Due to popular demand I have taken the time and integrated some routines into me webapp that automatically create an newsfeed for the latest entries.
I chose RSS 2.0, since it seems to be more readable than Atom and isn't such a mess as RSS 1.0.
So by now I am running a blog with support for newsfeeds and occasional embedded elements such as video coverage in flash.
This is actually really worrying. The first person ever to mention the word "Web 2.0" while saying something related to this blog gets it. I dislike the hype that is currently going on about the whole 2.0 thing.
People are getting so worked up on a catchphrase that they forget to think. Web 2.0 is a highly subjective term with no foundation in reality whatsoever. Why is a blog "2.0"? Some years ago hundreds of people wrote those things. Mostly professionals with an opinion. They simply called it a homepage back then. Nothing more. Now we have a new word to describe "an HTML document that lists entries chronologically and allows you to share ideas, opinions and research". It is a useful word, so we use it. We talk about writing a blog and blogging.
But is that so "2.0"? What did really change? We still distribute our HTML documents over HTTP. It is the same HTTP and mostly the same HTML. We still code our webapps (if at all) in the same languages. Of course Ajax may allow us to really change a little something, but dynamically retrieving content via JavaScript isn't exactly that new either. Everything else is just the same.
The same goes for all those other comparisons. Wikis are the new forums? Oh, well what were forums then? The new usenet? The new mailinglists?
Makes me wonder why we still have mailinglists, forums and even active and productive usenet discussions then.
How about we simply declare a wiki a new (and great) technology instead of forcing it to be a part of some obscure catchphrase movement?
The fact is: Web 2.0 doesn't differ from the thing that is now called Web 1.0 in any possible technical sense. It is just an non-descriptive term.
But obviously people want to believe in a "2.0". This kind of reminds me of Eschatology (no, that's not a sect - it's a subfield of theology) where people want to create something new to get rid of all the old problems. About half the people I meet on the street are convinced that there is a huge difference in between "1.0" and "2.0". Many among them are actually convinced enough to aggressively argue about it.
But this opinion is not only spread among non-techs. There have been posts to major security maling lists asking for "Web 2.0 hacking" and similar stuff. One might think that at least the people who work in the IT sector might be able to gasp the nonsense. But obviously, all is lost in this matter.
As you might have guessed by now, I am not a fan of catchphrases. Especially not, when they have no technical foundation whatsoever. For this reason I would never consider this page to be 2.0ish.
If you want to call it anything, how about I join the madness of versioning the web for you?
Sure. No problem.
I am Web 1.4.2-r2~alpha7, thank you!
<+> 2007-12-03 04:08:01 (1010.07d ago)
<+> 2007-11-26 10:41:46 (1016.8d ago)
Before you say anything: Yes, I haven't been active at all lately.
I'm currently trying to settle in a little and still struggling with the real-estate market. Just moved into a monthly apartment a few days ago. This gives me some security to plan ahead.
Hopefully I will have more interesting stuff to blog about soon.
I just got invited to present at a German university. That should be fun. I'll do my best to prepare a speech that will hopefully be able to teach the students a little something about computer security while not being boring. That ought to be tough, but I'm currently digging into it.
One more note: The Japanese hacking zine Wizardbible did a report on the Black Hat Japan conference in it's current issue. Of course it is in Japanese, but still - if you can read that language (or are brave enough to give the Google translation a try), there is a very positive report on my presentation in there.
I'm currently trying to settle in a little and still struggling with the real-estate market. Just moved into a monthly apartment a few days ago. This gives me some security to plan ahead.
Hopefully I will have more interesting stuff to blog about soon.
I just got invited to present at a German university. That should be fun. I'll do my best to prepare a speech that will hopefully be able to teach the students a little something about computer security while not being boring. That ought to be tough, but I'm currently digging into it.
One more note: The Japanese hacking zine Wizardbible did a report on the Black Hat Japan conference in it's current issue. Of course it is in Japanese, but still - if you can read that language (or are brave enough to give the Google translation a try), there is a very positive report on my presentation in there.
<+> 2007-11-11 02:59:27 (1032.12d ago)
*Die deutsche Version ist weiter unten zu finden*
English version:
I usually stick to English while blogging. However today I will post a German version of this entry as well, since it is mainly targeted at people living in Germany.
As many of you might know German legislation passed a new law today that orders all connection data to be saved for 6 months. This includes assigned IP addresses as well as telephone calls.
This is a step towards complete surveillance. And I do not care if politicians promise to not abuse it. If they don't do so, their successors will. No country should ever posses the capabilities of turning totalitarian.
This is why I decided to fight back. Of course not directly. I will also not breech any laws while doing so. As a Germany citizen I am in no position to think I'm above the law.
However it is the duty of every citizen of every state to stand up when things turn bad.
This is why I started Project HayNeedle. It is mainly a small program written in C# to make it platform independent.
So what does this HayNeedle program do?
It queries Google for various random words and picks one of the results at random. It then retrieves that page and looks for further URLs there, picks another random one and retrieves that, and so long. It works with a modifiable timeout and any given number of threads (so as to say, how many "tracks" to brows on at the same time).
The results?
An average user doesn't generate that many unique connections. By using HayNeedle this changes drastically. The user surfing won't be the only observable connections coming from the computer. There will much rather be many connections originating from the computer. This way it is very hard to tell which connections are actually made by the user thus generating plausible deniability.
So law enforcement will have a hard time creating profiles of innocent citizens. The concept of data retention is pushed to a realm of absurdity.
I have tested HayNeedle on Linux and Windows XP. It is a quite simple application, so it should run flawlessly on any other platform available. If it should however crash on your machine please send me a report so I can fix things. If it works on your OS, I'd be glad to hear about it as well.
I know there is always a huge trust issue, when using programs a hacker wrote. To cope with this I have published HayNeedle under the GPLv2. You can look at the sourcecode and compile it yourself if you don't trust my binary.
Download
- hayneedle-0.1.zip
- MD5sum : c8178d589b0277e1d9d79242defbf977 hayneedle-0.1.zip
- SHA1sum : ba8d79455e8e3b982d6399b2a4141e1ae705862c hayneedle-0.1.zip
Usage
- Windows : If you want to just run it a mere doubleclick on hayneedle.exe is enough. If you want to pass parameters to it, you'll need to call it from the CMD.
- Everything else : You will need to run it with Mono. A free .NET implementation. Invoke it by typing mono hayneedle.exe.
Valid commandline options
- -c How many threads to run. (How many sites to surf simultaniously) Default: 5
- -t The timeout between each connection in seconds Default: 1
- -v Give verbose output
Sice this is open source software any form of constructive feedback is welcome along with patches or new ideas. This software is in ALPHA state. So it may crash on your box.
If you want to contribute, simply download and use it. If you can code and have great ideas, send me a patch.
HayNeedle is not the one shot solution to all problems. It doesn't help the actual problem of telephone surveillance and it can't help against eavesdropping. It is merely one among (hopefully) many projects that help securing a little piece of privacy.
Deutsche version:
Normalerweise blogge ich ausschließlich auf Englisch. In diesem speziellen Fall jedoch empfinde ich eine deutsch Version als angemessen, da es sich um ein innerdeutsches Problem handelt.
Wie die Meisten wissen werden, hat die deutsche Regierung heute ein neues Gesetz beschlossen, nach dem alle Verbindungsdaten für 6 Monate gespeichert werden müssen. Das schließt zugewiesene IP Adressen genau so ein wie Telefonanrufe.
Dies ist ein Schritt in die Richtung der kompletten Überwachung. Und dabei interessiert es mich nicht, ob unsere Politiker versprechen die Technologie nie zu missbrauchen. Wenn sie sie nicht missbrauchen, dann werden es ihre Nachfolger tun. Kein Land sollte je die Möglichkeit besitzen ein totalitäres System zu etablieren.
Aus diesem Grund habe ich mich dazu entschieden dagegen anzukämpfen. Selbstverständlich nicht direkt. Ich habe auch nicht vor Gesetze zu übertreten. Als deutscher Staatsbürger gibt es absolut keinen Grund mich über das Gesetz zu stellen.
Allerdings ist es die Pflicht eines jeden Bürges seine Stimme zu erheben, wenn die Dinge aus dem Ruder laufen.
Daher habe ich angefangen am Projekt HayNeedle zu arbeiten. Es ist ein kleines, in C# geschriebenes Programm und daher platformunabhängig.
Was also genau macht HayNeedle?
Es sucht bei Google nach verschiedenen zufällig gewählten Worten und wählt eines der Ergebnisse nach dem Zufallsprinzip aus. Daraufhin lädt es die ausgewählte Seite herunter und durchsucht sie nach weiteren URLs. Eine dieser URLs wählt es dann abermals zufällig aus und lädt die nächste Seite herunter. Der Vorgang lässt sich beliebig fortsetzen. HayNeedle arbeitet mit modifizierbaren Timeouts und einer beliebigen Anzahl Threads (also einer beliebigen Anzahl an "Pfaden" auf denen gleichzeitig gesurft wird).
Das Ergebnis?
Ein durchschnittlicher Nutzer generiert nicht all zu viele Verbindungen. Sobald HayNeedle zum Einsatz kommt, ändert sich dieser Umstand massiv. Der Surfende Nutzer ist nicht länger der einzige Ursprung von Verbindungen, die der Computer aufbaut. Vielmehr wird es viele Verbindungen geben, die von dem entsprechenden Computer ausgehen. Daher ist es sehr schwer festzustellen, welche Verbindungen tatsächlich vom Nutzer stammen. Hierdurch entsteht plausible Abstreitbarkeit.
Dieser Umstand erschwert es der Polizei ungemein Profile unschuldiger Bürger anzulegen. Das Konzept der Vorratsdatenspeicherung wird ad absurdum getrieben.
Ich habe HayNeedle auf Linux und Windows XP getestet. Es ist eine recht einfache Anwendung und sollte daher auch problemlos auf allen anderen Plattformen laufen. Sollte es jedoch auf einem bestimmten Betriebssystem abstürzen, so bitte ich um einen Bericht damit ich den Fehler beheben kann. Ich freue mich allerdings auch über Meldungen von Betriebssystemen, auf denen es läuft.
Ich bin mir bewusst, dass es immer ein riesiges Vertrauensproblem gibt, wenn Software zum Einsatz kommt, die ein Hacker geschrieben hat. Um dem entgegenzuwirken, habe ich HayNeedle unter der GPLv2 veröffentlicht. Der Code kann von Jedem und zu jeder Zeit eingesehen werden. Wer meinen Binärdateien nicht traut, kann das Programm selbst kompilieren.
Download
- hayneedle-0.1.zip
- MD5sum : c8178d589b0277e1d9d79242defbf977 hayneedle-0.1.zip
- SHA1sum : ba8d79455e8e3b982d6399b2a4141e1ae705862c hayneedle-0.1.zip
Nutzung
- Windows : Um das Programm einfach nur zu starten, genügt ein simpler Doppelklick auf hayneedle.exe. Zum Übergeben von Komandozeilenparametern muss das Programm von der CMD aus aufgerufen werden.
- Alle anderen : Das Programm muss mit Mono ausgeführt werden. Mono ist eine freie implementierung des .NET Frameworks. Zum Ausführen kann Folgendes in die Konsole getippt werden mono hayneedle.exe.
Zulässige Optionen
- -c Nummer der Pfade auf denen gleichzeitig gesurft wird Default: 5
- -t Timeout zwischen 2 Verbindungen in Sekunden Default: 1
- -v Umfangreiche Informationen ausgeben
Da es sich hierbei um open source Software handelt, ist/sind jede Form von konstruktiver Kritik sowie Patches und neune Ideen willkommen. Diese Software befindet sich im ALPHA Zustand. Sie kann also abstürzen.
Um zum Gelingen beizutragen, genügt es HayNeedle herunterzuladen und zu nutzen. Jeder, der coden kann und gute Ideen hat kann mir gerne Patches zuschicken.
HayNeedle ist nicht die allgemeine Lösung des Problems. Es tut nichts gegen die Telefonüberwachung und es ist machtlos gegen Abhörmaßnamen. Es ist lediglich eines von (hoffentlich) vielen Projekten, die die Privatsphäre der Menschen etwas schützen.
<+> 2007-11-10 20:30:30 (1032.39d ago)
Warning. This post contains trace amounts of irony potentially laced with a few spoons of highly concentrated sarcasm.
Guys, I am so proud of you! You know, protecting me and all those other Germans out there from vicious terrorists!
It is such a brilliant Idea to start logging all our connections using a phone and the IP we use on the internet. I am sure you'll catch a lot of terrorists and child pornographers that way. And of course all those nasty [insert random statement good for scaring the hell out of people here]!
Well of course except for those who will just hop onto an open Wifi... or crack WEP on a "secure" one... or bruteforce a WPA handshake from a PSK environment. (I know you don't know those words. Just ask the guys who explained all those brilliant ideas like "online searches" and the "federal trojan" to you. I'm sure it'll take them less than 2 hours to dig them up on Wikipedia.)
Oh, and of course those who figured out how to use an anonymizer... and those smart enough to do proxy jumping... or those who simply 0wn a box somewhere. Or even better: Those who run their own proxy in a foreign country.
Well, but I guess except for those roughly estimated 95% of all the RSBPIP (Randomly Scary But Politically Interesting People) you are really going to hit the spot with your reforms.
A splitter and non-believer who dares to say that those reforms are absolutely useless for fighting crime. I mean, you are politicians! You must understand this way better than the average slob on the street like me. It doesn't matter that I actually understand the stuff you are usually talking about. You are the elected leaders of a country - and of course this never has anything to do with money or influence! You are simply the smartest folks in here.
Let me just quote Schaeuble's followers here for a second:
Let me translate that...
Now I am sure you have some really uber methods handy, right? Not like all those losers from the phono- and software-industry who have - up until now - always failed to do so.
And of course there are only a few people out there who could possibly do this... And they would all be scared of the effort...
Wait, I forgot about the hordes of RE clans we have in Germany together with all the whitehat/greyhat/blackhat hackers (hell, they might work together on this one)... Not to mention the RE specialists at the AV...
Well, but that still leaves us with a funding issue. How much do you think would the media pay for a first analysis of that thing?
I'd give the federal trojan about 2 weeks from discovery, but I bow to your wisdom. If you say it can't be cracked, well it can't be cracked.
After all you also had those other brilliant ideas that I don't understand either. Such as searching a user's complete hard drive without any noticeable overhead and of course how you plan to plant a binary rootkit (the federal trojan will have to be one since you said it hides it's process) on my Linux box with a custom kernel. But you'll probably get my .config with VanEck-Phreaking. I am so proud of you!
I am actually so delighted by your decisions that it saddens me to think I don't live in your radius of power anymore. But I'll send you a mail with all my daily connections from now on, ok? Could I get Schaeuble's personal E-Mail address for this? Thanks!
Oh, and would you like my GPG-private keys, Server-Authentication keys, iris scans and fingerprints with that?
Guys, I am so proud of you! You know, protecting me and all those other Germans out there from vicious terrorists!
It is such a brilliant Idea to start logging all our connections using a phone and the IP we use on the internet. I am sure you'll catch a lot of terrorists and child pornographers that way. And of course all those nasty [insert random statement good for scaring the hell out of people here]!
Well of course except for those who will just hop onto an open Wifi... or crack WEP on a "secure" one... or bruteforce a WPA handshake from a PSK environment. (I know you don't know those words. Just ask the guys who explained all those brilliant ideas like "online searches" and the "federal trojan" to you. I'm sure it'll take them less than 2 hours to dig them up on Wikipedia.)
Oh, and of course those who figured out how to use an anonymizer... and those smart enough to do proxy jumping... or those who simply 0wn a box somewhere. Or even better: Those who run their own proxy in a foreign country.
Well, but I guess except for those roughly estimated 95% of all the RSBPIP (Randomly Scary But Politically Interesting People) you are really going to hit the spot with your reforms.
A splitter and non-believer who dares to say that those reforms are absolutely useless for fighting crime. I mean, you are politicians! You must understand this way better than the average slob on the street like me. It doesn't matter that I actually understand the stuff you are usually talking about. You are the elected leaders of a country - and of course this never has anything to do with money or influence! You are simply the smartest folks in here.
Let me just quote Schaeuble's followers here for a second:
Diese Analyse der RFS (Disassembling) wird jedoch durch die Verwendung kryptographischer Methoden nahezu unmoeglich gemacht.
Let me translate that...
The analysis of the RFS (disassembling) will however be made nearly impossible by using cryptographic methods.
Now I am sure you have some really uber methods handy, right? Not like all those losers from the phono- and software-industry who have - up until now - always failed to do so.
And of course there are only a few people out there who could possibly do this... And they would all be scared of the effort...
Wait, I forgot about the hordes of RE clans we have in Germany together with all the whitehat/greyhat/blackhat hackers (hell, they might work together on this one)... Not to mention the RE specialists at the AV...
Well, but that still leaves us with a funding issue. How much do you think would the media pay for a first analysis of that thing?
I'd give the federal trojan about 2 weeks from discovery, but I bow to your wisdom. If you say it can't be cracked, well it can't be cracked.
After all you also had those other brilliant ideas that I don't understand either. Such as searching a user's complete hard drive without any noticeable overhead and of course how you plan to plant a binary rootkit (the federal trojan will have to be one since you said it hides it's process) on my Linux box with a custom kernel. But you'll probably get my .config with VanEck-Phreaking. I am so proud of you!
I am actually so delighted by your decisions that it saddens me to think I don't live in your radius of power anymore. But I'll send you a mail with all my daily connections from now on, ok? Could I get Schaeuble's personal E-Mail address for this? Thanks!
Oh, and would you like my GPG-private keys, Server-Authentication keys, iris scans and fingerprints with that?
<+> 2007-11-06 08:11:44 (1036.9d ago)
Some weeks ago I posted that I had joined the I hack charities effort. Since then not much had happened. Lately there were some tasks, but they were usually not my scope or skill set.
Yesterday Johnny Long called for a volunteer to mess with a CSS document for one of the webapplications another volunteer had built. As some of you might know, I worked as a webdesigner before becoming a hacker. So even though my skill may have become a bit rusty with time I decided to jump in and help out.
All the other people involved are also extremely nice and I'm sure we'll get some good results. Still, there can never be to many helping hands around, so if you have the skills, and want to use them, just head on over to ihackcharities.org and sign up. Even if you are materialistic non-christ (like me) and don't know anyone in the hacker community (unlike me) it still has many positive aspects.
Apart from this, I spent the past few weeks trying to find an apartment in Tokyo. There are a couple of minor and major problems related to this. First of all, my Japanese is communicational and I might be capable of explaining IT stuff in Japanese as well under some conditions - but still my official Japanese is terrible.
Furthermore, the apartments are all expensive and small, but that is rather ok with me...
Last but not least being a foreigner is not exactly a trump card around here. I slowly start to understand how an Arab might feel in Europe and/or America.
But I'll just keep on fighting until I have my own set of walls around me.
Yesterday Johnny Long called for a volunteer to mess with a CSS document for one of the webapplications another volunteer had built. As some of you might know, I worked as a webdesigner before becoming a hacker. So even though my skill may have become a bit rusty with time I decided to jump in and help out.
All the other people involved are also extremely nice and I'm sure we'll get some good results. Still, there can never be to many helping hands around, so if you have the skills, and want to use them, just head on over to ihackcharities.org and sign up. Even if you are materialistic non-christ (like me) and don't know anyone in the hacker community (unlike me) it still has many positive aspects.
Apart from this, I spent the past few weeks trying to find an apartment in Tokyo. There are a couple of minor and major problems related to this. First of all, my Japanese is communicational and I might be capable of explaining IT stuff in Japanese as well under some conditions - but still my official Japanese is terrible.
Furthermore, the apartments are all expensive and small, but that is rather ok with me...
Last but not least being a foreigner is not exactly a trump card around here. I slowly start to understand how an Arab might feel in Europe and/or America.
But I'll just keep on fighting until I have my own set of walls around me.
<+> 2007-10-26 13:15:45 (1047.73d ago)
This is not a regular blog entry.
It doesn't go deep and it is not comprehensive. It is merely necessary to write it from my point of view.
On Virus Bulleting Peter Ferrie recently published an article on the Akikaze project. I do not know why he chose to take an offensive approach and insult me in person. I also do not know why he spelled out some wrong facts. I hope it is due to a lack of knowledge and not related to slander. I will not answer on this level. This blog entry is merely a technical review of mistakes in his analysis with no personal implication whatsoever. I am writing it for all those interested in the matter. Anyone else can feel free to skip this entry.
Mr. Ferrie lists several cross-platform malwares and accuses me of claiming to be the first.
I never claimed to be the first. And I do not do so now. During my presentations I mention several of the malwares he also quotes.
Mr. Ferrie also dislikes the fact that I said there was not much research in this sector yet.
I do not consider a dozen PoCs which partially only ran on different Windows systems and partially required obscure actions from the user side much research. They were all fabulous examples. But still this area is - as a matter of fact - less researched than traditional approaches. Furthermore my research is not on "multiplatform malware" in general but on "multiplatform malware within the .NET framework" which further narrows the available information.
Mr. Ferrie dislikes the fact that the worm runs within the .NET framework and that I still call it "multiplatform" since from his point of view the .NET is the platform
This is one logical approach. I must agree. However it really doesn't matter from a user's perspective what exactly leads to the system being compromised. As it is emphasized in my presentations the important factor is the sheer capability of running on various OSes. Not how it is accomplished.
Mr. Ferrie noted a bug in the code that may disable the worm on OSX.
I would have appreciated direct feedback. I don't own a mac. However this does not influence the overall conclusion given in my presentations and/or whitepapers.
Mr. Ferrie calls it "dumb" to "create a virus because one did not exist before".
I think it is a researcher's obligation to warn the general public if a vector is found. And if it takes a PoC to get the public's awareness that that PoC must be created. I can however understand that this does not work well with the AV's policies of security through obscurity.
Mr. Ferrie calls it "even dumber" to "incorrectly call it multi-platform".
While I don't know why he chose this exact technical definition and why he chose to insult me I think I made my definition clear beforehand.
Thank you for your attention. I wish I wouldn't have to write such things and I will keep them to a minimum of pure error-correction.
It doesn't go deep and it is not comprehensive. It is merely necessary to write it from my point of view.
On Virus Bulleting Peter Ferrie recently published an article on the Akikaze project. I do not know why he chose to take an offensive approach and insult me in person. I also do not know why he spelled out some wrong facts. I hope it is due to a lack of knowledge and not related to slander. I will not answer on this level. This blog entry is merely a technical review of mistakes in his analysis with no personal implication whatsoever. I am writing it for all those interested in the matter. Anyone else can feel free to skip this entry.
Mr. Ferrie lists several cross-platform malwares and accuses me of claiming to be the first.
I never claimed to be the first. And I do not do so now. During my presentations I mention several of the malwares he also quotes.
Mr. Ferrie also dislikes the fact that I said there was not much research in this sector yet.
I do not consider a dozen PoCs which partially only ran on different Windows systems and partially required obscure actions from the user side much research. They were all fabulous examples. But still this area is - as a matter of fact - less researched than traditional approaches. Furthermore my research is not on "multiplatform malware" in general but on "multiplatform malware within the .NET framework" which further narrows the available information.
Mr. Ferrie dislikes the fact that the worm runs within the .NET framework and that I still call it "multiplatform" since from his point of view the .NET is the platform
This is one logical approach. I must agree. However it really doesn't matter from a user's perspective what exactly leads to the system being compromised. As it is emphasized in my presentations the important factor is the sheer capability of running on various OSes. Not how it is accomplished.
Mr. Ferrie noted a bug in the code that may disable the worm on OSX.
I would have appreciated direct feedback. I don't own a mac. However this does not influence the overall conclusion given in my presentations and/or whitepapers.
Mr. Ferrie calls it "dumb" to "create a virus because one did not exist before".
I think it is a researcher's obligation to warn the general public if a vector is found. And if it takes a PoC to get the public's awareness that that PoC must be created. I can however understand that this does not work well with the AV's policies of security through obscurity.
Mr. Ferrie calls it "even dumber" to "incorrectly call it multi-platform".
While I don't know why he chose this exact technical definition and why he chose to insult me I think I made my definition clear beforehand.
Thank you for your attention. I wish I wouldn't have to write such things and I will keep them to a minimum of pure error-correction.
<+> 2007-10-26 12:47:48 (1047.75d ago)
Black Hat Japan is over. It was a lot of fun.
Mostly because of the many many interesting people with a lot of creative and new ideas and open minds that congregate around here.
I very much enjoyed all the small and big conversations I was able to have as well as meeting a lot of people. The talks were pretty good as well and apparently there was no one to complain about me so the organizers were quite pleased as well.
All in all it was an incredibly cool and pleasent experience with many new impressions and contacts. I am glad I came here.
Furthermore the NHK coverage of Black Hat Japan ended up on Youtube. So if you speak a little Japanese or merely find the fact that this conference ended up on the news interesting, you might like this little video:
I want to thank the organizers. No this is not my attempt to make it back here next year. I really think they did a great job putting all of this together and breaking down many cultural and lingual barriers.
Mostly because of the many many interesting people with a lot of creative and new ideas and open minds that congregate around here.
I very much enjoyed all the small and big conversations I was able to have as well as meeting a lot of people. The talks were pretty good as well and apparently there was no one to complain about me so the organizers were quite pleased as well.
All in all it was an incredibly cool and pleasent experience with many new impressions and contacts. I am glad I came here.
Furthermore the NHK coverage of Black Hat Japan ended up on Youtube. So if you speak a little Japanese or merely find the fact that this conference ended up on the news interesting, you might like this little video:
I want to thank the organizers. No this is not my attempt to make it back here next year. I really think they did a great job putting all of this together and breaking down many cultural and lingual barriers.
<+> 2007-10-25 13:49:26 (1048.71d ago)
Today was the first official day of the Black Hat Japan conference. I would love to sum everything up - unfortunately that would properly take forever. So let me just summarize some of the keystones that can be observed here.
First of all Black Hat Japan takes place in the Keio Plaza Hotel in Shinjuku which is basically as central as you get. This it what it looks like from the outside...
...and this is the view you get from the inside...
The interior is also very nice and clean.
Speaker registration went really smoothly just as expected. Afterwards we met our translators and the press to discuss some general questions. On a funny side note I said a few sentences in Japanese during the press session which obviously got me more attention than any content could ever have.
Even though it is not a great photo, this should give you a clue as to what a press meeting looks like around here:
There are a lot of interesting people around here. Many great talks too. I had a chance to talk to many people I had heard about but never had a chance to talk to before. Among them Halvar Flake and Black Hat's and Defcon's initiator Jeff Moss. This is much smaller than Defcon so it is also easier to get in touch with various people.
My speech was good. I got a lot of positive feedback from both the attendees as well as the organizers. I may have stressed the translators a little though.You couldn't really call the room crowded, but there were about 30-40 people inside who all appeared to be pretty interested.
Just to give you an idea, this is what your standard room looks like around here:
This time I had all my virtual machines with me and everything worked out just fine.
Another fun part of the program was the reception after the main talks had been finished. There were a few translators around, but unfortunately they could barely keep up with all the translating that had to be done. Luckily I was able to get along rather fine with my own Japanese. It may not be perfect, but at least it was enough to vaguely cover all the questions the attendees had.
I also talked to quite a lot of major company employees and military guys. It feels weird for a moment, but that kind of passes with time. Also I had a very nice conversation with a man from the AV sector who was nice enough to explain the AV's standpoint to me. This helped me greatly in order to classify the AV's reactions on my recent publications.
Also this time there will probably be some good pictures of my speech available. I spent some time chatting with one of the reporters for the "Hacker Japan" Magazine. It is a bimonthly magazine in Japanese with pretty good content and rather deep coverage. (At least as far as I can read it. My Japanese is still not that good.) I was amazed to find that this huge magazine (more than 200 pages in each issue plus a DVD) is completely realized by only two people. I think they do a great job. And actually most of the other non-Japanese attendees seem to think so to. One of them asked me to translate for him as he asked for an English version. Unfortunately - as of now - there is none. The reporter promised he would send me the pictures he took during my speech - and I got a good feeling he will. Speaking a decent Japanese really opens up a lot of doors around here.
Well, that's a wrap. I could keep on talking for ages but I think I should just stick to the important stuff. I hope to have given those of you who weren't attending a broad overview of what has been going on here. And for those of you who check my blog because we met at con today: Feel free to contact me with any questions you might have.
Oh, one last thing though. Apparently Black Hat Japan ended up on the evening news on NHK. NHK is Japans public TV-station so being featured there is quite equal to showing up on BBC, CNN or ZDF respective to the given countries. I think this is a nice sign that both the conference but also Japan's security community are on a good track. I am really looking forward to tomorrow.
First of all Black Hat Japan takes place in the Keio Plaza Hotel in Shinjuku which is basically as central as you get. This it what it looks like from the outside...
...and this is the view you get from the inside...
The interior is also very nice and clean.
Speaker registration went really smoothly just as expected. Afterwards we met our translators and the press to discuss some general questions. On a funny side note I said a few sentences in Japanese during the press session which obviously got me more attention than any content could ever have.
Even though it is not a great photo, this should give you a clue as to what a press meeting looks like around here:
There are a lot of interesting people around here. Many great talks too. I had a chance to talk to many people I had heard about but never had a chance to talk to before. Among them Halvar Flake and Black Hat's and Defcon's initiator Jeff Moss. This is much smaller than Defcon so it is also easier to get in touch with various people.
My speech was good. I got a lot of positive feedback from both the attendees as well as the organizers. I may have stressed the translators a little though.You couldn't really call the room crowded, but there were about 30-40 people inside who all appeared to be pretty interested.
Just to give you an idea, this is what your standard room looks like around here:
This time I had all my virtual machines with me and everything worked out just fine.
Another fun part of the program was the reception after the main talks had been finished. There were a few translators around, but unfortunately they could barely keep up with all the translating that had to be done. Luckily I was able to get along rather fine with my own Japanese. It may not be perfect, but at least it was enough to vaguely cover all the questions the attendees had.
I also talked to quite a lot of major company employees and military guys. It feels weird for a moment, but that kind of passes with time. Also I had a very nice conversation with a man from the AV sector who was nice enough to explain the AV's standpoint to me. This helped me greatly in order to classify the AV's reactions on my recent publications.
Also this time there will probably be some good pictures of my speech available. I spent some time chatting with one of the reporters for the "Hacker Japan" Magazine. It is a bimonthly magazine in Japanese with pretty good content and rather deep coverage. (At least as far as I can read it. My Japanese is still not that good.) I was amazed to find that this huge magazine (more than 200 pages in each issue plus a DVD) is completely realized by only two people. I think they do a great job. And actually most of the other non-Japanese attendees seem to think so to. One of them asked me to translate for him as he asked for an English version. Unfortunately - as of now - there is none. The reporter promised he would send me the pictures he took during my speech - and I got a good feeling he will. Speaking a decent Japanese really opens up a lot of doors around here.
Well, that's a wrap. I could keep on talking for ages but I think I should just stick to the important stuff. I hope to have given those of you who weren't attending a broad overview of what has been going on here. And for those of you who check my blog because we met at con today: Feel free to contact me with any questions you might have.
Oh, one last thing though. Apparently Black Hat Japan ended up on the evening news on NHK. NHK is Japans public TV-station so being featured there is quite equal to showing up on BBC, CNN or ZDF respective to the given countries. I think this is a nice sign that both the conference but also Japan's security community are on a good track. I am really looking forward to tomorrow.
<+> 2007-10-23 05:24:35 (1051.06d ago)
I figure I won't be getting NetHack out of my system anywhere soon. It is just a to great stress reliever. Really useful whenever I need a break. That might sound funny, but those ASCII-Graphics actually get me more active than the usual multi-million-polygon high FPS games.
So I eventually decided to get myself the proper gaming peripherals.
Let's not go into detail with other peripherals. I guess if you use Thinkpads you develop a demand for high-quality hardware.
But I'm drifting away from the subject. So what could I possibly buy for playing NetHack?
Well, how about this:
So before the next one starts screaming: Yes I am a VI user. And I wouldn't trade it for any other editor. But still I don't quite feel like playing a game using the hjkl steering. It just feels weird. Also a German keyboard layout kind of shuffles the keys for diagonal movement across the board. Numpads make steering much easier.
So I eventually decided to get myself the proper gaming peripherals.
What do you mean "gaming peripherals"? Aren't we talking about a ASCII-console-game here? What sort of joystick/mouse/gamepad could you possibly buy for THAT?Well, most of you will know about my hardware style anyway. I have been using nothing but high quality Razr mouses for years. Not because of gaming (I rarely ever have the time to play) but much rather because gaming-mouses have the sensitivity and accuracy I like for my daily work.(And before anyone shouts this out - yes, I am using the appropriate mousepads as well.)
Let's not go into detail with other peripherals. I guess if you use Thinkpads you develop a demand for high-quality hardware.
But I'm drifting away from the subject. So what could I possibly buy for playing NetHack?
Well, how about this:
So before the next one starts screaming: Yes I am a VI user. And I wouldn't trade it for any other editor. But still I don't quite feel like playing a game using the hjkl steering. It just feels weird. Also a German keyboard layout kind of shuffles the keys for diagonal movement across the board. Numpads make steering much easier.
<+> 2007-10-23 00:45:31 (1051.25d ago)
Yes! another private entry. Obviously returning to Japan has a positive influence on my writing skills and personal life.
Ok guys, it happened. What's that "it" I am talking about? Well, I finally got sucked into NetHack. How could that have happened?
Well, as you know I recently moved to Japan. And therefore I was stuck on a plane for several hours. Unfortunately I just wiped my disks a few months ago and I hadn't gotten around to compiling games yet. The only game on my machine was - well NetHack. I tried it out a couple of weeks ago but never got the hang out of it. However after being stuck on a plane for 10 hours with enough time to learn about the controls and the weird moves that are possible I am now kind of hooked on the game. Scores are getting better and better. I haven't ascended a character yet, but I am working on that.
So if anyone of you should currently be looking for a great game, give it a try. Keep in mind though, that you'll probably hate it on the first try. It takes a couple of hours to get used to. Oh, and you can probably get it to work on any more recent toaster you can find.
Ok guys, it happened. What's that "it" I am talking about? Well, I finally got sucked into NetHack. How could that have happened?
Well, as you know I recently moved to Japan. And therefore I was stuck on a plane for several hours. Unfortunately I just wiped my disks a few months ago and I hadn't gotten around to compiling games yet. The only game on my machine was - well NetHack. I tried it out a couple of weeks ago but never got the hang out of it. However after being stuck on a plane for 10 hours with enough time to learn about the controls and the weird moves that are possible I am now kind of hooked on the game. Scores are getting better and better. I haven't ascended a character yet, but I am working on that.
So if anyone of you should currently be looking for a great game, give it a try. Keep in mind though, that you'll probably hate it on the first try. It takes a couple of hours to get used to. Oh, and you can probably get it to work on any more recent toaster you can find.