tag:blogger.com,1999:blog-14219487742043786242024-03-05T02:30:30.907-05:00Tiffany RadTiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.comBlogger50125tag:blogger.com,1999:blog-1421948774204378624.post-80974877470212854362010-03-06T18:18:00.004-05:002010-03-08T13:19:31.151-05:00Indy Hall, Coworking Space in Philadelphia, PA<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTP8WYcHX2flhyVsLEYe2FNFF1-JVUe-fWT3aK6va45Gb-X7yA03ZwxsIsZG7cH2KIlWeepCIH8bkCGGpPAuWlombF9O8zWEA1_aIaLS4-3cfNtj1CX1rud9wI1CektsCrq4yvuhP5INoh/s1600-h/Indy+Hall+Co+working+space_Philly_March_2010.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTP8WYcHX2flhyVsLEYe2FNFF1-JVUe-fWT3aK6va45Gb-X7yA03ZwxsIsZG7cH2KIlWeepCIH8bkCGGpPAuWlombF9O8zWEA1_aIaLS4-3cfNtj1CX1rud9wI1CektsCrq4yvuhP5INoh/s200/Indy+Hall+Co+working+space_Philly_March_2010.jpg" alt="" id="BLOGGER_PHOTO_ID_5445665931669514866" border="0" /></a>
<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlhLXhp0rbQAM1cWiebcsy__iuXBhGOitbThrQ8IGZtqfdxDUQvq5YZNzWhyphenhyphendBVHHXNTJBRPFXTtk6IPcVUEt_S1NpSpkiM40ZSDPPiEOkvoGZ0qiXQzcmGK3nU-I_nMnPAtm7C10tmgRs/s1600-h/Indy+Hall+entry_March+2010.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 148px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlhLXhp0rbQAM1cWiebcsy__iuXBhGOitbThrQ8IGZtqfdxDUQvq5YZNzWhyphenhyphendBVHHXNTJBRPFXTtk6IPcVUEt_S1NpSpkiM40ZSDPPiEOkvoGZ0qiXQzcmGK3nU-I_nMnPAtm7C10tmgRs/s200/Indy+Hall+entry_March+2010.jpg" alt="" id="BLOGGER_PHOTO_ID_5445665924321544050" border="0" /></a><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">Just one block from <st1:placename st="on">Christ</st1:placename> <st1:placetype st="on">Church</st1:placetype> and situated in the upscale neighborhood of <st1:placename st="on">Old</st1:placename> <st1:placetype st="on">City</st1:placetype>, <st1:city st="on"><st1:place st="on">Philadelphia</st1:place></st1:city>, amidst outdoor cafes and coffee shops, I squeeze my large New Englander we-get-more-snow-than-you (except for D.C. this winter) SUV into a parallel parking space between a Bentley and a beater 1970s hulking Chevy. Philly is interesting in that way; from block-to-block, neighborhoods change fast. Just this morning, Far McKon, Maggie and I engaged a stranger in a conversation of whether the Satellite Coffee Shop is in West Philly or South West Philly—the locals decided upon the latter by 50 ft.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I’m dropping in on the <a href="http://www.indyhall.org/">Indy Hall</a> crowd this afternoon right after departing the <a href="http://www.hive76.org/">Hive 76</a> hacker space. On the second floor of a loft space, I exit the elevator to a large sign painted on the wall, “Independents Hall”. However, this is not the Independence Hall where our Nation was planned just a few blocks away, but this one is where startup companies are being planned, developed, and grown into companies.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">On a Saturday afternoon, Indy Hall’s conference room hosts a cluster of about eight men sitting at desks arranged in a coworking circle. Their mission: to get Google to bring Google Fiber to Philly. Fast at work talking and typing on their computers, Alex @alexknowshtml, co-founder of Indy Hall, took time out to give me a tour.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Indy Hall’s furniture consists of modern IKEA individual desks, but all desks are arranged in clusters where developers can work side-by-side with their coworkers and with other entrepreneurs who choose a group working environment over renting an office in solitude. When asked about the arrangement of the desk and the permanence of a few of the work stations, Alex said, “Every 4-6 months, we move everything around just to keep things new. Sitting in the same place breeds complacency; when you’re running a start-up company, mixing it up keeps ideas new".</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The idea of a modular set of individual desks was clever. Just when you get used to the same coder or social media mogul sitting next to you every day, you may have a biologist or a hardware architect next to you tomorrow. According to the philosophy of Indy Hall, taking down walled barriers and moving around spreads ideas, intrigue and innovation.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I asked questions about usual organizational management: about $275-400/month for full-timers, less for part-timers, and there is a $25/day drop-in membership for out-of-towners or people who just want to drift through when they feel like it. Between the murals on the walls, the hang-out area with couches, glass tanks containing a rat and a turtle (respectively), video game consoles, and large pillows to sit on the floor, this was a fantastic co-working space in which the organizers have given obvious attention to the flow of ideas and co-working camaraderie in a dynamic business environment in which old ideas of managing companies and intellectual property are becoming stagnant. This coworking space keeps it fresh. </p>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]-->
<br />Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-47362396376092510142010-03-06T14:21:00.007-05:002010-03-06T14:42:52.183-05:00Visit to Philadelphia to see Hive 76, one of Philly's hacker spaces<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJ8Ebu2jxoKTThMz_sWNX-qN6L-PkEXdnZ-RkmcEnzJKUum9kuofqvyskgtkgG77OGOgrnSrZ2PZJvq9iC2AoFgps_76ixD_ZPLRVE-fwGu8e3xhz6oaWKXl-vAHYGdA4iRHSzwMuA9rWm/s1600-h/Hive76+Philly+Trip_March_2010.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 152px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJ8Ebu2jxoKTThMz_sWNX-qN6L-PkEXdnZ-RkmcEnzJKUum9kuofqvyskgtkgG77OGOgrnSrZ2PZJvq9iC2AoFgps_76ixD_ZPLRVE-fwGu8e3xhz6oaWKXl-vAHYGdA4iRHSzwMuA9rWm/s200/Hive76+Philly+Trip_March_2010.jpg" alt="" id="BLOGGER_PHOTO_ID_5445604286635693970" border="0" /></a><span style="font-size:100%;">
<br /></span><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:"\0022"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:"\0022"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:0 0 0 0 0 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">I might have one of the most awesome part-time jobs: I am setting up a 5,500 sq ft hacker space in <st1:place st="on"><st1:place st="on">Northern Virginia</st1:place></st1:place>. I traveled to <st1:place st="on"><st1:city st="on"><st1:city st="on"><st1:place st="on">Philadelphia</st1:place></st1:city></st1:city></st1:place> this weekend to talk with Far McKon, one of the founders of Hive 76. About a year ago, I met Far in the D.C. area and we talked about the idea hacker space. Of course, ideals are challenging to obtain, but some hacker spaces have come closer than others. Hive 76, profitable after only 8 months since it was started, is one of those.
<br /></p><p class="MsoNormal">
<br /><o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p>I met Far and Maggie, from the Prometheus Radio Project, for lunch at the Reading Terminal Market. After living in the <st1:city st="on"><st1:city st="on">Seattle</st1:city></st1:city> area for a year and enjoying Pike Place Market, I have pretty high standards when it comes to indoor public markets, but I thoroughly enjoyed the <st1:city st="on"><st1:place st="on"><st1:city st="on"><st1:place st="on">Reading</st1:place></st1:city></st1:place></st1:city> market. If I lived in the Philly area, I would do most of my food shopping here. I was also interested to see that most of the shop vendors were Mennonites and Amish.</p><p class="MsoNormal">
<br /><o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p>At lunch while I enjoyed crepes with Nutella and fruit (I have fond memories of Nutella from my days living in Oxford, England), we discussed ideas such as an international hacker space conference, an organization for helping new hacker spaces get started, and challenges with management, legal, and lobbying efforts with hackers spaces and those faced by The Prometheus Radio Project.
<br /></p><p class="MsoNormal">
<br /><o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p>After lunch, Far and I went to <a href="http://www.hive76.org/">Hive 76</a>. It is situated in a large warehouse/loft space in Philly’s warehouse district, not far from <st1:place st="on"><st1:placetype st="on"><st1:place st="on"><st1:placetype st="on">Center</st1:placetype></st1:place> <st1:placetype st="on"><st1:placetype st="on">City</st1:placetype></st1:placetype></st1:placetype></st1:place>. Upon entering the building, I was delighted to find that access to the 5<sup>th</sup> floor loft is via an old elevator that looks like it is straight out of the movie <a href="http://www.imdb.com/title/tt0083658/">Blade Runner</a>; for a moment, I envisioned Sebastian’s bio-engineering workshop apartment with his invented creatures--his hacker space. Entering the caged elevator room through two steel lattice doors and watching the old counter weights go by as we ascended, I was impressed with the engineering prowess of the well-oiled machines of the last century. <o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p>The space’s access is on the 5<sup>th</sup> floor in a building occupied by artists. Upon entering the loft, the sparsely furnished entryway is accented with little more than a threadbare couch and a large steel frame cubical sculpture. Hive 76 is down the hall, and in contrast to the neighboring artists’ spaces with kilns and easels, this hacker space is comfortably full with tech equipment: laser cutter, <a href="http://store.makerbot.com/cupcake-cnc.html">cupcake CNC</a>, server racks, a workspace area for computers, and tables for projects. Christmas lights strung from the high ceiling reminded me of the hacker’s workshop in the movie <a href="http://www.imdb.com/title/tt0105435/">Sneakers</a>. As I sit here writing this blog posting, I have a great view of <st1:placetype st="on"><st1:placetype st="on">Center</st1:placetype></st1:placetype> <st1:placetype st="on"><st1:placetype st="on">City</st1:placetype></st1:placetype>, <st1:place st="on"><st1:city st="on"><st1:city st="on"><st1:place st="on">Philadelphia</st1:place></st1:city></st1:city></st1:place>.
<br /></p><p class="MsoNormal">
<br /><o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p>Far and I discussed some models for hacker space physical and business organizations: this is why I came. With my huge hacker space (perhaps the biggest in the <st1:country-region st="on"><st1:place st="on">U.S.</st1:place></st1:country-region>) being planned for a grand opening later spring/early summer of this year, I have a lot of work to do to learn from other hacker space organizers to share what works and what doesn’t. I’ve visited a handful of other spaces, and collectively, I have graciously been afforded the opportunity to talk one-on-one with the founders about their successes and failures. I hope to replicate the former, not the latter.
<br /></p><p class="MsoNormal">
<br /><o:p></o:p></p> <p class="MsoNormal"><u1:p></u1:p><span style=";font-family:";" >Some of the discourse we’ve shared: the hacker space size, equipment and memberships should be commensurate to community in which it is located to facilitate success; membership, ideally, should pay for most if not all of the space overhead costs; a national hacker space organization (with Founder conferences and a data base of shared technical, management, and legal resources) would be very helpful in helping manage existing hacker spaces and facilitate start-ups of new spaces; a hacker space in which co-working/hacker start-up companies can rent full-time locking office space that is physically connected to the hacker space. (Image is of an old typewriter being turned into a keyboard for a computer)
<br /></span></p><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]-->Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-43326496768210774822009-09-18T23:42:00.006-04:002009-09-19T00:08:17.512-04:00@h3inous, Leah KubikIf you were on <a href="http://www.hackersonaplane.info/">Hackers on a Plane</a> and attended <a href="https://wiki.har2009.org/page/Main_Page">Hacking at Random</a> in The Netherlands, you knew Leah Kubik, <a href="http://twitter.com/h3inous">@h3inous</a>. She had a <a href="http://media.www.thestrand.ca/media/storage/paper404/news/2009/09/17/News/Death.At.1.Spadina.Crescent-3776663.shtml">tragic accident</a> at the University of Toronto and will be missed in the hacker community.<br /><br />Her <a href="http://www.palmerfuneralhomes.com/viewobit.cfm?ID=1229">funeral </a>is Saturday, September 19, 2009 at Palmer Funeral Home-River Park in South Bend, IN. <a href="http://www.ftd.com/sympathy-funeral-ppr/flowers-for-service/the-ftd-flowing-garden-basket/occasion-sympathy/occasion-sympathy-forservice-flowers/s10-3180/">Flowers</a> for the service have been sent from the <a href="https://wiki.har2009.org/page/Village:HoaP:Shirt">Hackers on a Plane participants</a>. The card with the flowers says:<br /><br />FROM HOAP:MITCH,MATT,BERNIE,M,STERNN,ZIMMER,BERT,SHARDY,PHOSGENE,DAVID H.,DANIELLE,SIDNEY,VYRUS,NICKY,ERIC,MIKE,DUCK,STEVE,KRIS,DAN,JAMES,TRAVIS,FRIENDS,JOHL, DAVID B.,TIFFANY,OKKIE,CHRIS.J.,GUCKES,NIKITA,NICK.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com1tag:blogger.com,1999:blog-1421948774204378624.post-39416504025992598232009-07-13T22:45:00.007-04:002009-07-13T22:54:08.884-04:00OpenOtto Project at DEFCON 17 and Black Hat USA 2009<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnDZeamD68N5Xwxbem1mkopGAJ9FwGcLsSUl_05Hh7Hb-mIKEIJdt1virvJkP6InI5nqqIf94MkqzRp99nJbiLhHuxvNouOByjn06_EBjCH8fCtInXLo6WIjUF4BKv0uh2j00cO-bOao-R/s1600-h/Intridea_HackOn_2009_OpenOtto_Darius2.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 133px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnDZeamD68N5Xwxbem1mkopGAJ9FwGcLsSUl_05Hh7Hb-mIKEIJdt1virvJkP6InI5nqqIf94MkqzRp99nJbiLhHuxvNouOByjn06_EBjCH8fCtInXLo6WIjUF4BKv0uh2j00cO-bOao-R/s200/Intridea_HackOn_2009_OpenOtto_Darius2.jpg" alt="" id="BLOGGER_PHOTO_ID_5358142272172476226" border="0" /></a>
<br />
<br />
<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZbZhTAwx6uvrzXT3q2X98tO0pf4eczqbm55ew0QKFU_I8Vum6ww0llU409w7iBU8_KCnsNOsmYuMMrIrZTlKLQlF2hsn0f-3HkQ8dix5kODlzcDvCUVK3KYBmVDqmZ37OnLWJ9hnHS_KK/s1600-h/Intridea_HackOn_2009_OpenOtto_TiffanyDarius.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 133px; height: 200px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZbZhTAwx6uvrzXT3q2X98tO0pf4eczqbm55ew0QKFU_I8Vum6ww0llU409w7iBU8_KCnsNOsmYuMMrIrZTlKLQlF2hsn0f-3HkQ8dix5kODlzcDvCUVK3KYBmVDqmZ37OnLWJ9hnHS_KK/s200/Intridea_HackOn_2009_OpenOtto_TiffanyDarius.jpg" alt="" id="BLOGGER_PHOTO_ID_5358141977893741634" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">The OpenOtto Project is doing more presentations. We had/have a lot of conference presentations this summer. The photos (photos by Brian Turnbull) are from <a href="http://www.intridea.com/">Intridea’s</a> <a href="http://www.intridea.com/hackon">HackOn</a> (un)conference that was held June 18-20<sup>th</sup> in <st1:place st="on"><st1:city st="on">Portland</st1:city>, <st1:state st="on">Maine</st1:state></st1:place>. After co-working with Intridea on Friday, Nothingface and I did a presentation about the current state of the OpenOtto Project on Saturday.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">We also just secured presentations at Black Hat USA 2009 and DEFCON 17 in <st1:city st="on"><st1:place st="on">Las Vegas</st1:place></st1:city>. Our Black Hat talk will be with me and Travis Goodspeed. Travis is working on the layout so we can progress toward releasing the schematics, source code and producing the first demo. We're doing a presentation at Black Hat in the <a href="http://www.blackhat.com/html/bh-usa-09/bh-usa-09-breakout.html">open source project break-out session</a> on Wednesday, July 29, 10:00 AM, Genoa room, 3<sup>rd</sup> floor at Caesar’s Palace.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The DEFCON talk will be on Saturday, August 1, with <a href="https://forum.defcon.org/forumdisplay.php?f=433">Skytalks</a>, skybox 303 at 10 AM, The Riviera.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Please come see us and talk with us about hacking your car! We’re looking for funding and developers. </p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-64486224103477780812009-05-01T16:13:00.003-04:002009-05-01T16:18:24.928-04:002600/HackME Meeting TonightAfter a few months of first fridays attendance at info sec and hacker conferences, I am going to be at this meeting tonight, 6 PM in the food court at the Maine Mall. The hacked car will be in mall's parking lot, but I don't know if Nothingface remembered to bring the hardware to do a demo. If you're in Portland, please join us for a recap about the Notacon hacker conference that was in Cleveland, Ohio a few weeks ago.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com3tag:blogger.com,1999:blog-1421948774204378624.post-33533700857739449782009-03-27T22:42:00.007-04:002009-03-27T23:49:17.046-04:00What should the OpenOtto demo car NOT be<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4NFw6A1M7YLcgMx1aKvMkjO_xrxaxFxTrjLn9gI1rYUNFshHxqncQxvPlbqcy1Oc_0EIRY_dThj_MnVj69GmSoRqtDc-5ZhAFdZystienmUg90tXtj_hyphenhyphenJYB-XJUD5er8H6B80omonBNb/s1600-h/Dads+Rental_April+22_2007+005_plate+blur.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4NFw6A1M7YLcgMx1aKvMkjO_xrxaxFxTrjLn9gI1rYUNFshHxqncQxvPlbqcy1Oc_0EIRY_dThj_MnVj69GmSoRqtDc-5ZhAFdZystienmUg90tXtj_hyphenhyphenJYB-XJUD5er8H6B80omonBNb/s200/Dads+Rental_April+22_2007+005_plate+blur.jpg" alt="" id="BLOGGER_PHOTO_ID_5318080653814557986" border="0" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKim6JiSEEed3nNFj-dMW5bBecOOcPRwpS68YGjAKTp62jH-2pe7vu2avQxinyPe_qyDKIRlk9o_c_exyZ_h_-sq_W3SRHLGQncTTHEB_Le8wXiyu-YsX40VFJU30b5_7SHCLCssWjNZI9/s1600-h/louis-vuitton-cutlass.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 132px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKim6JiSEEed3nNFj-dMW5bBecOOcPRwpS68YGjAKTp62jH-2pe7vu2avQxinyPe_qyDKIRlk9o_c_exyZ_h_-sq_W3SRHLGQncTTHEB_Le8wXiyu-YsX40VFJU30b5_7SHCLCssWjNZI9/s200/louis-vuitton-cutlass.jpg" alt="" id="BLOGGER_PHOTO_ID_5318066211898354114" border="0" /></a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQGG6617IKFvoJQFoYZJ4nqdWzfWsfFJdR5dqZpLZWiPEqAqTskRbCX3-OIXeF_cyPaQ2TKeoykEV8xvjqhNh_VrBLRZ4Of2NGbYv1hqIzVgbQE90UQbAjS1ykXJon9VfUTN1nZRWzPQO_/s1600-h/hello_kitty_streetracer.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQGG6617IKFvoJQFoYZJ4nqdWzfWsfFJdR5dqZpLZWiPEqAqTskRbCX3-OIXeF_cyPaQ2TKeoykEV8xvjqhNh_VrBLRZ4Of2NGbYv1hqIzVgbQE90UQbAjS1ykXJon9VfUTN1nZRWzPQO_/s200/hello_kitty_streetracer.jpg" alt="" id="BLOGGER_PHOTO_ID_5318066204905211170" border="0" /></a><br />Rob T Firefly suggested we get a <a href="http://en.wikipedia.org/wiki/De_Lorean_DMC-12">DeLorean </a>for the OpenOtto demo. Awesome idea! Love it. If we come across one, we'll make a go for it.<br /><br />However, here are some suggestions of what the demo should NOT be. Although they might attract more girls to the computer hacker scene, these cars are not cool.<br /><br />Even though the guy with the 89' Oldsmobile Cutlass Sierra <a href="http://www.neatorama.com/2008/03/10/ghetto-chic-the-oldsmobile-cutlass-sierra-louis-vuitton-limited-edition/">Louis Vuitton Limited Edition</a> looks pretty fly, this doesn't quite say, "Give us VC funding, please" but, instead, "I'm a bad knock-off."<br /><br />The Ferrari...it's just so wrong. This doesn't say, "I'm so hot, give me a speeding ticket," as Ferrari's should, but, "This is my teenage daughter's car." Instead, <a href="http://www.carforums.net/reviews/makes/pictures/Ferrari10.jpg">this is the Ferrari </a>OpenOtto would be willing accept as a donation to the open source project. If you've ever ridden in a Ferrari and driven so fast along winding mountaintop roads in Italy that there is FIRE coming out of the tailpipe and you're pinned into the racing seat, you'd understand why my vote is for a sports car. <a href="http://www.youtube.com/watch?v=fQn3FCIHLAQ">I like fast cars that go boom.</a><br /><br />The last picture is one I took of a wimpy <a href="http://www.jeep.com/en/2008/liberty/">Jeep Liberty</a> on my driveway during mud season. Indeed, it took TWO Land Rovers to tow out the Liberty. No wimpy SUVs--this is a going-to-the-mall car. Thank goodness it was a rental. It had mud coming in the doors by the time we got it out of there. I was told that, when it was returned to the Portland, Maine airport car rental office, the guys receiving the car stood in disbelief as they saw the mud on and in the car. Instead, we vote for an <a href="http://en.wikipedia.org/wiki/File:Hummer_H1_mud_1.jpg">H1 </a>as our off-roading vehicle demo car. If we can't have that, we'll stick with the 2003 <a href="http://en.wikipedia.org/wiki/Land_Rover_Discovery">Land Rover Discovery</a> it's in now because it really can go anywhere. In fact, we've taken it there and back.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-76117557402172789862009-03-26T22:49:00.003-04:002009-03-26T22:56:58.162-04:00If OpenOtto could have a demo car, what should it be?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qbh38Lw8_Nhaq1vSEv36sShEQpVjGbSdlFNg14JbAaVeuYqGoM9Q9W2181aH_FCS_3R2-X_cALU4NRAGLPQI1qZjE32-xPngwQlCShWvgitUcbAlQ4RsqGZYCbO2BXx2DHLpU2ASVEqd/s1600-h/kitts.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 74px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3qbh38Lw8_Nhaq1vSEv36sShEQpVjGbSdlFNg14JbAaVeuYqGoM9Q9W2181aH_FCS_3R2-X_cALU4NRAGLPQI1qZjE32-xPngwQlCShWvgitUcbAlQ4RsqGZYCbO2BXx2DHLpU2ASVEqd/s200/kitts.jpg" alt="" id="BLOGGER_PHOTO_ID_5317695907416736898" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><o:p></o:p> <p class="MsoNormal">We’ve been watching <i style="">Knight Rider</i>. (Actually, we have been since the 80s, so that probably dates us.) We’ve recently been having some fun debates about a dream demo car for OpenOtto. Of course, we’re just scraping by now and absconding with junk parts from cast-offs and running OpenOtto on a 2003 Land Rover, but if a dream could come true, what would be the coolest car OpenOtto’s software and hardware could control? <span style=""> </span>Would it be an off-roading SUV, a sports car, or a muscle car?
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Because <i style="">Knight Rider</i> was an inspiration, one of the demos has to be an American muscle car. There will always be some who believe the original <i style="">Knight Rider</i>¸ a 1982 Pontiac Firebird Trans Am, will be the only true KITT. If you ever wondered if KITT really had a blood analyzer, Ski Mode, or an electromagnetic field generator, here are all of <a href="http://knightrideronline.com/wiki/doku.php?id=knight_industries_two_thousand">the technical specs</a> for KITT from the 1980s series. <span style=""></span><o:p></o:p><span style=";font-family:";font-size:12;" >We should have attended the <a href="http://knightriderfestival.com/">Knight Rider Festival</a> last week in <st1:city st="on"><st1:place st="on">Las Vegas</st1:place></st1:city>. Both the new and old KITTs were demoed along with hobbyists displaying their tribute cars.
<br /></span></p><p class="MsoNormal"><span style=";font-family:";font-size:12;" >
<br /></span><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--></p><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">The new <i style="">Knight Rider</i> series features a Ford Shelby GT 500 KR Mustang. With Val Kilmer as the new KITT voice, the car sounds and looks HOT. If you want to keep watching the new <i style="">Knight Rider</i> TV series, you must be proactive and <a href="http://knightrideronline.com/knight_rider_2008/campaign/">sign a petition</a> to keep the show going. Why not? It’s cooler, hacker-ish, and more techie than the dozens of boring doctor and lawyer shows now on prime time TV.<o:p></o:p></p><p class="MsoNormal">
<br /><o:p></o:p></p><p class="MsoNormal"><o:p></o:p><span style=";font-family:";font-size:12;" >But one thing is for sure, when we do professionally demo a car controlled by OpenOtto, <span style=""> </span>the developers must wear their <a href="http://astore.amazon.com/knightrideron-20/detail/B000H8J26S/176-5662791-5474950">Michael Knight costumes</a>. (Sorry, these hokie things are part of what start-ups make their employees do). But I think I’ll opt for <a href="http://en.wikipedia.org/wiki/The_Dukes_of_Hazzard">Daisy Duke</a>’s outfit even though the 1969 Dodge Charger <i style="">General Lee</i> always seemed to be broken down, didn’t it? KITT would leave <i style="">General Lee</i> in the dust and then go on to hack some wicked encrypted world computer networks any day! Hack on, KITT!</span>
<br /></p>Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com1tag:blogger.com,1999:blog-1421948774204378624.post-47680630338871313542009-03-22T23:15:00.006-04:002009-03-22T23:36:44.203-04:00SOURCE Boston 2009 – Part Four<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9USvBvAibU2FmAQMRz9k_uNfFXw3yyog0RZafsHU-O7n4aMB2ib9JaEySNXFGicL_MebmlxjZUzkI1FFNOWzphqj123HsLjkZHYBPCUPRr0y8BaD0UVU13n5ThCvNocrEZO4gK2AYO6mI/s1600-h/ODB2+Hack_console_Travis+Goodspeeds+photo.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9USvBvAibU2FmAQMRz9k_uNfFXw3yyog0RZafsHU-O7n4aMB2ib9JaEySNXFGicL_MebmlxjZUzkI1FFNOWzphqj123HsLjkZHYBPCUPRr0y8BaD0UVU13n5ThCvNocrEZO4gK2AYO6mI/s200/ODB2+Hack_console_Travis+Goodspeeds+photo.jpg" alt="" id="BLOGGER_PHOTO_ID_5316218965879926162" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:1673144708; mso-list-type:hybrid; mso-list-template-ids:-263051488 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:39.0pt; mso-level-number-position:left; margin-left:39.0pt; text-indent:-.25in; font-family:Symbol;} @list l0:level2 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:75.0pt; mso-level-number-position:left; margin-left:75.0pt; text-indent:-.25in; font-family:"Courier New";} ol {margin-bottom:0in;} ul {margin-bottom:0in;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">The second day started with getting up “early” so I could see <a href="http://rationalsecurity.typepad.com/">Christofer Hoff</a> discuss the vulnerabilities associated with outsourcing your prized possessions to cloud computing networks. It was definitely worth dragging myself out of bed. Chris is another AWESOME presenter. Peppered with a few early morning f-bombs (which, according to one of my students, is KEY to getting venture capital financing [?]), it was a riveting presentation and had visually appealing slides. I can take guidance from his method of presenting when he spoke to Twitterers in the crowd declaring that none of his 75 slides contained more than 160 characters per slide (and eerie, cool pictures of frogs). Most significantly, what I took from his presentation were some ideas about securely storing and accessing intellectual property from cloud computing networks. Some of those ideas I abstracted into search and seizure principles and incorporated some new research ideas into the CFP abstract for <a href="http://www.brucon.org/">Brucon</a> which, incidentally, was submitted at a witching hour Sunday night by me and my research partner, <a href="http://twitter.com/myrcurial">Myrcurial</a>, in Toronto. <span style=""> </span>Thanks for the inspiration, Chris!</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Later that day, the disclosure panel was one of the talks I really wanted to see at Source. I have done research on this topic and was delighted to hear Ryan Laraine asking Dan Kaminsky, Ivan Arce, Dino Dai Zovi, Alexander Sotirov, and Katie Moussouris debatable topics such as:</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal" style="margin-left: 39pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style="font-family:Symbol;"><span style="">·<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->What’s enough time to give the vendor?</p> <p class="MsoNormal" style="margin-left: 39pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style="font-family:Symbol;"><span style="">·<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->Should there be a partial disclosure committee to prevent the purgatory Kaminsky endured with his DNS bug?</p> <p class="MsoNormal" style="margin-left: 39pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style="font-family:Symbol;"><span style="">·<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->Should there be civil liability for companies putting out insecure products?</p> <p class="MsoNormal" style="margin-left: 39pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style="font-family:Symbol;"><span style="">·<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->What about disclosing security vulnerabilities that effect devices where lives could be at stake?</p> <p class="MsoNormal" style="margin-left: 39pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style="font-family:Symbol;"><span style="">·<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->What if people discover vulnerabilities in safety-critical software such as in cars? </p> <p class="MsoNormal" style="margin-left: 75pt; text-indent: -0.25in;"><!--[if !supportLists]--><span style=";font-family:";" ><span style="">o<span style=";font-family:";font-size:7;" > </span></span></span><!--[endif]-->What if someone reverse engineers the protocols in cars and hacks car computer networks? (gasp!) </p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">
<br /></p><p class="MsoNormal">These are all topics I have researched and debated with my colleagues. That’s another blog posting, but I was delighted to see some independent researchers debating this issues along side representatives from large companies. The resources and vulnerability response time small and large companies can respectively allocate toward patching a vulnerability is significantly different and was evident in the way the panelists answered these questions.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I left the panel after an hour into it so that I could show off <a href="https://secure.area49.net/openotto/">OpenOtto’s hacked car computer</a> that was in the garage of the Seaport. (I had to silently laugh and saw Dan steal a glance at me in the crowd during all of the hacked car computer discussion during the disclosure panel when, all along, there was one sitting in the hotel’s garage! The “what if” discussion is now moot.) I drove the hacked Land Rover to the Source conference to share this open source project with some like minded hackers like Joe Grand and Travis Goodspeed and demoed it before Joe left for the airport.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I showed Joe and Travis how the OpenOtto team reverse engineered the protocols in car computers allowing us to access any car’s computer. <span style=""> </span>Automotive networks follow an OSI model, so OpenOtto was designed to be like an operating system for the car—all developers have to do is write high-level applications on top of the stack and they will operate with the car’s computer using OpenOtto hardware and software.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Source was the <a href="http://www.flickr.com/photos/travisgoodspeed/3351125944/">debut of OpenOtto’s prototype board</a> which successfully outputted a handful of performance characteristics to a laptop connected, via the prototype board, <a href="http://www.flickr.com/photos/travisgoodspeed/3351126714/">to the OBD 2 port</a>. This is more than a scan tool and can be used to tweak performance and output A LOT of real-time parameters about the performance and error codes for all cars. This particular prototype board could output 1 of 4 of the ISO 9141 physical layer. In a couple of weeks, a device will be complete that will run all 4 physical layers using an ARM processor. (Note: At the conference, it was MOST car computers except for GM, Ford, Chevy and cars newer than 2008, but soon it’s EVERY car. Only 1 of 4 physical layers were done at the conference, but all are being done now).</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">After the disclosure panel, I dumped my computer equipment in Dan Kaminsky’s room and went to join him, Travis, <a href="http://www.defcon.org/html/defcon-15/dc-15-speakers.html#Disclosure">Ian Robertson</a> and a co-worker from <a href="http://www.rim.com/">RIM</a> for dinner at the <st1:place st="on"><st1:placename st="on">Atlantic</st1:placename> <st1:placename st="on">Beer</st1:placename> <st1:placetype st="on">Garden</st1:placetype></st1:place>. I/O Active’s party with free drinks and food immediately followed, so we stayed there until almost closing time. From there, we went to Lucky’s Bar until that place closed. At that late hour and with the Rover on almost “Empty”, I doubted I could safely find a gas station open at that hour, so I decided to stay in <st1:city st="on"><st1:place st="on">Boston</st1:place></st1:city> until dawn. <span style=""> </span></p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal">We didn’t get to see Dan Kaminsky, <a href="http://www.seattlepi.com/local/373426_insecure04.html">savior of the Internet…in his super hero tights</a>, but we did finish the night by getting my computer equipment and <a href="http://www.flickr.com/photos/travisgoodspeed/3350319321/">busting in on Dan in his hotel room</a> while he was dorking out on his computer just a few hours before he had to catch a flight somewhere. From there, I was happy to crash for an hour of sleep on a couch in a suite before I had to drive back to <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state> at the ungodly hour of 5 am. (Thank you, suite host, for your hospitality, your pillows, and your duvet.)
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Until next year, thanks SOURCE <st1:city st="on"><st1:place st="on">Boston</st1:place></st1:city> organizers for making it such an interesting, informative, and fun conference!
<br /></p><p class="MsoNormal"> </p><p class="MsoNormal">
<br /></p><p class="MsoNormal">(Picture, by Travis Goodspeed, is of OpenOtto's demo board on the upper left corner on console. <span style="font-style: italic;">Toy Story</span> Alien is not part of OpenOtto)
<br /></p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-53779935647376013072009-03-18T15:14:00.007-04:002009-03-22T23:41:15.767-04:00SOURCE Boston 2009, Part Three<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGD6JrZmF8pn-5ocNeak9gmky2YO9wvdcBBjxz76O9XKdSAbWDNc9Uiy1dVaKFNIeQMTJ0qtmeCYSXUGpU5qXUzrQqmQItzeegE42gqtfilx7zaAa0z46mQX9jQ8TCgm2AypMl77uS0WpT/s1600-h/ODB2+Hack+Screen+Shot_Travis+Goodspeeds+Photo.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGD6JrZmF8pn-5ocNeak9gmky2YO9wvdcBBjxz76O9XKdSAbWDNc9Uiy1dVaKFNIeQMTJ0qtmeCYSXUGpU5qXUzrQqmQItzeegE42gqtfilx7zaAa0z46mQX9jQ8TCgm2AypMl77uS0WpT/s200/ODB2+Hack+Screen+Shot_Travis+Goodspeeds+Photo.jpg" alt="" id="BLOGGER_PHOTO_ID_5314610554430624738" border="0" /></a>
<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUJeAk6h_R0wsGvjXw8w0-_rLhoBJwkcJBbDkj0Ap-IqwFuZdExb_Lf1e7N6F_pbPl4NSVnyXZHBEV58hoMqgkgTppoi1VQvwbhyV9W3anwI3hJftu4SkVSo9eFQdXjV830a8vJCCzxRhX/s1600-h/ODB2+Hack_computer_Travis+Goodspeeds+photo.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUJeAk6h_R0wsGvjXw8w0-_rLhoBJwkcJBbDkj0Ap-IqwFuZdExb_Lf1e7N6F_pbPl4NSVnyXZHBEV58hoMqgkgTppoi1VQvwbhyV9W3anwI3hJftu4SkVSo9eFQdXjV830a8vJCCzxRhX/s200/ODB2+Hack_computer_Travis+Goodspeeds+photo.jpg" alt="" id="BLOGGER_PHOTO_ID_5314610554705608482" border="0" /></a>
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Later during the first day, two of my friends, Dan Kaminsky and Travis Goodspeed, were presenting at Source, but at the same time! Similar to the only two higher-education talks, either I had to make a tough choice or do a 50/50 split which is what I did—I started with Travis and finished with Dan.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><a href="http://www.flickr.com/photos/travisgoodspeed/3351140726/">Belt buckle!</a> When I think of <a href="http://travisgoodspeed.blogspot.com/">Travis</a>, this is what comes to mind including the word and the philosophy behind “neighborly” which is what Travis truly is. In addition to having established a reputation for the <a href="http://www.flickr.com/photos/travisgoodspeed/2919366922/in/set-72157608251717888/">party mode</a> on his belt buckle in the shape of <st1:state st="on"><st1:place st="on">Tennessee</st1:place></st1:state> (the only neighborly state, he says) and having <a href="http://www.flickr.com/photos/travisgoodspeed/3147097415/in/set-72157608251717888/">notable</a> <a href="http://www.flickr.com/photos/travisgoodspeed/3147098213/in/set-72157608251717888/">people</a> holding the belt buckle (anywhere <a href="http://www.flickr.com/photos/travisgoodspeed/3336831399/in/dateposted/">BUT</a> as a belt buckle), he’s one of the most brilliant hardware hackers I’ve encountered. If there is a hardware device that can be sniffed or fuzzed, you know that Travis can do it. Want to talk about hacking the <a href="http://en.wikipedia.org/wiki/Clipper_Chip">Clipper Chip</a> encryption? Travis is probably already working on it.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">His presentation at Source was about how the private sector or governments can use wireless technologies for good applications. One interesting example is having smart land mines that will only turn on during the advance of an enemy and can turn off or be signaled to self destruct after their need is over thus eliminating the danger of live mines. I caught the beginning of his presentation and then ducked out half-way through to hear the end of Dan’s. What I missed was Travis discussing new exploits on the TI chip. I’m eagerly waiting for more info. about this on <a href="http://travisgoodspeed.blogspot.com/">his blog</a>.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Dan Kaminsky is best described as a mix of brilliance and “<a href="http://www.flickr.com/photos/travisgoodspeed/3350316243/">let’s get this party started</a>” when you see those <a href="http://dakami.smugmug.com/gallery/6976677_WzMBs#446529461_Qc6tX-A-LB">horns thrown up</a>. There are numerous <a href="http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=all">articles</a> describing his DNS vulnerability research and discussions about how he handled it using partial disclosure, but for someone who described how he “broke the Internet”, he is exemplary for giving vendors time to fix it and showing them how. When I describe to my computer science students the kind of hacker that’s actually doing something about making stuff more secure and not just trying to find the next big vulnerability to boost his credibility in the community, Dan is it. Humble, friendly and one of the best public speakers I’ve ever seen, he’s able to engage the audience about something as specific and technical as DNS for a full two + hours. His analogies are also legendary. Seriously, how many technical people do you know who can do all that?<span style=""> </span>If he can <a href="http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=all">describe DNS to his grandmother</a>, he can tell you (the <st1:place st="on"><st1:country-region st="on">US</st1:country-region></st1:place> government, SysAdmins, and your company’s recalcitrant IT guy) why it’s a big deal and you should patch today. No, really yesterday.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The first day of sessions ended after Dan’s and Travis’ presentations, but the day didn’t end there and went long into the evening. I met a group of other conference attendees at the <st1:place st="on"><st1:placename st="on">Atlantic</st1:placename> <st1:placename st="on">Beer</st1:placename> <st1:placetype st="on">Garden</st1:placetype></st1:place> for dinner. From there, we went to the Source party which included techno, strobe lights, and a smoke machine like any good hacker party should! I got to meet some of the other (five, I think!) women at the conference including <a href="http://www.sourceconference.com/index.php/source-boston-2009/boston-2009-team">Stacy Thayer</a>, conference founder and organizer. Dan Guido’s potato made some rounds and got decorated with feathers, signatures, and carvings. When that party wound down, I joined Travis Goodspeed, Dan Kaminsky, Marty Roesch, <a href="http://www.ioactive.com/teambios.php">Jennifer Steffens</a> (from <a href="http://www.ioactive.com/">I/O Active</a>) in a quest for a mythical party at MIT, but ended up closing the bar, appropriately, at <a href="http://www.miracleofscience.us/">The Miracle of Science</a> in the MIT vicinity with Dan and Travis.
<br /></p><p class="MsoNormal">
<br /></p><p class="MsoNormal">(Photos, taken by Travis Goodspeed, is a screen shot of tcp dump output from the network on the OpenOtto Project Land Rover at Source. Right now, it's running on a laptop on the dash, but we're scrambling for cash to buy a touch screen dash mounted monitor.)
<br /></p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-34356263452533207252009-03-17T11:06:00.008-04:002009-03-22T23:42:49.038-04:00SOURCE Boston 2009, Part Two<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPJ8bVXRQiZevlXZlqI_yLv2xyhaMor_J4Mumza5WN69L-XA8GygwUMrAjj9pANcw-Vvq9CHWT5yS2_JrtkUUCIO-Vh7ItdLOw2C1-jmAhEDCA2oim5R80PDnBB7itgcSR77UEko5uaJvm/s1600-h/Travis+Goodspeed_source+boston_2009+002.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPJ8bVXRQiZevlXZlqI_yLv2xyhaMor_J4Mumza5WN69L-XA8GygwUMrAjj9pANcw-Vvq9CHWT5yS2_JrtkUUCIO-Vh7ItdLOw2C1-jmAhEDCA2oim5R80PDnBB7itgcSR77UEko5uaJvm/s200/Travis+Goodspeed_source+boston_2009+002.jpg" alt="" id="BLOGGER_PHOTO_ID_5314174693605717234" border="0" /></a><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">From Dan Guido’s presentation, I went to <a href="http://securitysauce.blogspot.com/">Marty Roesch’s</a> talk titled, “From NASDAQ to the Garage with Open Source: <a href="http://www.sourcefire.com/">Sourcefire’s</a> Experience.” Not only is Marty a fantastic speaker, but his experience with open sourcing Snort is the best example I can find answering the question of how a company that embraces sharing code can be successful.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I am constantly asked by investors: “Where is the money with open source/free software?” Instead of my usual retort which used to be, “<a href="http://www.redhat.com/">RedHa</a>t”, I’m now going to say, “Sourcefire!” Marty’s open source release of Snort’s code is a great business model and better in the sense that it’s applicable to companies that do not have as much of a service component to generate revenue but who want to produce a product. There is significant value in putting out a box containing your code that’s akin to a plug and play device as opposed to downloading the open version and having to have more of a technical background to fully make use of all of the features.
<br /></p><p class="MsoNormal">
<br /></p><p class="MsoNormal">There is is also value and, as Travis Goodspeed would say, a <i style="">neighborly</i> interest in sharing your code and hardware designs to spark innovative products that will work with your code and, hopefully, foster something akin to an industry standard if you’re lucky. If not that lucky, you still have a product that a lot of people are using which creates a built-in user base, contribution to bug reports (and, I argue, better security because of this) and a reputation based upon a community that cares about quality code and hardware design.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Later that night at the Source party, I spent at least an hour talking with Marty about other lessons learned about organizing and funding an open source company. One of the most important aspects about which we both agree is the necessity to defensively patent. I know that many in the open source/free software community don’t think that patents are useful and are the antithesis of open/free releases, but if you talk to Marty about how a patent troll almost messed up their <a href="http://www.google.com/finance?client=ob&q=NASDAQ:FIRE">IPO</a>, you’ll see how unethical patent attorneys buying up IP at fire sales are part of the problem with the patent system because they inhibit innovation and entrepreneurship. I know of a few companies this happened to and they ended up going out of business as a result of <a href="http://en.wikipedia.org/wiki/Patent_troll">patent trolls</a>. My advice to entrepreneurs with open source/free software: Patent and then license with <a href="http://www.gnu.org/licenses/gpl-2.0.html">GPL version 2</a>! Defend yourself against <a href="http://lordoftheringsonline.files.wordpress.com/2007/08/troll-from-lotr.jpg">evil trolls.</a></p><p class="MsoNormal"><a href="http://lordoftheringsonline.files.wordpress.com/2007/08/troll-from-lotr.jpg">
<br /></a> </p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">(Photo is of Travis Goodspeed doing a demo at SOURCE <st1:city st="on"><st1:place st="on">Boston</st1:place></st1:city> using hypodermic needles as oscilloscope leads to sniff a Zigbee wireless sensor’s SPI port. Wireless traffic relies upon an encrypted key being sent to the CC2420 radio chip and <a href="http://www.flickr.com/photos/travisgoodspeed/3351125516/">tapping two pins</a> [see Travis’ detailed photo] exposes the key)</p>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]-->Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-63296220329354123892009-03-17T00:03:00.008-04:002009-03-22T23:44:23.243-04:00SOURCE Boston 2009, Part One<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAO6agyxFOXBsUpT_nXzbQNuKSLv05OcfWfzApV8b6Xd-7FWbaG6uXNGs5hfq9fMPr5L0koDvH6bvzuCz7KmGx-eP1K7SEPb-IFiSPo5-JTONWoCvBleSfNMovEA4YSWaZiPkfrq-PqCV-/s1600-h/Travis+Goodspeed_potato.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 150px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAO6agyxFOXBsUpT_nXzbQNuKSLv05OcfWfzApV8b6Xd-7FWbaG6uXNGs5hfq9fMPr5L0koDvH6bvzuCz7KmGx-eP1K7SEPb-IFiSPo5-JTONWoCvBleSfNMovEA4YSWaZiPkfrq-PqCV-/s200/Travis+Goodspeed_potato.jpg" alt="" id="BLOGGER_PHOTO_ID_5314003138249877298" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">Recently returning from Source Boston 2009, I am still basking in enlightenment and the excitement of meeting brilliant computer security professionals in the relaxed, small atmosphere at the Seaport Hotel. Without fail, I’d sit down at lunch or in the lounge and be discussing computer architecture or be debating how information security professionals can improve their craft.
<br /></p><p class="MsoNormal">
<br /><span style=""> </span></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">After a high speed dash in the snow from Southern Maine to <st1:city st="on"><st1:place st="on">Boston</st1:place></st1:city>, I just made <a href="http://www.grandideastudio.com/about/">Joe Grand’s</a> presentation and didn’t regret white-knuckle driving. Joe was a co-host of <i style=""><a href="http://dsc.discovery.com/tv/prototype-this/prototype-this.html">Prototype This</a> </i>on the Discovery Channel. Who wouldn’t want his job?!<span style=""> </span>Having a hacker space warehouse near the water in <st1:city st="on"><st1:place st="on">San Francisco</st1:place></st1:city> with a group of buddies making stuff—how cool! However, hearing about the behind-the-scenes difficulties that the viewers didn't see was informative. With only about $13,000. in cash per build which was to take two weeks, after knowing this, I have even more appreciation for the engineering feat with which those guys pulled off those builds. What would you do if you had Joe’s job and the producers wanted things that had never been done before, for a little amount of cash, and in two weeks? Sounds like a lot of stress, but <i style="">beautiful</i> stress. If I had his job, I think I’d have long days—some frustrating when my stuff didn’t work—but I’d go to bed every night thinking, “Yes…I am paid to tinker with stuff in a workshop that’s every geek’s dream--life is good!” By seeing Joe’s enthusiasm and broad smile when he’d describe the design and build stages and his co-host team, I suspect he feels similarly.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Right after Joe’s presentation, I went to hear <a href="http://isisblogs.poly.edu/people/dan-guido/">Dan Guido</a> from NYU/Poly present on “So You Want to Train an Army of Ninjas...”<span style=""> </span>The way in which he has added penetration testing into a traditional computer science curriculum is exemplary and a model I hope to adopt for the <a href="http://usm.maine.edu/cos/">University of Maine’s computer science</a> curriculum. Teaching about the importance of engineering security from the first line of code to the final testing phase is crucial to providing computer science professionals with the skills they need to compete in this competitive employment environment and to responsibly design better software and hardware products for the market.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I’m tired of hearing about ridiculous vulnerabilities that were the fault of a lazy software engineering where the most important aspect in the design was, “Does it work?” Going beyond just making the code work is what Dan teaching his students. By hands–on methods teaching students how vulnerable stuff can be broken and then learning how to fix it, he’s not only teaching them about what happens if you design broken crap and its vulnerability is exposed, but consequences if you’re the one who put the crap out there in the first place. Better yet, he has released all of his course materials online to share with anyone interested in creating a better computer science curriculum. Thank you, Dan! As a side note, he has also started something of a crazy tradition at Source Boston (or so he told me!) with a <a href="http://www.flickr.com/photos/travisgoodspeed/3351127382/in/dateposted/">potato being passed around</a>. <a href="http://www.doxpara.com/">Dan Kaminsky</a> (in the background in photo) got it next. Ah, the fun of hanging with the techie crowd—it’s funny that after hours the humor is often associated with anything BUT technical things. But I still don’t get it—why a potato? </p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-80445194389549040702009-01-19T16:46:00.015-05:002009-01-19T17:22:03.617-05:00Strong Patent Protection? FTC Public Hearings and the EFF Challenging PatentsThe <a href="http://www.cpaglobal.com/ip-review-online/3177/us_ftc_goes_public_on_patents">FTC is holding public hearings</a> on the 11th and 12th of Feb., 2009, in Washington, D.C. The discussion topic will be whether patents and other strong IP protection and licensing stimulates or stifles innovation. Whether or not I attend the hearings, I'm going to submit a comment that will go on the public record.<br /><br />The <a href="http://www.ftc.gov/bc/workshops/ipmarketplace/">FTC's solicitation for opinions</a> is as follows: "In an announcement, the FTC said: 'Changes and proposed changes in the law, together with evolving business models for buying, selling and licensing IP, could significantly influence a patent's economic value and the operation of the IP marketplace. The hearings will consider the impact of these changes on innovation, competition and consumer welfare.' It added: 'The commission seeks the views of the legal, academic and business communities on the issues to be explored at the hearings.'"<br /><br />Other significant IP news is that <a href="http://www.cpaglobal.com/ip-review-online/3186/eff_triggers_sixth_reexamination">EFF</a> is getting some great work done by having some patents re-examined and possibly overturned. It's extremely difficult to have a patent reexamined after it has been issued, so I applaud EFF's efforts.<br /><span style="color: rgb(136, 136, 136);"><br /></span>Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-72898174155187517342008-12-09T22:46:00.003-05:002008-12-09T22:58:12.854-05:00Discussion with Nick Farr, HacDC<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><o:p></o:p> <p class="MsoNormal">I was in the D.C. area in late November and couldn’t resist stopping in to meet the <a href="http://hacdc.org/">HacDC</a> guys and see the space. The evening started with <a href="http://www.flickr.com/photos/yarnivore/2713176137/">Nick Far</a><a href="http://www.flickr.com/photos/yarnivore/2713176137/">r</a> inviting me to a <a href="http://dorkbot.org/dorkbotdc/">DorkBot</a> presentation at <st1:place st="on"><st1:placename st="on">George</st1:placename> <st1:placename st="on">Washington</st1:placename> <st1:placetype st="on">University</st1:placetype></st1:place>. Alden Hart, CTO of <a href="http://www.tenmilesquare.com/">Ten Mile Square</a> gave a great presentation about his LED projects. This was one of the most comprehensive technical presentations I’ve seen that encompassed everything from where to buy the parts, where to ship the PCBs for fabrication, to discussing details of the software and hardware designs. I'm thrilled he's going to release his hardware designs as open source. </p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">From there, we went to Froggy Bottom for sub-par pub food, but like most hacker group outings, the company was what was outstanding. Late—sometime around 11PM—we wrapped up the dinner and a group of us went to Nick Farr’s apartment (he has CASES<span style=""> </span>of <a href="http://en.wikipedia.org/wiki/Club-Mate">Club-Mate</a>!) and then to HacDC. While we were there tapping into his Club-Mate stock (entire fridge full of it, too), out of his closet he pulled out a really old computer with an acoustic coupler. I’d never seen one that old because back in the 80s when we had 30+ phone lines going into our suburban D.C. house, we just had racks of slow modems, but none had couplers. He’d salvaged it for hacDC.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">On the ride over to HacDC, I was able to ask Nick specific questions about the organizational structure, management, and financing the space. Because I was driving, I wasn’t able to take specific notes as I was when I talked to Far of Hacktory, so don’t take this verbatim—especially the costs.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I first asked Nick about the name. It includes “hac(k)” which, in my experience with some hacker spaces, is a turn-off for some participants. <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state>’s hacker space is struggling with this, too. <span style=""> </span>His response: if they don’t like hack, then they don’t really understand what we do here and this might not be the best organization for them to join. He said that “hack” in the name clearly separates the organization from other group work spaces, like co-working. However, he also said that some members solely have numbers assigned to them because of the need to remain anonymous because there are still some <span style=""> </span>businesses that shun associations with anything related to hackers.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The space was amazing! So far, this is the most complete hacker space I’ve seen. What’s also interesting is their location. A church has rented out space to non-profits and hacDC has a loft space. One side of the space is all shelving for storage and it’s packed. I saw some old payphones, an old PC being used as a ballast for a huge rotating white board, five Geiger counters (which I relished being able to play with), table saws, old modems, and tons of computers. Tables are in the middle of the room to be used for projects and Tim proudly told me, “We even have our own bathroom!” as he gingerly took some drinks out of the fridge.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">We discussed that they only have one fee structure which is about $40/month and have around 40 active members. For a large city and even larger technological suburbanite community, I understand how they can draw so many members. They have also started hacker-theme movie nights and will be offering educational classes. It seems as if they have weekly events which is very cool they can do that. <span style=""> </span>I cannot wait to go back to hacDC during Shmoocon, the next time I’ll be in the D.C. area. That seems like an awesome place to be during the conference evenings. Love it, love it! </p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-68986065431112720652008-12-08T00:07:00.006-05:002008-12-08T00:15:10.988-05:00We Won Venture Capital Pitch Contest!The venture capital pitch competition was held last Thursday night at Pace University’s Business School in NYC. What a fun event! I started the pitch about something that most people like, <a href="http://www.youtube.com/watch?v=lkbYFmhZ8pk">fast cars</a> and computers. I used <span style="font-style: italic;">Knight Rider</span> as a theme for the pitch. I then briefly outlined the technical capabilities about what it can do now and what it will do with some VC money when the prototype is built-out. Slides with more technical info. were shown behind me as I described how the team did it and what we’d like to do with it in the future. During the Q&A, I addressed how much money we’re looking for ($30K just to build-out the prototype).<br /><br />The majority of the judges were VCs and one like it. I met with him the following evening along with the President of a car computer company that has related, but not similar, products. They liked the idea and said the market is huge, but didn’t like the reverse engineering and brute forcing the protocols that we’ve done. Although that has been a valid and legal business model in the past (Compaq did it to IBM), the VCs want it done with licenses and defensive patenting. We might be able to do it like that as long as we don’t lose the open source/free software platform. We’re talking.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-12483490500569982782008-12-01T23:22:00.006-05:002008-12-01T23:38:58.186-05:00Finalist for Pace University Venture Capital Pitch Contest<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSpe7d1k2BDVPqKkIEiLEg800_soWI3zg7iuAy5vRahg68eq43MAeqbwcY7vTGkK7Dh4yAEqiOAZRuz5ua1PeQabBY4yc-tP2GlRELAS5gzxjIpg1gsKXIsDDvEFSqQ7J-RnXPvU-OWzdf/s1600-h/Knight+Rider_Kitt1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSpe7d1k2BDVPqKkIEiLEg800_soWI3zg7iuAy5vRahg68eq43MAeqbwcY7vTGkK7Dh4yAEqiOAZRuz5ua1PeQabBY4yc-tP2GlRELAS5gzxjIpg1gsKXIsDDvEFSqQ7J-RnXPvU-OWzdf/s320/Knight+Rider_Kitt1.jpg" alt="" id="BLOGGER_PHOTO_ID_5275045542813456866" border="0" /></a><br />We made it! OpenOtto is a finalist in a competition for venture capital financing of a new product. I'm off to NYC for the Thursday night presentation. I've been busy working on the presentation, but here is the winning pitch that got OpenOtto into the finals:<br /><br />"You don’t have to be David Hasselhoff in Knight Rider to have your car talk to you. OpenOtto is a platform for developing vehicle aware products for the consumer and industrial markets. While it will not ask you how you’re doing this evening, most people don’t realize how much information your car’s computer can tell you. OpenOtto consists of a hardware interface to your car's OBD II connector as well as an extensible software platform for communicating with all networked electronic devices in the car. Designed for flexibility and scalability, it is easily expandable to future vehicle capabilities.<br /><br />OpenOtto consists of two products targeted to different markets. The first is a car computer that acts as an interface between your car's computer and a 4" x 8" touch screen display that attaches to your dashboard. The interface shows easy to understand graphical output from your car's computer including, but not limited to, standard OBD II output: coolant temperature, engine speed, oxygen sensor readings, and emission related trouble codes. Advanced features include outputting suspension control, anti-lock/traction control, and air bag status.<br /><br />Additional safety and security features include a remote start and kill feature for anti-theft or convenience, display warnings to users when the transmission begins to fail, individual wheel speed indicating wheel slippage, and real-time engine performance monitoring.<br /><br />The second product is priced lower for the general consumer. It includes the ability to attach any cell phone with GPS to OpenOtto. Once attached, the car's computer will text message someone (e.g., a parent) if the car exceeds a certain speed and GPS coordinates will be texted, and call 911 if airbags deploy (no proprietary subscription necessary).<br /><br />Safety and security is important and built into the computer engineering designs. Some features will be access controlled and transmission of all sensitive data transmitted by OpenOtto will be encrypted using industry standard best practices to ensure safety, security, and privacy of the user.<br /><br />The software and hardware designs will be released as free and open source designs to encourage adoption and adaptation of the features.<br /><br />For consumers, a complete dashboard mounted display with computer will cost between $300-$500.00. The closest product currently on the market costs between $1000.-$5000.000 and does not include open software and hardware platforms, graphical dash board mounted displays, or customizable features. The low cost consumer device will target a retail cost of $100-$200.<br /><br />Try getting KITT for that price."Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-57842606639846331812008-11-16T17:48:00.004-05:002008-11-16T18:02:09.008-05:00Discussion with Far McKon, The Hacktory<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:879243658; mso-list-type:hybrid; mso-list-template-ids:619973926 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in; font-family:Symbol;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">In the car on the way home from <a href="http://www.thelasthope.org/">The Last HOPE in NYC</a> in July 2008, three of us (Nothingface, Professor Rad, and Infochown) decided we want a hacker space in Maine. We were inspired by a presentation at HOPE about other hacker spaces.
<br /></p><p class="MsoNormal">
<br /></p><p class="MsoNormal">Since then, we’ve attended four <i style=""><a href="http://www.2600.com/meetings/mtg.html">2600<span style="font-style: normal;"> meetings</span></a></i> where we’ve spent a bit of time discussing the hacker space idea. Funding and a name (“hack” or not “hack” is the question) are the sticking points for establishing the space. With all of the companies going under in <st1:place st="on">Southern Maine</st1:place>, there is a plethora of rental space (both business and industrial), so we have plenty of space options, but just not the funds yet.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">To find a solution to these issues and learn from others’ experiences, I’ve summoned wise <a href="http://hackerspaces.org/wiki/Hacker_Spaces">hacker space</a> organizers and asked if they could share their ideas, organizational structure, and “don’t make these mistakes like we did” stories with me. (The “hippy problem” stories are always the funniest.)</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The following is a discussion I had today with <a href="http://industrialsomething.org/">Far McKon</a>, organizer of <a href="http://thehacktory.org/">Hacktory</a> in <st1:city st="on"><st1:place st="on">Philadelphia</st1:place></st1:city>. (I took notes while we were talking, so forgive me, Far, if I don’t have everything exactly as you told me.) Far also said that the numbers are a general ballpark, so please <b style="">don’t take this as a price quote</b>.</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">If <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state>’s hacker space can pair with the art community and, perhaps, also attract the entrepreneur/writer community like <a href="http://www.indyhall.org/about/">IndiHall</a> in Philadephia, I think we could have a pretty awesome co-work place!</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b style="">Discussion with Far McKon</b>, November 16, 2008</p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal">I spoke with Far, organizer of Hacktory in <st1:city st="on"><st1:place st="on">Philadelphia</st1:place></st1:city>, about how they set up and manage their space. They are moving from a free space they had that was loaned to them by a company, but that space is too small and it’s not possible to use heavy machinery and big tools in that space; they cannot get it up to their 3<sup>rd</sup> floor space. It has a crazy, narrow winding staircase and zoning would not allow it.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">To solve their space problem, they grouped together with the art community in <st1:place st="on"><st1:city st="on">Philadelphia</st1:city></st1:place>. (Brilliant! This is something that <st1:state st="on">Maine</st1:state>’s Hacker Space surely could do—we have a HUGE artist community in <st1:city st="on"><st1:place st="on">Portland</st1:place></st1:city>.) They will soon have a tech incubator space in the basement of a building that is zoned for heavy machinery/industry.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Hacktory’s affiliation with the art community is crucial for what they are doing. The <a href="http://www.boston.com/ae/theater_arts/articles/2008/10/04/make_it_or_break_it/?page=1">hacker space in Somerville, Massachusetts</a> also paired with the <a href="http://www.willoughbybaltic.com/home/index.php">art community</a>. <span style=""> </span>Many artists are using heavy machinery and tools for their art and either they don’t have the space in their homes/apartments, cannot use fire and big machinery without violating zoning or fire codes, or cannot afford their own large studio.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The way the deal will work with the two other organizations grouping together with Hacktory is that one of the groups (not Hacktory) is always there (9-5) and controls access, signs for package deliveries, phones, secretarial services, etc. </p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal"><b style="">Physical Space:</b></p><p class="MsoNormal">
<br /><b style=""><o:p></o:p></b></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <p class="MsoNormal">They have a large industrial space with a big, open work space in the middle.<span style=""> </span>Locking studios (cubicles?) are grouped around the central open space. Those studios are small (about 50-100 sq. ft.). Some of those locked studios contain the more dangerous or expensive equipment; you get a key by taking 1-2 hour classes about “how not to break the stuff.”<span style=""> </span>Some of the studios are rented to hobbyists who what a locked space and others are rented to for-profit businesses; there is a different fee structure for these two groups. All of the studio renters get the benefit of an address, secretary, shipping, etc.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Another idea, although not what Hacktory is doing, is that some hacker spaces rent the use of your own Craftsman rolling case for about $50.-75.00./month. You use the shared work benches with your tools in your rolling case. When you’re done, you put your stuff away in your case and roll it into a locked area.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><span style=""> </span></p> <p class="MsoNormal"><span style=""> </span><b style="">Fee Structure for Studios:
<br /></b></p><p class="MsoNormal">
<br /><b style=""><o:p></o:p></b></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <p class="MsoNormal" style="text-indent: 0.5in;"><b style=""><span style=""></span>$</b>1.25 sq. <st1:placetype st="on">ft.</st1:placetype> for hobbyists</p><p class="MsoNormal" style="text-indent: 0.5in;">$2.25 sq.ft. for-profit business, secretary, shipping</p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b style="">Organizational Structure:</b></p><p class="MsoNormal">
<br /><b style=""><o:p></o:p></b></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Hacktory is a 501c3 non-profit. They have also registered with the state as an educational organization. With that status, they pay a lot less for insurance which is about $180-200/month. </p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">For paying members, they have about 5 active members and 7 who are occasional.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b style="">How Does Hacktory Raise Funds? <o:p></o:p></b></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <p class="MsoNormal">They offer classes and they have paying members. The classes they run are about $15.00 per hour of class time. The classes a member would need to take to operate the locked machinery is about $30.00 for 2 hours of instruction.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <p class="MsoNormal" style="text-indent: 0.25in;"><b style="">Membership Rates for Hobbyists:<o:p></o:p></b></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <ul style="margin-top: 0in;" type="disc"><li class="MsoNormal" style="">$15.00/month open hours, open means when there is an organizer/manager there;<span style=""> </span></li><li class="MsoNormal" style="">A few students pay no fees if they watch the space, so could allow for more open; hours;</li><li class="MsoNormal" style="">$65-85.00/month for Saturday and Sunday access only; </li><li class="MsoNormal" style="">$125.00 open access with your own key card.</li></ul><span style="font-weight: bold;"></span> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-18766215132372850572008-11-15T23:10:00.006-05:002008-11-15T23:41:59.362-05:00Maine's Biggest Cyber Crimes Case--James Wieland<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="PlaceType"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">All day Thursday of this week, I got e-mails from friends in different computer law, hacker, cyber crimes, and computer forensics communities. They'd ask, “Did you see the hacker case? What do you think? Did he do it?”
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The case to which they are referring is, to date, <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state>’s biggest cyber crime’s case. This is bigger than the <a href="http://www.usdoj.gov/criminal/cybercrime/brinkPlea.htm">warez sales going on in Portland</a> back in 2005.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">But there is something different about this case that’s intriguing to me. In the warez case, there was a group out to profit from copying software; it was an unsophisticated, but high volume, operation. The warez trade isn’t too difficult to do and it’s not terribly interesting.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">This case is different. Although I’ve spoken to James, we knew better than to discuss the case. The facts about which I write are only what are available to the public <a href="http://www.sunjournal.com/story/291628-3/LewistonAuburn/Local_man_accused_of_hacking/">via news organizations</a>. The <a href="http://www.bangornews.com/detail/93209.html">news articles</a>—from here down to the D.C. area—all have the same theme of, “evil hacker breaks and steals stuff,” but what’s really going on behind these headlines, only time will tell as the facts--especially the technical aspects of the case--are presented in court. Was this curiosity and experimentation that went beyond rational bounds or, on the other hand, was this a well-designed and calculated attack with fraudulent intent?<span style="">
<br /></span></p><p class="MsoNormal"><span style="">
<br /></span></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The <a href="http://news.mainetoday.com/updates/035761.html">news reports</a> state that James Wieland, student at <st1:place st="on"><st1:placetype st="on">University</st1:placetype> of <st1:placename st="on">Maine</st1:placename></st1:place>, spread a Trojan horse program (don’t know if it was a worm or virus, but this will matter in the case) by adding it as an attachment to an e-mail that contained a video game. When the recipients opened the attachment, the malicious program was executed. The Trojan reportedly contained a keystroke logger program. It was reported that James has been collecting and storing that data since August 2007. But the intriguing part—and I’m sure an aspect of the case that will be highly-debated in court—is why James allegedly collected this information and why he didn’t do anything with it? There were no reports that he used anything he allegedly collected.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">There are some hypotheses in the case: 1) James was the victim of a botnet attack on his computer meaning that he didn’t know about the Trojan or what it would do; 2) He released the Trojan as a curious experiment (didn’t write the code, but in script kiddy fashion, applied it and released it) but didn’t quite know what it was doing or how to stop it (classic Morris Worm case); 3) He wrote the code and released the Trojan with malicious intentions and wanted to collect private data from the victims and either sell it or use it for nefarious or fraudulent purposes.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">What’s striking to me about this case is that James has a lot to loose. He just got engaged in <st1:country-region st="on"><st1:place st="on">Italy</st1:place></st1:country-region> last month, worked for a Christian school, has his own business consulting and web design company, and seems to be just starting his professional and family life. He just doesn’t fit the typical profile of a malicious cracker. If convicted, these felony charges could be more than 5 years in prison. The District Attorney states that the 5 year sentencing estimate <a href="http://pressherald.mainetoday.com/story.php?id=221844&ac=PHnws">may be just a start</a> and that there might be more incriminating data found now that they’ve cleaned his place out of all electronic equipment. </p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal">I wonder if <a href="http://tiffanyrad.blogspot.com/2008/11/what-happened-at-novembers-2600-meeting.html">University of Maine’s policy of attaching students' and faculty’s first and last names to our host names</a> (HEY DEFENSE COUNSEL, YOU LISTENING?) had anything to do with them <a href="http://www.wcsh6.com/news/breaking/story.aspx?storyid=95880&catid=112">tracing an IP address to James Wieland</a>? This can be spoofed, and if James was clever enough to write the program and orchestrate this attack, wouldn’t he have also been able to obscure his IP address?
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">What I can do is bring as much as I can from Wieland’s case to our computer law and ethics class, COS 499, at <st1:place st="on"><st1:placetype st="on">University</st1:placetype> of <st1:placename st="on">Southern Maine</st1:placename></st1:place> in spring 2009. Like everything in my class, we analyze computer law and cyber crimes cases from a non-biased perspective. I have hackers as guest speakers as well as a few influential FBI and CIA agents discussing different perspectives regarding electronic crimes and how to prevent them with better computer security built from the ground up into software, hardware and network design practices we teach at U. Maine.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I will be going to as many of Wieland’s hearings as I can; most certainly, I’ll be at the arraignment in January 2009. No matter the outcome of the case, there is a lot that security researchers, information technologists, and computer scientists can learn from this case. A lot of lessons will be learned both by James Wieland and by the <st1:place st="on"><st1:placetype st="on">University</st1:placetype> of <st1:placename st="on">Maine</st1:placename></st1:place>.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><b style="">I urge readers to please hold judgment until the facts—especially the technical aspects—are presented. I want to read more articles or hear in court that this is more than <a href="http://www.wcsh6.com/news/breaking/story.aspx?storyid=95880&catid=112">tracing an IP address</a> to Wieland. Right now, there are no details beyond that. <o:p></o:p></b></p> <p class="MsoNormal"><o:p> </o:p></p><p class="MsoNormal"><o:p>
<br /></o:p></p> <p class="MsoNormal"><span style="font-weight: bold;">When we hear about the Trojan’s code (such as how it worked—I want the functions of the key algorithms discussed in court!), how and where the data was obtained and stored, 4</span><sup style="font-weight: bold;">th</sup><span style="font-weight: bold;"> amendment practices (forensic hashing of the hard drive), access to the data files, and the Internet access to Wieland’s computer network, then we’ll discuss what went wrong. </span>
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I’ll keep you updated. If you see news articles or find information online, please e-mail them to me.
<br /></p> <p class="MsoNormal"><span style=""> </span></p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-23499675847383616812008-11-12T23:49:00.005-05:002008-11-13T00:14:56.420-05:00Presentation for the Maine Association for Law and Innovation<a href="http://mainelaw.maine.edu/students/student-organizations/mali.jsp">Yesterday I presented at Maine Law</a> about my security vulnerability disclosure research. It was great to be back at Maine Law, but this time as a lecturer. I spent so many hours in the moot court room as a student that, just for a split second, I has a fleeting feeling of "OMG, am I going to get cold called on," when I entered the room. Some things from law school never leave you.<br /><br />I have made some changes to the disclosure presentation I gave at Pumpcon a few weeks ago. For instance, Juliet (aka, Victoria) said that I had too much stuff on my slides, so I tried to par that down. She was totally right about that.<br /><br />Also, I changed the title from "How to Responsibly Disclose," to a title that didn't reflect the ethical ramifications of the word "responsible." Using the industry practice of what is called "responsible disclosure," is not always the most responsible way to disclose vulnerabilities. The more research I do and the more well known security researchers with whom I discuss this topic, I find that sometimes other types of disclosures (full or partial) is what's needed for better security. My legalese peers may not agree with me, but from the computer researcher's perspective, the name "responsible disclosure" is not always as the ethical implications of that word suggest.<br /><br />Last, but not least, I added a lot more about disclosing physical/electronic security vulnerabilities. I did a lot of research into lock picking laws and industry practices. Really fascinating and it makes me want to do more lock picking should the opportunity present itself.<br /><br />However, are electronic biometric locks with cryptographic keys the future of the lock industry? I think they may be. That's good and bad--like all technology, isn't it? I've always been interested in the idea of faking biometric scans. For example, I know that a retina scan is really hard to fake, but mirrored or cloudy contact lenses mess up the scan. So, if you're getting your initial scan (such as going through the international terminal in Frankfurt, Germany) and you get scanned with these contact lenses in, will the computer reject the scan or will that base line scan, albeit "fake", be "yours"? I'll have to do a post about biometric scans because I did a lot of related research about that when I was working on RFID technologies and legislation.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-31681136050938663612008-11-08T23:12:00.005-05:002008-11-08T23:29:32.580-05:00Altering Airline Boarding Passes—Schneier and Soghoian<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas:contacts" name="GivenName"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas:contacts" name="middlename"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas:contacts" name="Sn"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st2\:*{behavior:url(#ieooui) }st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><o:p></o:p> <p class="MsoNormal">One of the conversations we had at the November 2600 meeting was about <a href="http://www.schneier.com/blog/archives/2008/10/">Bruce Schneier’s</a> alteration of airline boarding passes and using one to get through a TSA checkpoint. Schneier admits that it is illegal, and if done, there is a possibility of arrest. (Note: If you’re reading this and considering doing it, remember that you are not Bruce Schneier. I don’t truly think that the Feds would arrest him, but they would arrest you.)
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;">At the meeting, we were discussing what those illegalities might be. To do so, we considered how fraud is different from a hoax or forgery. In short, fraud is where deception is used to unlawfully take property (usually money) or services from another. <span style=""></span><o:p></o:p>What about those theories applied to <a href="http://www.theatlantic.com/doc/200811/airport-security/2">altering a boarding pass</a>? Go to the link to see an altered boarding pass used by Jeffrey Goldberg—he even upgraded himself to 1st class for priority boarding. New York <a href="http://schumer.senate.gov/SchumerWebsite/pressroom/record.cfm?id=259517">Senator Schumer</a> was nervous about this exact scenario when he offered a bill that would treat these “federal criminals” named “Joe Terror” like a “…19 year old who makes a fake ID to buy a 6 pack of beer.” <span style="">(Hhmm...Joe Terror sounds a lot like <a href="http://www.joesixpack.net/">Joe Six Pack.)</a></span>
<br /></p> <div style="border-style: none none solid; border-color: -moz-use-text-color -moz-use-text-color windowtext; border-width: medium medium 1.5pt; padding: 0in 0in 1pt;"> <p class="MsoNormal" style="border: medium none ; padding: 0in;">
<br /></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><o:p> </o:p></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;">Not a "Joe Terror," or "Joe Six Pack," a PhD student named <a href="http://paranoia.dubfire.net/2006/10/fbi-visit-2.html">Chris Soghoian</a> wrote a program accessible through is website that would generate a fake boarding pass. What happened is discussed in <a href="http://www.harikari.com/miscellaneous/creator-of-the-fake-boarding-pass-generator-appears-to-be-in-big-trouble.html">his blog</a>: in short, the glass on his front door was smashed by the FBI, his computer equipment taken, and a search warrant (issued at 2 AM) was taped to his kitchen table. But how does the law address altering boarding passes? Consider <a href="http://edocket.access.gpo.gov/cfr_2003/octqtr/pdf/49cfr1540.103.pdf">this section of federal law</a> addressing the falsification of airline tickets or boarding documents (highlighted for emphasis):
<br />
<br /><i style="">From DHS Code Title 49, Volume 8; October 1, 2004 rev. [Page 302]:
<br />
<br />TITLE 49--TRANSPORTATION
<br />
<br />CHAPTER XII--TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY
<br />
<br />PART 1540_CIVIL AVIATION SECURITY: GENERAL RULES--Table of Contents<o:p></o:p></i></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><i style="">Part 1540.5 -- Terms used in this subchapter.
<br />§1540.5 Sterile area means a portion of an airport defined in the airport security program that provides passengers access to boarding aircraft and to which the access generally is controlled by TSA, or by an aircraft operator under part 1544 of this chapter or a foreign air carrier under part 1546 of this chapter, through the screening of persons and property.<o:p></o:p></i></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><i style="">
<br />Subpart B_Responsibilities of Passengers and Other Individuals and
<br />Persons
<br />
<br />Sec. 1540.103 Fraud and intentional falsification of records.
<br />
<br />No person may make, or cause to be made, any of the following:
<br />
<br />(a) Any fraudulent or intentionally false statement in any
<br />application for any security program, access medium, or identification
<br />medium, or any amendment thereto, under this subchapter.
<br />
<br />(b) Any fraudulent or intentionally false entry in any record or
<br />report that is kept, made, or used to show compliance with this
<br />subchapter, or exercise any privileges under this subchapter.
<br />
<br />(c) <b style="">Any reproduction or alteration, for fraudulent purpose, of any
<br />report, record, security program, access medium, or identification
<br />medium issued under this subchapter.<o:p></o:p></b></i></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><b style=""><o:p> </o:p></b></p><p class="MsoNormal" style="border: medium none ; padding: 0in;"><b style=""><o:p>
<br /></o:p></b></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;">Below is something under the USC that is applicable to altering a document regarding a “matter within the jurisdiction of executive, legislative, or judicial branch of the Government":</p><p class="MsoNormal" style="border: medium none ; padding: 0in;">
<br />
<br /><st2:place st="on"><st2:country-region st="on"><i style="">United States</i></st2:country-region></st2:place><i style=""> Code
<br />Title 18. Crimes and Criminal <st2:place st="on"><st1:givenname st="on">Procedure</st1:givenname>
<br /><st1:middlename st="on">Part</st1:middlename> <st1:sn st="on">I.</st1:sn></st2:place> Crimes
<br />Chapter 47. Fraud and False Statements
<br />
<br />47 U.S.C. § 1001
<br />a) Except as otherwise provided in this section, whoever,<b> in any matter within the jurisdiction of the executive</b><b style="">, legislative, or judicial branch</b> of the Government of the United States, knowingly and willfully--
<br />(1) falsifies, conceals, or covers up by any trick, scheme, or device a material fact;
<br />(2) makes any materially false, fictitious, or fraudulent statement or representation; or
<br />(3) makes or uses any false writing or document knowing the same to contain any materially false, fictitious, or fraudulent statement or entry;
<br />
<br />shall be fined under this title or imprisoned not more than 5 years, or both.</i></p><p class="MsoNormal" style="border: medium none ; padding: 0in;">
<br /><i style=""><o:p></o:p></i></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><o:p> </o:p></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;">Although these codes would answer our question about Bruce Schneier’s experiment with altered boarding passes, they do not exactly cover Chris Soghoian with his website that created boarding passes. Most people who saw it when it was up (I did), thought it was a parody. Here’s what <a href="http://news.cnet.com/surveillance-state/">Chris recently said</a> about that experience: “In 2006, the FBI investigated me for some of my research into boarding pass security. While no charges were ever filed, it's reasonable to state that I have little affection for the DOJ computer crimes section.”</p><p class="MsoNormal" style="border: medium none ; padding: 0in;">
<br /></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;"><o:p> </o:p></p> <p class="MsoNormal" style="border: medium none ; padding: 0in;">In summary, altering boarding passes—for fraudulent purposes or not-- is covered under these statutes. Beware if you’re not Bruce Schneier. And if you are Bruce Schneier or Chris Soghogian, thank you for your security research and for potentially, <a href="http://tiffanyrad.blogspot.com/2008/11/pumpcon-philadelphia-pa-october-25_05.html">“taking a hit for the team."</a> </p> </div> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-31875945599695663862008-11-05T17:17:00.001-05:002008-11-05T23:26:52.542-05:00Pumpcon, Philadelphia, PA, October 25, 2008—PART TWO, Computer Software and Hardware Security Vulnerabilities<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFkOJMsJByIuM10CPv3ydvQ1XyEaKCUTVC5-rU3RxAUzE0PARl0lhsJnRcx2vx82CM-Q13x3hfmQ6eGYIgR_g2acnBheLC4UFLH4chWjCvoAIoVRW6-DgkfKwOwoV77yoayA9VS-n9KDlD/s1600-h/MIT+Physical+Breakin+Picture.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 218px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFkOJMsJByIuM10CPv3ydvQ1XyEaKCUTVC5-rU3RxAUzE0PARl0lhsJnRcx2vx82CM-Q13x3hfmQ6eGYIgR_g2acnBheLC4UFLH4chWjCvoAIoVRW6-DgkfKwOwoV77yoayA9VS-n9KDlD/s320/MIT+Physical+Breakin+Picture.jpg" alt="" id="BLOGGER_PHOTO_ID_5265301500768244898" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal"><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="country-region"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="City"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> </p><p class="MsoNormal">The second part of my research questions what are differences between the electronic/physical security and computer software/hardware communities? If these communities have different ethical opinions regarding disclosure, why are they different?
<br /></p><p class="MsoNormal">
<br /><span style=""> </span></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">At Pumpcon, a conference attendee from one of the <st1:country-region st="on"><st1:place st="on">U.S.</st1:place></st1:country-region>’s largest electronic/physical security companies answered: “It’s because I’ll get my ‘arse’ fired if I talk about vulnerabilities and I’ll probably never work again.” He also made some comment about worrying about his personal safety post-disclosure.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Another attendee, who works for a computer security firm said, “Do it anonymously!” It’s harder to do that with physical/electronic security vulnerabilities; however, disclosures for both communities are taken more seriously when there is proof of vulnerability, right? It’s easy to post anonymously about a computer vulnerability to a bug report online site with your IP address obscured versus sending photos of yourself clad in burglar attire (or not, <a href="http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf">see picture above</a> of one of the guys from MIT [picture from their Defcon presentation]) breaking into something. Although possibility for arrest is high, some are willing to take the risk. As <a href="http://john-benson.com/wordpress/">John Benson, jur1st</a>, calls it, “Taking a hit for the team.”
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">An example of the contrast between these two communities that I used in my Pumpcon presentation was the presentation, <i style=""><a href="http://tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf">Anatomy of a Subway Hack</a></i>,<span style=""> </span>made at Defcon by three undergraduate students, Russell Ryan, Zach Anderson, Alessandro Chiesa, at MIT. These guys really took a hit for the team with the feds, in large number at Defcon, ready to arrest these guys in <st1:city st="on"><st1:place st="on">Las Vegas</st1:place></st1:city> before their presentation.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Does one group have much more to risk than the other? Is it much more risky (to the discloser and the vendor) to disclose how to beat electronic/physical security measures as opposed to electronic? If so, how do proponents of full or responsible disclosure do this?</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">They do it at HOPE, Defcon, BlackHat, Pumpcon, Shmoocon and other computer security hacker conferences. The risks disclosures face are evidenced in the all too frequent arrests at these conferences.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><b style=""><o:p> </o:p></b></p> <p class="MsoNormal">One HOPE, BlackHat, and Pumpcon presenter had some important information to impart and of which I learned directly affected a company I know. <a href="http://travisgoodspeed.blogspot.com/">Travis Goodspeed</a> disclosed vulnerabilities in a Texas Instruments chip that is commonly used in biomedical devices and small consumer electronics. There are two debugging ports on this chip. If accessed, one could delete and replace software on the chip. If your company was using this chip, would you want to know about this design flaw?
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Travis presented about this at other conferences before Pumpcon, but at this conference I was able to ask him how he addressed this with Texas Instruments. He said that they did talk with him about this security vulnerability and the fact that he has written viruses able to take advantage of this vulnerability. TI was receptive to discussing this with him, but presently, these flaws still exist on the chip.
<br /></p><p class="MsoNormal">
<br /></p><p class="MsoNormal">When asked what TI could have done better to facilitate more bug reports, he said that it would have been good for them to at least give him a contact person to e-mail so he wouldn’t have to repeatedly go through the general information route when he wants to report vulnerabilities he discovers. And they should fix them, but as of the Pumpcon conference, they still exist. <span style=""> </span></p> <p></p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-77463196508948328042008-11-04T00:09:00.002-05:002008-11-10T12:55:51.195-05:00Pumpcon, Philadelphia, PA, October 25, 2008—PART ONE, Physical and Electronic Security Vulnerabilities<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn9hGIKqO7Ph3l2Nhbpepv6hra3X83mlEmz4LC8eAy3n2xCEKsmaLrLxM9ld4Q0jZciHr2Av8JtTU46Qyx1YuUyRUiQsTlpCw0JehhConN9_sgGAZVKLacn6CXmw1Qi2W9NXD1gu24zeUs/s1600-h/Kevin+Mitnick+Lock+Picking+Card.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 240px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn9hGIKqO7Ph3l2Nhbpepv6hra3X83mlEmz4LC8eAy3n2xCEKsmaLrLxM9ld4Q0jZciHr2Av8JtTU46Qyx1YuUyRUiQsTlpCw0JehhConN9_sgGAZVKLacn6CXmw1Qi2W9NXD1gu24zeUs/s320/Kevin+Mitnick+Lock+Picking+Card.jpg" alt="" id="BLOGGER_PHOTO_ID_5264665550735143154" border="0" /></a>
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">When I was growing up, one of the benefits to having a CIA dad was that I got to play with the cool stuff he brought home. As a result, I’ve been trained to beat lie detectors, how to mentally isolate physical stimuli with training on a biofeedback machine, how to make instant keys with a magical metal that melts within seconds in a spoon held over a lighter flame, and how to break into the doors and windows in the house in which I grew up. There was also a very cool lock picking kit that he had, and once when I locked myself out of my car in a dark parking lot, my Dad showed up with the kit and had my car open in seconds. Growing up, I thought that was a skill that most dads had and that every kid should be taught. I was taught these useful skills that ended up helping me in many situations.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">So why are the best lock picking techniques and tools kept a secret or are illegal to possess in D.C.? Is this another example of “security through obscurity?” <span style=""> </span>I’ve spent some time in <a href="http://wiki.hope.net/index.php/TLH_Lockpicking_Village">the lock picking villages at HOPE</a> and Defcon conferences. Why aren’t there more of these opportunities available to the general public, e.g. not only to locksmiths or computer security conference attendees?</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">This was one of the issues I addressed in my presentation at <a href="http://www.pumpcon.org/2008talks.html">Pumpcon</a>. I had a great time talking about this at Pumpcon. Soon after Defcon and inspired by the events surrounding the three undergrads from MIT, I began researching how to disclose security vulnerabilities. Curious about the divide between the electronic/physical security breaches compared to those involving computer software and hardware, why aren’t both groups interested in truthful discussions regarding flaws? Shouldn’t we as consumers who rely on software designers to protect our home computers and mechanical engineers who designed the locks on our houses know if something isn’t quite as secure as advertised?</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">It seems as if the hardware and physical/electronic security hacks take a long time to be exposed. For example, <a href="http://www.marctobias.com/">Marc Tobias</a> presented at HOPE and Defcon in 2008 about how to pick <a href="http://www.medeco.com/">Medeco</a> key locks. However, according to my government fed sources, Medeco lock vulnerabilities have been known for more than a decade. What’s the reason for it not being publicly discussed? I’ve been told that it takes a highly skilled lock picker—or a locksmith—to successfully pick Medeco locks.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">But surely, there were skilled lock pickers out there, so why the silence? I found the following <a href="http://www.thesidebar.org/insecurity/index.php?s=kuala">on a site</a> that discusses Tobias’ book:
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal"><strong>“A detailed analysis is available together with a video demonstration that clearly shows the method of bypass. This publication has been restricted to locksmiths and the professional security community because of the simplicity of the technique and the potential security ramifications that could result from a public disclosure of the exact method. If you have security responsibility, you may contact the author for access to the restricted document. The password has been posted on ClearStar for security professionals.”</strong></p><p class="MsoNormal"><strong>
<br /></strong></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">I know that the locksmith community has a lot of power, but do they have the power to silence discussion about how to pick locks? Perhaps this is true especially considering that it’s illegal to own a lock picking kit in some states unless you’re a licensed locksmith. Is this an example of a good way to make things more secure or, on the other hand, an example of legislation protecting jobs in an industry? This is how the <a href="http://en.wikipedia.org/wiki/Freemasons">Freemasons</a> started; they were protecting the secret ingredients for making cement thus making the formula a coveted secret protected by those sworn into a brotherhood and keeping the brothers with guaranteed jobs.
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">For a modern example, someone from the crowd at Pumpcon told me that Joe Grand, aka <a href="http://www.kingpinempire.com/"><span style="text-decoration: underline;">KingPin</span></a>, gets death threats regarding his lock picking research. I’d like to find more information regarding this statement. (Denied by Kingpin--see comments.) If true, that’s a sobering example of the power of a brotherhood of some kind protecting their own. Is lock picking worthy of protecting through this extreme measure? Does it make us more secure?</p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">Will this attitude eventually spill over into the computer hardware and software security industry? <span style=""> </span>I fear it might.</p><p class="MsoNormal"><span style="font-size:100%;">
<br /></span><span style="font-size:100%;"> </span></p> <p class="MsoNormal"><span style="font-size:100%;"><o:p> </o:p></span></p> <span style=";font-family:";font-size:12;" ><span style="font-size:100%;">Note<span style="font-size:130%;">: The picture above is of the back of <a href="http://en.wikipedia.org/wiki/Kevin_Mitnick">Kevin Mitnick’s</a> business card. Obviously, it contains lock picking tools. They will work. Funny, but I think his thumb print is still on the other side of card! ; )</span> </span><span style=""> </span></span>Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com7tag:blogger.com,1999:blog-1421948774204378624.post-26786071779308764492008-10-29T17:00:00.000-04:002008-10-29T17:08:34.036-04:00Live on the air in NYC on Off the Hook radio show<meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="State"></o:smarttagtype><o:smarttagtype namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><!--[if !mso]><object classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id="ieooui"></object> <style> st1\:*{behavior:url(#ieooui) } </style> <![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p class="MsoNormal">I was live on the air on <a href="http://www.2600.com/offthehook/2008/1008.html">Off the Hook out of NYC on October 22, 2008</a>. What a fantastic experience! Although voting machine fraud is not one of my strong suits—I didn’t know the show’s topic before I went on-- I loved discussing tech law and policy with the guys. Talking with Emmanuel Goldstein and bernieS was amazing—I read their cases in law school, and there they were on the air with me! Facing Emmanuel across the sound board and with bernieS on the phone, it felt like we were having a coffee shop discussion because they made me feel very much at ease. It wasn’t as difficult as my first TV interview; I had to constantly remind myself not to look at the camera, but that took such concentration that I seemed distracted. It was easier with radio, but it was more than just the medium. Emmanuel, bernieS, Not Kevin, Rob T. Firefly, and Voltaire on the air with me were awesome. You guys rock!</p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">After the show, we went for Mexican food in what I think was the <st1:place st="on">Greenwich Village</st1:place> area of NYC. I miss talking about “geek” stuff in <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state>. Among other things, we were talking about Second Life: What happens when your character is assaulted online? Legal recourse?
<br /></p><p class="MsoNormal">
<br /></p> <p class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">For dinner, I had a very good chicken enchilada with mole sauce (bitter chocolate). I cannot find Mexican dishes with mole here in <st1:state st="on"><st1:place st="on">Maine</st1:place></st1:state>, so it was a treat. After dinner, we went to a coffee shop to upload the show and then to a bar (Mars Bar) that is dark because it’s lit with a single bulb hanging from the ceiling. The graffiti is worth checking out if you can read it in the cavernous atmosphere.
<br /></p><p class="MsoNormal">
<br /></p><p class="MsoNormal">And sometime after midnight, I decided not to take the subway because I don’t know where the heck I’m going once I’d get out of the station in Brooklyn Heights, so I took a cab. The cab driver asked if I was from the midwest—could I have been given away by my slight southern accent that rears its head after a few drinks (or when I’m nervous)? Wait…midwest? That has never happened before. (But I’ve been<a href="http://tiffanyrad.blogspot.com/2008/08/day-2-of-defcon-16.html"> mistaken for Michelle Madigan</a> at Defcon. That one was the best.)
<br /></p> Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com1tag:blogger.com,1999:blog-1421948774204378624.post-51629807479589638712008-10-15T22:40:00.001-04:002008-10-16T00:07:57.048-04:00Disclosure of Security Vulerabilities and a Geocentric Universe<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPoDvTSJ10TY6YxMSUaPEeUq2RKicHDoTWkfSHVaUoYzJXAD0w2ImooCPVid9P3asBDAOlv0Esjv0UiTSuA2c602FxfISKfysWb2yqd6pdE4HtOfEVPvgM4eeqh1CIJwze-kp01o3fTVPA/s1600-h/Geocentric+Model+of+the+University.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPoDvTSJ10TY6YxMSUaPEeUq2RKicHDoTWkfSHVaUoYzJXAD0w2ImooCPVid9P3asBDAOlv0Esjv0UiTSuA2c602FxfISKfysWb2yqd6pdE4HtOfEVPvgM4eeqh1CIJwze-kp01o3fTVPA/s320/Geocentric+Model+of+the+University.jpg" alt="" id="BLOGGER_PHOTO_ID_5257592114205772482" border="0" /></a>
<br />The title to the presentation is the following:
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <p style="font-style: italic;" class="MsoNormal"><b style="">Disclosing Security Vulnerabilities: How to Do It Responsibly<span style="font-size:100%;"><o:p></o:p></span></b></p> <p style="font-style: italic;" class="MsoNormal"><span style="font-size:100%;"><b style=""><o:p> </o:p></b></span></p> <span style=";font-family:";font-size:12;" ><span style="font-size:100%;"><span style="font-style: italic;font-size:130%;" >"Disclosure of security vulnerabilities is done for many reasons. Some of these reasons include: an interest in improving security; warning the public before those with nefarious interests exploit the vulnerability; or for public recognition of skills. There are also different ways to do it including in print or presentations at conferences. Considering both the reasons for disclosure and how it is done affects how security vulnerability research is accepted by the general public, the security community, law enforcement and by the designer of the product being critiqued. This presentation includes how disclosure has historically been done and the differences between the computer and electronic security communities as compared to physical security (locks, alarms, etc.) communities. Relevant legislation, intellectual property considerations and applicable criminal law will be discussed."</span>
<br />
<br /></span></span>I'm currently engaged in case law research for a presentation on this topic and using Westlaw in addition to my usual journalism searches. Not surprisingly, most of the cases I've read are more about violations of non-disclosure agreements and disclosure of trade secrets by disgruntled employees. However, my friend, <a href="http://tiffanyrad.blogspot.com/2008/09/last-day-of-defcon-16.html">Brenno de Winter</a>, recently published an article titled, <a href="http://www.infoworld.com/article/08/10/07/Researchers_show_how_to_crack_popular_smart_cards_1.html">"Researchers Show How to Crack Popular Smart Cards." </a>I was interested to read that researchers at universities in The Netherlands and in Germany have broadened the research done by <a href="http://tiffanyrad.blogspot.com/2008/09/last-day-of-defcon-16.html">the MIT undergrads</a> who were not permitted to discuss or release their source code.
<br />
<br />What I'm discovering from my research about computer security disclosure is that a lot of the heat is primarily focused on academia. Remember Professor Ed Felten with Princeton's computer science department with <a href="http://en.wikipedia.org/wiki/Secure_Digital_Music_Initiative">SDMI</a>? His team <a href="http://web.archive.org/web/20020924131633/http://www.sdmi.org/pr/OL_Sept_6_2000.htm">won the challenge</a>, but they faced prosecution if they talked about it or tried to publish their academic research. The challenge explicitly stated: "<span style="font-family:Arial,Helvetica,sans-serif;"><a href="http://web.archive.org/web/20020924131633/http://www.sdmi.org/pr/OL_Sept_6_2000.htm">So here's the invitation: Attack the proposed technologies. Crack them.</a>" </span>
<br />
<br />However, what if the vendor producing an insecure product does not outright demand a challenge, but simply puts the product into the marketplace? A good example is the Mifare Classic and NXP Semiconductor. They fought the battle against the MIT students and, for the most part, won because their source code was not distributed.
<br />
<br />However, a group from the Dutch Radbouda <link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CTIFFAN%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><span style=";font-family:";font-size:12;" ></span>University Nijmegen recently assembled complete <a href="http://www.sos.cs.ru.nl/applications/rfid/2008-esorics.pdf">published research</a> that would allow someone to build a cloned card. The Dutch courts said that, "...researchers shouldn't fall victim to mistakes made by suppliers," and allowed publication. I was also amazed to read that a university in Germany cut down an actual chip, and by viewing the IC layers under a microscope, they were able to figure out how the chip works and derived the algorithm.
<br />
<br />Two different ways of figureing out security vulerabilities, but with the same result. It's now out there and readily available to a determined attacker. On the other hand, some might say that it's also readily available to a security researcher who can assess the security vulerabilities and make a better design the next time around.
<br />
<br /><div style="text-align: left;">This debate is nothing new--consider <a href="http://en.wikipedia.org/wiki/Nicolaus_Copernicus">Copernicus's </a>and <a href="http://en.wikipedia.org/wiki/Johannes_Kepler">Kepler's</a> revolutionary teachings and publications. But what surprises me is the fact that it <span style="font-weight: bold; font-style: italic;">is</span><span style="font-style: italic;"> </span>nothing new. The prosecutions--including criminal--for teaching, dicussing, and publishing are still a reality. Where would we be now if Galileo's <a href="http://en.wikipedia.org/wiki/Dialogue_Concerning_the_Two_Chief_World_Systems"><span style="font-style: italic;">Dialogue Concerning the Two Chief World Systems</span></a> wasn't published or discussed because he feared being burned at the stake? We'd still be in a <a href="http://en.wikipedia.org/wiki/Ptolemaic_system">Ptolemaic system</a> where the planets revolved around us--a pretty ego-centric way to view life (picture of a geocentric universe by Portuguese cosmographer and cartographer <a href="http://en.wikipedia.org/wiki/Bartolomeu_Velho" title="Bartolomeu Velho">Bartolomeu Velho</a>, 1568 [Bibliotèque National, Paris] above).
<br />
<br />Considering a modern perspective regarding security vulerability disclosures, it would be a more insecure world without discussions about design flaws. Professors like Ed Felten, although perhaps not (yet!) as influencial as Galileo, are to be lauded, not threatened with criminal prosecution.
<br />
<br /><a href="http://en.wikipedia.org/wiki/Dialogue_Concerning_the_Two_Chief_World_Systems"><span style="font-weight: bold;"></span></a><style>ions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section</style><span style=";font-family:";font-size:12;" ></span></div>Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0tag:blogger.com,1999:blog-1421948774204378624.post-83295719122258809842008-09-13T23:48:00.000-04:002008-09-14T00:36:05.834-04:00The Need for Judicial and Legal Technical TrainingThank you, Neon Samurai! Someone is reading my stuff or watched my presentation at The Last HOPE. <a href="http://techrepublic.com.com/5208-12843-0.html?forumID=102&threadID=271782&messageID=2592836">Neon Samurai said</a>, "Tiffany Strauchs Rad had it dead on when she said that legislators and judges need only ask the experts what implications making such laws blindly will lead too ("Hackers" in her words; she's a professor of law and proud Hacker)."<br /><br />The project on which I’m working related to this is a volunteer-based non-profit that will bring together professionals and students with backgrounds in computer science, engineering and information technology alongside those with backgrounds in law, public policy, and politics. Our objective will be to create a judicial and legal education program for cyber crimes, digital forensics, intellectual property and electronic discovery providing a basic technical background for judges deciding on these cases in hopes that technical misunderstandings will be reduced thus providing more fair judicial decisions.<br /><br />Here's another idea I recently considered: Why not work to recruit and fund more people with technical backgrounds to run for political office? If we work to educate the judges and lawyers on these subjects and EFF is working to change legislation through their grassroots efforts and through the court system, let's try to get more tech-savvy people in office! Then we can hit it from all angles.<br /><br />I don't think that the future of politics, wars, and the economy is going to be about equality of the sexes, racial equality, and currency-based economics as we know it today. It's going to be about technology and how it affects these concepts: Online anonymity will blur concepts of race and sex, wars are going to be electronic over the Internet, and economics is going to be about intellectual property (or lack thereof) and new energy generated and enhanced by technology (as opposed to crude oil). <br /><br />The future of politics is going to be about the technology. But politics, law and legislation is still typically far behind reality. I think a large part of that relates to the people who are our law makers. Let's get more people in those positions who understand the technology and who will make responsible choices while understanding the ramifications. No more <a href="http://en.wikipedia.org/wiki/Series_of_tubes">"series of tubes"</a> legislators or those pushing for stronger intellectual property protection to prop up weak companies who fear competition and innovation. Also, let's get someone in office who recognizes that our civil rights also apply online.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com2tag:blogger.com,1999:blog-1421948774204378624.post-3836626576257422102008-09-09T21:39:00.000-04:002008-09-09T22:28:25.023-04:00What went on at the September 2600 Meeting?Who was there: Nothingface, Infochown, Export, C@t6, 4774x312, Charlye, and Prof. Rad. <br /><br />What we discussed: Particle physics, plasma cutters, patents, recent DOJ cyber crime prosecutions, packet sniffing, downtown Portland warehouse real estate for Hacker Space, Defcon 16, and the 3 undergrads from MIT with their Mifare hack. Anything else? Comment about what I may have missed while at Starbucks.Tiffany Strauchs Radhttp://www.blogger.com/profile/02713519822436528984noreply@blogger.com0