The saints at DEFCON know Scripture. This makes for an interesting give and take between Bible believers and advocates of 12 Step spirituality. LINK: http://defendingcontending.com/2009/11/07/exposing-the-12-step-cult/#comment-15698

A late thank you to the saints at this faithful discernment blog for their support in this battle. “Exposing the 12 Step Cult” placed the truth about the 12 Steps before many. LINK: http://defendingcontending.com/2009/11/07/exposing-the-12-step-cult/

Las Vegas, centre incarné de tous les plaisirs, rime habituellement avec casinos et mariages à la minute. Pour un hacker, la ville américaine est davantage synonyme de paradis du piratage informatique, et ce, le temps d’un festival, la Defcon. Tous les ans, au cœur de l’été, les hackers du monde entier se donnent rendez-vous pour partager leurs dernières trouvailles en matière de hacking. Conférences sur les dernières techniques de piratage sous Mac, affrontements entre hackers afin de déterminer le pirate le plus rapide dans le crochetage de systèmes de sécurité, concours de robotique sont autant d’activités proposées pour divertir le plus grand monde. Avec succès puisque la convention américaine attire aujourd’hui plus de 8.500 visiteurs.

Mais qui dit piratage, dit infraction à la loi. Aux Etats-Unis, le Computer Fraud and Abuse Act protège les Américains contre le hacking depuis 1986. La loi n’a pas empêché la création de la Defcon par Jeff Moss en 1993.

La convention ne se déroule pas sans heurt pour autant. En témoigne les derniers incidents survenus en 2008. Un groupe d’étudiants du Massachusetts Institute of Technology (MIT) dévoile durant une conférence comment ne plus payer les transports en commun à Boston grâce au piratage. Devant une telle divulgation d’informations, le réseau de transports de Boston réagit les jours suivants en poursuivant en justice les étudiants concernés. La Defcon est certes un paradis, mais pas sans contrôle.

 Cécilia Rowe

1. I started tweeting on Chris Pirillo’s birthday (@chrispirillo) to help him be a trending topic on Twitter, thanks to him I got my first followers. Thanks Chris.
2. I’m a PC (and Linux) period.
3. The one subject I always feared become my favorite: Physics.
4. My first computer was an Acer Windows 95, I learned to use it before my older brother and I was only in Kinder.
5. My favorite PC games of all time are: Buzzy the Knowledge Bug: The Jungle and Buzzy the Knowledge Bug: The Farm.
6. I secretly disliked math with a passion back in high school, now it’s what I do everyday =)
7. My Spring Break was spent in a lab writing code, the staff actually told me to go out and enjoy my break.
8. My secret favorite color is red.
9. I usually give my phone number in binary.
10. I strongly dislike Hotmail and love Gmail.
11. The blue whale of death scares me waaay more than the blue screen of death.
12. I seem to work better under pressure.
13. I gave my 8 year old nephew a lecture on Physics only to be called “brain washer” by my family because he says he wants to study Computer Science when he grows up. Not my fault science is fun.
14. I want to attend DEFCON sooo bad.
15. Back in the day I wanted to be an Astronomer and math scared me away, funny how things change.
16. I love science but I don’t really like Sci-Fi stuff.
17. My Taskbar HAS to be on the top. If its at the bottom I feel lost.
18. I have to change my desktop background every 3-4 days or I’ll go insane.
19. I’ve only crossed one thing off my Bucket List and that was: Solve a Rubik’s Cube.
20. I take my math notes in many colors, it makes math even more fun!
21. I would like to be stuck in an elevator.
22. I’ve had dreams where I’m writing code for my projects, AND the code actually worked.
23. I love jigsaw puzzles, I work on at least one in between quarters.
24. I learned my multiplication tables in one day, my dad said I wasn’t going to sleep until I knew all my 1-12’s. I’m very glad he did that.
25. My favorite number is five, 5^2 = 25 therefore this is why this is here.

Jay Electronica – Download – Defcon

Yep…..a lot of people think Jay is the next best thing for sure…He is dope, but I’ll let you guys be the judge of that.

Universal Artists, Int'l. Supports Our Troops

As the United States comes close to the end of yet another year mired down in what appears for all purposes to be a fruitless and senseless pursuit of security and freedom without solid basis or foundation in Iraq, it must ask itself, how much longer to wander aimlessly down this road without without clear end in sight? Swept into a dream state, a nightmare of neither sleep nor rest, it wanders pointlessly throughout a hostile land which hasn’t changed in culture or resentment since the close of the second world war and the dismantling of the days of naked colonialism.

In America’s blind pursuit of economic latitude, and longevity of the securement of reasonably priced crude, it has inadvertently fallen pray to a foe it had once believed itself worthy of side stepping the second time around, entrenchment and siege, such as it had experienced on the level of Vietnam. In spite of the U.S.S.R.’s history of similar suffering and beleaguer in their occupation of the troublesome and perilous nation of Afghanistan, the US continues its drive into the region, threatening to ignite the ire of a people legendary in defiance of any power which fails to recall its opposed mindset in search of its own sovereignty and freedom since the days of the Khyber Pass.

Throughout the sixties and early seventies, Generation X suffered the daily bombardment of images of the Vietnam War broadcast from pitch battle and directly piped into their living room’s television sets. The throngs of protestors, largely known today collectively as baby boomers, sought freedom from propaganda, secrecy, and war. They proceeded so loudly and defiantly, they unwittingly forced the proverbial powers behind the throne to take notice to the extent they would pay heed to such lessons and censor future generations of Americans.  Perhaps they’ve reverted to secrecy to stave the threat to national peace given the reality of polar extremes of political,  moral, and ethical thought, but their public reasoning seems veiled and questionable.

Again, as the year draws close to the end, we are left to ponder the question of an end to all of this. Do we truly believe this will draw to a close with any Congressional Act for withdrawal given the seeds we’ve planted throughout the region? Yes, for all purposes it will appear we’ve weathered the storm, but have we truly, and at what future cost? What does destiny hold for generations to come in a region notorious for religious, cultural, racial, and political conflict since the beginning of time.

Does the cradle of civilization reside within the borders of Iraq, or is it the bath of chaos, the source of churning conflict, and the slaughter mill of not only our youth but theirs?

In the sad, telling music video, “Johnny Get Your Gun,” written, directed, produced, and edited by Joe Stern-McGovern, and performed by A-Dub and Lil’ Chase, the story told is that of a youth of today swept abroad into the conflict in Iraq. The video shows the progression and doomed fate of Johnny as he transitions from fear, insecurity, despair, and then oddly boldness, only to find his end at the conclusion story’s end. Narrated by his grieving friend (Lil’ Chase), Johnny’s (A-Dub) sad letters home are read to his worried mother throughout the song’s chorus. It’s touching, heartfelt, and inevitable conclusion to a story thousands have come to realize in this tangible world.

Please join us now as Joe Stern-McGovern and Universal Artists, International, accompanied by Shaka Productions, present to you the beautiful and haunting music video, “Johnny Get Your Gun,”  a recurring theme which seems to trail America since the days of its inception. 

When will we, or anyone else, ever truly be free? How long will this violence continue? Where is end in sight? How many more of our brothers, sisters, mothers, fathers, and friends will continue to bear this senseless grief in a muddied and oft questioned conflict? Support our troops, but who in their right mind could support a concept so miserable as war, by definition a pall on the blighted soul of mankind? 

“Disconnected realities without proper analysis or sufficient information, blindly defended through violent means under questionable circumstances, and born on the backs and blood of our children in a distant land…Farewell Vietnam, hello Iraq, goodbye to our sons…and with a stroke of the brush, the world was painted red!”

Joe Stern-McGovern    

Support our troops, but think before you blindly support the cause. Ask yourselves, in a world with civilizations as advanced as ours, isn’t their any other means than war?

For more information, or to view the video, please visit us at www.myspace.com/universalartists or www.youtube.com/universalartistsintl.

Coming soon! The debut of the Black Flock Gang: BFG! For more information, please visit them at www.univeralartists.net under talent or at www.myspace.com/blackflockgang.

For more information regarding booking any of our acts, here or abroad, please write to universalartists@myspace.com or info@universalartists.net.

A-Dub & Lil' Chase

I’ve had the good fortune to work with talented folks in my (short) time in Washington, since moving back East in 2002, particularly in the Intelligence Community and Department of Defense.  And one such fellow at DoD has been Bob Lentz, the outgoing deputy assistant secretary of Defense for information and identity assurance – the Chief Information Assurance Officer and equivalent to a private-sector CISO.

I gave an interview this afternoon to Federal News Radio (AM 1500 in the DC area, worldwide at www.FederalNewsRadio.com), on Bob’s tenure, and what will come next for DoD in the wake of his departure. You can read the news story about the interview here, or listen to the entire 15-minute interview as an mp3:

Shepherd interview on Federal News Radio, 10/13/2009

Not everything has gone perfectly, or even well, for Pentagon infosec during his tenure; we have been fighting several wars, declared and undeclared, real and cyber, during the past few years. It’s an unbelievably daunting mission, to secure the nation’s ability to defend herself and our most critical systems amid unrelenting attack.

But Bob has worked closely with the private sector on information security technological advances – he and I joined several leading Silicon Valley startup CEOs, leading-firm CISOs, and venture-capital entrepreneurs in the Information Technology Security Entrepreneurs Forum, or ITSEF.  He’s worked closely with DHS and NSA, including in the establishment of the Pentagon’s Cyber Command. He has also taken a number of counter-intuitive approaches, ranging from getting involved with Black Hat and DEFCON, to establishing jointly with the IC the Unified Cross Domain Management Office, or UCDMO. If you have the right credentials, visit the UCDMO SharePoint Collaboration Site (requires Intelink-U Access), or see their open web site at http://www.ucdmo.gov/.

This week Bob himself published a great “farewell column” in Government Computer News, “5 Key Challenges to DoD’s Cybersecurity.” The article includes policy advice for his successor and the Defense Department as a whole – but it is thoughtful advice that should be read by any CISO.  I’ll include his bullet-point list from the article: he writes, “If I had to list five of the biggest challenges that remain, my list would include”:

• The need to continuously harden the network, in this era of Web 2.0, cloud services, and increased mobile workforce and growing global requirements.
• The whole area of Supply Chain Risk Management. As the threat changes, we need to adjust as well, which includes rolling out technologies that inspect and secure the supply chain.
• Raising awareness across DOD and greater national security community on cyber resilience, so that commanders are prepared to operate in a contested cyber domain when communications are degraded or, worse, untrusted. The increased complexity of our technologies, coupled with our even greater dependence on them for mission success, make this an imperative.
• The necessity of education, training and workforce manning for critical IT/IA skill sets.
• And, again, the need to move to multi-factor and attribute-based identity assurance access for people, devices, data and applications.

That third bullet could be read as a provocative statement (which in Washington terms means admitting the truth): Imperfection, in DoD!  Military commanders are going to have to put up with “untrusted” communications systems in “a contested cyber domain.”  That’s the harsh reality, and military commanders are on the front lines in facing it. Bob Lentz’s successor will find his boots challenging to fill.

Share this post on Twitter

Email this post to a friend

Dopo alcuni mesi (Moxie Marlinspike e Dan Kaminsky, Defcon e Blackhat) si riparla di una vulnerabilità alle implementazioni SSL (API crittografiche) che, di fatto, prestano il fianco ad un attacco di tipo man in the middle nonchè a tecniche di phishing.

Perchè se ne riparla dopo poco più di due mesi? E’ proprio di questi giorni la pubblicazione di un certificato (e chiave privata) attribuito a PayPal carpita proprio grazie alla vulnerabilità descritta da Moxie Marlinspike al BlackHat USA nel luglio di quest’anno (vedi video dell’intervento al defcon 17).

Frutto di tecniche di parsing datate e usate nelle librerie crittografiche dei client che implementano e usano lo strato SSL (per cui non solo browser web ma anche client di posta, instant messaging, client irc,VPN SSL, etc) e di tool appositi (sslsniff).

In particolare, questa vulnerabilità sfrutta la struttura del certificato X.509 del certificato e le informazioni in esso contenute usandole a proprio piacimento in quel procedimento di validazione a cascata della fiducia.

La catena di fiducia tra il sito interessato e la Certification Authority (CA) funziona come descritto sotto

Root CA -> Intermediate CA -> Intermediate CA -> .. -> Intermediate CA -> esempio.com

Cosa dovrebbe avvenire:

1. verifica che il nome del nodo foglia è lo stesso del sito a cui ci si sta collegando
2. verifica che il certificato è valido, non è scaduto, revocato, etc
3. Controllo della firma (signature)
4. Se tale firma della CA appartiene alla nostra lista di una Root CA trusted il processo di conclude positivamente altrimenti si ripetono nuovamente gli step dopo aver risalito la catena di un livello.

Questo è lo scenario incriminato:

Root CA -> Intermediate CA -> Intermediate CA -> .. ->Intermediate CA -> sitomalevolo.com -> esempio.com

Purtroppo, questo scenario, nelle condizioni di vulnerabilità indicate nel paper di Marlinspike al Blackhat di Las Vegas, sembra essere del tutto lecito: le firme sono validate, i certificati non sono scaduti/revocati, il procedimento indicato di verifica si conclude con una Root CA trusted “embedded” incorporata nel browser.

Questo significa però che abbiamo costruito un certificato VALIDO per esempio.com ma che in nessun modo rappresentiamo in quanto siamo legati a sitomalevolo.com

Affinchè questo funzioni, viene sfruttata la debolezza di una codifica del CN (Common Name) Subject del PKCS #10 in cui il campo (stringa) viene “chiuso” da un particolare valore null ().

Quando viene effettuato il controllo 1), in questo scenario vengono confrontate due stringhe di lunghezza potenzialmente diversa.

Tenendo conto che la stringa si conclude con il carattere , il parsing considera solamente i primi n caratteri fino al valore null ().

Quindi se in un certificato X509 è specificato di essere www.esempio.comsitomalevolo.com le verifiche vengono effettate sulla precedente stringa (fino al campo ) e l’indirizzo a cui vogliamo collegarci (www.esempio.com).
A questo punto si hanno tutti gli elementi per effettuare un MITM che generi il certificato apposito e si interponga trasparentemente tra le parti (molte CA rilasciano dei certificati se il richiedente è l’owner specificato DOPO il valore null).

Per quanto riguarda Mozilla, i security advisor riportano di avere chiuso la falla a partire dalla versione di firefox 3.5 e 3.0.13 (vedi variante attacco su 3.0.11 vulnerabile), Thunderbird dalla 2.0.0.23, SeaMonkey dalla 1.1.18 e NSS dalla 3.12.3

Al momento sembra che le crypto API di windows siano vulnerabili.

Ci sono ripercussioni e impatti anche nel campo delle applicazioni mobile.

PayPal ha nel frattempo sospeso l’account di Moxie Marlinspike.

Raccomandazioni: massima attenzione sulle transazioni in https e scrivere manualmente il link sul browser (possibilmente firefox, aggiornato) e mai fidarsi di link specialmente contenute in messaggi di posta elettronica.

_______
Taccuino

Today it was reported that security researcher Moxie Marlinspike was “banished from PayPal”.  According to The Register, he received an email which seemed to indicate he violated the acceptable use policy.  It further explained that he should remove PayPal logos from his site and submit and affidavit acknowledging that it has been done.

This action comes one day after someone posted a null-prefix certificate on the full-disclosure mailing list.  The concept of this hack was introduced by Moxie Marlinspike this summer in Las Vegas during Black Hat and then again at Defcon 17.  I happened to have attended his brief at Black Hat and remember the buzz that resulted from his presentation.  The effect of the disclosure seemingly lost some of the shock factor after Dan Kaminsky gave a presentation where he discussed this same vulnerability.  Mr.  Kaminsky commented that he had reached out to certificate authentication authorities.  So why does this problem still exist and more importantly why is a chilling action being taken against a security researcher, again?

This seemingly retaliatory action against a security researcher is not the first of its kind.  In 2008, three students at the Massachusetts Institute of Technology (MIT) were put under a gag order after it was discovered they were going to give a talk at DEFCON 16 that would reveal vulnerabilities in Boston’s transit fare payment system.

Electronic Frontier Foundation (EFF), who defended the MIT students, were able to get a positive result for the three students but the problem of chilling researchers still exists.  EFF’s Coder’s Rights Project was established to defend researchers during these types of situations.  While they do great work, it is not a long-term solution.  We need something more concrete that can scale and be available to all researchers.

I propose creation of a safe harbor system where security researchers can reveal their findings to an objective third party (possibly US-CERT) prior (maybe 30 days) to publishing them to the public and in exchange receive some benefits and legal protections.

Without such a protection mechanism, security researchers will continue to be threatened by potential chilling effects that come with revealing vulnerabilities to the public.  In an age when cyber security is making the nightly news and is widely considered one of our greatest national security problem sets, we have a system that provides an obstacle to security research.

I am looking forward to discussion of this proposal and moving forward with trying to establish protections for security researchers.

Today marks the beginning of HITBSecConf2009–the Hack in the Box Security Conference–being held in Malaysia.  The topics sound threatening (“Clobbering the Cloud,” “Attacking Interoperability,” “Bugs and Kisses: Spying on BlackBerry Users for Fun,” and “Defeating Software Protection with Metasm“) but the conference is geared toward education and enhancement of security: “The main aim of our conference is to enable the dissemination, discussion and sharing of deep knowledge network security information.”  And while a large part of the conference is devoted to attacking interconnected data, whether it is stored in “the Cloud,” or on seemingly more-secure local servers, there’s even a “lock picking village” that aims to show that even physical storage of data isn’t 100% secure.

It’s not like this is some sort of ultra-secret cabal (though some attendees are no doubt black hat);  the conference has a plethora of big-name sponsors, including IBM, Microsoft, Mozilla, and Google.  And the lessons learned from conferences like Hack in the Box and DefCon do have the tendency to create innovations which lead to greater security.  At the same time, however, it is rather like trying to plug a dam, because once one security hole is fixed, another is discovered.

The strange things that you find via a BING search …. maybe I should try BING more and GOOGLE less?  I have really enjoyed the latest postings on “Online Discernmentalist Mafia”.  I have to read it periodically as reading Online Discernment blogs tend to be so depressing that I need satire to cheer myself back up.  Another thing that cheers me up after getting depressed reading Online Discernment blogs is listening to Mark Driscoll or Tim Keller.  Not to say that listening to John Piper can cheer me back up too but John MacArthur is not always successful in cheering me up after getting depressed by reading too many Online Discernment blog articles.

What is really depressing is seeing personal opinion passed off as somehow being spiritual discernment; sort of makes me think that I am still a member of the American Restoration Movement.

What really tends to depress me is reading the Biblical Thought blog.  There should be a warning on that blog stating reading this blog for too long of a period may depress you to the point of joining the Lutheran church and declaring Calvinism to be a non-Christian cult.

I just discovered another awesome blog. It’s satirically titled The Online Discernmentalist Mafia. It didn’t take long before ODMAFIA made a regular reader out of me. Great stuff. Just remember, it is satire. It is good satire. In fact, the author(s) have a disclaimer in the sidebar in clear view.

Before you get all bent out of shape, please realize this is a satire site spoofing the so-called “discernment ministries” who deem themselves more worthy of Grace than the rest of us. So read and have fun! BTW, we are not against “good” discernment ministries that do actual real research and extend grace to others, only the bad ones.

Do check it out! Satire is good for the soul. I’m subscribing and I’m going to blogroll the site with a quickness.

And again it´s time for some music. After drinking my coffee, eating my Bifi and listening to the stream of the great Discodiamant, I found a video of one of the two DJ´s on the web. Defcon together with Sygaire. Nice made of seventies dancing, mixed with strange sci-fi and martial arts scenes.

We all know what’s happening in the West right now, but what’s going to happen in the next decade or so in regard to the sexual marketplace? More importantly, how can a man plan for the changes that are coming? Fear not, my readers, for I am here to bring you in from the freezing cold of ignorance and fear into the fire-lit cabin of knowledge. Here are my prognostications for the coming years, based on current trends.

1) Increasing prevalence of polyamory, with moves to legalize polygamy. Not only has the “mancession” thrown a LOT of guys out of work, but with women making up the majority of college undergrads and graduates, the number of men being shut out from the middle class is increasing at a rapid clip. With women genetically hardwired to seek men that are higher in status, the depopulation of dudes from the professional classes is shrinking the number of men they are capable of being attracted to. As a result, the number of men who cut the mustard status-wise will be able to form their own harems. The West’s hypergamous purgatory is already coming into existence – for instance, John Edwards (hat tip: Roissy) is openly keeping his mistress in his house:

John Edwards will move the mother of his love child into his North Carolina neighborhood so he can help raise their 18-month-old baby, the National Enquirer reported Wednesday.

The Enquirer also reported that Elizabeth Edwards, who is stricken with cancer, was furious when her husband told her of his parenting plans.

I fully expect the nattering nabobs of negativism feminism to make a push for legalized polygamy. They’re already clamoring for polyamory, as shown (hat tip: Mark Richardson) in this Feministing post:

I’m currently in a relationship with a man I love dearly, and I have been for nearly 3 years. It’s going well, he’s marvelous, we get on great. There’s just one thing – this is a polyamorous relationship. He also has another girlfriend, who he’s been with for a long time. That in itself isn’t a problem. I knew about her before I entered into the relationship and I’ve never had a problem with polyamory, it suits me fine, we take suitable precautions in our sex lives and we’re always open and honest with each other about everything. The problem is in explaining this to my parents. My mother noticed that my boyfriend was listed as in a relationship with the other lady on a social networking site, and has the notion that she must be his ex and he just hasn’t changed his status. She keeps asking me why he’s still listed as being with her, I keep changing the subject but I want to be honest with her. I’m not sure if she’s ever come across the concept of polyamory and I really don’t know what her reaction will be at all. I want to convey that this relationship is every bit as committed as a monogamous one and just as loving. How do you go about explaining this kind of thing with no knowledge of the response you’ll get? What if the response is negative? Please help.

Answer their questions with patience. I also caution that words like polyamory may not work for the first conversation. Keep it simple. “Mom, I know you keep asking me about the woman who says she is in a relationship with Jack. They are in a relationship. I’ve always known about it. Jack and I are serious and committed and we see other people. We are open and honest with each other and this works really well for both of us.”

If she denigrates the relationship, I would point out ways that he has been great in the past. When he has been at family functions, when he has helped your family, how happy you are together.

And then, and this may be the most difficult part, let it go. It will take time for your mother to understand and accept this (just ask the majority of queer folks who eventually have accepting parents). Keep answering their questions, but also set boundaries. If either of them are rude to your boyfriend or questions his love for you, you can call a stop to that. Your relationship and partner deserves respect.

This is the last and most important part – prove them wrong by actions. Show them that for all of their preconceived notions of what a “real” relationship is, you and your man are happy and love each other. It takes time, but this will be the greatest convincer of all.

From Mr. Richardson’s post:

It also hints at the real preferences of the more serious feminists. The sexuality of men and women operates at different levels. At one level, male sexuality is naturally promiscuous and female sexuality is hypergamous (meaning that women have an instinct to be with the most dominant male). If human nature only operated at this level then monogamy would be exceptionally rare.

I wonder if there are serious feminists who have rejected the traditional family as patriarchal (or as an impediment to female autonomy) and who therefore seek to “liberate” female sexuality – which really means liberating the female instinct to hypergamy.

The family form which corresponds best to hypergamy is, of course, polygamy – as this gives the most women access to the small number of socially dominant men.

When the first high court declares polygamy legal, we can officially pound that last nail into civilization’s coffin.

2) The collapse of marriage. As a general rule, people don’t get married unless they can afford to. For example, marriage rates and birthrates tumbled during the Great Depression but exploded after the economy recovered following World War II. Men, already being dissuaded from marriage due to the feminist legal system, will definitely not bite once they’ve been economically devastated. Expect the rate of marriage to take a HUGE drop. Divorce will also fall, as marriage will be confined almost exclusively to the genteel upper classes.

3) Sex-motivated rage killings will continue unabated, at the rate of one every other year at the least. Young women will continued to be killed by their sociopathic lovers at the same rate.

4) The death of nightlife. It’s a given, in both mainstream culture and PUA circles, that bars and nightclubs are the primary venues in which men meet women and (hopefully) make sweet reproductive music. The problem is two-fold. One, bar-hopping and clubbing are money-intensive activities. If you’ve unemployed or have otherwise seen your income collapse, the nightlife budget is the first to go. As Roosh wrote a year ago:

I predict that in the next two years meeting girls in the cities hardest hit by the economy will be even more difficult for the average guy. With less disposable income girls are going to stay home more instead of going out. Empty bars and clubs mean guys will be more reliant on meeting girls through friends, family, Myspace, and work. There will be less pump and dumps as guys will want to keep what they managed to get, as they themselves are strapped for cash and meeting girls does cost money. The only guys immune will be those in college, who will graduate to a barren landscape—in more ways than one.

Swap “guys” with “girls” and you have, in a peanutshell, what’s happening.

The other point pertains to clubs only – namely, seducing a club girl is nearly impossible if you aren’t an apex alpha or close to it. The atmosphere of nightclubs, depending on flash and looks, is something most guys can’t play to. You need to have a certain look, style, and attitude to pull consistently or even occasionally in clubs, and even if they have good game elsewhere, the club is a gigantic stumbling block that most dudes can’t overcome.

Combine this with the priciness of nightclubs and the recession, and you have a recipe for total market collapse. I predict that the number of nightclubs in cities will fall by half at the least, as the long lines of betas standing in line for an hour and plunking down their dollars for cover charges all so they can dance to shitty music, drink obscenely overpriced liquor, and hit on girls who do not wanted to be fucked by them vanish. Bars will also be hit, but not as severely, as they cost less and appeal to a wider market.

5) An explosion of interest in day game. The advantages of day game are so obvious it’s a surprise no one’s pounced on it. When you pick up girls during the daytime, you don’t have to deal with their bitch shields on at full blast, their cockblocking friends (as many girls are alone), gameless idiots hitting on them and giving them unwarranted boosts to their self-esteem, and the general jackassery of nightlife. Not only that, but approaching girls during the day is way cheaper then going to a bar or club. And yet, googling “day game” turns up no worthwhile information from seduction community websites – they are exclusively oriented around nightlife.

Going hand in hand with the coming collapse of the nightlife industry, I predict that guys interested in getting their knobs polished will focus their efforts on swooping girls while the sun is shining. The guru who writes a complete handbook on day game will be laughing all the way to the bank, laughing so hard he’ll shit himself, as his recalcitrant competitors recede into the darkness of irrelevance.

So knowing all of this, how can you, the humble reader, put yourself in a position of power? I have but one tip: LEARN GAME. If you are interested in having a sex life at all, you MUST have game. If you want to get married and possibly make babies, you MUST have game. If you want to do anything aside from have a five-fingered pants party, you MUST have game. Game is more important than getting a promotion at your job, your college education, or ANYTHING else in this regard. As the Fifth Horseman says here:

Moderate competence in Game is easily worth about the same SMV as having a net worth of $2 million. This is a rough estimate. Furthermore, no one can tax your Game, swindle you out of Game, or steal your Game in divorce court (as long as you don’t let this sap your confidence as a human being).

I define moderate competence in Game as the following 5 steps :

***1) Regular, consistent, and somewhat effortless ability to do approaches to women who are 8s or higher. This is the most important point of all, as without approaches, you will not create the opportunities to practice ANY other part of Game. This is also the filter that blocks most novices from ever progressing.

2) Ability to qualify the woman, as well as identify and pass her own tests easily. Be the first to end the phonecall, always be leaving, other time constraints, etc. The ability to use the occasional well-placed neg is valuable too.

3) Ability to run comfort and rapport for the requisite 6-8 hours. Have a lot of interesting stories, games, and other things to run on her.

***4) Ability to bridge from Day 1 to Day 2, and minimize flakes. This is important as flakes are frustrating, demoralizing, and discouraging. A lot of guys are very close to the brass ring, but this derails them in their quest for Game.

5) Ability to run competent seduction Game, after you get her alone. This is where Ross Jeffries NLP can be extremely useful (but not mandatory by any means).

1) and 4) cause the biggest frustration, paralysis, and ‘giving up’, hence the asterisks. But a man who becomes pretty good at these 5 points is ahead of 98% of all men, and is on par with a Beta who has $2 million in net worth (and is ahead of such a Beta if that Beta has no game and is suckered easily by feminine manipulation).

The copulation arms race is at DEFCON 2, my friends. Learn game or be wiped out in the ensuing nuclear fires.

Todo persona que le guste la seguridad informática conoce una de las más viejas convenciones de hackers de todo el mundo, la DEFCON, para todos aquellos que no pudimos asistir, ahora ya es posible descargar las presentaciones y charlas que se presentaron en su edición del año pasado.

Que DEFCON permitan descargar este tipo de información es my buena noticia para los amantes de la seguridad informática, puesto que además de las presentaciones podemos descargar también el código fuente que han utilizado. Sin duda, unos artículos que no pueden faltar en nuestras bibliotecas personales.

Según comentan dentro de poco estarán disponibles también los videos de las charlas, habrá que estar atento, pero mientras tanto para los que no conozcan DEFCON o quieran saber un poco más sobre está convención de hackers podéis ver este Documental sobre DEFCON.

Descargar las presentaciones y el código fuente desde su página DEFCON 17 Archive.

fuente: websecurity.es

Head on over to the DEFCON Press Page and check out the news from this year’s show! You can also find the press listed on the DEFCON 17 Archives Page!

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* New attacks against business bank accounts…. an earth-shaking recommendation from the banking industry.

* Hackers say they are gearing up for winter attacks – according to a survey of hackers at DefCon 2009.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 68 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 68 of the Data Security Podcast

*  Ira talks with Michael Hamel, Chief Security Architect, with Tufin Technologies, about the survey of hackers he crafted for DefCon 2009. We cover:  Hackers Take a Break This Summer Before Winter Hacking Spike, and importantly, counter-measures to get prepared.

* Tales From The Dark Web: New attacks against business bank accounts…. an earth-shaking recommendation from the banking industry.

* From the News:   WPA WiFi encryption can now be cracked in one minute, according to new research.  Terms in the story:

WPA:  Wi-Fi Protected Access

WPA -TKIP: WPA with Temporal Key Integrity Protocol for encryption

WPA-AES:  WPA with Advanced Encryption Standard for encryption

WPA2:  Second Generation WPA encryption

WEP:  Wired Equivalent Privacy

Take-Away: WPA-TKIP and WEP is bad, um-kay? WPA-AES and WPA2 is good, um-kay?

* From the News:  Federal Web Site Collects Data on Stimulus. We report: Whose minding the security of the data?

* From the News:  Stealth-Laptop Bag

Stealth Laptop Case

Wrap Up Story:    Is Federal InfoSec License Key To ‘Net Control?

To rzh,

Apologies for using what you say is your photo. There was nothing on the photo to show that it was copyrighted, but we have removed it to alleviate any concerns you have. Thanks for bringing this to our attention.

The Desert Pastor

I wait for CRN to follow Defcon and remove my copyrighted photo from their website.

Photo stolen by CRN from my Flickr website.

Music emotionally engineers me to feel whatever it wants every time I listen to it. I really have no control over it, regardless of how intensely I’m into a project or consciously trying to ignore it. I suspect it comes from being an auditory learner – there’s really no way to shut off your ears without earplugs! Anyway, I have a bunch of geek music I’ve collected over the years and I think it’s time I share it with the world

So everything I could find on the Amazon MP3 Store, I’ve linked to here in the playlist because the truth is: geeks are a very small clique that simply doesn’t generate as much income for the artists as your normal, run-of-the-mill boring pop culture radio blether. So please, support the artists – they really need your help!

Geekster Rap

Much of the great geek music collection here owes much to the underground Nerdcore subculture. But I’ve classified the music even further by distinguishing the vulgar, testosterone-infused vulgar Geekster Rap (which is almost a direct parody of classic Gangster Rap) from the rest of the Nerdcore scene.

Monzy

Monzy: So Much Drama in the PhD [NSFW]

This was a Stanford grad student’s masterpiece – it’s *FILLED* with algorithms and terminology we’re all so familiar with from CS core classes. NSFW! Download mp3 (Free)

My flow is so intense that I will overflow your buffer,
Corrupt your stack pointer makin’ all your data suffer.
I’ve got saturated edges but your flow is sparser,
Real gangstas sip on Yacc; instead you generate a parser.
While you’re busy poppin’ stacks I’ll pop a cap in your skull,
While you smoke your crack pipe I’m gonna pipe you to /dev/null.
I may not have a label but I rap like a star;
I’m an unsigned long int and you’re an 8-bit char.

Your mom circulates like a public key,
Servicing more requests than HTTP.
She keeps all her ports open like Windows ME,
Oh, there’s so much drama in the PhD.

I run gmake and gcc,
And I ain’t never called malloc without calling free.
I’ll beat your ass until it’s colored like a red-black tree
‘Cause there’s so much drama in the PhD.

(Ode to the DEFCON) Badgez

DEFCON 15’s Badgehacking Team Winner, Team Osogato, went all out on their badgehacking submission: they got a friend-of-a-friend (The Brothers Grimm) who was a Nerdcore rapper to create a rap from the poem Joe Grand wrote in the DEFCON schedule booklet that year. It sounds really great too! Download mp3 (Free)

Secrets From the Future Album

Secrets From the Future

MC Frontalot is probably my all-time favorite Nerdcore Rapper. He’s got an exquisite sound and an intuitive sense of (geek) culture in his music. His track, “Secrets from the Future” has a god-like quality to it: I think it was even composed at DEFCON? Man I would have killed to see him at DEFCON. Anyway, lyrics are here. And also, Download the mp3 (Free) from his website. Or, do the right thing and buy the entire album!

Anti-MPAA Sticker of My Youth

Fuck the MPAA [NSFW]

Oh yeah, back when I was in 6th grade the cool thing to do was post those bright yellow “STOP THE MPAA” bumper stickers all over town. Several of the payphones at school had those bumperstickers plastered all over them (I can neither confirm nor deny placing them there). The Futuristic Sex Robotz took it to a whole new level of cool with this song. Oh and pretty much anything by FSR is obscenely vulgar (but awesomely geeky), so obviously nowhere near safe for work: Download mp3 (Free)

Partytron (Electronic)

The Geeks Were Right & The Conductor

The Faint has quickly become one of my favorite artists of all time. They’ve got this grungy, industrial sound plus kickin’ bass beats: I dub this new genre… Partytron! “The Conductor” is about the conductor of an orchestra, stepping up to the stage and taking control of the music. “The Geeks Were Right” is all about the Sci-fi Prediction that we’ll all become robots someday actually comes true. The Faint gets a HUGE less-than-three from me

The Geeks Were Right

The Conductor (Thin White Duke Remix)

8-bit Remixes

So, this is probably the most represented genre of the geek music I listen to. Everyone and their mother has probably heard a video game theme remix somewhere along the lines. So I’ve decided to focus on only the *good* ones, lol.

RAC's Nintendo vs. Sega EP

RAC’S Nintendo vs. Sega EP

I can’t pick my favorite from this album: EVERYTHING is great. RAC is pretty much the crowned king of video game remixes in my world. Sonic and Mario getting together on the weekends for an 8-bit Party? Oh YEAH! The Remix Artist Collective Agency (RAC) is a group of artists that remix all kinds of popular music: I pretty much read (RAC Remix) next to any song as (Eff-YEAH Remix). Download zip of entire album (Free)

Anything by EEPROM

EEPROM is pretty much the God of Leah’s Musical World. Everything he touches turns to gold – I honestly haven’t found any song that he’s created that my mind hasn’t been blown countless times over.

EEPROM Remix of Weezer’s Say It Ain’t So: mp3 Download (Free)

The Beatles’s Lonely People (EEPROM Rigby Remix): mp3 Download (80¢)

EEPROM Remix of the Safety Dance: mp3 Download (80¢)

EEPROM Remix of Human Robotics: mp3 Download (80¢)

EEPROM Remix of OneRepublic’s Apologize: mp3 Download (80¢)

EEPROM Remix Rick Astley’s Never Gonna Give You Up (Rick Roll): mp3 Download (80¢)

]]> http://c22blog.wordpress.com/2009/08/12/defcon-is-it-over-already/ Wed, 12 Aug 2009 11:50:11 +0000 ChrisJohnRiley http://c22blog.wordpress.com/2009/08/12/defcon-is-it-over-already/

Well Defcon has come and gone. For those following my blog (sorry about that), you might have noticed a lack of posts covering what I saw at Defcon. This was for several reasons. They’re  good reasons honest, and none of them are that I was too scared to get on the Defcon network or that I was too hungover (although I won’t deny I attended a party or 6).

Defcon was, for me, a chance to finally meet a group of people who I’ve been conversing with online for some time now. I set myself a goal before I left, to meet people and actually communicate with people (not really my primary skillset). Although I did get to attend some talks, I didn’t feel that blogging about the 2/3 a day I actually saw, was going to be interesting to my readers (yes, both of you).

Although you’ve probably already got your fill of Defcon recaps by now, Id like to recommend Frank Breedijk’s blog over at cupfighter.net as he has various writeups on presentations that we attended together or individually. Frank and I were also lucky enough to talk to F1nux from HPR (Hacker Public Radio) about the event. If you want to listen, you can grab a copy at the Hacker Public Radio website.

I’d like to thank the various people I met at Defcon. Especially Frank (@autonessus), Martin (@mckeay), Chris Nickerson (@indi303), Carlos (@carlos_perez), Tom (@agent0×0), Mick (@bettersafetynet), John Strand (@strandjs) and the rest of the #pauldotcom crew.I met so mmany people I couldn’t start to list them all. So i’ll just say thanks to everyone, and don’t be strangers

Hope to see you all at another event soon

In 2006, Defcon 14 premiered a unique electronic badge. All it did was blink, but it raised the bar for what was expected from a hacker conference badge. In 2007, they went from 2 LEDs to 95 in a scrolling marquee. Along with a POV mode, the badge had two capacitive switches to let the user edit the displayed text. Defcon 16’s badge featured an IR transmitter and receiver for transferring files from an SD card. It worked as a TV-B-Gone and had pads to access a USB bootloader. That was the same year that The Last Hope debuted their RFID tracking badges.

This year the official Defcon badge reacted to sound, but they were no longer the only game in town. Ninja Networks brought their 10 character party badges with a built in debugger. The Arduino compatible HackTheBadge 1.0 also made an appearance. With these new entrants into the field, we wondered what you’d want to see in your ideal badge. What badge would you want to see at next year’s Defcon? Leave you comments below and keep in mind that it should be an idea that is easy to cheaply mass produce.

UPDATED: Forgot to mention the Neighborcon 2 badge based on the GoodFET20.

[Photo: Ninja Networks]

After staying with some of my local Vegas friends during BlackHat, I went over and checked into the Riviera for DEFCON 17 on Thursday afternoon.  After dropping my bags in my room and getting my temporary paper badge because they were already out of the electronic badges, I ran back up to my room for a bit and then headed over to the Microsoft party which I already wrote about in my BlackHat USA 2009 post.  After an extremely long night I crashed in the early morning and slept through most of the first day of DEFCON talks.  I did however catch Richard Thieme’s talk about UFOlogy, which was one of the talks I really wanted to see.

Shortly after Richard’s talk and some discussion with friends about what to do for dinner, I started not feeling well so I went back up to my room.  After an hour or two I knew I really was sick because I started getting the fever sweats, cold chills, and headache, so I ordered some room service since I probably needed to eat, called it a night and went to sleep.  I stayed in bed pretty much all day Saturday and only came downstairs once in the afternoon during the conference to speak during the Metasploit track, and then went right back upstairs to my room.  By then I had a horrible cough and chest congestion, but was feeling much better regardless, so I decided to take a walk for a couple hours and let the dry desert air into my lungs for a bit.

I hadn’t yet walked the length of the Strip this visit, and also hadn’t eaten a FatBurger, both of which are personal Vegas traditions.  Since I was running out of days in Vegas during which to accomplish these, I decided to walk from the Riviera up on the North end of the Strip all the way down to FatBurger which is near the South end of the strip, get a burger, and then walk back, which took around 2.5 hours and immensely helped my lungs and cough.

By the time I got back to the Riviera, I was feeling well enough to attend some parties, so I went up to the Penthouse for a while to check out the IOActive Freak Show party for a bit.  It was similar to last year’s party, but had some new attractions so that wasn’t too bad.  I tried to dance for a bit but my chest cold was severely holding me back since I could only dance for a few minutes before not being able to breathe.  I left that party shortly after Keith went on since I couldn’t really dance and he started off with tracks that were a little too glitchy for my taste anyhow.  Unfortunately I missed the fire dancer at the IOActive party who had a fire hoop like my friend Angi’s, but living in Austin surrounded by burners I think I’m a bit spoiled regarding fire spinning/dancing/performance anyhow.  After leaving the Penthouse I took the Ninja Shuttle over to the Ninja Party and hung out there for a few hours talking to friends and waiting in line at the bar until I decided not to push my recent health luck and went back to my room at the Riviera and went to sleep.

On Sunday I slept a little late still trying to fully recover until I needed to check out of my room.  Unfortunately this meant that I missed Richard Thieme’s other talk on BioHacking, but I did manage to catch a few more of the talks before I had to head to the airport to catch my plane back to Austin.  You can read my thoughts on the talks that I saw below:

Hacking UFOlogy 102: The Implications of UFOs for Life, the Universe, and Everything – Richard Thieme

Richard is an exceptional speaker, and I personally love UFO and extraterrestrial lore and pop culture.  It’s fun to try and sift through all the conspiracy theory, misinformation, pop-culture, and cover up to try and see if there’s any truth there, and that’s what Richard’s talk was essentially about.  It was also a follow-up to the talk he gave the previous year, Hacking UFOlogy 101.  It’s always a pleasure to hear Richard speak because he’s very engaging and has very well organized content, even if he does never seem to be able to cover it all.

MSF Telephony – I)ruid

Since the Metasploit track was available at both BlackHat and DEFCON, I had the opportunity to give my talk a second time.  I presented a turbo-talk about the new telephony library that I’ve added to Metasploit.  I discussed exploiting systems with Metasploit over dial-up and the new Metasploit Wardialer, both of which use the new telephony library.  It didn’t go quite as well as it did at BlackHat, however I was rushing to try and get it down to about 10 minutes due to some scheduling conflicts and confusion and the Metasploit track having more content for DEFCON than it did at BlackHat.  I managed to hit the 10 minute mark, and my voice held out even though my throat was dry, scratchy, and I wanted to cough the entire time.

eXercise in Messaging and Presence Pwnage – Ava Latrope

I had briefly looked at Extensible Messaging and Presence Protocol (XMPP) back when I was doing a lot of research in the VoIP security space, and remembered it looking like a huge pile of attack opportunity.  XMPP is basically an interoperability standard borne of Jabber which provides a protocol for managing Instant Messaging sessions and communication, presence applications, and is beginning to merge a bit with some of the VoIP and “Unified Communications” systems.  After seeing this talk, I’m glad to know that I was pretty much correct.  Ava’s talk was short but did a good job explaining what XMPP is, what it’s generally used for, some of it’s attack surface, and then detailed some DoS and amplification attacks that are possible due to the way the protocol is designed.

Unmasking You – Joshua “Jabra” Abraham and Robert “RSnake”

I only caught the last half of this talk, but basically the Google “Safe Browsing” functionality phones home.  A LOT.  Like, way more often than is probably necessary.  How often do they update their site and URL filters anyway?  Anyhow, if you’re an 31337 h4×0r and you like to hide the source of your traffic when you h4x, but then use the Internet normally when you’re not, the uniquely identifying information that the Google “Safe Browsing” functionality sends to Google when updating it’s filters every 0.23435151 seconds or so will easily track you across your covert and overt sessions, through Tor, across proxies, you name it.

AAPL- Automated Analog Telephone Logging – Da Beave and JFalcon

I had met Da Beave  and JFalcon via the Telephreak BBS a year or so ago and had yet to meet either of them in person, so I went and checked out their talk.  They covered the newest iteration of iWar, spoke a bit about HD’s WarVOX, and showed some interesting systems they’ve found over dialup.  Basically it was VoIP-ish wardialing in about 20 minutes, since it was a turbo talk.