follow me on Twitter

    Wednesday, March 18, 2009

    SOURCE Boston 2009, Part Three

    Later during the first day, two of my friends, Dan Kaminsky and Travis Goodspeed, were presenting at Source, but at the same time! Similar to the only two higher-education talks, either I had to make a tough choice or do a 50/50 split which is what I did—I started with Travis and finished with Dan.

    Belt buckle! When I think of Travis, this is what comes to mind including the word and the philosophy behind “neighborly” which is what Travis truly is. In addition to having established a reputation for the party mode on his belt buckle in the shape of Tennessee (the only neighborly state, he says) and having notable people holding the belt buckle (anywhere BUT as a belt buckle), he’s one of the most brilliant hardware hackers I’ve encountered. If there is a hardware device that can be sniffed or fuzzed, you know that Travis can do it. Want to talk about hacking the Clipper Chip encryption? Travis is probably already working on it.

    His presentation at Source was about how the private sector or governments can use wireless technologies for good applications. One interesting example is having smart land mines that will only turn on during the advance of an enemy and can turn off or be signaled to self destruct after their need is over thus eliminating the danger of live mines. I caught the beginning of his presentation and then ducked out half-way through to hear the end of Dan’s. What I missed was Travis discussing new exploits on the TI chip. I’m eagerly waiting for more info. about this on his blog.

    Dan Kaminsky is best described as a mix of brilliance and “let’s get this party started” when you see those horns thrown up. There are numerous articles describing his DNS vulnerability research and discussions about how he handled it using partial disclosure, but for someone who described how he “broke the Internet”, he is exemplary for giving vendors time to fix it and showing them how. When I describe to my computer science students the kind of hacker that’s actually doing something about making stuff more secure and not just trying to find the next big vulnerability to boost his credibility in the community, Dan is it. Humble, friendly and one of the best public speakers I’ve ever seen, he’s able to engage the audience about something as specific and technical as DNS for a full two + hours. His analogies are also legendary. Seriously, how many technical people do you know who can do all that? If he can describe DNS to his grandmother, he can tell you (the US government, SysAdmins, and your company’s recalcitrant IT guy) why it’s a big deal and you should patch today. No, really yesterday.

    The first day of sessions ended after Dan’s and Travis’ presentations, but the day didn’t end there and went long into the evening. I met a group of other conference attendees at the Atlantic Beer Garden for dinner. From there, we went to the Source party which included techno, strobe lights, and a smoke machine like any good hacker party should! I got to meet some of the other (five, I think!) women at the conference including Stacy Thayer, conference founder and organizer. Dan Guido’s potato made some rounds and got decorated with feathers, signatures, and carvings. When that party wound down, I joined Travis Goodspeed, Dan Kaminsky, Marty Roesch, Jennifer Steffens (from I/O Active) in a quest for a mythical party at MIT, but ended up closing the bar, appropriately, at The Miracle of Science in the MIT vicinity with Dan and Travis.

    (Photos, taken by Travis Goodspeed, is a screen shot of tcp dump output from the network on the OpenOtto Project Land Rover at Source. Right now, it's running on a laptop on the dash, but we're scrambling for cash to buy a touch screen dash mounted monitor.)

    No comments: