Speakers and Presenters
Musicians & DJs |
Games & Events |
Last Updated : 4/20/2004 10:16 PM
All speakers listed are currently confirmed as of attending. Numerous others are still pending. If you are
interested in submitting a proposal for a presentation or performance, please check out our
Call For Proposals.
Creative/Artistic track presentation
Technological track presentation
Performers (does not include musicians and DJs)
Speakers and Presenters
A leading industry technologist, Mr. Forno is an expert in information
assurance program development and management. His areas of expertise and
interest include incident response, information operations, critical
infrastructure protection, and national technology security policy.
Richard most recently served as the first Chief Information Security Officer
for Network Solutions and the InterNIC. Prior to this, he was actively
involved in security program development and computer crime investigations
at the US House of Representatives and other government agencies. In 1999,
he co-founded (and continues to actively support) G2-Forward, an innovative
open source information exchange system currently supporting the national
security and emergency response communities.
Along with other research and academic projects, he is an adjunct instructor
at the George Washington University, conducted monthly lectures on
information warfare at the National Defense University from 2001-2003, and
was an active participant in the 2000 White House Office of Science and
Technology Policy Information Security Education Research Project.
In addition to many articles, conference presentations, and media
commentaries, he is the author of the books The Art of Information Warfare
(1999), O'Reilly's Incident Response (2001), and Weapons of Mass Delusion:
America's Real National Emergency (2003).
Richard is a graduate of Salve Regina University (M.A., International
Relations), American University (B.A., International Studies), Valley Forge
Military College (A.B., Business) , and the United States Naval War College.
Through the Magic Mirror: Reflections on photography, a short skewed history
Mr. Aitken is a long-time Cleveland area photographer and printmaker. He works as a
full-time instructor of photography at Case Western Reserve University in Cleveland
and has also taught photographic technique at many local schools and institutions.
Most recently his work was part of the, "Bits&Pieces@PBL" group exhibition of digital
art at the Peter B. Lewis building on the Case campus. He is known for his numerous
publications and exhibitions and has had the opportunity to serve as a judge at
numerous competitions. Mr. Aitken received both his B.F.A and M.F.A. at Ohio University.
Using a series slides, Mr. Aitken will present a light hearted presentation
demonstrating some of the unexpected ways the medium of photography has
influenced our culture. He will also explore the historical tendency
to, "accept photographs as literal or truthful, even if they were manipulated."
We may believe today that it took the advent of Photoshop and other computer
software to make the art of doctoring photographs truly possible. However,
Mr. Aitken will show how this practice began shortly after the invention
of photograph itself in 1839!
Tanner Beck has been photographing things since he was a wee lad. He's
been doing his own darkroom work since 1998. Aside from the obvious, he's
made short videos, entirely digital pieces, album art, painful music and
barely presentable web sites. He's also worked for a variety of companies
as a programmer and NOC-Monkey. Tanner has plenty of free time and is
bored easily, which may explain why he's flailing about in academia,
studying photography and Asian languages instead of just finishing his
computer science degree.
Synopsis for Pornography for Engineers
The project is meant to visually explore the aesthetic surrounding
technology. Not simply in terms of technological artifacts themselves, but
also their surrounding environment. The main impetus for exploring the
aesthetic in technology is that the intimidation factor often prevents
"laymen" for really appreciating the beauty inherent in certain
environments. And often, technically inclined people have an abstract
notion of what something does in a system, which can prevent them from
appreciating it on its own. So I attempt to isolate or present out of
context certain things, in an attempt to help people see them in a new
The project is still ongoing and probably will continue for as long as I
Synopsis for G8
The "music" of G8 is likely familiar to anyone who's played with /dev/dsp
or /dev/audio. The first album, "Floating Point" was created entirely by
recording the sounds produced by catting executables to the audio device
under Linux (or, the case of one track, a sega genesis ROM.) The second
album, "Infinite Monkeys" was created by faking wav headers up and putting
them in front of various executables. The general effect is the same, but
it allows for varying bit rates and stereo (and is, I'm told, slightly
less painful to listen to.) The albums are concept pieces, in that their
purpose is to illustrate the patterns that are present inside of programs,
rather than being really fun to listen to.
Joe Caputo aka "Computo"
Digital Music Production Techniques
Joseph Caputo has been studying music since the age of 4. He has performed with some of the greats in the music world, including Wynton Marsalis and Kenwood Dennard. Along with some of his groups, Joseph has toured throughout the US, Mexico and Europe. A graduate of Berklee College of Music, Joseph performs solo as Computo and with The Sons of Liberty and The Signal Graffitiists.
As Computo, Joseph performs and produces using a few select programs. One of those programs is Propellerheads Reason. Using Reason, one can gain an understanding of the principles of electronics and music while composing high quality audio recordings. Joseph plans on giving an overview of the program, and showing some unique tips on maximizing the programs powerful attributes. Also, Computo will take questions regarding the program and his performance from the preceding evening.
SELinux and MAC
Matthew J. Fanto currently works for the US Department of Commerce,
National Institute of Standards and Technology, where he specializes in
cryptology, specifically block cipher design and cryptanalysis. Matt is
also very active in open source projects. He is involved in the
Linux-NTFS project (adding NTFS support to the Linux kernel), the
OpenPaX project (adding various security features to the Linux kernel),
the SELinux project (adding access controls to the Linux kernel), and
the Hardened Gentoo project (one of the original founders, now an
I will be speaking on SELinux (Security-Enhanced Linux) and mandatory access controls. What is
SELinux? What is LSM? What security benefits does one gain with SELinux?
How do SELinux policies work? What are the limitations of SELinux? How
does SELinux compare against other products? If time, a demonstration on
how I can give out my root password and not fear anyone doing any
30 Years of Digital Art: A personal highway experience
Mr. Gartel is considered to be the "FATHER" of the Digital Art movement around the world for over 25 years. His work has been exhibited at the Museum of Modern Art, Joan Whitney Payson Museum, Long Beach Museum of Art, Princeton Art Museum, PS 1, Norton Museum and in the permanent collections of the Smithsonian Institution's Museum of American History and the Bibliotheque Nationale. His biography for his pioneering efforts is included in "Who's Who," "Who's Who in the East," "Who's Who in America," "Who's Who in American Art," and "Who's Who in the World."
Born and raised in New York City, Mr. Gartel had the opportunity to teach Andy Warhol how to use the Amiga Computer, went to School of Visual Arts, with fellow art student, graffiti artist Keith Haring, where he earned his BFA degree majoring in Graphics, and started his electronic career working side by side with Nam June Paik at Media Study/Buffalo in upstate New York. Gartel had many associations with musicians such as Debbie Harry (Blonde) Sid Vicious (Sex Pistols), Stiv Bators (Dead Boys) Johnny Thunders (New York Dolls) Ace Frehley (Kiss) and Wendy O Williams (Plasmatics). Recently, Gartel has created artwork for such Pop Culture stars such as Justin Timberlake and Britney Spears.
He has several monograph books on his work:
- "Laurence Gartel: A Cybernetic Romance" published by Gibbs Smith, (c) 1989 Utah. Introduction to the book is written by video guru Nam June Paik.
- "GARTEL: Arte & Tecnologia" published by Edizioni Mazzotta, (c) 1998 Milano, Italy. Introduction to the book is written by noted art historian and critic Pierre Restany. 250 pages over 400 colour plates.
- Mr. Gartel was recently included in the Italian Art History Textbook: "La Storia Dell Arte" published by Editions Giunti (c) 2001, Firenze. Michelangelo at the front of the book and GARTEL being the last page representing "NEW VISUAL LANGUAGES."
Jeff "AmishOne" Goeke-Smith
Amateur Radio: An introduction and assorted topics.
A background in networking technology and a desire to learn about radio lead
Jeff to acquire a amateur radio license in the fall of 2000. Ignoring all
common sense and good judgment, Jeff dove right into the middle of building
repeaters and now helps operate the second largest amateur repeater network
in Michigan. Along the way, he was distracted by numerous other aspects of
amateur radio, and has spent a little time playing with all of them and too
much time with some.
This is to be a talk covering the very wide topic of amateur radio
at an introductory level to get people interested in the subject.
The talk will begin with a brief description and history of amateur radio,
followed by some more specific topics in greater depth as the audience
desires. I intend to have 5-15 minute presentations about the following
topics, and will go into each one as the audience desires. The intent
is to have, for lack of a better term, a "hyper-talk" where the audience
can guide the talk to their topic of interest and technical level.
- Bands, frequencies, and modes of radio operation
- HF bands and world wide radio contact.
- VHF and higher bands for local operation
- Repeaters, how you work them, and how they work
- Digital modes (AX.25, packtor, psk31, APRS)
- Satellite and moon bounce
- Ham swaps, and social activities.
- Public Service activities.
- Experimental radio and modification of commercial gear
- Licensing and rules of operation.
- Fox hunting (Radio Direction Finding)
Lurene Grenier and Seth Hinze
Homunculus: The whys and wherefores of tcp with spoofed IPs
Bio for Lurene Grenier:
Lurene Grenier is a 21 year old senior at RPI, in Troy, NY. Her primary interests lie in the realms of networking, security, and forensics, and looking for work. She's going to the beach, and she's bringing aspirin, a beach ball, a chair....
Bio for Seth Hinze:
Seth Hinze is a 22 year old who I can't get to write a bio for the talk. Lurene can vouch for the fact that he can beat every Super Mario Bros. game, but he's not very good at Metroid. He'll have his masters in Electrical Engineering and Super Mario Bros. in May of 2004.
Homunculus is a tool which allows for the simulation of large bot nets. This can be used to fool attack detection, or study profiling techniques for large bot net based attacks. In this talk we'll discuss how homunculus is designed, and how it's use can frustrate traditional attempts to detect brute force attacks.
computers without hardware; programming without coding
Seth is a cryptologist, a mathematician, a computer scientist. He'd
spend the rest of his life in academia if he could afford it. When he's
not being schooled by crypto "experts" on irc, he spends most of his
time working on various crypto-related projects and transitioning
from academia to the "real world" (otherwise known as "seeking
employment" or "trying to get a job"). He's also very open to questions,
so if you're curious about the technical details of what he does, you
should ask. No really, he means that.
Computers are getting faster, programs more complex. People are
programming in much higher level languages, using methods to protect the
entire project from a sloppy coder. We even have clippy, who will now
let you know when you only need to #include <iostream> instead of
This makes it easy to lose sight of where it all started, the
foundation that computing today is built on.
In this talk, we will forget about all the modern advancements of
programming languages dot Net and silicon, APIs and transistors, and
look at the bigger picture. Rather than covering the work of the latest
and greatest "computer security professionals" of our time, we will
look at the work of people such as Alan Turing, Alonzo Church, Kurt
Gödel, and Stephen Kleene. We will program without touching a computer,
and play with languages that aren't used with compilers, linkers, or
No previous knowledge of the subject is required, as everything will be
presented from the ground up with mathematical rigor. But don't let that
scare you off.
Musical recording technique and practice
James is as much a musician as he is a technical enthusiast, playing gleefully in the realm between the technical and the artistic.
A hodge-podge collection of information that appeals to anyone who enjoys learning. The talk will focus mainly on how computers have changed audio over the past few decades. Information on many different aspects of audio, the recording of audio, the practical use of audio (be it music or surveillance) as well as how compression changes everything.
Paul Jarc is a coder, Free Software aficionado, amateur musician, and
all-around geek, among other things. He likes investigating novel
ways of using traditional Unix facilities, and tries to help out
answering questions on mailing lists when he can, but he's not big on
is a work in
progress, aimed at providing another messaging-forum mechanism, as an
alternative to traditional mailing lists and newsgroups. Mailing
lists suffer from a range of problems including bounce handling,
autoresponders, privacy of the membership list, and malicious
subscription or unsubscription of third parties. Newsgroups are
better in these areas, but introduce their own limitations, including
the difficulty of creating a new group, no immediate notification of
new messages, and failing to present a synchronized, consistent set of
messages to all readers. New alternatives such as Web-based
discussion boards have some advantages, but email and news are far
more mature in having well-developed clients. Taking the position
that email's problems are the easiest to solve, I will discuss how
public, read-only IMAP gives us the best of all worlds.
Practical web based multimedia content management systems.
Matt Joyce is a Coder, Sysadmin, Engineering student, and American School
of Sao Paulo Belch Competition finalist 1999-2000. Matt has experience in
backend web development, having done infra and extranet design at fortune
500 companies. Matt has also spent the better part of 2 years working
with a 3 million dollar R&D grant focused on bringing technology into
classrooms. A major portion of his work has focused on the management
and distribution of large media such as audio and video content.
Matt will be discussing his development efforts on an open source
multimedia content management system. Focusing on the problems associated
with managing and distributing large media content via the web. From
technical to legal and all the psychology in between he shall explore the
design of various CMS systems, while addressing a few of the more
fundamental issues in content management today. Matt will also be
releasing the first stable version of his own CMS system.
A PATRIOT Act, and its implications on Network Security and Technology, privacy, and small to medium sized businesses
Rajeev is a research and policy analyst staffer at ACLU Ohio and has worked
extensively on the impact of anti-terrorism legislation as it relates to
small businesses and electronic communications. In addition to working at
ACLU Ohio, he is currently a senior at
Case Western Reserve University
pursuing degrees in Political Science and Economics.
As the information age came upon us, many thought it would be a period of
open exchange and the free flow of ideas. However, after the terror attacks
of September the 11th, those lofty visions and ideals have come dimmed. In
the wake of the terrorist attacks on the World Trade Center and the
Pentagon, Congress haphazardly passed legislation that would significantly
curtail intellectual freedom, transparency, and civil liberties. Since the
passage of the USA PATRIOT Act only weeks after the 9/11 attacks, the United
States has undergone dramatic change. We are no longer free to go about our
business without fear of big brother watching over our shoulders. He is on
our telecommunication networks, in our libraries, businesses, and bedrooms.
Our civil liberties are being eroded every day, yet many of us have not come
to realize this stark reality. All hope is not lost. There are things we can
do to reclaim the liberty that the founders of this country and generations
before us worked so hard to secure.
Hi-fi and Loudspeakers from high-end to DIY
Long time audio enthusiast, medium-time audio professional, currently
working as a product manager at a company which is a leading supplier of
audio components and supplies. Work-related endeavors include moderating a
speaker discussion board, designing loudspeaker drivers, as well as
designing and marketing complete loudspeaker kits and systems. Personal
projects include conceptualizing and building unusual loudspeakers, and of
course listening to them.
A discussion of music, loudspeakers, hi-fi, and their role in the 21st
century. Emphasis will be on loudspeakers-- how they work, the technologies
involved, why some cost more than others, why some sound better than others,
and how to find the right one for you. We will look at it from a design,
marketing, and end user's standpoint to get a better understanding of what is
involved in the creation of a loudspeaker. Plus, we will look at the
feasibility and advantages of building your own! Hi-fi isn't just for your
gramps, its on the comeback baby!
"There's Many A Slip 'Twixt The Screen And The Disc"
Josh is an electrical engineer at Motorola's automotive
electronics division. He graduated from the University of Michigan
despite his best efforts, and now spends his life staring at a computer
screen. Which is just like it was before, really.
He does work at Motorola. He doesn't work on cellphones. He has never
worked on cellphones. He doesn't know anything about cellphones. He
sometimes wishes he didn't carry a cellphone. He has been known to
carry a crowbar. Do NOT ask him about cellphones.
Digital data in an ideal world does not change over time,
does not change in transit from one location to another, and can be
copied without error. But that ain't the way it is.
A file sitting on a disk will rot, not physically, but in its bits.
Data over a wire or over the airwaves is subject to interference from
any number of different sources, ranging from the FM station down the
block to the cosmic ray station 150 light years away. Bad circuit
design can cause errors; so can bad luck.
This presentation will outline the reasons why your data can decay and
the mechanisms of that decay. It will focus on physical mechanisms
rather than software mechanisms. You won't need to be an EE to
understand it, but it would help if you've heard of electrons.
Ethics of the Hacker
David Lauer has been an IT professional for over 10
years, mainly as a computer programmer. Bored with
programming, he decided to become a Network
Administrator. Now working as a Network Administrator,
he has returned to college and has become A+ and
Network+ certified. Long interested and professionally
involved in security issues, Dave is currently working
on his Security+ certification. As part of his
involvement in computer security, he has long been
interested in how people view computer "hackers" and
how that picture compares to how "hackers" view
themselves. I will discuss the image presented by the
media of hackers in my talk. I will also be providing
questionnaires, to document the "hacker" perspective
on these issues.
The Slashdot Backend for Drooling Idiots
Tim Lord has posted more than 8,000 submissions to the
Slashdot homepage, currently lives in Seattle, and is single/looking.
Unless you've set up a Slashcode site, you've probably not
seen the admin backend of Slashdot. This quick talk will show how to
navigate within this (relatively simple) system; reject, accept and
combine submissions; edit and post stories; and if all goes well, will
feature some live Slashdot story posting, always fun. There are some
handy anti-troll tools built in, of which a few are even within the
ken of a non-programmer like Tim. If time allows,
we'll also look at some of the other Slash-based sites out there --
Slash makes for pretty flexible presentation, despite the many
Properties, Methods and Development of Brain-Computer Interfaces
Duncan Lowne is a software engineer at Cleveland Medical Devices, a
Cleveland-based biotechnology research and development firm. The company's
products and research focus on physiological signal monitoring and analysis.
Duncan's recent work and research has included neural-nets for real-time
adaptive pattern classification systems, design of polysomnograph data
acquisition and analysis software, neurofeedback for training and control of
neurological activity, and embedded device interfaces. He has also explored
the avenues of biotelemetry in its use as a tool for artistic expression.
In his off hours, Duncan runs a small (and under-publicized) electronic
music label called Lethargic Records, on which he spins funky house and
produces various subgenres of electronic music. He is an avid skateboarder
and student of both modern and ancient languages. He is kept in line and
out of trouble by his beautiful wife Kristin.
This presentation will cover the past, present and future of
Brain-Computer Interfaces, as well as the basic fundamental principles,
neurological, physiological, and technological, that facilitate non-tactile
computer control. The presentation will include an active demonstration of
physiological signal interpretation in a semi-artistic manner.
Twenty years ago, the graphical-user interface paradigm heralded
the era of a computer on every desktop. Since that time, the
mouse-and-keyboard combination has been the primary input method for
personal computing. Such an input method requires a high level of manual
dexterity, is often cumbersome to use in a mobile environment, and creates a
high barrier to participation with regard to the physically challenged.
Over the years, developments in Human-Computer interfaces have begun to
address this issue through research into interpretation of physiological
signals and applying them as control signals. Moreover, the marriage of
artistic pursuits and physiological signal monitoring has led to an
interesting array of experimental artworks. Existing systems, while
expensive and cumbersome, point to the promise of lower-cost,
minimally-invasive devices that will more directly bridge the gap between
human and computer.
Syn Ack Labs
Distributed Encrypted File Journaling and Messaging - A Community Effort
Todd MacDermid is a serial open-source security software author
and speaker, and a member of Syn Ack Labs
Current research areas include covert channels, interface design, and
other privacy protecting topics. Past work includes kernel module
rootkit detection and source routing.
Come join the team for the next privacy protecting tool, one
sorely needed on today's Internet. DEFJAM will provide users with a set
of encrypted shared filespaces to pass files around among friends, along
with a protected messaging protocol, sharing the same key management
system. The messaging system will be scalable enough to handle text,
voice, and video communications.
DEFJAM is not yet written. This talk is only the beginning. In the talk,
a protocol proposal will be made, along with the research and rationale
for the protocol design. During the talk, audience feedback and participation
is encouraged, and we'll hash out a good one.
And then, we code! A framework will already be in place, but implementation
will be mostly a group effort. Share in the camaraderie of developers,
make new friends, and get in on the core group of a great tool.
DEFJAM was inspired by WASTE, but aims to be more secure, more user-friendly,
more expandable, and with legally unencumbered code. DEFJAM will be
released under a BSD license.
Bill has been working on and writing open source applications for nearly 10 years in
one form or another. He has been in the computer and network security arena for 8 of those
10 years. Recently, he began work on The Cleveland Honeynet Project,
This presentation will focus on The Cleveland Honeynet Project and its goals. It
will also cover some of the more technical aspects of the Honeynet as well as its practical
applications. The Cleveland Honeynet Project presentation will have a lecture, a
demonstration and a question and answer section.
Getting Friendly With (X)HTML
Eric A. Meyer has been working with the web since late 1993 and is an
internationally recognized expert on the subjects of HTML, CSS, and
Web standards. He is currently Principal Consultant for
Complex Spiral Consulting
, focusing on
helping clients understand and use open Web standards to cut costs
and improve efficiency. When not otherwise busy, Eric is usually
bothering his wife Kat in some fashion.
Synopsis for High-Powered Style
The Web has long suffered from two fallacies: that compelling sites
require Flash, and that CSS-driven designs are uniformly boring.
Wrong! Sites like the CSS Zen Garden and the CSS Vault have
shattered both myths by demonstrating how beautiful and original CSS
design can be. We'll dig into the Garden, explore the Vault, and see
how CSS can be used to drive effects such as multi-level dropdown
menus that work in every modern browser. The best part? The side
effects of intelligently designing with CSS are reduced page weight,
increased accessibility, and search engine optimization. Beauty and
brains-- what's not to like? If you aren't stylin' yet, now is the
Synopsis for Getting Friendly With (X)HTML
Have you ever wished you could annotate hyperlinks to carry extra
information about the thing to which the link is pointing? It turns
out that you already can, and the astounding part is that these
enhancements leverage long-extant (and long-ignored) features of
HTML. The XHTML Friends Network (XFN) is the first such addition to
HTML and XHTML, and lets people describe their personal relationship
to the maintainer of another site. Following in XFN's footsteps is
VoteLinks, a way of "modding" a link's target. Already the prospect
of emergent rudimentary trust networks is in the air. Could the Web
be turning semantic from the grassroots up? Come find out more about
these surprising new additions to the Web and how you can get in on
Everything you ever wanted to know about telco and a little bit more
A telco geek with too little supervision on the job, Myself likes to curl up with a good manual, frequently while sprawled out in the cable rack above an ESS machine. A background in computers and electronics, and the ability to explain almost anything to almost anyone, should make for an interesting talk. Bring your questions! Bring your t-berds! And bring the numbers you found while war-dialing that you couldn't make sense of!
This presentation will consist of a series of 3 different presentations
and topics over 3 hours and will culminate with a break-out hands on
session in the Birds of a Feather room.
libdnet, libpcap, and libnids: Write Your Own Damn Tools!
Dr. Jose Nazario is an author, biochemist, surfer, cook, thief, lover, and poet. When he's not busy working for a small network security firm, he's skateboarding, fishing, rocking out, and writing books.
Notable accomplishments in Dr. Nazario's life include the publication of a book on Internet worms, a forthcoming book on OpenBSD, infosecdaily.net
, and speaking at various venues around
Jason Scott and RaD MaN (ACiD)
100 years of the Computer Art Scene
Bio for Jason Scott:
Jason Scott is the creator of the textfiles.com family of websites,
covering a wide range of computer history with a focus on dial-up bulletin
board systems and early internet. Over the six years of running the sites,
his mission has expanded to include audio, PDF, the artscene (demos and
other graphic works) and basically anything technological and old. For the
last three years, Jason has been traveling the country interviewing
subjects for an epic 3-DVD documentary/mini-series on dial-up bulletin
board systems. (www.bbsdocumentary.com
He has interviewed over 200
people, including his co-speaker, RaD Man. Jason's last con appearance was
as keynote and regular speaker at Rubi-con 5.
Bio for RaD MaN:
RaD Man is founder and president of ANSI Creators in Demand, now simply
known as ACiD (www.acid.org). This art group has run for over 14 years
with regular releases of artpacks, BBS mods and software products,
including ACiDdraw (1994) and The Product, an electronic magazine. Now in
"retirement", he has aimed his energy at documenting the artscene and
history that has led up to it. he is both a subject in Jason Scott's
documentary and a researcher working behind the scenes to ensure its
accuracy. Recently, he finished work on a DVD-ROM of 14 years of artpacks
by ACiD and many others called Dark Domain (2004), available at
Since the first time that machines could calculate, people have twisted,
modified, hacked and played with them to create art. In a fast-paced hour,
we're going to do our best to capture 100 years of computer art, the magic
of the art scene, the demo scene, and a dozen other "scenes" that have
been with us as long as computers have. Prepare yourself for a roller
coaster of visual and audio history as your two over-the top scene pilots
take you on "the story so far" to the artscene.
Is Privacy an Illusion?
Mike is and experienced developer, engineer, and security expert. With over
ten years of experience in the IT field, he has a broad background in most
Every day, we leave digital footprints wherever we go. Whether we're buying
gas, groceries, or even a drink, we're under the ever-watchful eye of
electronic surveillance. Learn who's collecting your data, why they're doing
it, and most importantly, what you can do about it.
Syn Ack Labs
Frustrating OS Fingerprinting with Morph
Kathy Wang broke into programming with BASIC on the Apple IIgs. She has
a bachelor's and master's degree in electrical engineering from the University
of Michigan, where she specialized in VLSI chip design and semiconductor device
physics and fabrication. She worked at Digital as part of the Next-Generation
Alpha Chip Design Team, and got to spend an entire wonderful summer blowing up
Alpha chips. She has published a paper on some of the work she did there at an
IEEE conference. Kathy has instructed courses ranging from Semiconductor Device
Physics to Vulnerability Assessment and Penetration Testing.
Since Digital got broken up by Compaq and Intel, Kathy has focused on the software side
of things. She has worked at Counterpane Internet Security, and currently works as a
Senior Infosec Engineer at The MITRE Corporation. Kathy is
also a founder of Syn Ack Labs, a computer security research group focused on
cryptography, steganography, and low-level packet hijinks.
Sun Tzu once stated, "Know your enemy and know yourself, and in a hundred
battles you will never be defeated." By denying outsiders information about
our systems and software, we make it more difficult to mount successful
There are a wealth of options for OS-fingerprinting today, evolving from basic
TCP-flag mangling tools such as Queso, through the ICMP quirk-detection of the
original Xprobe, and the packet timing analysis of RING, to today's suite of
multiple techniques employed by nmap. The ultimate advantage in the
OS-detection game lies with the defender, however, as it is they who control
what packets are sent in response.
Morph is a BSD-licensed remote OS detection spoofing tool. It is portable and
configurable, and is designed to frustrate current state-of-the-art OS fingerprinting.
This presentation will discuss the current techniques used for OS
fingerprinting, and how to frustrate them. Morph will be released with the
talk, as a concrete example of the discussed techniques.
OS fingerprinting is one of the most useful methods available to gather
information for an attack. Some work has been done in the past to defend
against OS fingerprinting (FPF by Packet Knights), but none have been
implemented with portability in mind. A tool is needed that will allow
systems administrators to protect their assets against reconnaissance efforts
of potential attackers.
Computer Security as a Negative Experience Good
Rick Wash is a graduate student at the University of Michigan Center for
Information Technology Integration who studies Computer Security,
Cryptography, and Information Economics. He has recently been studying
Trusted Computing and the Spam Email Problem. He did his undergraduate
in Computer Science at Case Western Reserve University.
One problem with most computer security is that its successes are transparent, but its failures are blatantly obvious. A New York Times story about how a hacker stole millions of credit cards from you is quite painful, but a hacker deciding that your security is too strong to be worth trying is really hard to detect. That is to say that security is a "negative experience" good, where only the negative experiences can be measured. While a lack of negative experiences might mean that your security system is working well, it doesn't necessarily. I will address the question of how you measure the effectiveness (and therefore "value") of computer security solutions in light of this problem.
Directed by Froggy
PaperNet: An introduction to basic networking concepts in 3 Acts.
Froggy and his troupe of Notacon Players will present common networking concepts
and protocols such as Ethernet and TCP/IP using live actors and paper. Ever want
to visually see how TCP connections are created and broken down? How about
man in the middle attacks and Ethernet sniffing? Want to see a broadcast storm
live? Join us and you will see just how much fun networking can be!
Some audience participation may be necessary!
Moderated by Rick Wash
Software Protection Mechanisms; Linux vs. OpenBSD
The panel will be moderated by Rick Wash
The recent Linux systems will be discussed by Matt Fanto
He is the maintainer of OpenPaX and a frequent user of SELinux. The recent
OpenBSD systems will be discussed by and Marius Eriksen. Marius is a frequent
OpenBSD contirbutors and is responsible for the Linux systrace port.
Software Protection Mechanisms are OS tools that add additional security
and protection to the operating system against software vulnerabilities.
This will be a panel discussion comparing the implementations and
philosophies behind the recent systems for both Linux and OpenBSD.
Example mechanisms are PaX vs. W^X, SELinux vs. systrace, privsep, etc.
©2004 FTS Conventures