cold little dead cow, their members, they like to, you know, get on tech TV, tell everyone what hackers are doing, what the motivations of hackers are, you know, what's going on in whatever scene that still exists. And really, these are like old guys who have no connection to hacking, to what little bit of a scene there is which is, you know, pretty shitty. Um, yeah, they... excuse me, I'm a smoker. Yo, I'd like to make a clarification. You know, as I was saying, I'm the UNIX terrorist, so I bring terror online, but I would never advocate terror in real life, you know, it's not cool. And, you know, CDC, they got these bomb-making techniques and busted out with, like, explosive laser pointer. Yo, whoever's shining that sniper scope up here, I'd like you to know that the UNIX terrorist has been known to bring a Glock to DEF CON. Oh, so if you want to step up here, you know, you're welcome to do so. Just flash your piece. I'm looking for you, son. If I could get, like, some DEF CON goons or whatever to confiscate every laser pointer out in the audience, I'd appreciate it, because it's becoming a big disruptance. Thank you. Every single laser pointer, I'd like you to search every single person and find out. Okay, um, the guy in the wheelchair with, like, women to search, we just got to go ahead for the cavity search on CDC. Yeah, um, anyhow, Mr. Emmanuel Goldstein likes to, um, you know... I think you're confusing me with John Drake. So someone back here, I don't know if everyone heard it, just said that Emmanuel Goldstein likes to touch little boys. I'm not saying that. It's just, you know, what I heard from someone back here. If you are a little boy that can confirm this, I would like to write on it sometime. But, um, yeah, that's a little off subject. Anyhow, other than touching little boys, apparently, he likes to get involved with any computer-related case he can or, you know, bitch about the same things over and over again. And this guy, you know, if any of y'all ever get in trouble, the worst thing you can do is go to 2600 for help, because, like, all this guy wants to do is lose the case in court so he has something to bitch about in his little magazine. And, like, speaking of that magazine, it's not even, like, as good as frack. So, like, I appreciate it if everyone out there stops buying it. So just go away. That was cold, gobbles. What? That was pretty cold. Yeah, well, he's, like, never had a real job. He needs one at some point in life. Yeah. Anyhow, Emmanuel needs a security job to hook it up out there. Yeah. Next, we'll speak of Wu Wu, the other media horse, is anyone from Wu Wu here who'd like to come up? Shaq. Shaq. Where are you, Shaq? Yo, can someone help? Does Shaq already know how to flash the Wu Wu gang sign? Does anyone here do the Wu? I fade on the channel once or twice. All right, yeah. There's another one of these groups that likes to, you know, get on TV, likes to be the spokesperson for the Underground or whatever the hell that means. And, like, I don't know. They've got, like, I had a good talk with Shaq the other night. And, you know, he admitted to me that Wu Wu was only three people and those people would be Napster, Nocarrier, and Shaq. So the rumors of the group being, you know, 30-plus members. Oh, wait, I forgot. Super luck. He's a member of Wu Wu, the guy who releases 15 advisories a week for shareware Windows programs. So I guess, you know, you can find that on ussrback.com. Yeah, so I guess they are a little more prolific with their advisories and publications than, like, two-lane mail-all advisories a year and, like, an advisory on Mac OS or Microsoft Holds on Mac OS. Yeah, some pretty... It's all about the Wu Wu angry packet conglomerations. There are rumors that I confirmed that there are vulnerabilities in certain products out there. So that's a rumor confirmed. There are vulnerabilities not disclosed. That being, there's no doubt. I heard that the Napster SOPA was deliberately implanted with a feature which allowed a worm to take instant access of every client on the net. So just remember who's coding these free software tools you use, you know? It could be someone from Wu Wu. Yeah, you've got to be careful with people like Napster and no carrier around. Yeah, we audited NGREP. It's like TCP dump-vvv type-to-GREP. Great program. It's exploitable in seven places so far from what we've found. So, like, be careful using that. Yeah, thanks. Anyhow, back to Wu Wu in general. It would be appreciated if those members of the press again would stop talking to these people and doing interviews because really it's like a bunch of morons once again. They... I was talking to one member who's listed as a member at last night, or the night before rather. And he said, yeah, I don't even know why the fuck they say that I'm in Wu Wu. They're like, this is news to me. So they just basically list anyone they know as a member. I don't like those guys. Wu Wu is poo poo. That was contributed by my friend the Unix terrorist. What's up? Okay, yeah. So, excuse me, I'm new to this. If you're from the media, stop talking to those people and maybe they'll just go away and get lives and stop being on IRC all the time. I'd appreciate it. Thank you. I hear the media left yesterday. I'm not in very good terms with the blonde chick from Tech TV. She wouldn't give me her number. Could you write it down for me? I don't think you're lying. I can confirm that I couldn't pick up the pattern in that number. Okay, 555-1212. That sounds pretty random, dawg. That's my social security number. Okay, no, we're going to move on to another topic. What's up? I think he's stepping in. Do you have something to say about my cultural heritage? Do you know what it's like to grow up in the ghetto? Do you know what it's like to walk home from school every day and wonder if you're going to get capped because you're wearing a red bull shirt? Yo, you have no idea. I think you need to sit down, son. Best recognize. Okay, now we're going to talk about some stuff about the computer security industry. Silvio will probably have some interesting things to say since, yeah, he works in the industry. Good guy. I love him like a brother. Let me see, I can't read this. Okay, I just remembered that. The thing is, how many of you think most of the security companies really care about security? Can you, like, see a show of hands? Like, if you think that security companies actually want security, put your hands up right now. I think I saw one person, and I'm not quite to people. I don't know if this is true or not. What did you see? I think you just spotted the Fed. I don't know, he went away. Yeah, Silvio needs a t-shirt for spotting the Fed. Thank you. This is my dream come true to get one of these t-shirts. Is the t-shirt coming? Okay. But basically, I'm not speaking for everyone in the security world, like my friend Dave there, but they don't really care about security because, like, if a state of security actually existed anywhere, like, where the fuck would they work? I mean, think about it as just sort of, you know, logical. The security industry, you know, they can't get jobs or they can't sell their, you know, quarter of a million dollar sniffers unless you go ahead, where there's a state of insecurity, so please don't interrupt me again. You will be our end. The computer security industry, though, is a multi-billion dollar industry, so, you know, it is created very much like a business model. You know, the ultimate goal of a computer security company isn't to make a secure environment, it's to make actually their quarterly earnings, their quarterly investment. You know, they have VCs, they have, like, their shareholders. These are the people that they're concerned about. They're concerned about their own pockets, not really the security of computers. Microsoft, for example, you know, they're fantastic at, you know, selling stuff. You know, that's great, but, you know, this is what they do. They don't actually write secure software. You know, it's naive to think this is what they do. So I'll pass the mic back to Gobbles. Bill, I think you might be getting a little bit too philosophical, God. Possibly. Yeah. We need to return to concrete examples. It's all right. It's okay. You know, I can give examples here. I do work in the computer security industry. Yeah, that's a sad t-shirt. Microsoft. This can't be for Microsoft, though, because it's a free t-shirt, so, you know, let's go. I'm very poor. I accept cash donations from free beer, whatever. Find me. What? All right. Okay, anyhow. You know, a silly question here. Do people not believe that computer security is about, you know, marketing and about making money? Does anyone actually believe this? Like, does he work for open source? Does anyone believe this really? Like, you know, does Microsoft, you know, are there vulnerabilities out there that vendors know about that aren't getting fixed or aren't being reported to the public because it's a bad marketing campaign? Is this, you know, is there anyone that doesn't believe this? You're getting too philosophical and serious here. Yeah, I have to interrupt. I have to interrupt and move on to the next subject because no offense, not let you, but I realize how boring the whole topic of the security industry is, so we'll talk about some more exciting things. Yeah, next we're going to talk about one of the shortest men in security in his project called Project Honey Net. Yeah, you know, they're like all against blackheads like K2 or he's on the team or whatever. Lance, I heard you here. Could you come up here, Lance? Lance Spitzner. This is gobbles calling Lance Spitzner. You know, all I can say is if Lance Spitzner isn't here, you know, know your enemy. Yeah, I don't know who he's here. Doesn't seem to be doing a very good job at knowing his enemy. Yeah, the guys do a project in the upcoming month or so and what we're going to do is basically I'm, someone's going to deface Project Honey Net, the official website, and they will have, you know, the name of the service, locate the vulnerable part of the code, figure out how it was done on their system, and then at the end of the week, we'll see who the experts are. Thank you. And remember, there's a special prize for anybody who uses buzzwords like Knopsled and Polymorphic Shell code. I'm all about reading the Honey Net analyses. You know, they're great. They're incredible reverse engineers working on the project, just tearing it up. You might also get to... It's assembling all sorts of zero-day taser experts. You might also get to win a free Honey Net movie if anyone hasn't seen it yet. SecurityFocus.com, the K. I was looking... That's the first... That's the K instead of the first C. Yes, the second. If you can remember that, there's been some interesting contributions to this last night. Someone put Ryan Russell's home directory, a ton of all of it. He's the blue boy right here. Can I have, like, a round of applause for him, please? Yeah, whoever did it, it's pretty funny. Like, if the gobbles' t-shirts were here right now, I'd, like, give you a fucking thousand of them. Yeah, you know, I won't spoil the surprises in it from what I read, but it's pretty funny. Anyhow, before I get off, you know, the subject of Project Honey Net, there's a couple things I'd like to point out. They talk about how they've got the best security minds in the world working on their project. They're talking about, you know, how they're going to, you know, discover all this stuff in so far. Is anyone here from Project Honey Net at all? Anyone have the balls to admit they're admitted with that shit? Anywhere? Oh, yeah, you are. Yeah, come up here. Mr. Feynman, if you can run strings on a binary Honey Net, maybe it's for you. This guy, let's end map. And I'd just like to say, end map is a hell of a lot better than, um, it's a hell of a lot better than that at-stake X-Probe stuff. For that guy who, like, did 20 years of research into ICMP, we've got rain for us, puppy. We'd like to suggest, uh, strongly suggest that you continue to use end map, in a way to many, uh, essential features of scanning, as outlined in the frack article, the art of scanning by, uh, Theodore over here. TCP, UDP, ICMP, time stamps, you got the IDENT scan, the RPC scans and null scans, the SIN scan, the FIN scan, the CRISPR scan, no all sorts of shit, it's just crazy. And we just like to send out a little message to X-Probe, you know, ICMP just does not cut it. We're gonna, at the end of the speech, we'll have an ethics round table discussion. We're gonna break out into an ethics discussion, we'll return to the normal speech in a few minutes. I'll play a little intro to you, uh, Ophiore Arkham and Theodore, and rain for us puppy. Do we have the boxing gloves? Thanks, I appreciate that. Thank you. Can I say something? Oh, you have a mic. Yeah, that's good. You know, sometimes you like to smear all the people that do stuff, if you really read the stuff that we do, maybe you'll understand. Yeah, I don't read code. I can't read C code. That's bad dude. Yeah, that's alright, but, yeah, you can go sit now. That's cool, man. X-Probe, the only remotely exploitable scanner. You know what's really... Yeah, I was just gonna say something that I have a couple questions for you. Just a really quick thing. I don't think Lance Spitzner's ever even tried to code. Yeah, that's never been a problem. And really, the projects, the ones that we're learning and catching are the kids. They're really stupid, fucked up, can't, you know, can't figure out how to even install a root kid type kids. The black hats that know what the fuck they're doing, like Max Vision... Wait, he's a white, is Max Vision a white hat or a black hat? Cause he's listed on his site as a white hat. I'm just curious if writing words and breaking into military service is white hat action or black hat action? I need a clarification because I understand the white hats are the good guys so much. I just want to know. Alright, put the mic, this knows what to suck. Because it's not that clear. And I'm not going to even classify anyone. I'd like to wrap out a little shout to Whisker. What's up? Yeah, yeah, the scariest fucking pro code out there. Wait, but before you go, Project Karnan has been around for three years now, I think. Have they discovered a single unknown vulnerability being exploited in the wild? Where's your thing? You have to wonder, these people beg for funding and everything and they're not doing anything but making fun of a bunch of kids who install like, traps on, you know... I heard Honeyman is pretty good for trapping cross-site scripting vulnerabilities. And on that note, I feel that the wholesale slander at the gobble CGI marathon was ruthless and uncalled for. Yeah, on that site, scripting vulnerabilities are an issue which affect every one of us. You gotta know what's out there. And don't forget the sequel injection bugs, those are pretty revolutionary. Yeah, thank you. Yeah, I think that's all we need to say about Project Honeynet. The project is stupid. Wait, the UNIX terrorist just brought something else up that I think you should all know. We currently have, and we will be releasing sometime in the future, a zero-day VMware exploit that, in conjunction with your normal exploits, what it does is it detects if you're running VMware in it, if it does, it detects the VMware and rms the box that it's on. So it'll be pretty nice because you'll get to rms the whole honeypot. So, once you're there, you can just sample like that, or use like, or just wipe it out, do some presentation, throw up some emails. Does Evan and his STAT DX exploit, can I get a lot of applause for Rowan's STAT DX exploit? It was used in like everyone's worm. Ever? Yo, give a shout out for STAT DX remote route. Come on, I think I'm compromised by STAT DX. I'm also the source of like, you know, 90% of all the Project Honeynet, you know, write-ups. Right after this came out, you know, it's fixed. Bluebird is mailing this because he's running STAT DX at home, and he sees the little shellcode thing put in his, in a syslog game, and he wonders, hey, why is this still here? What, is there still room for exploitation? Why do I get this scary message? Why do I see someone requesting a dot percent 8X percent N? This is, this is obviously not a part of the normal procedure, but it could possibly be. Yeah, so, it's, if he had like taken the time to look at the code instead of being like the normal security-focused mail in this poster who says, hey, I don't know what the hell I'm doing, but maybe someone else does, and you know, Phil's a little scarabish this up with more garbage. Yeah, that's pretty funny. Before I move on, I'm the subject of my friend Rowan. He's a very lonely guy. He lives in Sydney, Australia. Any women out there who might like to meet him, his email address is shellcode.hotmail.com. That's shellcode.hotmail.com. And even if you're not a girl who wants to meet up with him and be his girlfriend, if you're a guy, if you're a fan or something, send him some fan mail. He'll say hi, thanks for the expert. I love owning shit with it. And I'd really appreciate it. Can I see with your hands how many people promise to email Rowan sometime in the next week? Hands? Come on, I'm not going to move on until everyone puts their hands up. So, and yeah, come on, everyone hands up, because we might have to increase the incentive by offering a prize. Zero Day Apache exploits for anyone who starts, you know, not just emails him once, but establishes a friendship. And because like I said, he's a lonely guy. We've got to do this. We're not talking about email only, you've got to meet this guy. Serious request only. Speaking of bold death, there was recently a denial of service tech launched against the list by some people who were speaking here. They sent out like, I don't know, 10 advisories all at once, just like that. It's like flooded the list. And like all that extra bandwidth is like very unethical. So we'd appreciate some more ethics and if you really appreciate it, if you stop like trying to de-doss bold death. Thank you. What's this here? There's one company I'd like to talk about for a second before I move on to whatever my next subject is. It's this company called Vigilante. They're an international security company. Make a lot of money. They charge quite a bit to scan your network with Nessus and tell you like what publicly available information like exists that's like pertinent to their laziness and make a pretty good living off that. Whoever makes Nessus, I hear it has some origin in the underground where I was reading the ISS ethical hacking.pdf. I'll study that tonight. Maybe who's ever doing that security focus with a case site ISS ethical hacking.pdf up there. That's pretty good. Yo, is there a keyboard here we can type the URL up on? Yeah, I guess not. But anyhow, several times people from this company after advisors have been posted will send us e-mail asking us for exploits or more information because what we give them, the vulnerability information we hand out to them, isn't sufficient because they don't know what they're doing and they need to be able to verify it. It's this growing trend with security companies not knowing what they're doing, not able to code, not able to analyze the security information given to find out the scope of the vulnerability. They need every detail right now otherwise they're going out of business. It's sort of funny. The next topic we'd like to get to is corporations back during software. Well, who knows about corporations but we'll talk about some recent hacks, Elise. How about that open SSH backdoor, open VSD, CVS-owned, whoever did it, I love you. Do the open VSD developers have a comment on that? I wonder if the open VSD developers would like to comment on the SunOS box that hosts their FTP server getting owned, a proactively secure operating system. Welcome back. I guess machine wasn't actually owned. Something else happened but I'm not going to say what it was. Okay. Does this sound like a secret patch? Wait, wait, wait, wait. So it wasn't going to secure security holes in private. I thought you were proactively secure. Why don't you want this to not happen to anybody else out there? Well, why don't you bring the backdoor over there? I'd like to climb for ethical hacking here. It wasn't actually a software problem. Sit down. Sit. Hold on. You're a loser. This is where it would be right here. Let me ask you something. Do you want to listen to this speech or do you want to see awards? Once again. It wasn't a software problem at all earlier. Somebody did something stupid. Oh, so you're basically admitting the incompetence of the developers and or administrators of the site. I would like some sort of clarification here. I would appreciate it if the OpenBSD people would like to stop skirting around the issue. I think we all have a need to know. Information needs to be free, so I'll give you one more chance. There we have it. OpenBSD is communism. I think anti-NSA is on the OpenBSD team now. Anyhow, I've got to say hacking right now is like what's going on in the scene. It's like at an all-time high. It's beautiful. The level of chaos and mischief going out, I mean, we're looking at first backdoor. We see this IRC client, you know, this really lame... What's up? Can you not hear me clearly? Okay. And all the security professionals sort of, you know, laughed at this whole, or this backdoor that was put into this IRC client. So the next thing we see that happen is we see the prestigious Doug Snif hat, and we see all his software backdoor from backdoors. He tried to fix it silently for what I can hear, because the embarrassment was too much. He's an OpenBSD developer, you know, ego. We're perfect, that sort of thing. You know what I'm talking about. What was that? I'm sorry that was not intelligent. Yeah, the mischief that's going on in ELA, this backdoor, you know, stuff. I love it. Those of you who are actually in some sort of a hacker scene like that, are fucking cool, keep it up. Yo, I think we're going to need to pick up the pays here because we got a lot of stuff to go through, so let's make it snappy. Yeah. Another quick point to make everything roll and can be owned. Zero day exploits do exist. Lots of people have them. So, I mean, just pretty much sit back and take it because the security industry isn't going to actually provide you with security. We'll get on. Yeah. Where we now? Yeah, Theo. We're going to talk about Theo. Who loves Theo? Not with that. That wasn't very strong. Yeah. Can I see his short hands to see who loves Theo? Five people. How many people love gobbles? Does anybody like Theo more than gobbles? Has anyone had Theo's child? Yo, so I guess we'd like to have the open BSD representative up here for another set of questioning. We'd like to know why the founder of a proactively secure operating system is found on IRC. IRC from CVS.OpenBSD.org. Does it sound like a good idea to you? Have you heard of the recent problems with IRC too, derivative IRC clients? Um, yeah. Why, is anyone out there to know why Doug saw him, this white hat or whatever he is, sitting on this, this like mammoth hole in the Epic IRC client that let even him get a remote route in Epic with the IRC client? Yeah, no one knows what I'm talking about. It's probably for your own good. Yeah. Um, don't use IRC. Oh, so we had another interesting point. So if y'all remember the, the recent Open SSH challenge exploit, you can remember that 3.3 shipped with a privilege separation but was still vulnerable. Even though 3.4 had already been released, Theo only upgraded his home box to the 3.3 version thinking that because it ran privilege separation, Zeus.Fios.com was invulnerable. And I think this is a very important ground is Theo got hacked. But you know, that's expected because when you've got a guy like Theo that tends to hack the NetBSC developers, that tends to get them with denial service attacks and all that other, you know, white hat stuff. I'd like everybody to know that I had nothing to do with this. I just use the SSH banner scanner that ships with OpenBSD. So that's how I was working around the networks. Oh, we have our friend from OpenBSD here again. Big round of applause. Take lots of pictures. So you guys are using Telnet, right? Are you paying for your SSH? No, we run our own. Basically we use Telnet over an SSL tunnel. I have one more question. I hear that there's this feud going on between Theo and some of the people from Red Hat like Mark and Alan Cox. And I hear that Theo likes to talk a lot of shit about OpenSSL and how much it sucks. If OpenBSD has all these, you know, cryptography experts and everything, why are you still using OpenSSL? And are you talking so much shit about it? Why are you dependent on something so shitty as you would like to call it? Can't you do it? And why do you rip that BSD's work so much? I'd like to interject that Alan Cox is currently at DEF CON. He's waiting to fight Theo, but Theo never showed up. So I don't really know what the story is yet, but... We're actually just feeding everyone at Trojan. Oh, like OpenSSL? Just like Alan says. That work is on that TGZ. You mean that sort of Trojan? Do you like backdooring your... OpenBSD kernel. First remotely exploitable kernel in history. Yeah. Okay. I'm not sure. We've been taking quite a long time in our presentation here. I think we're going to talk about some other things, some people, some fun stuff. We're going to, you know, shamelessly plug some things for people. The first is Joe Wee. That's J-O-E-W-E-E. He has an upcoming book called The Hacker Cracker. And it's about a young boy in the ghetto growing up and how hard his life is and how he became a hacker. And everything he went through, he went on his life and how he got to that point. It sounds like it's going to be a fascinating book or something. I think the full name of the book is Hacker Cracker, A Journey from the Cold Streets to the Frontiers of Cyberspace. Probably I would have to say that I'm very suspicious of this book as it might be, it actually went and whipped off my own autobiography. I don't appreciate this. You know, I distribute my autobiography on LiveJournal.com because I don't feel the need to scam people into buying a worthless book. But the next, yeah, the next to us, he's had a hard life. He's living it up now. Then we have Young HD Moore from Digital Offense. He has featured in this newly released book called What was it? I can't even remember my fucking writing, Hacker Diaries. That's it. It's a book of skilled hackers and blackheads like Rafa from the World of Hell called Hacker Dollars. He's got mad skills. Yeah, it covers all sorts of hackers and the stuff they did until they became respected security professionals. It's an interesting look into who's working in the security industry these days. I advise everyone to go out and buy a copy of that book. I'll autograph it. I'm not in it, but I will autograph it. Who out here reads things written by Brian McWilliams? Does anyone out here know who Brian McWilliams? Who he is? Okay, next topic. Who speeches this? What's going on here? Basically, this guy, since the Unix terrorist doesn't want me to talk about him as long as I'd like to, I'm not sure what the Unix terrorist has to hide here, but this person likes to email people and say things like, hey, Kimball.org is running a vulnerable SSH demon. What do you think of that? And people are going to holler for Kimball. Is there any Kimball fans out here? He's out of prison now, back in living the high life. He's out of prison making his way back to McDonald's. Yeah, yeah, forever. Anyhow, Brian McWilliams also is a sensationalist. He writes stories with information contributed by one anonymous person about another anonymous person and thinks it's worth being published. The whole thing of being a reporter and trying to make your life chronically in the hacker scene and what's going on there is pretty dumb because any hackers that would talk to you and about what they're doing probably are hackers, other than gobbles, but you know, fame wars. Yeah. You should just get that one. Just go straight to that. We have a breaking news flash last night. A member of the ISS Exports has declared an unholy war on both QST and EI and NAI. Oh, and NAI, ISS has declared war on all of these companies. Yes, it started with a fight last night between a researcher from a researcher from Damond Hill, from ISS against another researcher from QST and you know, watch out for Project Mayhem because you have no idea who's behind this. Also, if you remember that Apache chunk vulnerability which was in reality discovered first by EI but then somehow some sort of shady exploit from ISS was seen making the rounds. This is an act of war. Are you raising the ever-threat con to level five? Five. Deep side, sorry, submit. Thank you, Google. Yeah. These two companies, Snowsoft, Snowsoft likes to... Okay. Are you KF? Come up here, KF. Kevin, F something. Finaster, Finster, something. If you can code mediocre exploits like simple local stack overflows, this guy will give you $50 a copy. What would you like to say, KF? I got nothing to say about .slash. We do pay people to write exploits. That's true. What can I say? 50 bucks a cop. No, 50 bucks for three. It's much cheaper. Damn, that Arabist guy, he lied to me. All right, that's all you can sit down. All right. Some 364 exploits real soon. So how are you... It'll be a simple stack overflows. One of you guys is going to write your own alpha shell code instead of borrowing good old tight holes. Yeah, well, I don't know. Not important. Put your hands up in the air for Snowsoft. I can't seem to get the clap going on the mic. I'm sorry, what was that? He's talking shit to the Unix terrorist. I don't know what's going on here. One guy from Snowsoft... I think this is a declaration of war. Chemiaris threat con meter going any higher. Nuclear winter is impending. Another security company that's sort of fun. Before I get to this, today is a groundbreaking computer security and has dark net returns to the public. Hack.co.za is reopened today. Yeah. Hack.co.za. All these pen testers out there who don't work for a big company and they've got an easy place to find the tools to make money for you. Hack.co.za was planned to reopen about a year ago but it took them several months to code the countdown timer on their page so they had to release a reopen... reopening for a while, so... Yeah, but thank god it's up now. Yeah, they have fun for a while. Um... Yeah, exactly. Whatever the hell his name is. Our dark net member, he has a security company called 2XS or something like that in Israel. Yes. Our members are Ian Eliza, Isaac, and Mixtur, three incredibly intelligent chaps. You know what I'm saying? Yeah. Hey, the OpenBSC trick isn't paying attention. Hey, pay attention. Hey, you sit over there. You get up and sit over there. All right, you know what's up. Anyhow, um, you know, they, you know, they come up with these revolutionary bugs they've discovered with their proprietary code auditing tools. Um, one was a bug in LS that they thought might be exploitable in some way, something... They're not interested in OpenBSC. What I'd like to ask is how we have the major security companies which are receiving millions of dollars of funding publishing papers on hijacking the path environment variable to get the root user to execute something other than SU, you know? Like, what's up with that? Yeah, um, don't forget, um, there's a great, um, middle collection of papers that everyone should go read, um, uh, second of all, that net slash ouch that anyone been there. Skype for you to a good job keeping that up. It's appreciated. We love it. Um, we're getting through here. Oh, so last page of notes. Yeah, last page of three. Um, we've got some interesting research from that state that's going around, um, like, I don't know, five years of research into, like, palm-less vulnerabilities and, um, other things that are incredibly pertinent to computer security, um, like, you know, what's really great is if you're a big security company and you take the time to research, like, worthless things just so that you can, you know, show you're smart or something. Um, yeah. I guess that's all I have to say about Kingpin. So, as part of our, uh, thorough ongoing investigation, we have discovered some very shady developments in the underworld. It turns out that, well, we'd really like this explained. Why is every frack article written by a member of TISO? Is this really a hackers magazine for the community? Are we going to let some other people publish some work? I-I'm a little bitter that Skype restricts me once. I love the guy where he tricked me and said that I'd be profiled, but then he just put me on loop back. Okay, moving on. Oh, um, there's been a recent merger in the scene, um, Angry Packet has merged with Woo-Woo, and we would like to announce, um, D-Muzz, whatever his name is, is now a core researcher for Woo-Woo. Um, expect some more Mac OS, Microsoft, Word, Processing, Yeah, so here's something that needs attention. So this is important. This is important on two levels. First of all, we have LSD, PL. You might remember- Last stage of the aquarium, I'm sure a lot of you are used to your experts. Yes. Yeah. Originally, as you may remember, their site was released, uh, claiming it to be a private venture. They said they would never name the members. They said they were never going to, uh, hold up a second here, but the next tourist wrote this, and he's a little- I'm getting a little bit excited here. Hold on, big guy. I'm trying. So, they said that they would be a- They go! They said they'd be a obvious group, and they wouldn't release their names. Now if you go to the website, it's been, uh, it's been, uh, redesigned using the Tahoma fonts. I don't know, but, uh, that seems to be pretty popular on Microsoft-based web pages. Uh, we also have the names of all five members. But on the other side, uh, you may remember, uh, Argus Systems put out a, uh, hacking challenge for Pitbull, claiming to offer $50,000. And of course, as you remember, LSD won that contest. Argus, of course, didn't think that they could possibly be owned by a, uh, user LDT call gate descriptor, uh, privilege violation, which had already been discovered in, like, Linux 1.0. But apparently it did happen, and they were able to pop it on the machine, and they would declare the winners of the contest, but they still haven't been paid. Yeah. What was up with this? If you're from Argus, you need to pay those guys now. Thank you. Thank you very much. Um, and, you know, this happened a while back, but what's up with this happy hacker check, releasing storage and exploits and bug track? Like, I lost my home directory. I'm there. I was really pissed off. Yeah, that happened to me, too, when I ran the Brack 59 extraction utility. Luckily, I wasn't running it as rude. I was. We're getting close. There were some interesting papers a while ago. Um, Wabas? What is Wabas all here? Wabas? Wabas? Inviting cousin Wabas. Um, we know you're here. I don't see Wabas. We're just going to talk about his rise of the robots paper. But he's not here, so, okay. I love the guy. So what if he's Polish? Yeah. Are you racist? Hack that SC is a bunch of racists. Yeah. Are you stepping? I've got a giant. Yo. Back down. Yeah, you don't want a piece of this. This is no joke. This is not the Brack moons. I'm the Unix playlist. I will RME without remorse. Okay, something to look forward to from ISS in the coming months. They'll be releasing their UFTP exploit or advisory not their exploit. It's post authentication. Anonymous access is enough. Remote route. If they'd like to coordinate the release event with the release of our exploit for it, that'd be pretty cool. So just so you know, an ISS exploit UFTP is out floating around and you are unprotected because they do not want to tell you. Or to say declare war on NAI, Core SDI and EI. Yeah, that's what I want you. Threat Con Level 7. This is the Unix terrorist. That's basically all we wanted to present to you and talk to you about. So now I suppose we can have questions or something or if there's anything you'd like to talk about if there's any heckling from the open BSD check or anything she'd like to try to say or whatever, you know, any more embarrassment to the open BSD cause. That was the time. Oh wait, don't pause yet, please. Is there anything anyone would like to say or would like to know about gobbles or anything out there? Anyone? You. Back in December. Oh, I apologize. The question was how long was the Apache exploit around? How long do we have it? We've had it since December just in case there's any confusion on that. You. I don't know if we're allowed to say. I would recommend, this is okay, this is what we all use from gobbles and this is what Unix terrorists use, this is what Sylvio uses on his desktop. Plan 9. It's all about Plan 9. Y'all. Holla back to Bell Labs. Anything else? Questions? Yes sir. You're right, open BSD doesn't make a lot of money for their products but the developers get paid quite a bit of money to do what they're doing. Yes, you are correct. I think what's bad about open BSD is they advertise being secure. There are more criminal bugs in open BSD. Like when open BSD developers take like import the net BSD CVS free into their own, they like say this code is too clean. Let's put some integer overflows in. We must give them credit. They do know how to set up a good vector. I'd just like to know why, so what is all the open BSD development going on? You know it's just like gripping for stir copies and stir cats but in reality the entire code base, you know what I'm saying? Like the device drivers, the file system implementations, virtual memory management has all been ripped from net BSD. So there's really no progress because every time you hardware is supported it gets forwarded directly from net BSD or free BSD. So like what's going on there? There's really no rest of the thing. I think about open X2, I don't get it, but you know, we haven't seen a change to a file and user source sys on open BSD for like five years. I want to disagree with that one. I don't know. If you look at the net BSD code for BSD, Linux, open BSD, they all have their different approaches and different ways of doing things although much of it is from a common UNIX philosophical standpoint. When is the memcapi thing going to be fixed? The BSD kernels that make the appellation quite so much easier? When is that going to be fixed? Can you explain to us why ECS is so important? Sorry. Are you trying to encourage a whole new class of vulnerabilities by designing your bcopy.s in such a manner that it can be easily exported? Because that bug was a joke. It was a piece of cake. 100% reliability. First shot. Is this the brand of a proactively secure operating system? Okay. I guess this is the end of the speech. There's a few things. I forgot to agree. I'd really like to express my thanks to Mark Doad of Internet Security Systems on Xforces Australia for buying me a drink the other night. Mark's a great guy. Other people from ADM who are supporting Govels, they were today Dice from ADM. He bought me my breakfast and he told me, he said, yeah, ADM's got to get back to the Black Hat community somehow. What a prince. Yeah. Anyhow, there are wolves among us.