[nycbug-talk] some more notes on Fifth HOPE

G.Rosamond george
Fri Jul 9 22:30:27 EDT 2004

Some additional notes from the 2600 Conference today. . .remember, it 
continues tomorrow at the Pennsylvania Hotel at 7th & 33rd street. . 
.only $50.

A few of us were sitting outside trying to find wireless connectivity 
in the area, as Verizon screwed up the HOPE circuits, and an older man 
started asking a barrage of questions.  It was Captain Crunch himself.  
What an honor.  Told him about KisMac, which he took the URL for. . .If 
you don't know who he is, google for his name and a certain whistle and 
you'll understand it all.  . .

How the Great Wall Works.

Bill Xia spoke about the Chinese gov't's firewall, probably built with 
the assistance of Cisco. . .They censor sites external to China with 
DNS poisoing, tcp session hijacking, ip blacklisting of 
source/destination IP and port.  SSH tunnels are a way around for now.  
Not to be on the gov't's side of this. . .but why don't they just cache 
the sites they *do* want to give internally, and block everything else? 
  And proxy all mail. . .Since 2000, over 40 documented cases of arrests 
tied to "illegal" internet activities. . hmmm. . .If the US is 1/3.5 
the size of China, that would be over 11 people. . .Something I'm sure 
the US gov't has matched if not surpassed.  Bill is involved in 
dit-inc.us, which works to bypass the gov't's firewall.  He provided a 
few other sites, including faluninfo.us, hrichina.org, 64memo.org, 
china21.org. . .Fascinating stuff.  Definitely an effort worth giving 
your support to.

Security  Through Diversity

Another great meeting. . .first part based only on genetics and the 
role of diversity in species' survival.  Then connected to technology 
and computing. . .whether on the application end, os, etc.  Had a great 
list of bibliographies for his talk, but was unable to get them down, 
and he wasn't too helpful in getting them to anyone.  Referenced 
authors included Zhang on Hetero. . .I raised point about difficulty 
about diversity in business sites, as there's been the complete 
dismantling of open standards. . .so interoperability is hard. . .He 
raised the point of reverse engineering, such as with SMB. . .excellent 
point.  He mentioned that OpenSSH, Apache and more rely on one library, 
another indication of the problems with diversity.  One bibliography I 
did catch was Linger: "Systematic Generation of Stochastic Diversity as 
an Intrusion Barrier in Survivable Systems Software" 1999  Pretty scary 
title for a paper, but excellent concept.  He also contrasted security 
through diversity versus security through obscurity, an approach by 
many vendors.


Missed some of this meeting. . .based in Berlin, on GSM, of course.  
Triband, CP200.  Other solutions include Speak Freely, Nautilus, 
PGP-Phone, h.323 over IPSec, Skype, and other closed source.  All have 
various problems.  Hardware is HTC Himalaya XDA-II, MDA-II.  Nokia 
9210, with Windows CE, as he said it was the easiest to access code, as 
most is open.  Locked down os

Hope some people found that useful.


More information about the talk mailing list