Feeds

Cutting edge P2P, crypto comes to your PC

Underground radio

  • alert
  • submit to reddit

SANS - Survey on application security programs

CodeCon The wonderful CodeCon conference that took place in San Francisco last weekend is now available as an audio stream. And in keeping with the true hackish nature of the event, the audio stream is a cross-platform DIY project in its own right.

CodeCon gathered together much of the most interesting bleeding-edge R&D work on distributed networks and crypto, and we'll give you a few pointers on where to move your WinAmp dial below.

Probably what made this grassroots conference so enthralling was the absence of people who talk about stuff, and an abundance of people who do stuff. This is in marked contrast to the O'Reilly P2P conference exactly a year ago, which no self-respecting blog giant (hi Dave!) or media pundit could afford to miss. Such folk were conspicuous by their absence at CodeCon. On the other hand, we did get to hang out with Captain Crunch, which was a treat beyond compare.

Instead, there were precisely three hacks in consistent attendance. Annalee Newitz, who writes the terrific Techsploitation column for the Bay Guardian and the San Jose Metro; Danny O'Brien, whose natty precis of the event tops this week's NTK, and your own humble scribe. So if you were one of the creme de la creme of cryptographers present, you had no fear of Declan creeping up behind you to take your picture. Phew!

So the MP3 stream is here, but visually, you're not missing much, if you can conjure up the Hacienda-like ambience of Jamie Zawinski's DNA Lounge. This is the Hacienda, but without the Gay Traitor bar and the Moston scallies. And the DNA Lounge has the coldest toilet seats in town - they're made of steel. (But it's still open.)

Although the organizers promised only working-demos, most of the demos didn't um, actually work. Most nearly worked, and in some cases were compiling before our very eyes - an authenticity trip that's hard to beat - but that didn't make them any less engaging.

So for nuggets we recommend the following. The important thing to remember is that the three day sessions are divided into four hour chunks.

The bit where Eric Hughes confesses to posting the RC4 code anonymously onto the cypherpunks list back in 1995 takes place nine hours in.

The most "rock and roll" event, the details of Peek-A-Booty, takes place an hour later.

Neglected but no less intriguing, is the Invisible IRC Project by 0x90. He's got a stream of the session itself, a 5MB download here. IIP has a three-tier approach, and looks and smells like an IRC network but has a fundamentally different approach: it rotates the keys constantly. 0x90 reckons it "can be used to do anything." If you've got a Windows, Mac OS X, Linux or BSD box you can download working code. Tell us your results, because the transparency of today's IRC keeps us away from using it as much as we would like.

The other show-stopper is Jonathan Moore's ad-hoc 802.11 network project, Wiki Wiki Wan. Now the benefits of such spontaneous wireless networks are obvious, but hacking one together isn't easy, as it runs counter to how networks are put together. Did you say "packet collision"? Imagine two nodes both transmitting at once. Neither is currently set up to detect collision, so this is a major hurdle the Wiki Wiki Wan project is tackling. Surprisingly DNS is less of a problem. Jonathan told us that "it's not solved, but DNSis not necessary" in such a configuration.

The bones of Mojo live on, in Zooko's MNET project, an hour into the stream, and the BitTorrent project. Of course BitTorrent shouldn't exist: we should all be using multicast IP by now, right? But we aren't, and BitTorrent is a neat hack to distribute one to many file shares over today's IP.

For random nuggets, you have to listen to the whole stream, which you can assemble here

Related Stories

Censor-buster Peek-A-Booty goes public
Freedom Network source code now available
Peek-A-Booty to debut at grassroots P2P show

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.