Message 03133 [Homepage] [Navigation]
Thread: oxdeT03133 Message: 1/1 L0 [In index]
[First in Thread] [Last in Thread] [Date Next] [Date Prev]
[Next in Thread] [Prev in Thread] [Next Thread] [Prev Thread]

[ox] presenters and workshops at HAL2001



International conference "hackers at large" (www.hal2001.org), this weekend.

Speakers and sessions:

Alex
Alex writes code to make music, mostly using perl and linux, as part of the
distorted collaboration slub.
Session: Hacking Sound performance. process based music
"Without software, a computer is like a stone. Consider a program that
generates organised sound - what could it be but a music score, composed by
humans? I suggest that ultimately, software can be nothing but human
expression". Alex wrote a paper about hacking sound, which gives an idea
about the ideas he's interested in sharing, see
http://www.sound-hack.org/hacking.html. His session will be a
speaker/demonstration hybrid with audio output and possibly video as well.

Alien Tim
Session: Soundscape

Umberto Annino
Aktuelle Kamera is a group of german guys who have started a
"watch-the-video-surveillance" project in several german cities. The german
URL for the project is: http://www.aktuelle-kamera.org.
Umberto Annino (Switzerland) was inspired by Aktuelle Kamera to start a
similar Swiss mapping-the-camera's project. He also presents the swiss big
brother awards (excerpt from last year awards, and look-forward to this
years awards).
Session: Camera & Video Surveillance
Aktuelle Kamera will mainly speak about video surveillance and what can be
done with those tapes (i.e. face-recognition etc.)

Stefan Arentz
Session: IPSec at HAL
Stefan Arentz, member of the IP Sec team of HAL2001 will explain the IPsec
setup used at HAL and talk about IPsec in general.

Walter Belgers
Walter Belgers started hacking UNIX, Internet, BITNET and other stuff in the
late eighties and hasn't stopped since. The first five years of his
professional life were dedicated to developing, deploying and managing
Internet firewalls for large internationals. Currently, he enjoys playing
with UNIX (he has 19 systems running UNIX at home) and teaching UNIX and
security to IT professionals for his current employer AT Computing.
Session: Introduction to the FreeBSD operating system
In this short introduction, the speaker will explain why FreeBSD is such a
fantastic operating system. Several mindboggling features and uses of
FreeBSD will be discussed. The speaker hopes that those in the audience
running another OS will be tempted enough to try out FreeBSD for themselves
and see if it can compete with the OS they are currently using.
Session: IPv6
At HAL'2001, IPv6 connectivity is easily setup if your OS supports it. The
IPv6 workshop will give an introduction to IPv6, after which you'll
understand that more IP addresses are not the only thing IPv6 is about.
After the introduction, the speakers will tell you more about the IPv6
related topic you would like to hear more about, be it the underlying
technique, or more practical things like how the deployment is going.

Eric Blossom
Session: GNU Radio, a free software defined radio

Andreas Bogk
Session: The Dylan Programming Language
Dylan is an advanced, object-oriented, dynamic language that supports the
rapid development of programs without sacrificing performance. Nearly all
entities in Dylan (including functions, classes, and basic data types such
as integers) are first class objects. Additionally Dylan supports multiple
inheritance, polymorphism, multiple dispatch, keyword arguments, object
introspection, and many other advanced features. This workshop gives an
overview of the language and the Open Source Dylan compiler from the Gwydion
project.

Peter Busser
Workshop: Do It Yourself Linux
Peter Busser (NL) has been working for VPRO Digital for a long time, and
gives a workshop about basic Linux Security, together with Thorsten Fenk and
Kurt Seifried.

C.
C. (Germany) is the spokesperson of CCC, the Chaos Computer Club.

Jon Callas
Jon Callas (USA) is an American cryptography expert who used to work for
a.o. Apple, Pretty Good Privacy and Counterpane Internet Security. Jon
Callas is a Senior Systems Architect at Wave Systems.
Jon Callas is a premier figure in the world of Internet security. He
produced RFC 2440 (the IETF standard for OpenPGP), created the architecture
for a unified PGP and X509 certificates, and has worked to get PGP software
available worldwide. His current passion is the Digital Millennium Copyright
Act and its effects on security, testifying before the U.S. Congress in
1998.
Session: The effect of anti-circumvention provisions on security
Callas explores security design, copyright, and shows how the two can be
reconciled. One of the properties of digital Intellectual Property (IP) is
that it can be easily reproduced, modified, and transferred. In response, IP
owners have created new security technologies for controlling the digital
works. Inevitably, this creates an opportunity for those who can circumvent
those technologies. Recent changes in copyright law attempt to address this
on-going battle by prohibiting circumvention of these technologies.
Unfortunately, this well-meaning provision has a number of unfortunate
effects on development of security systems, including techniques that
protect intellectual property itself.


Justing Cheung
Justin Cheung (USA) from the CNET (ZDNET) Linux Hardware Database will cover
a broad range of issues dealing with the design and implementation of
high-security linux server appliances. Cheung will talk about what kind of
hardware to use, how to turn an insecure default install of Red Hat 7.1
Linux into a high- security operating system with a few easy steps.
Session: Designing and Maintaining a High-Security Linux Server Appliance
This session will cover hardware/software installation, configuring an
out-of-box Linux, setting up mandatory access controls and restricted
accounts, managing network services, and permissions as well as IDS,
honeypot, setting up landmines and so on. A demonstration of security
patching and how to conduct your own security audit will follow.

Hugh Daniel
Session: Opportunistic encryption in IP security

Ariane Dekking
Mouse Athlets RSI prevention course

Sven Dietrich
Sven Dietrich is a renowned security expert. He talked at length about the
Shaft DDoS tool at USENIX LISA 2000, in addition to the quick
work-in-progress talk at USENIX Security 2000. Dietrich is a Member of the
Technical Staff at the CERT Coordination Center.
Panel: DDoS panel
Session: DDoS: analysis, detection & mitigation techniques
Sven Dietrich gives an introduction to DDoS, Distributed Denial of Service,
its detection, analysis, and possible prevention/mitigation techniques,
exemplified by real-life DDoS scenarios.

Jeroen Dekkers


Paul Dinnissen
Paul is 31 years of age and has (next to working careers at KPMG EDP
auditors and DigiCash Corporation) a long entrepreneurial history in new
media, being co-founder of Hack-tic Magazine, WebNet / EuroRSCG Interactive
and ITSX. As a guest lecturer, Paul has given more than 150 presentations
and lectures in 5 continents on Internet, digital payment systems and
information security. http://www.maptive.com/.
Panel: Privacy & location data in mobile telephony

Dave Dittrich
Dave Dittrich (USA) is a Software Engineer and Consultant for the University
of Washington's Computing Communications Client Services group, consulting
mostly on system security, UNIX system administration, and X Window System
related issues.
Panel: DDoS panel
As an expert on DDoS he's a well-loved panelist. At
http://staff.washington.edu/dittrich/talks/cert/ you will find the outline
of a CERT workshop he gave on DDoS in november 1999. More background
information: http://staff.washington.edu/dittrich. Interview by Slashdot:
http://slashdot.org/interviews/00/02/16/1836215.shtml.

Peter Eckersley
Peter Eckersley (Australia) is doing a postgraduate thesis on alternatives
to the intellectual property system - ways of paying artists, authors, and
hackers, without giving them monopolies over their creations.
Session: Designing an economy without (intellectual) property
In this talk, he'll be discussing alternative digital economic structues
which would reward creation automatically, without the evil mess that
results from trying to establish unnatural "property rights" in ideas.

Thorsten Fenk
Workshop: Do It Yourself Linux
Thorsten Fenk (Germany) organises a basic Linux security workshop. The goal
isn't 100% security, just an introduction to basic Linux Security. This does
not include kernel patches or the like, it's more about disabling
unnecessary services and setting up ipchains. Intended audience are people,
who just got a linux cd and like to secure their system.

Niels Ferguson
Niels Ferguson is one of the designers of Twofish, an AES finalist that lost
to Rijndael. He spent several month attacking Rijndael, which resulted in
the papers on which this talk is based. A veteran of both DigiCash and
Counterpane, he is currently writing a book on cryptography. Session: How
secure is AES/Rijndael?
AES is the new block cipher standard. Should you use it? Hear the details of
the best known attack on AES, the simple algebraic structure of AES, the
dangers this structure might imply, and some advise on which block cipher to
choose.

Halvar Flake
Halvar Flake likes to take apart stuff. Furthermore he has an absurd
fascination with things that fail/break in a spectacular (and normally
complex) way yielding unexpected results. Originating in the field of copy
protection he moved on to reverse engineering with special regards to
finding bugs which allow illicit execution of code or manipulation of the
internal logic of running programs. He thinks about joining the OpenBSD
development to help them remove a few of the nastier exploitable conditions
in their code.
Session: Binary and source code auditing

Miek Gieben
Miek Gieben (NL) from NLNet labs is co-organiser of the DNSSec workshop,
together with Olaf Kolkman and Paul Wouters.

John Gilmore
John Gilmore (USA), one of the founders of the Electronic Frontier
Foundation, is a man of many many talents, not easily described in 3 lines.
Take a look at the impressive overview of his activities at
http://www.toad.com/gnu/
Gilmore presents on 3 different topics.:
Session: What's wrong with copy prevention
See http://www.toad.com/gnu/whatswrong.html
Session: Drugs & thought crime
Quoting John Gilmore: "The US policy on "illegal drugs" has been a terrible,
hurtful sham for my entire life. Today there are more than 2,000,000 people
in prison in the United States -- supposedly the freest country in the
world. One quarter of the world prison population is imprisoned in the US.
We have imprisoned a larger number AND a larger percentage of our citizens
than in every single other country. Minorities are imprisoned at large
multiples of their actual incidence of criminal behavior. (...) Besides the
practical issues, there are fundamental rights involved. The right to speak
freely is irrelevant if the citizenry does not have the right to think
freely." For more information see a.o.
http://www.toad.com/gnu/ecstacy-sentencing.html.
Session: Opportunistic encryption in IP security Together with Hugh Daniel,
Gilmore is presenting the latest achievements of the FreeS/WAN project,
release 1.91, which allows for opportunistic encryption. "This is where you
don't have to setup by hand each secure link with someone else, it just
happens if both of ends set up their reverse DNS correctly. It's not fully
done, but you can (and should!) start playing with it! See the documentation
file .../freeswan-1.91/doc/opportunism.howto to get started." See
http://www.freeswan.org/.

Emmanuel Goldstein
Emmanuel Goldstein is the editor-in-chief of 2600: The Hacker Quarterly and
host of a weekly radio program in New York called "Off the Hook". CNN
Question & Answer Round:
http://www.cnn.com/TECH/specials/hackers/qandas/goldstein.html.
Session: Cybersquatting versus Freedom of Speech
Panel: Hacker Culture 1984-2001

Rop Gonggrijp
Rop Gonggrijp was editor-in-chief of HackTic Magazine. Later on he was one
of the founding fathers of XS4ALL, the first internetprovider catering to
the public in the Netherlands. Later on, he founded security company ITSX.
His new company is NAH6, working on voice cryptography and mobile crypto
tools.
Panel: Hacker Culture 1984-2001
Session: SEMS open standard for secure SMS
SEMS is a proposed open standard for Short Messages in GSM networks. We use
RSA directly to provide a bigger payload. Because of this a lot of
cryptographical problems have to be solved.

Bart de Gruyter
Session: Provisioning Portal for multicast satellite communication
Bart de Gruyter works at Cast4All; a Belgian start-up that is developing a
provisioning portal for multicast communications by satellite (DVB
platform). Session: Provisioning Portal for multicast satellite
communication
During the session Cast4All will give a demo of this multicasting platform,
the provisioning portal and some multicast applications plus some
introduction on how to get things working on linux and win2000. Cast4All
will also discuss our architecture. Also, during HAL they will either stream
all presentations through satellite or show a closed loop demo.

Robert Guerra
Formerly Director, CryptoRights Foundation Head, Latin American Directorate.
Presently Director, Computer Professionals for Social Responsibility (CPSR).
Conference Co-chair, 8th CACR Information Security Workshop & 2nd Annual
Privacy and Security Workshop. "The Human Face of Privacy Technology".
November 1-2, 2001, The University of Toronto, Toronto (Canada).
Session: Protecting human rights with crypto tools in Guatemala

Job de Haas
Session: SMS Security
Fun & Games with Solaris kernel modules

Arjan van den Ham
Arjan van den Ham (NL) is a consultant for Deloitte. Together with his
colleague Huub de Jong (NL) he will present a legal overview of, and a
technical introduction to encryption.
Session: The qualified digital signature
Topics: What is a digital signature from a legal and from a technical
perspective, The EU directive dealing with (qualified) electronic
signatures, National workgroups and legislation, Certification of Trusted
Third Parties, Requirements for qualified digital signatures: a technical or
a legal issue? Prerequisite for this session is a knowledge about Public Key
Infrastructures.
Session: Public Key Infrastructures, a technical introduction
In the technical introduction to Public Key Infrastructures Arjen van den
Ham will discuss Secret key encryption, Hashing, Public Key encryption,
Algorithms and its strengts and weaknesses, Key lengths, X.509 v3, Private
key storage, Certificate storage, Certification Authority and its
requirements and Registration.

Jo Hastings
Jo Hastings (USA) is the marketingmanager of Sealand/HavenCo, the
independent internetprovider (co-location) on a small offshore near the
coast of Great Brittain.
Session: The story of Sealand/Havenco

Harl
Vaughan
Session: Hacking the Brain: From Reverse Engineering to Optimisation
This talk will cover the methods by which cognitive neuroscientists use to
reverse engineer the brain and ways in which mental performance can be
enhanced especially when completing 'high load' or difficult tasks.

Gerrit Hiddink


Richard Higson
Demonstrate Hercules running Linux/390 (Debian)
Richard Higson (Germany) will demonstrate Hercules running Linux/390
(Debian) on an i586 Laptop, Poorman's Mainframe, (MVS 3.8j or VM Rel6),
discuss "Large scale Linux" if people are interested.

Jaap Henk Hoepman
Jaap-Henk Hoepman is assistant professor at the University of Twente. His
research interest include cryptography, security and fault tolerance.
Besides this theoretical work, he also likes to hack (as in: write programs
for fun). His last project involves a Java based mind mapping tool. See
http://www.xs4all.nl/~jhh
Session: Privacy by Design
We will discuss what privacy is, why it is important, and why keeping
private becomes harder and harder. We will discuss how privacy can be
protected by designing systems in certain ways. We will use the road
tariffing system (Pieper's "MobiMiles") as a good, and Snellen's DigiBox as
a bad example.

Maria Hogberg
Maria Hogberg (Sweden) gives a DNS tutorial together with Vesna Manojlovic.
She works as a ccTLD-technican (at NIC-SE, who administrates .se). Besides
covering DNS history, they will also be talking about DNS-sec, ipv6, the
fact that you indeed can "shut of" the internet by pressing the right
buttons and also some general political /administrative issues in the DNS-
world.

Don Hopkins
Don Hopkins is a game developer who worked on The Sims with Will Wright at
Maxis. He will discuss the design and development process, how it ticks on
the inside, how to hack it and how to create your own content. At
http://www.lushcreations.com/Transmogrifier.htm you will find a tool he
developed that allows players to create their own objects for The Sims

Hopkins will also talk about pie menus (http://www.piemenu.com), a user
interface widget that he's been researching and developing since 1987, and
that he implemented in The Sims for controling the behavior of the simulated
people.

Zoltan Hornak
Zoltan Hornak is teaching at the Budapest University of Technology and
Economics in Hungary. He is leading a security laboratory called SEARCH. The
Security Evaluation Analysis and Research Laboratory is specialized in
mobile network security. Within this Lab he has been executed several
security audits and evaluations of different mobile phones and WAP-related
systems.
Session: Mobile Security - Dangers and Visions
Hornak will talk about current and future dangers and visions of the mobile
world.

Bruce Hoult
Session: The Dylan Programming Language
Dylan is an advanced, object-oriented, dynamic language that supports the
rapid development of programs without sacrificing performance. Nearly all
entities in Dylan (including functions, classes, and basic data types such
as integers) are first class objects. Additionally Dylan supports multiple
inheritance, polymorphism, multiple dispatch, keyword arguments, object
introspection, and many other advanced features. This workshop gives an
overview of the language and the Open Source Dylan compiler from the Gwydion
project.

Gus Hosein
http://is.lse.ac.uk/staff/hosein/za_ict_sub.html

Francisco van Jole
Francisco van Jole (NL 1960) is a journalist, who specializes in Internet
coverage and works for print, tv, radio and online media. He co-hosts the
national radio show 'TROS Radio Online' and has a bi- weekly column in de
Volkskrant, a major Dutch national newspaper. Van Jole lectures regularly
about a wide range of subjects concerning the impacts of an online society.
Currently he works on a new book. More information on http://www.2525.com/.

Huub de Jong
Huub de Jong (NL) is a consultant for Deloitte. Together with his colleague
Arjan van den Ham (NL) he will present a legal and a technical overview of
encryption.
Session: The qualified digital signature
In the legal overview De Jong and Van den Ham will talk about The EU
directive dealing with (qualified) electronic signature, National workgroups
and legislation, Certification of Trusted Third Parties and requirements for
qualified digital signatures: a technical or a legal issue?
Topics: What is a digital signature from a legal and from a technical
perspective, The EU directive dealing with (qualified) electronic
signatures, National workgroups and legislation, Certification of Trusted
Third Parties, Requirements for qualified digital signatures: a technical or
a legal issue? Prerequisite for this session is a knowledge about Public Key
Infrastructures.

Zoltan Kincses
Zoltan Kincses is working in the SEARCH Lab at the Budapest University of
Technology and Economics in Hungary as a researcher. He had organised
several security and smart card related seminars at the University of Eotvos
Lorand in Budapest, Hungary. He is in finishing phase of his Ph.D. studies.
Session: Mobile Security - What is possible now and in the future?
Kincses will talk about several circumvent possibilities of GSM security.

Olaf Kolkman
Olaf Kolkman is a Scientific Programmer with the RIPE NCC. He is responsible
for RIPE NCC's DISI project. He will give an introduction to DNSSEC and is
co-organizer of the DNSSEC workshop with Paul Wouters and Miek Gieben.

Ryan Lackey
Ryan Lackey is from the offshore colocation provider Havenco.
Session: The story of Sealand/Havenco Those seeking to host controversial
content (scientology-related websites, investment information, security
advisories, online gaming, whistleblower information about environmental
abuse, political views, etc.) have a difficult choice: where and how to
host. Fundamentally, the choices are to host onshore (in one's own
jurisdiction) and try to make a political/legal stand, to host in offshore
jurisdictions with more favorable laws (not just islands in the Caribbean --
for many, the US has favorable laws), or to host online -- using privacy-
protecting technologies, p2p file sharing, etc. to be censorship resistant.
We will present several case studies of different kinds of content and how
they've been hosted, successfully or otherwise, and show how to choose the
best way to host arbitrary content, before the lawyers come knocking on your
door.

Pete Shipley
Member of the driveby hacking panel on sunday.

Simon Lelieveldt
Simon Lelieveldt is a former policy analyst of De Nederlandse Bank and De
Postbank. Extensive information about this panel at
http://gold.vanrein.org/e-banking/.

Vesna Manojlovic
Vesna Manojlovic is working for the RIPE NCC as a "trainer". In her talk she
will cover the following topics: Internet Registry Structure (historical
overview, CIDR, ICANN & Internet Governance & RIPE); Where to get IP
addresses; the IRR and Reverse DNS.

Akita Mata
Session: computer created music/sound environment
Digital folk culture. Digital sounds made on machine.

Scott McIntyre
Scott McIntyre (UK) works for the dutch internetprovider XS4ALL as the
Security Officer. In his talk he will give an overview of the daily security
practice at an ISP.

Mixter
Mixter is a 22 year old german male, who likes to code in C, and to develop
other things related to security. He's currently employed with an IT
security company. He is planning a short discussion about the upcoming
generation of automated exploit tools, explaining the technical details and
the scope of exploit automation as well as the implications on security.
Possibly it will include the release of the first public tool for automated
exploits and penetration testing. Take a look at
http://mixter.warrior2k.com/ and at
http://packetstormsecurity.org/distributed/tfn3k.txt for an extensive text
about DDoS.
Interviews with Mixter: (English) and (Deutsch)
http://www.zdf.msnbc.de/news/48705.asp?cp1=1.

Andy Mueller-Maguhn (CCC)
Panel: Hacker Culture 1984-2001

Greg Newby
Greg Newby, assistant professor in the School of Information and Library
Science, University of North Carolina.
Session: Can Hacker Ethics be taught and what are hacker ethics anyway?
Workshop: Fundamentals of C/C++ programming
Stop being embarassed that you don't know how to program. Instead, attend
this tutorial, where you will learn what you need to write basic C and C++
programs. The tutorial will cover basic C and C++ syntax, functions, data
types and (for C++) the STL. A small library of programs will be available
on the Web for your exploration during or after the session. Bring your
Unix/Linux systems, and you'll be writing programs by the end of the
session! There are many programming languages in the world, but C and C++
are the languages of choice for most operating systems, server software and
applications. With C and C++ skills, you will be better prepared to install,
maintain, create and investigate security holes on Unix and non-Unix
systems.
In addition to the fundamentals of C and C++, we will demonstrate the basis
of many security problems: the buffer overflow. Buffer overflow code will be
written, and basic intrusion payloads will be demonstrated.

Noir (Noir Desir)

Alberto Escudero Pascual
Pascual is working at the Royal Institute of Technology - Sweden. Anonymity,
Untraceability and Privacy is Pascual's main research area at Kungl Tekniska
Högskolan. It focuses on anonymizing techniques, protection of personal
identifiable information (PII) and other privacy related issues. From
January 2000 Pascual has been working in privacy in the field of mobile
internetworking (location privacy) and since March 2001 in a joint research
effort with Zero Knowledge Systems to extend the Freedom[tm] protocol. Read
more on http://www.flyinglinux.org/
Session: Location privacy in mobile internetworking (untraceability).
This session is about security and privacy. Please check
http://www.flyinglinux.org for an abstract about Wireless LAN security.
Information on the Big Brother Project

pdck

Pim van Pelt
Pim 'Da P' van Pelt. Starting his Unix carreer as a member of the Board at
the MCGV Stack computing club at the TU/Eindhoven, Pim discovered much of
his interrests regarding the Internet. Working for various companies such as
Track Internet, Wegener, Freeler and Intouch, he designs and deploys IPv4
and IPv6 networks and tries to advocate the use of BSDs within the various
Dutch corporations.
Some of Pim's spare time hobbies involve the organisation of a mediumscale
PC Demoparty (www.takeover.nl), IPv6 deployment (www.ipng.nl) and Unix
interoperability (#unix, #linux and #*BSD on the IRCNet)
His daytime job involves development of datamining and informationm
retrieval software at WiseGuys BV, and network consultancy and IPv6 design
for Intouch NV.

Rena Pengers
Big Brother Awards International

Sharad Popli
Sharad Popli is the CTO and founding director of QuantumLink Communications
Pvt. Ltd. (QLC), a five year old software company (based in Bombay, India),
with a focus on Internet technologies and a specialization in Java. Sharad,
an old timer on the Net (more than 10 years now) is the chief architect
behind PostMaster, a popular mailserver with more than 1500 installations
across the world. A strong advocate of Open Source, he has been an early
adopter of various open source technologies and software (including Linux
since its 1.0 days and PHP when it was known as PHP/FI :))
Sharad writes from time to time (when persuaded enough!) His articles have
appeared in most publications in India and also on CNETs international
sites. He is an oft-invited speaker at various seminars and conferences and
has addressed numerous conventions on subjects including: Java Technologies,
Servlets, Linux, Email, Security issues, MTAs on Linux, Advertising on the
Net, and other generic net-based topics. When not ensnared by the Net, he
enjoys reading, music and the great outdoors. Session: Basic introduction to
privacy & security issues
Security & privacy are critically important issues in todays digitally
connected age. The typical netizen is blissfully unaware of the dangers that
lurk each time he or she gets connected. Others consider security to be a
"black art", too complex to understand - and therefore studiously avoid
anything to do with it.
This session serves as an introduction to the dangers that abound in today's
networked existence. Besides presenting an overview of various attacks, the
talk tries to demystify them by explaining the "how it works" of the
attacks.
We move from basic to more sophisticated attacks, cover a "proof of concept"
case study and consider the counter measures possible. The session aims to
serve as a starting point for all those interested in safe guarding their
online existence, for those responsible for their organiztion's security
issues and for just about anyone who is interested in security.

Niels Provos
Steganography is the science of hidden communication. It can be used to hide
messages in images. Posting such images on the Internet permits secret
communication to somebody who knows the secret key to retrieve the message.
This is safe unless a third party were able to determine which images
contain hidden content.
In his talk, he will discuss how to detect steganographic content in JPG
images. Starting with an outline on how messages can be hidden in JPG
images, he will continue on how to discrepancies in such modified images can
be found by statistical tests. Stegdetect is a tool that he developed to
automatically find images that seem to have hidden content. While
"stegdetect" does not guarantee that the detected images have hidden
content, it acts as a filter. To ascertain that images really have hidden
information, Provos developed software to launch large-scale distributed
brute-force dictionary attacks against these images. He will talk about his
motivation and experiences while developing and using these tools.

Fjalar Ravia (aka fravia+)
Session: Web wizard searching techniques, anti-advertisement galore and
software reversing tips
In his session Fravia (active in the software reversing and web-searching
scene since 1994) is trying to explain how important it is to search
effectively the web, and how annoying is the commercial crap you find on the
web and in the software you use when searching knowledge and info, and hence
how to nuke it reversing javascript snippets or software code you do not
happen to have the source of. More info:
http://www.searchlores.org/paris/paris.htm.

Jim Rees
Jim Rees (USA), works for the University of Michigan. His workshop will be
about Smartcard Security, Applications, Directory Structure, Communication
and Scanning, Javacard programming, Kerberos & ssh, Webcard, Secure Internet
Smartcard. He can supply max 20 students with a card and reader. Students
must provide a computer with rs232 port running BSD or linux.
If you're interested in participating please prepare and read
http://www.citi.umich.edu/hal2001/. You can subscribe for this workshop the
minute you arrive at the INFO stand. First come, first serve! Rees doesn't
mind if more people sit in, but the presentation will be aimed at the 20
subscribed people.

Rick van Rein
Rick van Rein is currently finishing his PhD in computer science at the
University of Twente. He is the inventor of the BadRAM patch that makes
Linux run smoothly on top of broken memory, and aside from a lecture on
that, he also organises a session on electronic banking at HAL.

Konrad Rieck
Konrad Rieck (Germany) will give an introduction into kernel programming
techniques under the Solaris 8 Operating Environment. Implementing security
mechanims or even trojan/backdoor code in kernel space.

Frank Rieger
Frank Rieger (Germany) has a wide field of interests and activities. He was
a speaker for the german Chaos Computer Club for several years with special
focus on developing a hackers perspective on Information Warfare and global
intelligence- and crypto-politics. Currently his main interest is in his
company that developes next generation location based applications for fixed
and mobile devices.
He will talk about the effects of the availability of high-resolution
satellite images in the civilian market. The talk will give an overview of
sources, methods of analysis and uses by practical example and try to
summarise what is publicly known about satellite imagery in the military and
intelligence field. Brief excurses into shutter control politics, the
upcoming UAV field and aerial imagery are also included.

Guido van Rooij
Ip-filter is an Open Source packet filtering engine that is available for a
number of operating systems, including Solaris and {Free,Open,Net}BSD.
Ip-filter comes with stateful packet filtering. In the TCP case, the state
engine not only inspects the presence of ACK flags, or looks at source and
destination ports, but it includes sequence numbers and window sizes in its
filtering decision. This greatly reduces the window of opportunity for
malicious packets to be passed through the packet filter.
The original state engine had a number of problems. This speech will shortly
discuss these problems and then move on to the design of the new state
engine. This will be followed by discussing implementation consequences. The
session will conclude with experiences with the state code, and future work
on the state code.

Peter de Ruiter
Peter de Ruiter, website developer and initiator of www.cyberacties.nl.
Session: How to organise cyberactions Cyber actions and how to set a
succesful one yourself
The internet is the perfect medium for fighting for a good cause and to
organize people to support this cause. All means for cyber actions are
available free and virtually without technical barriers. Which cyber actions
are succesful and how can you set up one yourself?

Peter De Schrijver
Peter de Schrijver (BE) will give a work-in- progress presentation about
Porting linux to non- Intel architectures. Besides running on the ubiquitous
IA32 architecture, linux also runs on a variety of other platforms ranging
from wristwatch to mainframe. But how do you tackle a port to an up to now
unsupported machine ? How do you setup a cross compile environment ? Where
do you find documentation? How do you debug the thing? How do I write code
for linux which also runs on non IA32 machines?

Moritz Schulte
Moritz Schulte (DE) will talk about the GNU/Hurd OS (the idea, the
design/architecture, the implementation, ...). The Hurd is a very
interesting OS project. It's a multi server OS running on top of the Mach
microkernel. The Hurd project needs more help of hackers, such talks can
help to make it more popular.

Scut
Having been interested in security for the last five years, scut has spend
his free time with research since then. First starting with copy protection
mechanisms and cryptography he has slowly converted to a network security
enthusiast. His focus in this broad field are security vulnerabilities at
source level and complicated exploitation scenarios on a variety of
architectures. He has a rock-solid understanding of the C language and has
developed strong source code auditing skills. His past works include
technical articles, exploitation software and actually 'useful' software ;).

Kurt Seifried
Workshop: Do It Yourself Linux

THC
Detailed quiz information and a way to preregister for the quiz, see
http://www.thehackerschoice.com/events/hal2001/.

Solar Designer
Solar Designer is the author of several popular security tools for Unix-like
operating systems. He is better known for his password security tool set
which includes John the Ripper password cracker, and for the Linux kernel
"hardening" patches, although those aren't necessarily the most interesting
things he's done. ;-) Solar is currently the team leader for Openwall
GNU/*/Linux.
Session: SSH Traffic Analysis
This presentation covers several weaknesses in common implementations of
"secure" (encrypted) remote login protocols, with SSH (Secure Shell)
protocols as the particular example. When exploited, these weaknesses allow
an attacker to obtain sensitive information by passively monitoring
encrypted remote login sessions. Such information may later be used to speed
up brute-force attacks on passwords, including the initial login password
and other passwords appearing in interactive login sessions.
The traffic analysis attacks will be demonstrated. Countermeasures to reduce
the impact of traffic analysis are proposed.

Dug Song
Dug Song is Security Architect at Arbor Networks, where he works on
wide-area traceback, monitoring, and various active countermeasures to
threats against network availability. He is also a frequent contributor to
various open-source security projects (including OpenBSD and OpenSSH), and
is the founding member of an online, international monkey cult.
Session: SSH Traffic Analysis
This presentation covers several weaknesses in common implementations of
"secure" (encrypted) remote login protocols, with SSH (Secure Shell)
protocols as the particular example. When exploited, these weaknesses allow
an attacker to obtain sensitive information by passively monitoring
encrypted remote login sessions. Such information may later be used to speed
up brute-force attacks on passwords, including the initial login password
and other passwords appearing in interactive login sessions.
The traffic analysis attacks will be demonstrated. Countermeasures to reduce
the impact of traffic analysis are proposed.

Nikolay Sturm
Nikolay Sturm (Germany) gives a workshop on OpenBSD, with an overview from a
security point of view, sample installation, configuration overview, packet
filtering, and IPSec.

David Szego
Session: biometrics hardware and practical usage
A general overview of practical day-to-day usage of biometrics, and the
demonstration of an affordable, portable fingerprint recognition device.

Christiaan Alberdingh Thijm
Christiaan Alberdingh Thijm (NL) is a lawyer specialised in intellectual
property cases. He currently works for the dutch office SOLV, with customers
such as KaZaa and XS4ALL. Thijm regularly writes columns and articles for
Emerce.

Tille (Machtelt Garrels)

Tim Timewaster
Session: Hacking Digital Watermarks
A Digital Watermark is a technology that can be used to try to prevent
digital data from being copied. Examples are SDMI, DVD copy protection and
even Playboy's dirty pictures. Companies are spending tons of money on this
kind of technology, but does it really work? In this talk, a brief overview
of watermark technology will be given and a simple watermarking system will
be examined. Note: AFAIK the system that will be analyzed is not in use for
copy protection at the moment. Attacks against it have (hopefully) been
known to researchers in this field before the DMCA was adopted.

Geoffrey Turk
Geoffry Turk works for the American company Goldmoney. Extensive information
about this panel at http://gold.vanrein.org/e-banking/.

Liz Turner
Liz Turner (UK/NL) is a webdesigner. She's responsible for the look & feel
of the HAL website.
Mouse Athlets RSI prevention course

Unicorn

Drew Vallas
Drew Vallas (USA) will talk about biometrics, the technology, the
shortcomings and different applications.

John Viega
John Viega (USA?) lectures about his project RATS, a UNIX-based library for
secure programming, focused on ease of use. It attempts to offer a wide
array of high-level security functionality to software applications. We will
show how this library can make programs more secure and yet easier to write.
In his talk, he will also briefly examine the different types of strategies
used to try to make programming in C safer.

Tom Vogt
Tom Vogt "target" of the movie mafia, an activist for freedom as well as a
security professional, was involved in the DeCSS case from the start. His
talk wil also be about the general impact on copyright-issues of the Digital
Millennium Copyright Act.
Tom Vogt (DE) is one of the earliest involved in the DeCSS party (defendant
in cal, creator of the decss mailing list, top-3 hit on google for "decss").
He will give an overview of the history and move on from there to background
and legal futures, such as WIPO documents we found during the past 1 1/2
years or the european copyright directive ("euro-dmca").

Web.fm (.at/.de/.net)
Manuela Framer and Yuri Kliedejimas
Session: Network sonification
An hour of listening to network traffic, and systems in action. during this
informal performance, web.fm subunits will present and discuss methods for
bringing network processes, events and system activity into the audible
realm in various forms. Applicable to system or network monitoring/analysis,
ambient information presentation and mindless entertainment.
http://subnet.web.fm.
"With the aid of electronic computers, the composer becomes a sort of pilot:
pressing buttons, introducing coordinates, and supervising the controls of a
cosmic vessel sailing in the space of sound, across sonic constellations and
galaxies that could formerly be glimpsed only in a distant dream." (iannis
xenakis 1971)

Stephanie Wehner

Ruediger Weis
Ruediger Weis (Amsterdam) has studied math and to avoid having to work for a
boring company he also did his PhD in computer science. At the moment he is
the chief cryptographer of the cryptolabs Amsterdam. His main research
interest are cryptography, computer insecurity and wireless gadgeds. He is
also a longtime member of the CCC.
Session: "Open Source" Crypto hardware using JAVA Cards.
Java cards make is possible to store small crypto hacks on the card. We show
how we can provable add security to existent protocols and applications
(e.g. gpg) and present some "you-can-trust-one-of-many" constructions.

Barry Wels

Harald Welte
Harald Welte is the founding father of the Linux 2.4 firewall

Maurice Wessling

Jonathan Wignall
Jonathan Wignall (UK), from the independent Data and Network Security
Councel, is the organiser of DNS4 the uk's conference, now rescheduled to
run 1 week after HAL to avoid clashing with this event. He is also a prior
speaker at Defcon and H2K

Brenno de Winter
Brenno de Winter (NL) is the owner of De Winter Information Solutions. He's
a very experienced lecturer. At Defcon this year he did a presentation on
IPV6 security. More information on www.dewinter.com.
Session: Security & IPv6
According to the market IPv6 is solving many issues and is ready for a more
secure and business like Internet. But also the first issues related to IPv6
have occured. What is really new and how secure can we be with that?

Marcus Wohlschon
Student of computer-science from Rostock/Germany, interesred in wearables as
a hobby, wrote one of the bigger wearable-software-projects. Marcus
Wohlschon (Germany) can be found in the Main Tent, showing some wearable
computing. Marcus plans to give an introduction to wearable computers in the
form of a presentation and then join the audience to let everyone try out
the hardwear he just showed. He hopes to get a discussion and maybe some
on-site-hacks going. See
http://www.informatik.uni-rostock.de/~mawol/hal2001/index.html

Paul Wouters
Paul Wouters runs a small ISP based on Free Software, and supports the
opinion that ISP's are not capable of fullfilling the role of judge, police
officer, lawyer nor religious leader, and aims to "just provide". As such,
he got involved in various tapping issues in the Netherlands.
Session: Transport of Intercepted IP Traffic
On the 3rd of April this year, an anonymous posting appeared on the net
which contained the tapping requirements and specifications for Dutch ISPs,
which will likely become a European standard as well. Wouters will explain
the legal requirements (FuncSpecs) and the technical details of the protocol
(TIIT) and will share his feelings regarding certain aspects of these
requirements.

Stefan 'SEC' Zehl
Stefan 'SEC' Zehl and friends organise a Hacker Jeopardy, similar to the
Jeopardy round with hacker Questions on the CCC Congress 2000. Jeopardy (if
you don't know it) is basically a simple question-answer game. We have 9
candidates three rounds with three candidates each, and one final round with
the three best. There are small prizes involved as an incentive ;-)
Candidates are recruited by advertising on a blackboard at the INFO stand.
We are three people, our Mother tongue is German, but we plan to hold it
entirely in english.

Phil Zimmermann
Phil Zimmermann, founding father of PGP, is involved as a consultant for
Hushmail 2.0, a secure and anonymous webmailsystem.

Zonkee Team
Zonkee Team consists of Menso Heus, Sandor Heman, Frank van de Velde and
Stephanie Wehner
Session: The Storyspace
Introduction to the story space concept. This is about a story telling
experiment. See http://www.zonkee.com/ for more info.




________________________________
Web-Site: http://www.oekonux.de/
Organisation: projekt oekonux.de


[English translation]
Thread: oxdeT03133 Message: 1/1 L0 [In index]
Message 03133 [Homepage] [Navigation]