I had an awesome time at Toorcon this last weekend. Some friends from UCSD convinced me to pay the last minute registration and attend. Totally worth the $120. Here's a quick rundown of my weekend. I've included all my notes from Cory Doctorow's keynote because it was just do dang good.
Keynote - Cory Doctorow
The industry has moved from the mainframe: a giant, specialized network that restricts the user's abilities based on a central policy authority, to a general purpose network that provides an open environment for the user to explore, learn, and share. He said that today, we're seeing a backlash. We have IT departments that are trying to turn our general purpose networks and machines back into specialized, locked down, dumb terminals again.
We can see this in the era of the EULA. Everybody is including these "binding agreements" that you agree to by opening the box. By "agreeing" to these EULAs, we've agreed to give up all our rights to the manufacturer. And we're seeing this in DVDs, TVs, Consoles, Cars, Software, etc.
We can see this in the era of DRM or "copy protection". (As Cory pointed out, have you ever protected something by not copying it?!) DRM only keeps honest users honest. If I have the choice of being restricted by buying something legally (off the iTMS or URGE or whatnot), or being completely unrestricted by downloading something illegally, which am I going to be more likely to choose? If I download music off BitTorrent, I don't get a rootkit. If I buy the music from Sony, I do. Rootkits are enforcing policy from a central policy authority that treats the user of the hardware as an attacker. Why are we designing computers and software that can enforce remote policy on the user? That's like building a rocketship with a self-destruct button.
The best security is living in a civilization that is based on freedom. We have to reform our business models so that we treat the fact that the internet makes copying fast and easy as a virtue, not a vice. The history of copyright and trademark law shows that yesterday's pirate becomes today's admiral. And that these admirals point at the pirates of today, screaming "What we did was progress! What these guys are doing is theft!" Who revolutionized the entertainment industry by introducing the VCR? Sony. Who put copy protection rootkits on their CDs? Sony. We need the pirates of today to legitimize the way in which we operate so that the pirates of tomorrow can succeed in their own fights.
Keynote - Simple Nomad
Simple gave a very interesting talk about the "State of the Enemy of the State". His current prediction (and he's made a few very accurate predictions) is that reverse engineering is soon to become illegal. He cited the Microsoft vs. Viodentia case as an example of how reverse engineering can go away.
Black Ops 2006 - Dan Kaminsky
Dan's talk was pretty cool (He was also very hungover :-p). He showed an idea of using RTP/RTCP as a way of monitoring networks for net neutrality. The basic idea is that because RTP floods TCP links without regard for quality, packet loss, etc and then waits for the client to give back the RTCP data on jitter, latency, etc, we can use this information to see how network links are faring. And this data can be used to monitor if/how the carriers are shaping the traffic. (Cory Doctorow also touched on this a bit...in a bit less technical detail.)
Since Dan knows more about DNS than practically anybody on the planet, he also showed how you can stop DNS leakage on VPNs over SSH. Basically, DNS requests can (and do) get leaked to the local LAN because they're UDP packets rather than TCP (SSH only moves TCP packets). Rather than fixing all the client side code or putting a layer in to wrap DNS requests up in TCP packets, Dan proposed that the fix is actually much simpler. Put up a local DNS server that always responds by setting the truncate bit to one. This tells the local DNS system making the request to ask over TCP instead. Pretty slick.
Also, Dan showed the coolest application that visualized binary formats as a dotplot. Now, this isn't new to image formats and the like, but he showed dotplots of .NET assemblies, Java class files, Win32 PEs, etc. This is useful for fuzzing file formats. Also, for examining them for changes. His last slide was titled Visual BinDiff and showed the differences, in dotplot format between msvcr70.dll and msvcr71.dll. It was cool.
More to come...
That was just the rundown of the keynote sessions. Pretty cool stuff. I'll post more over the next week or so (as homework allows) on the actual session I attended.