Geek Bazaar

A place to leak documents that should (not?) be made public. That’s wikileaks.org.

Worth watching:

• Port scanning improved presents a very reasonable scenario where Phenoelit needed to build a faster port scanner which does nothing else but scan. Faster than nmap - in fact the talk was full of comparisons with nmap and showed how the authors of the tool went around congestion control.
• DIY Survival by Bre of make magazine was totally hilarious. Gives a few excuses to add to the growing number of gadgets in the store room.
• Crouching Powerpoint, Hidden Trojan: I didn’t manage to get there from the start, but this talk details the findings of one researcher. Technically, nothing new came out of it really but it’s always good to hear of unique accounts or experiences in the field of targeted attacks.
• Not exactly a talk .. but the Phonoelit party was pretty kewl. Very geekfriendy

Watched these:

• Lightning talks - consisting of 5 minute talks. The one that I liked best was regarding Mac OS X widgets. The idea is that since these widgets have access to the system() function and make use of Web 2.0 stuff most of the times, a simple injection (JSON injection / Cross site scripting) has further implications compared to normal web applications. This means that such flaws can easily give remote system access. The speaker (Thomas Roessler) then showed a gmail widget that was vulnerable to such attack. It would be interesting to find out if such vulnerabilities can also be present in the iPhone.
• Just in Time compilers - breaking a VM. Interesting mostly because it shows what can be done with Just in time compilers and that includes not just Java but also other stuff like javascript and actionscript.
• Modelling Infectious Diseases in Virtual Realities - a scientific talk which shows how a disease in a virtual reality, in this case it is WoW (world of warcraft) can be used to further understand modelling of infections and recovery. The speaker also gave ideas on how this knowledge can be used to efficiently contain an infection and also suggestions to Blizzard to reintroduce infections in WoW.
• Toying with barcodes - just watched this one. Excellent stuff. The talk was very flowing and had a good sense of humor injected as well. The speaker (FX) showed how security is really underestimated in the technology that is probably most used to track physical objects - barcodes. He picked on postal services, automated dvd rental systems, newspapers showing 2d barcodes, and a few other examples.
• “Building a hacker space” - some of the original ccc founders gave their ideas on what to do and what not to do if you want to start a hacker group. Stuff like providing the guests with ample caffeinated drinks .. fun and quite motivational I guess.
• Making cool things with microcontrollers - where the speaker (Mitch) kept referring to his sexiest toy.. a mind bendin, hallucination inducing spectacles. Worth a watch.
• more coming up

Quick note: put up some photos from the first day @ 24c3 on my flickr account.

Mindspill has a very interesting article about popularity of social networking sites based on country. And you get pictures! The article is here.

Some sane views on copyright .. the history .. and whats next. High quality version here.

i think they made it way too long .. but the situation sounds familiar

The article is titled “Did Iceland Teen Call Secret White House Phone?“. Very cool stuff. Ironically yday was having a chat about how useless those questions with “secret” answers can be - the date of birth question for example.

Fav part:

“It was like passing through checkpoints,” he said. “But I had Wikipedia and a few other sites open, so it was not so difficult really.”

Matasano is back and this time it’s picking on Wikipedia. Actually, people or companies who abuse Wikipedia. “The Wikipedia Advertising Vulnerability And How Not To Mess It Up” talks about marketing departments who just post links to their website, and suggests how they should improve on that. Of interest is a comment which linked to the “Wikiscanner“.

Wikiscanner : give it a name of a target company and it shows you the IP address ranges that match. Then you can easily view which Wikipedia pages those hosts edited.

Simple, just tik the right answers… a lot of them
http://www.innergeek.us/geek-test.html

A division of Cisco is giving “customer service” a whole new meaning: People calling the support number for a one of the company’s tech products are being redirected to a phone-sex line.

 Read more