[nycbug-talk] some more notes on Fifth HOPE

G.Rosamond george
Fri Jul 9 22:30:27 EDT 2004 

Some additional notes from the 2600 Conference today. . .remember, it 
continues tomorrow at the Pennsylvania Hotel at 7th & 33rd street. . 
.only $50.

A few of us were sitting outside trying to find wireless connectivity 
in the area, as Verizon screwed up the HOPE circuits, and an older man 
started asking a barrage of questions.  It was Captain Crunch himself.  
What an honor.  Told him about KisMac, which he took the URL for. . .If 
you don't know who he is, google for his name and a certain whistle and 
you'll understand it all.  . .

How the Great Wall Works.

Bill Xia spoke about the Chinese gov't's firewall, probably built with 
the assistance of Cisco. . .They censor sites external to China with 
DNS poisoing, tcp session hijacking, ip blacklisting of 
source/destination IP and port.  SSH tunnels are a way around for now.  
Not to be on the gov't's side of this. . .but why don't they just cache 
the sites they *do* want to give internally, and block everything else? 
  And proxy all mail. . .Since 2000, over 40 documented cases of arrests 
tied to "illegal" internet activities. . hmmm. . .If the US is 1/3.5 
the size of China, that would be over 11 people. . .Something I'm sure 
the US gov't has matched if not surpassed.  Bill is involved in 
dit-inc.us, which works to bypass the gov't's firewall.  He provided a 
few other sites, including faluninfo.us, hrichina.org, 64memo.org, 
china21.org. . .Fascinating stuff.  Definitely an effort worth giving 
your support to.

Security  Through Diversity

Another great meeting. . .first part based only on genetics and the 
role of diversity in species' survival.  Then connected to technology 
and computing. . .whether on the application end, os, etc.  Had a great 
list of bibliographies for his talk, but was unable to get them down, 
and he wasn't too helpful in getting them to anyone.  Referenced 
authors included Zhang on Hetero. . .I raised point about difficulty 
about diversity in business sites, as there's been the complete 
dismantling of open standards. . .so interoperability is hard. . .He 
raised the point of reverse engineering, such as with SMB. . .excellent 
point.  He mentioned that OpenSSH, Apache and more rely on one library, 
another indication of the problems with diversity.  One bibliography I 
did catch was Linger: "Systematic Generation of Stochastic Diversity as 
an Intrusion Barrier in Survivable Systems Software" 1999  Pretty scary 
title for a paper, but excellent concept.  He also contrasted security 
through diversity versus security through obscurity, an approach by 
many vendors.

CryptoPhone

Missed some of this meeting. . .based in Berlin, on GSM, of course.  
Triband, CP200.  Other solutions include Speak Freely, Nautilus, 
PGP-Phone, h.323 over IPSec, Skype, and other closed source.  All have 
various problems.  Hardware is HTC Himalaya XDA-II, MDA-II.  Nokia 
9210, with Windows CE, as he said it was the easiest to access code, as 
most is open.  Locked down os

Hope some people found that useful.

g

More information about the talk mailing list