Feeds

cDc bores two thousand people at once

And other way kewl tricks

  • alert
  • submit to reddit

High performance access to file storage

Defcon 08: by wireless

The Cult of the Dead Cow -- authors of Back Orifice and BO2K and the undisputed glam rockers of the hacking underground -- amazed the crowds at Defcon with an hour of shallow meditations on site defacements, network security, and themselves.

We knew we were in trouble at the opening, as member Tweety Fish kicked off the long-anticipated festivities with the disclaimer, "Just to let you guys know, um, we were pretty much perfectly aware that, that, that, we were not going to top last year? So, we're not going to try? So, we're just going to talk to you a while."

And things proceeded rapidly downhill from there.

At last year's presentation, Tweety noted, he had given "a little bit of a speech that was directed towards some of the younger members of our audience? And their habit of putting dumbass, pointless, misspelled shit on other people's Web pages? And I didn't tell people not to do it last year? .... But I've been following it for the past year, and, um....you can stop now. It's just not going to be cool."

And then things proceeded further downhill, as a totally unrehearsed, unprepared cDc continued to wing it for the masses.

"It's sad to think of this as the high point of the year," one enervated audience member remarked to us.

We stuck around only long enough to hear member Deth Veggie explain that our expectations of an interesting presentation were extravagant because, "We're not a software company?"

All right, fair enough. No one said they had to be a software company. But no one asked them to convene for an hour with two thousand expectant people in a hot room when they had nothing of interest to say, either.

Later, during a press conference, Tweety Fish reminded us that "people shouldn't expect a new tool from us each year, because....we're not a software company?"

Perhaps we left the hot room a bit too early. Sir Dystic, we learned, did write a tool which exploits a few long-standing NetBios protocol weaknesses, enabling a user to kill a network running NetBios by commandeering and otherwise manipulating machine name assignments. The tool is available from cDc, and the software patch to defeat it is now available from Microsoft.

As for what cDc has been occupying itself with this year -- since they haven't been hacking out the code to any newsworthy extent -- we are not quite sure. "I think that the thing we're most focused on right now is trying to get people involved....in developing a theory of what hacktivism actually is," Tweety suggested during the press conference.

We thought this could be an exciting development, but Tweety was less than encouraging. "I don't think it has evolved enough, and I think there are too many people who have [merely] talked about it....it just hasn't happened yet," he said.

A good example of 'real' hacktivism, Tweety reckoned, was Bronc Buster's hack of October 1998 which defaced the official, government-controlled Chinese Society for Human Rights Studies Web site with a substitute page claiming "I simply cannot believe the total bullshit propaganda on this Web site," and linking to critics of China's authoritarian regime, such as human rights group Amnesty International.

Another might be hacking "a corporate Web site for a clothing manufacturer that had crazy, unfair labour practices in some part of the world, and revealed information about that which you couldn't get any other way."

And that, we reckon, is a very promising seed well worth cultivating. Thus far, the cDc Web site has made a small start with its Hacktivismo page, which contains little more than a couple of links and some text borrowed from the electrohippiesWeb site.

If the cDc had the grace to sit this Defcon session out and quietly put their efforts into developing such a concept, exchanging ideas on their Web site, networking with other crews, coming up with some appropriate tools, and presenting it all as a coherent, tangible proposal, we would have had the pleasure of writing a very positive, perhaps even flattering, article.

Maybe next year. We will see. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.