The Last HOPE

last-hope.jpg

I made the trek to a steamy hot NYC this weekend to attend one day of the three day Last HOPE (Hackers on Planet Earth) conference at the Hotel Pennsylvania. There was too much going to adequately cover it here (or even take it all in), but a few things stood out.

Steve Rambam’s eye opening talk on the death of privacy for example. For a solid three hours in front of a standing room only crowd he weaved back and forth between the Orwellian theme of how our privacy is being ripped from us by everyone from Google to Choicepoint and the theme that seemed even creepier to him, self contribution. Over and over he expressed disbelief at how willingly we post our personal details everywhere from Twitter to Facebook while thanking us all the while for making his job as a private investigator that much easier. What the marketers and government don’t actively take, we actively give. Naturally I twittered the whole thing.

Cell phone tracking; artificial-intelligence-assisted reality mining; 3000 cameras per square mile in Manhattan; facial, activity, and even gait identification software; government outsourced investigative databases shielded from FOIA requests; UAV-based license plate scanners; beating anonymity by correlating multiple datasets; unanticipated database repurposing; and on and on… Finally I could twitter no more and left the venue hurriedly fashioning a tinfoil hat from a burger wrapper while consigning myself to doubling the dosage on my meds.

sid-vicious.jpgI will say this though, there was something deliciously ironic about standing in a room chock full of hackers all listening at rapt attention to a three hour chillingly dystopic harangue on privacy loss while nearly every single one of them was wearing an RFID tag around their necks. Even better, the tag was tracking their every move around the venue and was linked to a comprehensive self-contributed profile.

Moving beyond the privacy nightmare stuff, there was hardware hacking to be found everywhere at Last HOPE. Tables were covered with broken open electronic toys and electronic components and were surrounded by hackers with smoking soldering irons.

Of the completed projects on display, one of my favorites was a something of a hybrid that projected a 3D image onto carefully placed strings. string.jpg

Called Wiremap, the project was built by Albert Hwang who carefully moved it from his living room to the Hotel Pennsylvania where it took him a full day to set up and re-calibrate. It is a fascinating piece that creates a convincing (if low res) three dimensional image by carefully processing a volumetric image into slices (using Processing) and then projecting those slices onto reflective white strings stretched into a precise angular array.

The resolution of the system is limited by the fact that the strings have a physical width and that the projector is quite imperfect for the task. Relatively poor angular precision, rectilinear lens distortion, the lack of flat field optics, and the fact that the lens has a fairly narrow focal depth all conspire to limit the display resolution to 256 slices. However, despite the limitations you could move around the display and really get a sense for the object and it’s motion. The video I’m embedding below isn’t great but it should get the idea across.

Finally, I just wanted to mention a couple of things about the “Crippling Crypto – The Debian OpenSSL Debacle” talk given by Appelbaum, Zovi and Nohl. Plenty has been written about the issue itself, so there is no point in regurgitating it here, but if you haven’t seen the diff of the before and after code change it’s worth taking a look. It is amazing that such a benign looking edit (at first, and probably second, glance it looks like someone just added a comment) could turn out to be the “worst bug in the history of Debian,” and probably SSH as well since it also relies on OpenSSL.

As the presenters set out to recreate 524,288 weak keys for use in tracking them down and blacklisting them, they calculated it would take them five days on a single machine. So, instead, using Amazon’s S3, SQS, and 20 32 bit and 20 64 bit EC2 instances, they ran the entire job in four hours for a total cost of $24. Interestingly, they didn’t even have to supply their own image of Ubuntu with the un-patched code as it was still available from Amazon for use with EC2.

security-camera.jpgI expect video for some of the talks will pop up here and there. In the meantime, if you are interested, these guys videotaped every session and made DVD’s. If you don’t already suffer from paranoiac delusions I would highly recommend Steve Rambam’s session (or, you can find an earlier version of the talk here).

tags: , , , , , ,
  • Andrew Odewahn

    Interesting post — love the 3-D projector. Also, looks like the link to the recorded sessions is broken –

    http://radar.oreilly.com/2008/07/www.mediaarchives.com

  • Jim Stogdill

    Thanks Andrew. The link should be fixed now.

  • erik

    Nope, the link is still broken

  • http://galaxyspectrum.com/ Public Relations Pro

    ////Over and over he expressed disbelief at how willingly we post our personal details everywhere from Twitter to Facebook while thanking us all the while for making his job as a private investigator that much easier. What the marketers and government don’t actively take, we actively give. Naturally I twittered the whole thing.

    One has to weigh the networking advantages to the disadvantages of no longer being anonymous.

    Many people have nothing to hide or fear about the loss of their privacy.

    In terms of the surveillance cameras monitoring the NYC streets – the lower crime rate is a tradeoff for living in a few society that wants to maintain the civil liberties and civil rights but still want to not be victims.
    In fact some are desperate to meet like minded others from around the world or to gain career advantages from being easily accessible.

  • http://www.phedhex.com Albert Hwang

    Hey Jim –

    Thanks for the write up!

    I just wanted to let everyone know that the wiremap code is open source and I’m considering tidying it all up and publishing a DIY kit.

    If anybody wants to build their own or otherwise get involved, feel free to visit my site and email me.

  • http://www.gopetition.com/online/20714.html Kundendienst Petition

    Hi,

    are IP´s from Germany not allowed by http://www.mediaarchives.com ??
    I become a 505, and if i take a american proxy i see the Page?!

  • Jim Stogdill

    Hey Folks, I don’t know what is going on with that mediarchives link. Some people in the states seem to be having trouble with it too. Sorry.

  • http://www.HackerDVDs.com www.MediaArchives.com

    Also, to see various presentations from “the Last Hope” check out http://www.HackerDVDs.com over the next few days, i’ll post rambam, savage, mitnick and a few others…