anarkzzmimic ..>> jesus didn't dance, but the beat goes on. ,mM Mm, ,mM Mm, ,mM'~ `MmM`~ 'Mm, ,mM'~ `Mm`""""^%mmmmM'~ `MmmmM.,g#&&#mM'~ `Mmmmm: &&&: &&& `""""^%ggggg.` ``""""""^%aaaa#' `"""' &&&&&: &&&: ,&&& .aaa. &&&&&: .aaaaa. &&&&&: .aaaaa &7' '"' `&&& `&&&: &&&&&: &&&&&: &&&&&: &&&&&: b systemFAILURE l&& &&&: &&&&&: &&&&&: &&&&&: &&&&&: &a, .,. ,&&& &&&: &&&&&: &&&&&: &&&&&: &&&&&: &&&&&: &&&: `&&& . ... &&&.. .&&&&&... &&&&&.. .&&&&&.. .&&&&&... &&&&&. ..&&&.. .&&& .. . . : ::: &&&:: :&&&&&::: &&&&&:: :&&&&&:: :&&&&&::: &&&&&: ::&&&:: :&&& :: : : ø øøø &&&øø ø&&&&&øøø &&&&&øø ø&&&&&øø ø&&&&&øøø &&&&&ø øø&&&øø ø&&& øø ø ø &&&: &&&&&: &&&&&: &&&&&:` ``""""""""""""'' ' `"' &&& &&&: `'`"ýý%%ýý"'`' `'`"ýý%%ýý"''` ' .gg&..>>issue#14 ý"' `"ýý%%ýý"'^`"ýý"'^`"ýý%%ýý"`^`"ýý"'^`"ýý%%ýý"' r r rrrape the system failureee. øø .----------------------------------------------------------------------------. | System Failure: Issue #14 | `----------------------------------------------------------------------------' Yeah yeah, I know it's been a long time since we've released an issue. We've been recovering from DefCon, and when you add to that the fact that I'm a flake, well, you get a late issue. :) I think I am going to start aiming for a new issue every two months from now on, to ensure a quality zine and to give myself more time to prepare the issue. Anyway, I hope everyone finds this issue educational. Much of it consists of DefCon reviews and quotes, but I threw a few other articles in as well. Thanks to Anarchist for the opening ascii as usual, and to Inubus for sending us the neat ansi file included in this issue's archive. Thanks to Gwonk, Level6, IIRG, and everyone else who donated prizes and helped out with the scavenger hunt and other System Failure events at DefCon 6. And congratulations to Dexter and friends for winning the scavenger hunt. --Logic Box [9/11/98] .----------------------------------------------------------------------------. | http://www.sysfail.org/ | | [sysfail@syfail.org] | `----------------------------------------------------------------------------' how are you flying to DefCon? on an airplane. .----------------------------------------------------------------------------. | CONTENTS | | SysInfoTrade by SysFail Staff | | ARP Part II: Hijacking Situations and DoS Attacks by BarKode | | Cryptography for Dummies by Pesto | | UNIX Security Primer, Part I by Velocity | | DefCon 6 Review by Logic Box | | DefCon 6 Review by Pinguino | | DefCon 6 Review by Mr. Sonik | | DefCon 6 Review by Saint skullY the Dazed | | DefCon 6 Review by BarKode | | DefCon 6 Quotes by SysFail Staff | | SysFail Mailbox by SysFail Staff | `----------------------------------------------------------------------------' <-------+ | SysInfoTrade +----------------> staff@sysfail.org - New System Failure stickers arrived yesterday. I reordered the "Thank You for Abusing AT&T" stickers, which were black vinyl with white text. I also made a simple "OWNED" sticker, which is black vinyl with white text. For my new comic book, I took the kicking penguin from one of the System Failure VGAs and put the Tori Do logo on it. That one is white vinyl with black text. All stickers are $1.00 each plus a stamp. - Thanks to everyone who stopped by our booth at DefCon! - Order Tori Do: The Epic from Penguin Palace. Art/Story by pinguino. $24.00 TORI DO: The Epic- A young penguin martial artist goes on a quest, stepping outside his castle's gates for the first time. He is the Red Avenger, and he is joined by a sarcastic mage, a tag-a-long imp, and a dream, on his journey across the Antarctic terrain. The Red Avenger has been chosen as the protector of the penguins... but can he make it past an evil wizard to claim his title? This enhanced CD contains a soundtrack with jungle/dark ambient songs from RE:, Miguel Q, Solo Jr., and Nick B. It is playable in newer CD players (such as one in your stereo or car). Once you put the CD in your computer, you can use a web browser and fully experience Tori Do: The Epic. - Cupertino, CA. Aug 19,1998, Symantek announces that they have located the first JAVA virus. Although this one is not malicious, it is a parasite, and latches onto .class files. The virus's name is Strange Brew. There is worry that more malicious JAVA virii may be in the works. - The House of Representatives passed the Digital Millennium Copyright Act, which strengthens copyright protection on intellectual property and discourages piracy. It also protects databases. The bill is scheduled for the Senate this month. - The FCC is restructuring Ham Radio liscense requirements. In fact, they're trying to make it easier to obtain a liscense, and writing the tests to be more practical. They're also putting way less emphasis on knowing morse code. If you ever thought of getting a ham liscense, follow up on the debates at: http://www.arrl.org/news/restructuring/ - Check out the new design at www.scenelink.org. It's a free news service that anyone can post to. Current news categories are Art, Warez, Demo, Other - 2600's new project is a Kevin Mitnik documentary. The film crew is hitting 2600 meetings and asking hackers how the saga has affected the hacker world. Email film@2600.com to find out more. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ARP Part II: Hypothetical Hijacking Situations and Denial of Service Attacks by BarKode (barkode@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This issue we'll delve into ProxyARP, and Gratuitous ARP, and also dig a bit into some hypothetical local ethernet TCP session hijacking situations. I'll be assuming you've read part one, or already know the premise of ARP while you read this article. For this article, let's use the following network map (I suck at ascii drawings). Assume the machines on the top are using a Class C netmask of 255.255.255.0, and that the machines on the bottom are on an 8-IP subnet in the same class C network, using a netmask of 255.255.255.248. 10.10.10.1 10.10.10.2 10.10.10.3 ____________ ____________ _____________ | | | | | | | illusion | | oblivion | | abyss | |__________| |__________| |___________| | | | ethernet --------------------------------------------------------------------------- | ________|________ | Cisco 2514 | | cube | | 10.10.10.253 | |_______________| | | <-- serial dial-up | has ip 10.10.10.250 ______|______ | | | cirrus | |___________| 10.10.10.201 ethernet | --------------------------------------------------------------------------- ______|_____ | | | pulsar | 10.10.10.202 |__________| I) Proxy ARP Proxy ARP is an implementation of ARP on a machine that allows it to answer ARP requests on one network for machines on another one of it's networks. We'll start off like this. Wayne wants to dial in to his corporate network and have access to all of the machines. Wayne has a few machines at home, so he sets himself up an 8-IP netblock (10.10.10.200-208) at work, then goes home and dials into work. The modem at work picks up and establishes a connection, giving an IP address to his machine, we'll say 10.10.10.250. The router at work has been configured to route requests for Wayne's network to Wayne via his dial-up interface. But the other machines on the network don't know that his machine isn't on the local network. As far as the other machines are concerned, his subnet is still covered by their netmask, hence on their local network. So if Illusion needs to send a packet to Pulsar, Illusion is going to look at Pulsar's IP address and consider Pulsar to be on the local network, and make an ARP request. Pulsar doesn't get that ARP request. This is where Proxy ARP comes in. The Cisco router (Cube) is going to get that ARP request, and notice that the IP in question is an IP connected to one of its serial ports. Cube is going to respond and say that Pulsar is located at its own hardware address. Illusion will then start sending packets to Cube, and Cube will forward them to Pulsar. This operation is totally transparent to Illusion. As far as its concerned, Pulsar is sitting next to it on the wire talking back and forth. Gory details? No problem. Illusion sends an ARP request looking for Pulsar. 0:0:b4:03:F2:02 FF:FF:FF:FF:FF:FF ARP 60: arp who-has 10.10.10.202 tell 10.10.10.1 Cube gets the ARP request and responds with its own HW address. 0:0:0c:3b:a3:4e 0:0:b4:03:F2:02 ARP 60: arp reply 10.10.10.202 is-at 0:0:0c:3b:a3:4e Then Illusion starts sending packets to Cube, and Cube forwards them to Pulsar. If you were to then view the ARP table on illusion, you would find that Pulsar and Cube both share the same hardware address. 2) Gratuitous Arp A very important feature of ARP is Gratuitous ARP. Seemingly minor, Gratuitous ARP is essential for several reasons. It happens when a machine asks the network for its own IP address, hence: 0:0:B4:03:F2:02 FF:FF:FF:FF:FF:FF ARP 60: arp who-has 10.10.10.1 tell 10.10.10.1 This accomplishes several things. One being that if there is another machine on the network that has the same IP, it will respond back saying so, and alert the user that there is a duplicate IP on the network. There is another situation. One feature of ARP is that it will automatically update its ARP cache if it recieves a broadcast ARP request from a machine that already has an entry in it's ARP table. More specifically, say you down one interface on a machine, put your ethernet cable into another card, and up that interface. When that interface comes up, the first ARP broadcast it sends will automatically update the arp caches of the machines on the local network with its new hardware address. Same IP, different Hardware address, because it's a different ethernet card. Now, the rest of the machines will start sending data to that hardware address instead of the previous one. That's kind of neat, now isn't it? If you send an ARP request with an IP attached to it in the "tell" field, the rest of the machines on the network will automatically assume you are that IP and send you packets. But of course they will! That's what ARP does! Resolves IP addresses to hardware addresses. Now we get to the part where ARP starts to cause trouble. 3) Denial of service attacks How you ask? Well, the last paragraph back there should give you some ideas. Here's some questions: * What would happen if you wrote a program that replied to every ARP broadcast with its own hardware address? A few things. If you wrote a program that replied to every ARP broadcast with your IP, you'd have machines on the network (especially Windows machines, whoo boy) confused about who's the Real McCoy. If your entry was the latest in a machine's ARP cache, you would get packets destined for machine whose identity you have assumed. Considering this is local ethernet, you'd get the packets anyway, but they'd have the other machine's IP plastered onto your ethernet address. This would cause all sorts of problems as the machines fought about who's who. This is one style of a Denial of Service attack, however it's not very efficient. * How can I use ARP to hijack someone's TCP/IP session? Say Illusion was talking to Abyss with a telnet session, and you wanted to assume Illusion's place in the conversation. You are currently using Oblivion. You could write a program to hijack the connection by somehow (network congestion, crashing Illusion somehow, unplugging it, whatever) getting Illusion off of the network, and assuming its identity by using ARP to tell Abyss that Illusion's IP is now located on Oblivion's hardware address. Abyss can pick up right where it left off and send the next waiting packet, which your program has already been ready to recieve. You are now talking to Abyss via telnet, and the upper-layer protocols never missed a beat. This is not a very technical description of session hijacking. I'm aiming this article at people that aren't extremely familiar with the concept. * How can I use ARP as a Denial of Service attack? One way to use ARP as a DoS attack is to respond to gratuitous ARP requests with any hardware address. Since gratuitous ARP is often sent at bootstrap time, attacking this can cause a variety of problems. Windows NT machines have been known to pop up a dialog box saying "Windows has detected a duplicate IP address at HW address: #:#:#:#:#:#. The interface has been disabled.". NT then proceeds to down the interface until it is brought back up by hand, and the interface sometimes can not be brought back up as long as there is another machine on the network with the same IP. This has happened to me personally before, however since it was years ago I'm not sure what version of NT besides that it was 4.0 that this occured on (Service Packs, etc). Try giving your UNIX machine an IP that's the same as your NT machine, boot your NT machine and check what happens. * How secure is ARP? ARP is about as secure as crotchless underwear on a glass floor. There is no security involved with ARP directly besides ethernet switching (or "Smart Hubs"), which helps prevent sniffing and other problems by knowing what hardware address is coming in on what port on the switch. If you have access to broadcast ARP, you can cause damage to your local ethernet. ARP wasn't designed to be secure. It's a trusted protocol, stateless in design. There is no connected status, it's just broadcast packets and one-packet replies. There's no authentication involved. ******************************************************************************* Conclusion ---------- This is just an introduction to ARP. ARP is a fundamental protocol on networks today. Mapping logical addresses to physical addresses is essential with the protocols we use. As more and more people get onto the internet, and we start to lean towards IPv6, we should be seeing some changes come along in major protocols, ARP included. Steps have been taken to keep ARP in check, such as switching. These steps are nescessary to keep co-locations facilities, ISPs, and businesses' communications a bit more secure. If everyone at a co-location facility was on a big hub, colissions, sniffing and IP spoofing would be a bigger problem. Plugging everyone into a different interface on a router would get expensive, so switching is the way to go. So you've learned about ARP, proxy ARP and Gratuitous ARP, as well as security issues involved with the protocol itself. I hope that these two articles have been informative, and any questions can be sent to barkode@sysfail.org. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Cryptography for Dummies by Pesto (pesto@stf.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Cryptography. n 1. the art of writing or deciphering messages in code 2. the system used in a code or cipher. (Webster's New World Dictionary) Hi! This article is a basic guide to cryptography. For further info, check out one of the many books out there available on the subject. Many people, including me, like Bruce Schneir's "Applied Cryptography". Writing an article about "cryptography" is about as absurd as writing one on "computers". The subject is so broad that one probably won't learn much. However, this may serve to peak your interest in cryptography. Enough babble. Here goes. Cryptography is basically the science (or art, depending on your point of view) of taking a perfectly good piece of data and fucking it up beyond all comprehension so that it can later be unfucked by whoever is supposed to see it. This keeps bad guys from checking out your data. Some common places where John L. User can see crytography is in PGP-signed e-mail, and passwd files. The Basics ---------- So I've got all of this info I want you to see, but there are bad guys on our network. What to do? Well, first, I'll need some plaintext. Plaintext is normal information. Suppose my e-mail says: Our foreman is looking for trouble. That son of a bitch is gonna pay!!! A nice bit of plaintext. Now, I want to fuck it up so that if the foreman picks up this e-mail on it's way to your computer, he can't read it. How do I fuck it up? Well, I could punch it... but instead I'll encrypt it. Now it says: Pvs gpsfnbm jt mppljoh gps usnvcmf. There's some ciphertext for ya. Ciphertext is encrypted plaintext. Now that's all fine and dandy, but how the hell are you gonna know what that means? Well, you could just look at the sentence and for each letter, use the letter before it...or you could have your computer do it. Either way, you are decrypting the information. encryption decryption plaintext ---------> ciphertext ------------> plaintext Isn't that a lovely diagram? This basically shows how data is passed securely from one person to the next via encryption. Now you know what plaintext, ciphertext, encryption and decryption are. Now, most cryptography is a bit harder than that. The three main types of cryptographic functions are Secret Key, Public Key, and my personal favorite, Hash Algorithms. Generally, a cryptographic scheme consists of an Algorithm and a Key. One computer takes the key, plugs it into the algorithm, shuffles some bits with the new algorithm, and sends the bits on to the next computer. Secret Key Cryptography ----------------------- Secret Key Cryptography, such as DES, can be used for many things, including transmitting data over an insecure network, and storing data on a disk without worrying about someone picking it up and snooping. Basically, the idea behind secret key cryptography is that My computer has some data that needs to be transmitted, or stored, via insecure media. So, I take my Secret Key, encrypt the data, tell your computer what my secret key is, and your computer decrypts it using the same key. Complicated, huh? Secret Key Cryptography encryption plaintext -----------> ciphertext pheer ^ the | diagram key | v ciphertext ----------> plaintext decryption Another neat thing about Secret Key Cryptography is the way it can help authenticate identity using Strong Authentication. Check out another elite diagram: My computer Your computer challenge ------------------------> <--------------------------------challenge encrypted with the secret key <--------------------------------a different challenge different challenge encrypted with secret key------> A Challenge is just a random number picked by each computer. Using this method, both computers can verify that they are who they say they are WITHOUT revealing the secret key. Public Key Cryptography ----------------------- Public Key Cryptography, such as RSA, works the same way Private Key Cryptography does, except that instead of using a shared Secret Key, I'll use two keys, one Private Key and one Public Key. Using my private key, I encrypt my message to send to you. Then, you take the Public Key to decrypt the message, and voila. Public Key Crpytography encryption plaintext -----------> ciphertext ^ | private key public key | v ciphertext ----------> plaintext decryption One of the most common uses for Public Key Cryptography is for e-mail authentication, a "signed" message. PGP uses Public Key Cryptography. Hash Algorithms --------------- Hash algorithms are mainly used for password verification. Any UNIX person knows all about hashes. For those Windows kiddies among us, I'll go ahead with this section. Okay, so you type your password at a login prompt. The system you're trying to log in to has to have some way to verify that your password is correct. It would be pretty lame if it just kept a long list of passwords and checked what you typed against what was in that list. Someone could just come in and swipe all of the passwords and root that sucker in 30 seconds. So instead of keeping a long list of passwords, UNIX boxes keep a long list of hashes, or encrypted passwords. When you type in your password, UNIX encrypts it, checks the encrypted password with the encrypted password in /etc/passwd (yeah yeah, shadow/passwd for most boxes). Breaking an Encryption Scheme ----------------------------- No encyption scheme is perfect. There are ways to get to the data you want. Cryptanlysts (people paid to break encryption schemes) have defined the three main ways of cracking an encrypted method as Ciphertext Only Attack, Known Plaintext Attack, and Chosen Plaintext Attack. Ciphertext Only Attack ---------------------- You've picked up part of an encrypted message, and you really want at it. Ever seen those crypto games in the newspaper? This is a great example of a Ciphertext Only Attack. Let's take the encrypted data: A HFAMJ HFRH HFAQ AQ PVVJ Now let's stare at it a long time. We've determined beforehand, of course, that this is a monoaplphabetic cipher, or a cryptographic scheme in which the ciphertext is the same length as the plaintext, and each ciphertext character represents the same plaintext character everytime it is used. Now, how many one letter words are out there? Just two. A and I. Let's try I first, since A is the ciphertext. i HFiMJ HFRH HFiQ iQ PVVJ Now, how many words out there have five letters of which the third one is i? Blink, think, clink, gripe, etc. I'll be damed if I go through this whole thing. you get the idea. Of course, if all cryptographic schemes were monoalphabetic, there wouldn't be much point to cryptography. Another Ciphertext Only Attack would be to snag that ciphertext and try all keys used by that specific algorithm until you see something recognizable, like: I think that this is cool. Known Plaintext Attack ---------------------- Remember, I didn't seperate these categories. People a lot smarter than me did. A Known Plaintext Attack is when you happen to snag some plaintext, ciphertext pairs, for instance I=a, H=t, F=h How can this info be found? No practical way. An example would be that you know that either you (Bob) or your co-worker (Alexander) are going to get fired. You find an e-mail with only one word in it, the word of the soon to be ex-worker, and it looks like: FAF You're fucked. The good news is that you can get revenge, because you now know that F=b, and F=o, a good start for breaking any further transmissions you happen to chance by. Again, this is assuming a monoalphabetic cipher. In real life, you'd have to go through a shitload of work to bust a cryptographic scheme using any attack. Chosen Plaintext Attack ----------------------- Payday. In a chosen plaintext attack, the user asks the computer what the encrypted value of A is, B, C, etc...it can happen. A good example is that some large newspaper company which will remain namless thinks they have secure e-mail because whatever passes through secret@domain.name.here is encrypted and forwarded to the appropriate person, who then decrypts it using an in-house application. However, by sending the e-mails a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z to secret@domain.name.here and asking it to forward it to you, you know have each letter of the alphabet's encrypted value. Erm. Hope you found this at least a little informative. Play nice! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNIX Security Primer, Part I by Velocity (velocity@geekbox.net) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNIX security is such a vast subject that no single document can cover the subject in its entirety. Anyone who says they can are socially inept, pathological liars. Look, I've wrote about five lines and the content is already general and non-specific. The title for example. Am I talking about System V, Linux, *BSD, who knows? This isn't meant to be your security bible, it's a short, general, security primer. It may not even be accurate, but I never asked you to read it, so don't bother me with your objections. In this first part of a continuing series of security texts I will briefly describe some system software, third-party software, and general security practices. If there is a program that wasn't mentioned that you think should have been mentioned, don't e-mail me until this series of security texts is done, because there is a 99% chance that the program that you noticed was missing this time around, it will be mentioned in a forthcoming text. Section 1: Programs To Help You On Your Quest For Adequate Security ------------------------------------------------------------------- ssh - In lamen(r)s terms this is simply an encrypted telnet program. The ssh package comes with both a client (ssh) and server (sshd). The package compiles cleanly on every flavor of UNIX I've ever used, and both the server and client are easy to invoke. The client allows you to choose between different encryption algorithms you may way to use, the only ones I can remember right now are blowfish and DES, but they're are a few more. Nearly all shell servers have sshd running these days. [[Quick Reference]] To start sshd, all you need to do is type sshd at your command prompt, not too difficult. It is best to add sshd to your rc scripts so that sshd is started at boot time. Most systems have a routine in their rc scripts that look for sshd, and upon successs, run the program. The basic syntax of the ssh program itself is as follows: ssh -l loginname remote.host.here. That is all the average user needs to know to connect to a remote host using ssh. SATAN, COPS, ISS, and other types - These are system scanning programs. I've never used any of these programs, but from what I understand they basically just scan your system for well-known security flaws. If you run a tight ship and keep up to date, you will probably never need to use one of these programs. tripwire - I'm not sure if this is a very popular program, but I think it's pretty spiffy. Basically, what is does is keeps a database of all your files and their md5 checksums, which is basically the size and timestamp of the file. So you can set up a cron job to periodically run tripwire, and then tripwire checks your files up against the database and alerts you to any discrepencies. So if an unwanted intruder has modified your rc files or group file or something, you'll know, as long as you follow up on the report tripwire generates. You can't just run it and hope tripwire fixes the problems for you. You really only need to keep a database of the md5 checksums of sensetive files, like those located in /etc and /var. password shadowing suite - We should all know what password shadowing is, so I won't go into great depths about it. It isn't a very hard concept to understand. Password shadowing moves the real password file (the one with the encrypted password) to a file called /etc/master.passwd or something to that degree. It then replaces /etc/passwd with a near identical copy of the real password file. Except for the fact that the password field of the file is now simply marked with a '*' or an 'x', for all users. You may ask yourself why you would want to replace your real password file with a decoy, with a blank password field. Well you see, in a UNIX enviroment /etc/passwd NEEDS to be readable by all users. Programs use /etc/passwd to determine a users GID, name, and whatnot. Now the bad part about needing /etc/passwd to be readable is that, although the passwords are DES encrypted, any twit armed with a password cracking program and a dictionary file may be able to reveal guessable passwords in your passwd file. So with a password shadowing package, not only do the programs that need /etc/passwd to determine information, get that information, but the real password file can be kept readable to root only, so crackers can't flex their password cracking technique on your password file. If your running a *BSD system or a fairly recent distribution of Linux, password shadowing is implemented by default. PGP - I'm not going to go into a lot of detail on PGP, because the PGP package comes with possibly the best documentation of any program I've ever used. PGP is used primarily for e-mail encryption, but it is also used for encrypting text documents and such. It allows you to choose the level of encryption you wish to use. The levels range from light, to military grade. Once again, it has excellent documentation. Many people only use PGP for e-mail. The way privacy is achieved in e-mail through PGP is as follows. When you first install PGP, you create a public key file. This is loosely a special crypto alogorithm that PGP uses to encode whatever files you wish to be encrypted. You then send this key to friends or other people that e-mail you. They then add your key to their 'keyring'. This is a collection of keys. When they email you, they first encrypt the text using your public key which is located in their keyring, then when you receive it, you decrypt it with the special passphrase you selected while creating your public ring. icmpinfo - A great little program that monitors ICMP activity on the computer it is executed on, it then forks ICMP information to syslog. Which basically means if a suspicious packet is sent to your machine, icmpinfo will place the information regarding this packet in syslog. [[Quick Reference]] For all practical uses, the only icmpinfo command line you should need to use is 'icmpinfo -vvvl'. This will run icmpinfo is the backround as a daemon (specified by the -l argument) and it will fork a maximum amount of information about packets to syslog (specified by the -vvv argument). TCP Wrappers - TCP wrappers are included with some UNIX distributions, some don't include them, so I guess I'll just label them as third-party. You don't have any excuse for not installing and using TCP wrappers. TCP wrappers are used by editing /etc/inetd.conf and making desired services point to the tcp wrapping program. The IP of the machine requesting said services along with other information, such as the service requested, is forked to syslog. The TCP wrapping program then allows the client access to the service it has requested, assuming of course the specified service is installed, and allowed, on the machine running TCP wrappers. TCP wrappers are incredibly easy to install, and the output forked to syslog is very easy to read. [[Quick Reference]] This is a sample portion of an inetd.conf file that is using TCP wrappers on the ftp and telnet services, but NOT on the ident service. This should give you a pretty good idea of how to set up TCP wrappers. This is assuming your TCP wrapper program is /usr/local/libexec/tcpd, your telnetd and ftpd programs are in /usr/libexec, and your identd program is in /usr/local/sbin. ## unf unf unf unf unf unf unf unf ## inetd.conf 31.31 ftp stream tcp nowait root /usr/local/libexec/tcpd /usr/libexec/ftpd -l telnet stream tcp nowait root /usr/local/libexec/tcpd /usr/libexec/telnetd ident stream tcp nowait root /usr/local/sbin/identd /usr/local/sbin/identd firewalls - Packet filtering software comes with a lot of UNIX variants. It seems that they have a reputation of being hard to configure, but its an undeserved reputation. Basically, all a firewall does is filter the packets coming in from the interface you set it up to listen on. It will then allow, reject, or re-route packets. How a firewall deals with a packet is determined by a rules file, which you should write. This file is /etc/rc.firewall on FreeBSD, /etc/ipf.rules on OpenBSD, and /etc/rc.d/rc.firewall on Linux. OpenBSD systems have firewall examples in /usr/share/examples/ipf, and FreeBSD has examples in /etc/rc.firewall. IP Filter support is built into the OpenBSD kernel by default. On *BSD's you will need to modify your /etc/rc.conf file; look for the lines pertaining to firewalls and edit them as needed. They are well-described so it won't be hard to decide which to edit and what to change. This will start your packet filtering software at boot time. Firewalls are great for tons of things, primarily stopping ICMP attacks and spoofing. Section 2: General Practices To Maintain Security ------------------------------------------------- Make a point to ask your users to use random password. Perhaps psuedo-random is good enough though, but as random as possible, although that really doesn't help with a brute force attack. Also make the password expiry about a month or so. Don't forget about password shadowing. Keep proper file permissions. Chmod is simple to use, and it is very helpful. Chmod helps you to specifiy who and who doesn't have access to certain files and directories. If you have a chatscript in /etc/ppp/ you probably wouldn't want it to be world readable (unless the idea of having everyone with an account on your machine knowing your username/password to your ISP turns you on). You SHOULD know how to use chmod, 'man chmod' if you don't. There are tons of /tmp problems. Temporary files used by programs are stored in /tmp. The problem with the /tmp directory is that the directory has to be world writable so that all the users can have the programs they run write temporary files to /tmp. This is bad because many programs have temporary files that happily follow symlinks. Let's say that we have a program called 'plop', And this program creates a temporary file called /tmp/plop.poop. Now here is where things can take a few different paths. If the temporary created is writable only to the person who ran plop, then the worst case scenerio is a DoS. But this is still pretty damn bad. Let's just say that root runs 'plop', and some evil person has linked /kernel or /vmlinuz to /tmp/plop.poop. Well, when the temporary file is created, it follows the symlink and writes to /kernel or /vmlinuz. This obviously isn't good. Now let's go to scenario number two. The temporary file is created world writable. Now, if the person who creates the symlink knows that the temporary file is going to be world writable, he would probably link /tmp/plop.poop to /etc/passwd or something else like that. This is because if the temporary file ends up being world writable, then whoever made the symlink can now open up whatever file /tmp/plop.poop is linked to, because that file will now be world writable. This will allow the mad symlinker to modify whatever file /etc/plop.poop is linked to and edit it as he wishes. There are several ways to stop this. The first way to do this is create a directory like ~/madtemp or something. And then set your $TMPDIR enviroment to this temporoary directory you have created. Several programs accept $TMPDIR, but some still don't. This is good because you can use chmod to disallow people other then you into that directory. For programs that don't accept $TMPDIR, you can just add a function to check to see if the temporary files exists, and if it does exist, have the program exit with an error code. If you don't wanna write the code yourself, you could probably just rip it from a similar function from another program you know has this feature. The last way (I can think of) is that sometimes in a program's rc files (.pinerc and .elmrc and stuff like that), you can specify where a tmp directory goes. Don't run any services that you don't need too. This serves no purpose except to open up possible vulnerabilities. This also goes for daemons. Do you really need sendmail running on a machine that has a dynamic IP? I doubt it. But if you do, try to use qmail instead of sendmail. Keep on top of whats going on. Mailing lists such as BUGTRAQ make this very easy. You will know about vulnerabilities as soon as the rest of the world does. Also, most operating systems have their own mailing lists; most have several. Also, USENET provides numerous groups on the subject. If you have a freshly installed UNIX system, you may want to review the BUGTRAQ archives for the last year so you can keep your system up to date. It's really helpful if you have a complete source tree of your operating system. That way if a vulnerability ever does ever threaten your system, you can easily apply the patch that is hopefully soon to follow the exploit, or tinker with the code and fix it yourself. Programs such as CVS make keeping up with your OS's current source code easy. CVS is a program used by OpenBSD to check your local source code tree against that of the current OpenBSD source tree, and makes appropriate changes, so then all that is left for you to do is recompile your updated source tree. I think the most important aspect of having a secure machine is not to be lazy. You must keep up with mailing lists and newsgroups to see what's going on. You must apply patches, and upgrade software regularly. Also, don't be afraid to take a look at source code before you compile it. This is an ESPECIALLY good idea if it's the source code of a daemon or server program, or any program that is SUID (Set User ID) root. Definitely look for any unsafe function calls. This is an important subject that deserves a lot of content, which I will go into in more detail in Part 2 of this primer. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DefCon 6 Review by Logic Box (logic@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This is my DefCon 6 review. Read it and like it. Wednesday, July 29, 1998 ------------------------ BarKode drove to my house from Sacramento. We played Nintendo. We beat River City Ransom. We went to sleep. Word. Thursday, July 30, 1998 ----------------------- Me and BarKode woke up at 8:00 AM, got ready, and headed to the airport. Other than the attempted hijacking and the guy on the wing of the plane, our flight to Las Vegas was rather uneventful. We decided to catch a shuttle to the Plaza and check out the con, and noticed limo rides costed roughly the same as shuttles. Fuck shuttles. We rode to the Plaza in style. After arriving at the Plaza, we decided we were hungry and headed over to a buffet to eat. After lunch, we went up to the con floor to see if anybody was around. All the while, we were waiting for Saint skullY and Mr. Sonik to page us and announce their arrival. We got to the con floor and talked to Noid and a few other people (mostly DefCon staff, I believe), then we met up with a couple of guys from Idaho whose handles escape me. We chatted with them for a while, then we spotted Lefty walking down the hall. We caught up with him and headed up to the 16th floor, where Vect0r, Joker, paiNe, Mr. YoYo, and Lil' Matt were. We all went to a ham radio store and fucked around for a couple hours and went to Jack-in-the-Box to eat. All this time, skullY had still not paged me. After figuring out that my pager didn't work in Vegas (which it was supposed to, according to my broke-ass pager service), we called the front desk of the Golden Nugget (where skullY was staying) and paged him. He was there. We went up to their room. Word. We hung out for awhile and made fun of some idiot who was trying to sell a 266MHz P-II computer on the Ishopathome.com channel, after which we headed back to the airport to pick up Phear at around 9:00 PM. He arrived on time, and we accompanied him to the Plaza to check out his room. Corro arrived shortly after we did. We called Pinguino, made sure her flight was getting in on time, hung around, then went to dinner. Several people were drunk during the meal, and made this quite apparent to the waitress. She was still pretty cool and talked with us a bit, so we left her a big tip and took some pictures of her holding one of our ham radios ("DefCon Waitress of the Year, 1998"). After this, we all went to our rooms and went to sleep. DefCon was tomorrow. Friday, July 31, 1998 --------------------- Me, BarKode, Sonik, and skullY woke up and drove to the airport to pick up Pinguino. BarKode isn't exactly the best person when it comes to getting up early, so we were a bit late to the airport. But that didn't matter, since Pinguino's flight was late as well. After greeting Pinguino and introducing her to the rest of System Failure, we went to the baggage claim area and waited around a bit for her luggage, during which time I checked out some of the booth plans, contests, and art that Pinguino had brought. After a while, Pinguino's luggage had still not shown up. It was becoming apparent that something was wrong. We found the baggage claim services office and bitched at them a bit, and they told us that Ping's luggage was in New Mexico. They told us it would be delivered to the front desk at the Golden Nugget by noon, so we headed back there and gave the nice lady at the front desk $20 to pay for our express luggage-shuttling fees. That being done, we headed over to the Plaza. DefCon. We got to DefCon slightly before noon. I got my DefCon badge (from my good friend Boogah 187, who was manning the counter), and we ran into XBS on our way in. We found an empty table and set up a makeshift booth; we had Blow Pops to sell, and we set our second annual scavenger hunt into motion. PBX Phreak and Darkcube showed up while we were setting up the booth. PBX offered to help us with stuff; Asphyxia also showed up, and we let him sell some of his neat telco junk at our booth. Meanwhile, BarKode was running around looking for power supplies and network cable so we could set up our streming RealVideo feed. Throughout the day, I met several people who I knew from IRC, including Xx25, Level 6, Teeleton, Sloth, Foneman, Dev Null, DDay, Toilet Duk (who I knew from DefCon 5), Phreak of Nature, and Calimar (EvilCal). Teklord and Insight showed up a little later, as did Fonephuk. We got a lot of cool shit for the scavenger hunt this year. Throughout the day, we got two payphones (one rotary), a satellite dish, 100 porn fliers, a pair of slot machine handles tied together to make nunchucks, the infamous GTE van door, and a stripper. The stripper was actually a DefCon attendee who just wanted to get points for her group on the scavenger hunt. Me and Asphyxia thought it was cool, dammit. The majority of the day was uneventful, except for meeting people and getting weird stuff. A bunch of us (me, Pinguino, BarKode, skullY, Sonik, Vect0r, and PBX Phreak) all went to eat dinner at some restaurant. The waiter was a complete idiot, and fucked up several different orders, in addition to giving us a lot of snide remarks. PBX Phreak went berserker and refused to pay for some stuff they charged us for (which we didn't order), and the waiter called the manager. She in turn called security, and we left the restaurant after paying for our food and watching PBX yell at her a lot. We also formally welcomed BarKode to the group here. :) Some drunk southerners stopped us on our way back to the Plaza to ask us if we were hackers. BarKode (or "James Bond," as they called him) had them convinced that his digital camera's flash card was top secret microfilm, and they kept saying all sorts of amusing things. We learned that they had just started using ICQ, and they kept asking us if we could hack their ICQ accounts. We took a couple of pictures with them, then we continued on to the Plaza. At some point during the night, me, Ping, skullY, Sonik, and PBX drove back to the airport to look for Pinguino's stuff, after several wasted calls to the incompetent baggage claim officials. We found her luggage sitting in the middle of the baggage claim area, and regulated on security when they tried to stop us from leaving without checking our baggage with baggage claim. We had our stuff. Word. I think we split into two groups here, because BarKode and Phear wanted to see Hacker Jeopardy. The rest of us went back to Lefty's room and got drunk or something (except for me), then me, skullY, Sonik, and XBS all headed to the Golden Nugget and went to sleep. Saturday, August 1, 1998 ------------------------ I woke up early, woke Sonik and skullY up, and gave Pinguino a wake-up call. We got ready and headed to Pinguino's room, where we were instructed to carry the booth stuff down to the con room and wait for Pinguino. Me, Sonik, and skullY took the booth set up down, and Dark Tangent let us in early (it was about 8:30 AM at this point). Pinguino arrived, we were told to pick any table we wanted, and we picked a good spot and set up our booth. Our booth setup this year completely rocked. We had a nifty flashing LED sign, blacklights, and some nice Penguin Palace art. Pinguino really came through for us with the booth. We also had shirts, stickers, Blow Pops, and CDs to sell. We sat around for a few hours, and me and Sonik made occasional food runs for people. Calimar stopped by to say hi, and BarKode arrived eventually. Dave G. and Window (who me and BarKode haven't seen since they moved out of California) came by to say hi to us a little later, and BarKode left to hang out with them for a while. Somewhere around this time, FoneMan stuck an amusing sticker on Carolyn Meinel's back. Too bad I can't remember what it said. Pinguino, PBX, and I left to eat while Sonik and skullY watched the booth, and we met up with Mr. YoYo and paiNe again at the restaurant. Ping decided to go to the ham radio store with Lefty and a few other people so she could figure out what the hell was wrong with her malfunctioning radio, so me, PBX, and Sonik watched over thigns while they were gone. While we were at the booth, we noticed that the people at the booth across the room were selling hard drives, cellphones, and other neat hardware for very low prices, and Asphyxia and BarKode managed to get some nice stuff for almost nothing. Pinguino returned eventually, and we decided to take the booth down, get some dinner, and head to the Star Trek Experience. Apok0lyps came by to say hi while we were taking things apart, after which we lugged it all back to Pinguino's room and went to eat. After eating at some random restaurant in the Plaza and losing a bunch of people, we split into two groups and drove to the Hilton, where the Star Trek Experience was. This part of our DefCon experience made the whole trip worth it. About fifteen of us went to the Star Trek Experience, including me, Pinguino, Sonik, skullY, Phear, Corro, Teklord, Insight, Mr. YoYo, paiNe, Lil' Matt, Vect0r, PBX Phreak, Lefty, and XBS. We were being very obnoxious through the entire thing, and we tried our hardest to try to make the actors on the Experience laugh. Making the cast members laugh proved difficult, especially with the Klingons. Pinguino gave one of them a Blow Pop, and they acted like they didn't know what it was. PBX made a few hand gestures at them (which Pinguino explained as being "human mating calls"), and we said a bunch of stupid stuff to them. They never even smiled. The ride was pretty neat. The first part sonsisted of a ride down a shaky elevator, during which the lights flickered a lot. At the bottom of the elevator, a uniformed woman came in and asked "is everyone okay?" Lefty (who only has one hand) held up his arm and screamed "I LOST MY HAND!@" The actress lost it. After the ride, we played with a couple of touch-screen chat kiosks. Pinguino managed to get one of them to spawn an IE web browser through a clickable URL in the About screen, and we browsed their internal network for a while. This didn't sit well with Hilton security, and they threw us out after about ten minutes (are they on the ball or what?). We broke into two groups and drove back to the Plaza once again, where several people got drunk. Pinguino and the others in Mr. YoYo's van didn't show up, so I started to get worried. After about an hour of not hearing from them, Phear called to tell us they went to the Stratosphere. Fucking kids. They showed up, and Pinguino wasn't feeling too good. After she got to feeling better, we all sat around in Phear's room, where lots more drinking took place. Several of BarKode's friends showed up, as did Gwonk and Succomb. After a while, we all decided to go to Gwonk's room. We all went to Gwonk's room and had a party. BarKode got pretty drunk, and he was saying a lot of stupid things (several of which got into our DefCon quote file). I met a pretty cool guy from Bakersfield named KaiDream, and he took me to his room and introduced me to Mindriot, who I've known from IRC for a long time. After waking Mindriot up and saying "hi," I went back to Gwonk's room. After a while, skullY and Sonik went back to our room to go to sleep. PBX and I both decided we were tired, so we said goodnight to Pinguino, went back to our rooms, and went to sleep. Sunday, August 2, 1998 ---------------------- We woke up late and headed to the con. We decided that there wasn't enough action to warrant setting the booth up (coupled with the fact that Pinguino was leaving early), so we just walked around and chilled for a bit. At about 11:30 AM, we went to Pinguino's room to help her pack her stuff. We said goodbye to her and Level 6, and headed back down to the con room. Phear, skullY, Corro, and a couple other people decided to go see a movie, while Sonik, BarKode, FoneMan, and I stayed to be con whores. We met up with Prophet, and walked around the con rooms a bit. I bought some cool shirts and Sonik bought an old laptop. I can't remember what all we did, but Phear and the others showed up a little while later to tell us the next showing of Mafia wasn't for a couple hours, so we all decided to go see it. Mafia was an okay movie. Could have been a bit better. After the movie, we went to the big Coca-Cola building, where Corro impressed a couple of the employees with his yo-yo technique. After spending a few minutes here, we took Corro to the airport so he could catch his flight home. We then headed over to the GameWorks arcade. We got nifty two-hour passes for $15 and played lots of games at the arcade. We played lots of racing games, lots of shooting games, and some dumbass baseball game that consists of a batting cage and a bat. I wanted to take the bat, but skullY didn't think that was a good idea. At around 2:00 AM, skullY, Sonik, BarKode, XBS, and I said goodbye to everyone else and went back to our room at the Golden Nugget. After laughing at the Ishopathome.com network for a bit, we went to sleep. Monday, August 3, 1998 ---------------------- Sonik woke me up early, and we all got ready and left. Sonik and skullY drove me and BarKode tothe airport, we said our goodbyes, and then we caught our flight back to San Jose right in the nick of time. Time to start planning for DefCon 7. :) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DefCon 6 Review by Pinguino (pinguino@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Clothes seemed to randomly fly across the room. Airlines went wacky. Hotel security frequencies were overrun with odd martian-like babbling. Even the time continuum wasn't safe. System Failure wreaked havok in Vegas, gathering together for DefCon 6. DAY ONE ------- My adventure started at 5:30am Friday morning, as I was sitting on IRC wondering where nfin8zero was. Someone had gotten me a plane ticket on Southwest airlines that left from Dallas Love Field like, at some indecent time of day when EVERYONE is asleep. So.. fifteen minutes after I was supposed to be gone, I'm on the phone with cab companies and nfin8zero knocks at the door. By the time we print him some stickers, pet the cat, drag luggage to the car, and do a final check on the room to see if I forgot anything, it was probably 6am. By the time we got to the airport, got lost through the employee roads, and checked luggage, my plane had been gone for 5 minutes. Panic set in.. so I called a conf. DH, Hamster, and some other people who were missing the con were on it, and they entertained me til I could catch the next flight. The flight to Albequerque was boring. I didn't get any sleep or really get anything done. When I got off the plane, I had about 5 minutes before I had to turn around and get back on. I sat next to an older couple who were really cool. They were really enthusiastic about everything. The guy worked at a neon sign shop, and knew a lot about electronics. He knew nothing about computers. He was going to a Vegas electronics con.. amazingly he had heard about DefCon. He also knew who Milw0rm were. Weird. As the plane thudded to a stop in Vegas, my grin widened. Mountains smiled back, as if they remembered me. The first thing I saw when I got off the plane was Logic Box, with a group of people I soon grew to love as the System Failure crew: BarKode, skullY, and Mr. Sonik. It was also at that time that we realized System Failure was comprised of a group of midgets. Like in the Wizard of Oz, we managed to make it to the baggage claim. We sat around... waiting to claim.. um.. sat around some more.. passed out blow pops and sat around some more. Clearly, we were missing something important. The people I sat by on the plane were missing a piece of luggage, so we followed them into an office and filed for missing luggage. The clerks offered special rush delivery service for $21 COD, so we left the airport with the expectation that our luggage would be in our hands at 1pm. The highway ribboned toward our weekend residence, and I was suprised to see that our hotels were not the ghetto dumps that I had expected. There was this weird curved net stuff with lights on it that covered a few streets.. it's too hard to explain. More like a giant canpoy of lights that went from one side of buildings to the other, protecting the street. We parked, and went up to the SysFail suite at the Golden Nugget. After everyone beautified themselves, we walked to the Plaza (admiring the "PLA" sign which was missing the Z and A) and got our badges. Turning around, I spotted XBS. I was under the assumption that he wasn't going to be there. According to Secret Squirrel, I ran as if I were going to attack him and tackle him to the ground. Right after that, Secret Squirrel joined us, and gave me a beanie baby penguin named Waddle. I pulled a fuzzy squirrel keychain out of Pedestrian's (my penguin backpack's) back and let it hop over to Secret Squirrel. I also got the room key to his room. We met up with some other people: Foneman and his cute spikey hair, Darkcube, Mr. YoYo, paiNe, Joker, PBX Phreak and more. As I walked into the convention hall, I couldn't help but notice how much more organized DefCon was this year compared to the last. When I got there, the line for a badge and entry was non-existent. The exhibits had a large room of their own, as did the speaking hall, and there was a large antechamber that led into these two rooms. The setup was sweet; I hope DefCon is at the Plaza again next year. Have you seen the covers on the Sandman comics? You can see something, but it's all broken apart and blurred, and there are other wacky things in the pic.. that's how my day was. Describing Friday is difficult. The first thing I did when I walked into the con room was to look for Iron Feather Journal. I met them through the rave scene in Colorado last year, and got interviewed by them for a zine they were working on. I had also given them art for a CD called Choons and Warez (get that CD, it rawks). When I found them, I got a copy of the CD.. and then got dragged off by someone. Then, Teeleton found me and told me that Level6 was upstairs (got there early), so we ran up there and I gave him lots of hugs and smooches cuz I missed him. =) Then we went down to the con; Level6 got his badge and I got my table. We took the last table at the con, in a tiny corner of the room. Emptying the contents of my backpack onto the table revealed a stack of scavenger hunt rules, stickers, and sticker sheets, and some other stuff. Asphyxia set up some of his equiptment to sell on one end of the table, and BarKode started setting up his RealVideo cam on the other side. Unfortunately, we had NO power (my extension cords were in my suitcase.. on a plane in some unknown location). We really didn't have much the first day.. reminiscent of our sad little DefCon booth last year. At least last year, we had RED DUCT TAPE! At some point, when the excitement was dying down, me and Mr. YoYo went up to Secret Squirrel's room. He was in there with Phear and some other people, and I played with Waddle the penguin. Phear made some wacky pink stuff with whipped cream. My response to that was hopping around and yelling "it's neeeeatttt," which Phear thought was funny (I'm not sure why) and made me say over and over. Come to think of it.. the people in the room below prolly got really fed up with all that bouncing. I wonder who was down there. Secret Squirrel taught me how to use an SWR meter. My radio was whacked out.. turns out the battery was messed up and I didn't have enough power to transmit. The radio I had was an FT530 that I picked up during APE at Berkeley earlier this year, and I didn't really play with it til DefCon. It also couldn't communicate with the two-way radios that skullY brought. When we walked back down to the SysFail table, there was a GTE van door that someone brought in for the scavenger hunt. It was from the people who kept it last year (they live in Vegas). We then hooked up with Rev. Krusty and some of the TDYC people and went to lunch at a diner downstairs. Some of the SysFail booth staff who went were PBX Phreak, paiNe, Mr. YoYo, and Lil' Matt. I don't remember who else went. I ordered fries and a Dr. Pepper and PBX got the same thing, and he paid for my food. Mr. YoYo got mass amounts of ice cream treats and proceeded to eat not very much of it. Girls walked up to him asking for a lick of his ice cream. We got back, and people at the booth were like, "Where were you!#@$" At 1:00 we went to the Golden Nugget to check on the luggage, but it wasn't there yet. We got back and BarKode got on the phone with the airline people.. went off on the manager. After an hour, we found out that my stuff was in Albequerque and the manager arranged for it to get on a plane to Vegas at 7:30pm. That was fine with us. The guys who brought the GTE van door brought us a rotary payphone. I don't remember ever seeing a rotary payphone in my life; I must have when I was little, but I don't remember them. Later, Adrian came to us asking about points for strippers. Because we didn't want the security guards to catch us, we set a chair up in the very corner of the room, behind the table, and made his fiancee stand on it. She started stripping. I saw flesh and I really couldn't watch anymore, but we got lots of pictures of it. Logic Box and Asphyxia kept talking about it for a full half hour after the event. We did booth duty for a while.. mainly explaining the scavenger hunt to people.. not sure what else happened.. and we took the booth down at around 7pm. The entire day, we were making plans to see the Star Trek Experience (me and BarKode are a couple of trekkies. William Riker has a copy of the original Tori Do, that I had given him personally at a Creation Con in San Diego, 1994ish). We also wanted to hit up a rave that was being held at a club by the MGM Grand. None of that happened because some of us wanted to see Hacker Jeopardy. We made plans to meet at the SysFail booth at 9pm. Squirrel, Phear, and I went up to work on the frequency hunt.. then everyone followed us up. We kicked them out and worked on it a lot. We also went out onto the scary unstable-looking ledge of a balcony and took pictures of Las Vegas at dusk. At around 9, I started to get really worried about my stuff at the airport, and I hadn't heard from Logic and the rest of the group for quite some time. They stopped responding to the radio (Squirrel's radio, an FT50, could transmit to them). I called the airport and got a VMB. I went out to regroup and skullY, Sonik, Logic, PBX Phreak, and I ended up at the airport. The entire ride up (long ride), I was fuming and saying how I wish I would have gotten my ticket when I was going to, instead of letting someone else take care of my travel arrangemewnts. Last minute, I had a weird feeling about the flight and wanted to get a ride to DefCon.. the only reason I didn't do that was because my stuff would get there at noon isntead of 9am. I had no idea I would get my stuff at 10pm. I was expecting to go yell at some ditzy airline chick, but when we walked into the luggage claim area, all of my stuff was in the middle of the floor. Relief swept across my face. We carried the luggage out, and were stopped by a hunched over man who wanted our claim ticket. I had Albequerque tickets and me and Logic started going off about how I was supposed to get this shit at 9:30am .. he waved us along. I guess if you ever want to get out of an airport in a hurry with your friend's bags or something, just bitch a lot. The attendants have better things to do than argue with you. On the way back, PBX Phreak gave me a backrub. We got back to the hotel and I took out some of the goodies: mass amounts of OCI books and folders, programmable LED sign, blacklights (put them in a safe place cuz they were breakable), various signs, blowpops, and SysFail shirts!@ If you looked at the SysFail shirts and didn't know what was on the front, I'll explain here. When I was bored at school (Palomar College), sometime in 1997, I was tutoring a 9-year girl named Sarah in art. That inspired me to be a little more experimental in my own artistic ventures. Between astronomy and college algebra, I sat down in the science area and drew a Celtic-looking picture of a dog. I scanned it, and put it over a photoshopped background.. I redid the image in 1998 and put it on the front of the shirts. We had been waiting FOREVER to go eat dinner.. so that's what we did. Phear and Squirrel already ate, but me and Logic, PBX, skullY, Sonik, BarKode, and Vect0r were famished. We walked down to the Fremont Street area (the part with the overhang) and found a place that served food. It was late, so all of the buffets we walked by were closed. Our server messed up on ALL of our orders. It was amazing. Me and PBX Phreak thought we got off lucky, but the server apparently brought us the wrong kind of soup. We all ordered Coke. We were almost done eating by the time Logic's food came. The soup we ordered was wonton soup (the resteraunt had a late-night Chinese food menu) and there were flaky white thingy floating in the broth, along with disgusting looking vegetables and pasty green-tinted wontons. The fried rice was so greasy that you could almost see reflections in it. We hardly ate. That was also when we made BarKode a member of System Failure. When the bill came, PBX Phreak totally went off on the waiter, insulted him a few times, and then yelled at the manager. In turn, the manager called a security guard. We paid and left the building. On our way to the hotel, our group got stopped by some pedestrians (not pedestrian the penguin; he was on my back). A middle-aged couple was sitting on a bench, drunk, asking us if we were hackers. They saw it on the news. The girl was from Texas and the guy from Lousiana. They were obnoxious hicks who just installed ICQ! BarKode convinced them that his digicam had microfilm in it, and they thought he was James Bond. They kept calling skullY "Agent skullY." They kept asking us if what they saw on TV was right, and if we were the "good" hackers. We then split back to our separate hotel rooms. We caught up with Secret Squirrel, and me, him, BarKode, and Vect0r went down to the Plaza snack bar and had a gigglefest because we were suffering from sleep deprivation. DAY TWO ------- Riiiiiing Riiiiiing.. Logic Box called my hotel room at 8:30am to wake me up. A minute later, the hotel wake-up call rang. Groggily, I stumbled around the room getting convention stuff together. I suprised that Vect0r didn't wake up, cuz I kept landing right by his head. PBX Phreak came first, and Squirrel let him in. PBX hovered in corners as I re-braided my hair, hunted for various things in the dark, and did other pre-convention type things. Another knock at the door let the rest of System Failure in, and I loaded them up with various pieces of the booth. When I got down to the convention floor, I tracked down Dark Tangent and asked him where I should set up the table. "Just find one not in use and take it," he replied. Only a few people were there early setting up, so I nabbed a spot by my friends at Iron Feather Journal. It took me an hour and a half to set up the System Failure booth. It was designed and constructed by Level 6. This was one of my dreams--a fully portable, lightweight, customized, and practical convention backdrop. Saftey pins and wires held the exhibit together, with blacklights and a flashy LED sign giving the structure its personality. A flourescent green Penguin Palace logo hung in the center of the booth, below an LED sign. Various drawings were pinned along the sides, under blacklight, with a black flannel canopy casting shadows along the interior. Our products and informational papers were laid out across a table and a half. SysFail members, proudly wearing their shirts, manned the table. Our shirts began selling, and within five hours we ran out of merchandise. We sold a bunch of Systems Failure CDs given to me by my friend Jason from Scattered Comics, and all the stickers. People came up to us asking if they could run through DefCon naked, so I raised the points on that for the scavenger hunt to 100. After I did that, ThePublic said that I just wanted to see him naked. Mr. YoYo, paiNe, and Lil' Matt wanted me to go eat with them, but I had to go with Phear and get people to sign up for the frequency hunt, which was starting at 2pm. We had 30 minutes to get people to join. Logic Box and PBX Phreak were freaking out because I kept "disappearing," running off and talking to people 20 feet away from them. PBX followed me into the bathroom (I was at this point getting tired of being followed around), and then we went downstairs to catch some food. I saw Mr. YoYo down there and he was really hurt that I didn't go down there with him. 2:00 rolled around, and just as I was about to dash upstairs to check on the hunt, our food came. I ate half a tuna sandwich and fries, and gulped down a Dr. Pepper, then went up to check on the hunt. Nobody had showed up, so Squirrel and Phear moved it to 2pm the next day; at the same time, the scavenger hunt ended. Me and Mr. YoYo started to mess around with our ham radios. We went upstairs looking for Level 6 and Squirrel, so that they could mod YoYo's radio. They did it, and it ruled, and we decided that going to the ham radio store in Vegas to get me a radio battery would be a good idea. By the time we rounded everyone up, Level 6 wandered off, so we went downstairs. I ran into the con room to tell Logic that I'd be gone for a while, and ran out to the group. We loaded into Mr. YoYo's car and went to the radio place, but it was closed. Mr. YoYo's van had no seats in the back, making the ride really interesting. We couldn't think of any other places to get radio batteries, so we headed back to DefCon. Mr. YoYo and I hung out with Squirrel some more, and then stopped in his room to get something. Lil' Matt was supposed to be resting in there, but he wasn't there. We started looking under pillows and stuff for him, and found that the bathroom door was locked with he lights off. Panic set in and we pounded on the door. Matt was only 15; you may remember him as the person with shoulder-length green hair and big pants. He walked in about 5 minutes later, to our relief. Mr. YoYo then proceeded to hunt for his radio manual, and we decided that the maid carried it off or something. Logic radioed that we should break the booth apart, so I had everyone there shove what was left into a duffel bag and leave the pipe structure. Me, YoYo, and Lil' Matt went to the con room, where Foneman was guarding our backdrop. Logic and PBX Phreak came back, and we took the backdrop apart. Apok0lyps stopped by and gave us compliments. I wrapped the black sheet that covered our table around Lil' Matt, like a black toga. We carried everything up to Squirrel's room. About twenty people were in the room, and we decided to split apart. The people who wanted to see Hacker Jeopardy stayed at the con (BarKode and some people), and everyone who wanted to have fun playing in Vegas went with me. Food was a priority, so we went to the diner downstairs. Not all of us fit in the elevator, so we lost about 15 people. I ran ALL OVER the hotel, the perimeter of the casino, the con table, speaking hall.. and found everyone (at one of the elevators? I don't remember). We made it to the diner, and the server said that there was NO way that we could all eat together. We walked to Burger King, on Fremont street. We looked like a mini-parade--noisy, bouncy, and obnoxious. We spotted someone wearing an "I Spotted the FED" shirt. We stopped so the alcoholics could get booze, and Insight grabbed me and Phear and tried to shove a margarita down my throat. I did a breakaway and got away from Insight, and we sparred a little. He grabbed my wrist and we goofed around a little more, and my watch flew off. It didn't break or anything, but that ended our little fight. =) We got in line for Burger King. It was situated above the casino. I felt like someone watching ice skaters at the mall, except I was watching gamblers waste time and money. I ordered a Dr. Pepper.. it was the first time PBX Phreak got something different than me (he got food). I was too hyper to eat, though. We put 5 tables together, ate, and walked to the garages where our cars were. We split into two groups; one in skullY's car and one in Mr. YoYo's. Logic Box, paiNe, Mr. YoYo, Insight, and Lil' Matt were all in YoYo's car with me. paiNe was driving and I was up next to her, giving her shampoo/conditioner tips or something. Phear, Mr. Sonik, Secret Squirrel, Corro, PBX Phreak, XBS, and Vect0r went with skullY in his van. A VW Bug followed skullY's van, and in it were Teklord and some guy whose name nobody remembers. Our van got lost on the strip. None of us knew where the Las Vegas Hilton was, where the Star Trek Experience was. I leaned out of the car and talked to a limo driver, and got directions. As we turned left off the strip, someone in the back rolled a joint. Everyone smoked it but me and Logic. When it was passed to paiNe, Logic Box flipped out (he's paranoid about drygs and stuff). We made it to the Hilton, and drove around and around and around in the parking garage. On the radio, the other van reported that they got hassled by security for standing on the grass. We ran down to the group and I pounced on XBS, pushing us onto the grass. Everyone screamed. We walked into the building and followed the signs to the Star Trek ride. After I got my ticket, I noticed the Klingons guarding the entryway. "Let's get a picture with the Klingons!" I yelled. Our entire group posed with one of the Klingons, who growled when I leaned back against him. We walked up the ramp into a Star Trek museum. I pulled a blow pop from Pedestrian's back, and handed the penguin to Squirrel. I ran back to the Klingon and said "Want a Blow Pop?" I hold the candy out to him for a few minutes, and he says, "What is this thing, this Blow Pop?" I reply, "It's candy. You eat..er.. chew it. It makes your mouth muscles stronger so that you can bite your enemy." "Ahh," he responded. "It is for trade." He accepted my gift, and as someone in line called my name, I pounced away. The Klingon stood in place, holding the Blow Pop upsidedown. Moments later, someone tapped my back. I turned, and saw the Klingon moving toward us at a rapid pace. A voice commented that he did not look pleased. The Klingon caught up to us and started to give us a personal tour of the Star Trek museum. Of course, we couldn't help picking on the poor Klingon. We even agreed to give $50 to whoever could get the Klingon to break out of character. We told him some crazy stuff, like that Bill Gates was our leader, and that he was like a Ferengi crossed with a Tribble (Klingons hate Tribbles). Corro tried to grab the Klingon's gun, and the Klingon looked at him as if he wanted to rip Corro's spine out of his body. The Klingon said something to the effect of, "It is because of fools such as him that the Klingons have developed magnetic technology that welds a weapon to a specific DNA pattern." Talking to the Klingon with everyone was the best part of DefCon, and I can't even remember a lot of what was said. I was laughing hysterically the entire time. Maybe it was the kind of thing you had to experience to really understand. I do recall at one point, PBX Phreak was making faces at the Klingon. I leaned over the railing and whispered to the Klingon that PBX Phreak was doing a human mating call at him. The Klingon then commented in a loud voice, "I have heard that humans can be unsure about their gender." There was a display with female Klingons, and me, Phear, and Teklord started like, uNFing and whistling and yelling sexually-oriented comments about them. We finally were led into a prep area. If you've ever been on Star Tours at Disneyland, it's like the part where you have to look up at a TV screen that briefs you on your "mission." The Star Trek theme played, and Teklord sang along with it. The screen fuzzed out and we got sent to the future. The year changed to 2023. Our guides rushed us into a turbolift and left. I wobbled around, as if the ship were under attack, and smacked into Insight. Me and Insight started moshing, and everyone jumped in. The lights dimmed, and when the turbolift stopped, our guides and an ensign ran over. "Are you all okay?" screamed one of the guides. Secret Squirrel lifted up his arm, and yelled out, "I lost my hand!" Everyone doubled over in laughter and tears as the girl started laughing. She was the first person who couldn't stay in character. We got led into the actual ride, and the captian said that I should be dragged off to sickbay for a mental health examination. We sat down, with Logic, Phear, and I in the very back. The captain came out and briefed us, and after Teklord yelled something out at him, I told the captain that Teklord was his great-great-great grandpa. The concept of the ride was a spacefight; the 3D graphics were pretty convincing. "When we were being seated in the `shuttlecraft,' after Teklord said, 'We're the best of the best of the best SIR!,' maybe 15 seconds later the screen just came on, and he ripped it out," explained Phear. "It's running Windows 95, we're all going to die!!" We left the ride and wandered towards Quark's bar. Me and Insight were up front, turned and saw everyone clustered around some information kisoks. The Star Trek Experience's webpage was up on a touch-screen. We started running the VRML pages and kicking towards the computer below. I found a chat room for Logic Box, then an idea flickered when I saw "Instructions on Internet Relay Chat." I clicked on a few more things and clicked on an IRC program, which saves to the hard drive. That got us into the actual machine and we were able to navigate through the NT network. We went into the main server and started moving files into different folders. A security officer came from behind me and said, "Step back from that computer." There were two kisoks. At the time, Phear was poking at the reset button on the other system with a long straw. I got rid of the screen I was in and backed away, and the guard told us to leave the hotel. We left in somewhat of a hurry, but lost paiNe. I dashed out to the grass and flung myself onto it, rolling. Some other people from our group were doing the same. The feeling of rolling on forbidden grass made me giddy. By the Stratosphere, a fireworks display was starting up. It was the most impressive commercial display I've seen in a long time. Hotel guests were sitting on the grass over by a hill, so we all laid down to enjoy the display. paiNe made her way back to us, and Teklord left with his friend in the VW Bug. We left, this time Mr. YoYo's van ended up with him, me, Phear, Lil' Matt, Insight, paiNe, and XBS. In traffic, the passengers played Chinese firedrill. YoYo turns the music up and me and XBS started grooving in the backseat. We drove near the Stratosphere, and Mr. YoYo yells, "Rollercoaster!" We drove through the taxi-drop off area of the hotel and got stuck in traffic, so I opened the van door, jumped out, and started dancing. When the traffic started letting up, I got back in and we parked. "I thought it was funny when you were dancing in the van and that lady beside us stared laughing," said Lil' Matt. "She had that look where she was trying not to laugh but she couldn't hold it." We followed a wacky maze to get up to the top, but we made it. Phear stayed by the ticket counter with the parents of all the kids who wanted to go on the rollercoaster. Me and Lil' Matt had second thoughts about the ride; both of us were afraid of heights. Lil' Matt was afraid of rollercoasters, though. His courage to go on the ride inspired me to go on, as well as when Mr. YoYo said something to the effect of, "You aren't going to get to do anything like this again." The line was long, and it took us at least 30 minutes to get to the ride. The wind whipped past my face when I stepped out to the coaster cars. The Stratosphere was the highest point in all of Las Vegas, and going up there made me feel weak and dizzy. The rollercoaster was horrible at first, but as soon as I realized that it wasn't going to shift sideways, and that it was kinda of a roundandroundandroundandround ride, I started to not get scared, and opened my eyes. When we got off the ride and made our way out, we split up. paiNe and Insight went to gamble. Mr. YoYo, Phear and I went to McDonald's. Mr. YoYo had a flurry and I tried some of it. I got a soda and was filling it with water, like 5 times.. then with caffeine-rich Dr. Pepper!@$! We walked around the mall area for a while. The stores were separated into geographic region themes. We meandered down to the casino to catch up with paiNe and Insight, who didn't win us $10,000. Fifteen minutes later, Phear heard something on one of the radios and called the hotel room. The other van had freaked out after we hadn't shown up, and people were getting really worried. We realized that we lost XBS, so we searched for him. When we quit our search (he's a big boy), we went to the car and found a note that said he went with a friend somewhere. As quickly as we could, we drove back to the Plaza. I holed up in Phear's room for a while and talked to Level6, and then went to have a talk with Logic Box. We heard that security was going to check on our rooms, so we all scattered, and most of us headed to Gwonk's room to have a party. I gave Teklord a really super good backrub, since I had owed him one for over a year. Then I ran around getting donations for gwonkbell.net. I holed myself up in the closet and made a general announcement that it was my office. Joker made an appointment. First, I had a serious talk with Teklord that lasted forever. Then, PBX Phreak and Logic Box pulled me out to talk, and PBX said goodbye, cuz he didn't think he'd see me the next day (and Joker missed his appointment). paiNe took me over to Mr. YoYo's room, and there we found Joker, BarKode, and Lil' Matt (I think). Joker had a video camera, so me and Mr. YoYo stripped for it. We took off our shoes, socks, hats, jewelery, and DefCon badges, and gave the camera seductive looks. Joker pulled his pants down and showed off his pooh bear boxers. I took the camera and taped him doing a slow-motion olympic star run down the hallway in his boxers. It was getting daylight and cold, so I crawled into YoYo's bed and accidently fell asleep. DAY THREE --------- I woke up at 11:30am thinking, "where am I!?@#" I woke BarKode up and we dashed upstairs. I started packing. Soon, SysFail people wandered up into the room, and Level6 came looking for me. By 1pm, I was done packing and everything was in the car. Level6 and I went searching for Xx25, so that we could leave. We found him at a blackjack table, and he gave me one of his chips. We stopped at Wendy's, and then left Vegas. We went through the Hoover Dam area, and I hung out the child-safe windows to get pictures. The rest of the trip was like any other road trip, but it was special. We brought rain back with us, to a state suffering from a month-long heat wave. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DefCon 6 Review by Mr. Sonik (sonik@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 10:30 AM, Wednesday morning - I was awakened by the sound of skullY ringing my doorbell so that I could finish packing my things so that we could hit the road on our way to DefCon 6. This is actually when the excitment of all the things I would be doing and the thoughts of meeting new people were accually getting me really ready to go, despite only having four hours of sleep the night before. Once we were all loaded up and on the road, I was pretty excited and couldn't wait until we got to Las Vegas and the the real fun started. There isn't a whole lot for me to say about the trip down there. It was pretty boring for the most part... just monotonous driving in the van all the way to Reno, where we stayed for the first night and got all rested up and ready to go the rest of the 600 or so miles to Vegas. Once we arrived in Vegas, I saw that it was a lot different than I expected it to be. First of all, people in Nevada can't drive worth shit. Second, the town was bigger than Hell and it was very easy for us to get lost. We arrived at the Golden Nugget Hotel and skullY went to check us in at about 6:30 PM or so. Once the room was ours, skullY came and got me and the rest of the stuff from the van and we walked up to our room and scoped it out. When we got there, the room phone was blinking, alerting us to a message that was waiting for us. The message was from Logic, who was already whining at us for being an hour late getting to Vegas. After about a minute or two of trying to page Logic, who thought his pager would work in Vegas, we got a knock at our door. It was Logic and BarKode, who were bitching at us again for being late. Once we all got settled into our rooms, we went over to the Plaza Hotel, where the con was yet to start. We hung around for a little while around the third floor and spoke to a few other DefCon visitors. The first people I remember meeting from IRC, besides Logic and BarKode, was Joker and Phreak of Nature. We kinda hung out for a while and decided that we should watch the Fremont Experience. After the neato light show, we piled into skullY's van and headed to the airport to pick up Phear. Once we all got back to the hotel, Corro showed up and we all decided that getting drunk would be cool. That night we went to Molly's Resturant inside the Fitzgerald and had prime rib dinners. After dinner we all went back to Phear's room for a little while, and then BarKode, Logic, skullY and I went to our room at the Golden Nugget to get some sleep so that we could head to the airport to pick up Pinguino in the morning. The next morning, Pinguino's flight arrived late and we met her, talked for a bit at the terminal, and headed to the baggage claim so that we could get her stuff. We ended up waiting for about 20 minutes before checking with the airline office before we found out what happened to her things. During the entire ordeal Logic kept bitching about the SysFail t-shirts and our lost booth (which was in Pinguino's luggage, in some other state). The rest of that day was pretty cool, even though we had a makeshift booth and shitty network connection that decided to go down about 10 minutes after it was up. After we kept checking up on the hotel's front desk for Ping's luggage, we went back to the airport to see if it had arrived there yet. We found her stuff sitting inside the terminal, apparently forgotten by the staff. I think we drank some more alcohol that night too. Who knows. Saturday morning we got up super early so that we could go set up the DefCon booth and start selling our stuff. The day seemed to go really slow for me for some reason. We tore down the booth at about 7:30. I thought it was like ten at night. Anyway, the big exciting thing for the night was going to the Star Trek Experience at the Hilton. It was a pretty kick ass ride; the Klingons were cool too. After the ride, Pinguino owned the Star Trek Experience just by using a touch screen. I had no idea that she was so eleet. :) The next day was kind of a blurr, but that's understandable, being drunk at night and starved of sleep during the day. But we did make it out to see Mafia and hung out on the strip. We also went to the GameWorks arcade and got two hours of play for $15. It was a pretty cool arcade. Monday we got up really early and packed all our shit, and skullY and I took Logic and BarKode back to the airport and we headed home the same way we got there. We had a lot of time to make up so that I could get my sorry ass back to work on time on Tuesday. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DefCon 6 Review by Saint skullY the Dazed (skully@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Ok, here's my nifty DefCon 6 review. To make the long story short, we hung out, got drunk, got stoned, were con whores, and all sorts of other cool things. If you want a longer review, keep reading. First, Sonik and I drove through Oregon and California and Nevada to DefCon. It took two days, and really sucked. Don't ever drive to DefCon if you live farther then 500 miles away. We then checked in and met Logic Box and BarKode. After he bashed my face apart for being late and I kicked his in teeth in for that, we went downstairs and met Joker and Phreak of Nature. We decided we wanted to watch the Fremont Experience, so we walked out and waited and waited and watched an ambulance pick up some fat lady who fell off her barstool or something then waited some more and finally the light show started. After watching it, we drove to the airport to pick up Phear. We drove Phear back to the hotel and he checked in. Somewhere between checking in and getting booze, Corro showed up. So anyway, we got booze, and BarKode, Sonik, Phear, Corro, Secret Squirrel and myself all drank. We decided afterward that it'd be a good idea to get something to eat. Since it was 12:30 at this point, there wasn't much open, at least by Vegas standards. We ended up at Molly's inside Fitzgerald's. At Molly's, they had to make up a table for us since we had like 10 people with us. Once we got our table, we had to decide what to eat. Most of us had the $4.99 prime rib. The waitress was really cool and let us take pictures of her with our radios. After that, we hung out in Phear's suite for a while, then went back to our room for a quick couple hours of sleep. Friday morning we had to get up at 7:00 so we could meet Pinguino at the airport. After waiting for 45 minutes, her plane finally landed and we went to get her bags. Another 20 minutes of waiting and we realized they weren't there. We went over to the Southwest Airline's counter and found out the bags didn't make it onto the connecting flight. We told them to rush them over to the room (they had all the stuff for the table and the prizes in them), and left for DefCon. We got to the con, grabbed a table and set up a makeshift booth. Basically it was just us, a sign made from a piece of notebook paper, and some miscellaneous stuff others had brought. Luckily we did have the scavenger hunt list, so we got that started. Within a short while we had a door, a pay phone, and tons of porn fliers. We started getting things set up, including the video feed, and things were rocking until the network went down. That's when we had to stop Logic from killing himself because he couldn't IRC anymore. It was during the outage that some group got a girl to strip for us. Logic and Asphyxia will prolly ramble on about it for hours, but as far as I was conceded it was cool, but not worth talking about for more then two sentences. Throughout the day, we were basically con whores. We did keep checking on Pinguino's luggage, which the idiots at Southwest never sent. We finally went down to the airport about 8:00 and found it waiting at the baggage check area. We lugged it back to the hotel and left it in Secret Squirrel's room. Then Ping needed to take a shower, so Logic and I read some nifty OCI docs that Pinguino and Pesto had scored. Those are fucked up, and will be released soon. After that, I'm not real sure what happened, but I think we all ate and then drank some more. Saturday. Biggest day of the con. We got up early and got to the convention hall to get set up; we managed to get in an hour early. After spending 1.5 hours setting up and having people get let in 30 minutes early, we were in full swing. We sold all of the cool SysFail shirts we had (Pinguino is having more made, so go order them! (shameless plug)), some weird industrial Christian CDs ping had gotten called Systems Failure, and a buncha stickers. I also met PBXphreak, Calimar, Carolyn Meinel (yet another sticker on her back (yes Carolyn, that was us again)), random people, and someone who does weekly broadcasts and said he'd link to SysFail's page. I'm sorry, I lost the flier you gave me, please e-mail me so I can put a recursive link back to you. When the con was winding down as far as tables went, we took down the SysFail booth and then went to watch Emmanuel Goldstein rip on Takedown. Watch for the movie to come out, it'll be the next 'Hackers!' Sometime after that, I got stoned with Mr. YoYo and paiNe, then everyone went to the Star Trek Experience at the Hilton. To get there, we took two vans. Secret Squirrel, Phear, Corro, Sonik, other people, and myself took my van, while Logic, Pinguino, Mr. YoYo, paiNe, and Lil' Matt took YoYo's van. We beat them there, and were waiting at the bottom of the parking structure. Three of us were sitting/laying on the grass, and the rest were playing with the spongy sidewalk. While we were waiting, security came by and acted like assholes because we were on the grass. We got off the grass and made sure not to walk on the sacred ground. Next year that grass will be gone. Finally, YoYo rolled up, and we went inside the hotel to the Star Trek Experience. The ride was pretty cool. We tried to get the Klingons to laugh, but were unsuccessful at that. We did manage to get one lady to crack by screaming mosh pit after a particularly bumpy section. After the ride, we hung out in the promenade until we were kicked out. The reason we got kicked out is their informational kiosks. It's basically a Windows NT4 machine with a touch screen rather then a mouse. What happened, is that Pinguino found some chat thing and clicked the About button. After that, it popped up a new browser window that gave us access to the file menu. From there, we were able to see what was on the machine, and browse their network. They weren't happy about that, hence we got kicked out. Everyone e-mail Dark Tangent and tell him to get the Las Vegas Hilton, as we need to root the kiosks more and steal all their grass. After that, we all went to dinner at some crappy restaurant that fucked everything up, and they ended up calling security to make sure we made it out of the hotel. We then hung out a while, drank some more, and fell into bed for a glorious six hours of sleep. Sunday we all slept in, so there was no SysFail table that day. For the morning, we all just hung out, and then Secret Squirrel, Corro, Phear, and myself decided to go see a movie. Logic Box, Sonik, and BarKode all decided they'd rather be con whores. We went to the MGM Grand, which was the closest theater. Well, on the way, Secret Squirrel broke my window, so when we stopped Phear and I fixed it while Squirrel and Corro went to check on movie showtimes. Seeing that we missed the show and the next would start in time for everyone from the con to go, we decided to just hang out at the MGM. We played some video games and I kicked ass at Cruisin' World. We then visited the Coca Cola store and found they had a robot to greet people. We found the frequency (127 something), but no one had a radio that could broadcast there. Next year, baby. Anyway, we went back to the con, and YoYo, paiNe, and I got stoned again, then we went and watched Mafia. The movie was ok, coulda been better. We then went down to the GameWorks arcade and played for two hours ($15 for unlimited play from midnight until 2am). After that, we hung out in Phear's suite and finally got to bed about 4am. Monday, we got up, I kicked Logic's and BarKode's ass to get out in time, and Sonik and I dropped them off at the airport. From there, we headed back home, again two days of driving. I'm sure there are tons of holes there, but I wasn't sober most the time, so you can get the gaps from the other four reviews. E-mail dtangent@defcon.org and tell him to hold next year's con at the Las Vegas Hilton (not the Flamingo). Hey, it might happen! Fnord! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- DefCon 6 Review by BarKode (barkode@sysfail.org) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Pinguino shows us her stuff, BarKode passes out on the floor, Record amounts of alcohol are consumed, Tickle-Me-Elmo terrorizes Plaza security, and the Hilton gets owned. Yes, these events and many more occured at this year's DefCon 6, as System Failure decends upon Vegas taking no prisoners. -Wednesday My journey began Wednesday before DefCon; I had errands to run and things to do before driving to Logic Box's house in Sunnyvale from Sacramento. So, in about 5 hours I bought a digital camera from Fry's, exchanged a pair of shoes, and ran around Sacramento trying to take care of everything so I could get out of town. Around 6:49 I turned off of Howe Avenue onto Highway 50 on my way to Sunnyvale, arriving a bit after 8:30. We needed to be up at 8am, but we didn't get to sleep until 4am, because we had to beat River City Ransom and watch Clerks *and* Student Bodies before we went to sleep. Darkcactus was there when I arrived, and ran over to Arby's on the way to drop him off at his place. The Arby's in Sunnyvale has an ANSI character touch-screen menu ordering system, much to Logic Box's enjoyment. We ended up achieving all of the above goals before catching some sleep around 3 or 4am. -Thursday Waking up from the noise, we ended up at the airport around 9:30, and our flight was late. Ooooh, I was surprised. Regardless, we arrived at McCarran airport a bit after noon, me having slept through a good deal of the flight. Catching a limo to the Golden Nugget, we ended up riding with an FBI guy who was there on vacation, who had heard a little about DefCon. He proceeded to tell us of the government agencies he had worked for previously, neglecting to mention a large amount of specifics, but was a nice enough guy. Anyway, after checking our bags at the Golden Nugget, we went to the Plaza to find the con room, and ran into Swift, Noid, and associates, had a brief conversation. Hanging out in the hall outside the conference room, we were talking to a couple guys from Idaho when I noticed a some people from 303 walk by, while at the same time Logic Box saw Lefty/Secret Squirrel walk by. We both were like, "Hey, look who's over there." We were both looking at different people, and I thought he was talking about the same people Logic was talking about. I ran after Lefty and got him to tag along with Logic Box and myself. Regardless, we ended up going up to someone's room and meeting up with Joker, Vect0r, Mr. YoYo, and friends. We decided to head off to the Ham Radio place, and piled into a van with the seats removed. It was hot in the desert, and we drive a good 30 minutes to get to the Ham place, a worthwhile trip as the place was awesome. YoYo picked up a nice Yaesu and we took off to Wendy's. Returning to the Plaza, we sat around for a while in Lefty's room before going back to the Golden Nugget to try and find skullY and Sonik, who were two hours late (this involved some harassing of a lady in an elevator, but we won't get into that becuase I didn't approve). Watching the Fremont Show en route, we found them at the Golden Nugget. We wondered around for a while before having to pick up Phear at the airport. Getting back to the Plaza, we made our booze run. I got the biggest wine cooler I've ever seen, and drank it all on an empty stomach. More pointless wandering around after this led us to the room at the Golden Nugget, where I started to write this. :) Lefty and Joker were here and they wanted to program their radios. -Friday I woke up this morning to Logic Box screaming at me, trying to get me to get up so we could get to the Airport to pick up Pinguino. Of course, her luggage was still in New Mexico when she arrived, and we had to pay $21.00 to get it express shipped to the hotel. She had all the shirts and etc. for the booth, so our arrival to DefCon was without bounty. The con was getting underway by the time we got there, and we ran into Corro, Joker, and Phear right outside the con. Upon getting in the door I talked to Richard Thieme for a while, then broswed around for a while before setting up our table in the corner. We had no network access. Neither did the rest of the "rave" room. Well never fear, BarKode's here to run a bunch of cable. I ended up spending the next hour or so borrowing parts and cables to run about 100' of Cat 5 cable from the rave room to the network tables across the floor. Nobody else was going to do it, they just wanted to sit around and complain for hours. Still without power, my next quest was to get juice to the equipment so everybody could plug in their machines and hubs. Once I had this done everyone was happy to have network access, and I got the streaming video feed set up off of my laptop. I was streaming RealVideo back to a Brooks Fiber co-location facility in Sacramento, to be rebroadcast to the internet from there. Not surprisingly, the ADSL line was having problems, hence the intermittant feed from the con. When it was up, we were probably streaming, and the RealEncoder software I was using was barely making it on the laptop with the quickcam. StripCon happened later that day when some girl stripped on our table behind the backs of distracted security guards for points in the scavenger hunt. Logic Box and Asphyxia wouldn't shut up about this for the next hour, even the next day. I was more concerned with getting her away from the booth immediately following the show to avoid any potential trouble. Walking around during the day, I ran into Courtnee, who told us of her run in with security guards and a van. It seems she had gotten extremely intoxicated the previous evening and had hidden from security guards under a van, due to her not being of legal age to drink at the time. They found her and hauled her out from under the van, scraping up her hands. Doesn't this happen to her every year? DrekHead decided to write a network scanning tool for some purpose, but ended up accepting the challenge to write a functional ethernet sniffer in less than 20 minutes. I told him I'd give him a dollar if he wrote it in Fortran, but he declined. Ok, this is where it starts to get less accurate, because I'm writing this part at 5:30 Saturday Evening. Hacker Jeopardy started around at 10:00, which proved to be not that interesting. DrekHead, Corro, and I were going to go up to play, however our team didn't get drawn, which was actually a good thing considering Corro was not present at the time. I didn't stick around, I ended up taking off to clean up the SysFail booth. Sonik and I picked up the GTE van door which had been brought to us earlier in the day and began to take it up to the hotel room at the Plaza for temporary storage. This lead to a funny incident. The elevator door opened, someone looked at us, the doors began to close, and the guy looks over at the door, and says, "What the fuck?" as the doors shut. We deposited the door, and made our way back to the Con. We met up with the group and made our way to dinner at some cafe on Fremont. This place sucked, and the waitress, er, waiter even, was a jerk. He messed up the orders and we ended up paying too much. PBX Phreak threw a big fit and security got called. We were kind of escorted out of the restaurant. On the way back some pedestrians (drunk, southerners) started to talk to us and ended up holding us up for 20 minutes. We kind of messed with them and we took a picture of them with us. I convinced him my digital camera contained secret government microfilm, and the guy swore up and down that I was James Bond. He told us of stories in which he had shot his neighbor's dogs because they were being too loud. Louisiana...hmmm.... Finally we get back to the Plaza, where I started mixing strange drinks and became intoxicated. Ping, Vect0r, Lefty, and I all headed to the snack bar on the first floor. This became a circus quickly because I was a bit liquored up and the rest had traveled great distances and were suffering from sleep deprevation. People gave us funny looks as we had a gigglefest (co: Ping) for about half an hour, and then jammed back up to the room for some sleep. I'm not quite sure what happened between then and when Pinguino and I passed out in Secret Squirrel's room, with SS taking the other bed, and Vect0r hitting the floor. -Saturday Saturday I woke up around noon and was late getting to the con, where our booth was up and running and kicking serious ass. We sold almost everything, including all of our shirts. We took some cool group pictures. We finally got the quickcam up and running properly, as I ran into Teklord today and we downloaded RealEncoder and started streaming video from his machine. I hung out and watched some con stuff for a while, a few talks, wandered around and talked to people and hung out at the System Failure booth. I ran into quite a few people today, including Garbage Heap and Rosie the Riveter, some friends who recently moved away. We ended up hitting the Star Trek Experience, which was awesome, and ate at Quark's. It took like over an hour to get back, and I missed the majority of the TCP/IP drinking game, ack (no pun intended). I couldn't find Pinguino, who supposedly had my room key. So I ran into TRC, KC, and Squishy! Squishy was the guy who walked me back from the Monte Carlo to the Excalibur at DefCon 4. Squishy is always drunk, and he was absolutely plastered tonight. I went up to their room where KC introduced me to some neat drinks and neat shot glasses with built-in chasers (I'm not that into chasers, however). Some guy comes into the room and starts pulling out some crazy stuff from his backpack, including a nice magstripe decoder I wanted to get, but he didn't want to give it away. Well, Squishy ended up using the bathtub as a restroom, much to my dismay as I was the next person into the bathroom, but Squishy was way too drunk to even talk about it, he just wanted to get into a wrestling match with that guy that had the magstripe decoder, and proceeded to do so. TRC, Casey, and I were rather annoyed and decided to head back up to Squirrel's room for booze. We grabbed what was left in TRC's room and split, only to find Squishy hot on the trail. This wasn't a problem, we just needed him to chill out. We all went to Secret Squirrel's room to continue our alcohol escapade. Squirrel decided to go on a booze run due to lack of product, so he taook some orders. As he took off, Sloth and Asphyxia (Sloth being wasted) came running down the hall yelling about "I didn't do it!" Everyone started coming out of their rooms looking around, and Sloth fell through the doorway drunk. At this point I was already annoyed at Sloth and now I was just pissed off, and I wasn't too pleased with Asphyxia. This was the general concensus, and Squirrel said "Get that guy out of my room." I was in agreement with that, and Asphyxia and Sloth took off. Asphyxia wasn't being bad or anything, but Sloth was and Asphyxia had to escort his drunk ass back to his room. Well what had happened is Squishy had jumped up into the air and broken a tile in the ceiling in the elevator room. This wasn't as bad as everyone made it look like, and security never showed up. Nevertheless we had already moved all the beverages to another room, and now moved it back. At some point I met up with Teklord and he joined the party, as Teklord and I have known each other for a while and have had yet to sit down and have a drink. We recitified this quickly, and posed for a cool picture. XBS and I were dubbed "The Booze Brothers" as we were taking shots of whatever would fit in the glass. I became rather drunk and the rest of the night we all moved from room to room hanging out. Arriving in Gwonk's room, we continued to drink, and I ran into a guy named Kaidream from Bakersfield, and posed for a picture with him and XBS. I left my shot glass in there as well, argh. Teklord and I had some drinks for a while after a brief ClosetCon with Pinguino, and caught up on things. The rest of the night was parties with friends and meeting new people. DefCon folk were particularly friendly and open this year, and that made the con even that much better. I ended up with Pinguino and Joker in YoYo's room, where we hopped around and played. Pinguino and Mr. YoYo gave us a good strip show (socks, shoes, hats, and DefCon badges), and Joker ran down the hall in his underwear in slow-motion on camera. Ping, Joker, and myself all hopped into bed for the now-infamous threesome picture (fully dressed, I might add). I ended up passing out cold on the floor, and Pinguino followed suit soon after. Ping woke me up in the morning (morning, pshaw. It was like a few hours after we went to sleep around 5 or 6) and we had to jam. -Sunday Turns out that the previous day at the Star Trek Experience, Pinguino had broken into one of the Internet Explorer stations they have sitting around for people to browse an internal Star Trek site with (I believe startrek.msn.com was actually the majority of the site). Somehow she got out of the browser and was moving files around the network when she was accosted by Hilton security. They ended up just walking away, and broke into two groups. We couldn't find them for hours, but Phear, Pinguino, and the rest of the people with them wandered into the hotel room a few hours later. We were rather distressed at their absence and were pissed to find out that they had just been hanging out at the Stratosphere. Sunday was primarily a relaxation day. Idling around the con and just talking and meeting people, introducing friends to friends and exchanging e-mail addresses. We walked around and just talked to everyone. As the con came to a close, people said their goodbyes and took off. It was at this point that the harassment of the Plaza security stopped, as for some reason someone had been broadcasting Tickle-Me-Elmo over their security frequency throughout the entire con. However, that afternoon, Phon-E was approached by some military authority and escorted from the con. Mixed reports lead to believe that the person was a member of some detention/corrections department, however this could be wrong. Either way, the dis.org team went into damage control mode in about 30 seconds. The escapade supposedly had them following the car Phon-E was in for a while, but I'm not sure how it ended out. We ended up seeing a movie (Mafia!, which sucked) and hanging out down the strip later that evening. We visited that big Coca-Cola bottle building and ran around causing mayhem for several hours. Corro took off around midnight. -Monday Monday we awoke to be driven to the airport by skullY and Sonik, and we got on our plane literally seconds before departing the gate. DefCon 6 was nice, much better than I expected considering last year was a downfall from DefCon 4, and I'm glad there's not a downward trend starting here. I hope everyone had fun, and I hope to see you all again next year. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <-------+ | DefCon 6 Quotes +----------------> staff@sysfail.org Don't fondle the plastic bread. Anything else to drink? We're already drunk. It's 2:30? It was 9:45 a minute ago. How would you like that cooked? Like McDonald's does it. This van door is ruining my shoe. I wrote a telnet client in perl on my placemat. Oh, did I just stab you? It's neeeeeeeaaat!@# You're like James Bond. Whose fucking leg is this? IRC is fucking life!#@%$!@^%!#@$^!#$%@#!^!#$^@#$^#!$%!@# It's never too early to get fucked up! You shit marijuana? Why are there footprints on the ceiling? I wanna steal that bottle cap. What the hell would you do with a 20 ft. bottle cap? Pong you fat bitch! What the fuck? (As Sonik and BarKode tote the GTE van door upstairs) XBS, I killed your pudding. Is it me or is the Statue of Liberty stacked? Me and Linux, we get along. I'm not drunk. I'm a little bit drunk. I'm FUCKING drunk. I look high. It's fucking RED. This fucking toilet seat sucks. Logic, you can buy 50 cent pieces at the bank. Really? How much are they? This elevator smells like ass. Are you implying that you're dead? Did you guys bring any fruits or vegtables with you today? *points at sonik* Just him. Four big ass Dr. Peppers, please. What size? I owned them without even touching a keyboard. Is everyone alright? I LOST MY HAND(*&&*(!#&*(!$#*(&(&@*# There's something wrong with me. Word. You almost dropped her off a mountain? Things that go BEWM@^&*#@^&*$ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- <-------+ | SysFail Mailbox +----------------> staff@sysfail.org Oh boy, here's a couple more neato e-mails we've gotten from people lately. From: Sarin To: sysfail@sysfail.org Subject: good site but... i like the new look of your site, but now i cannot find a certain phile... it described the process to hack the NCIC just one prob with it, the password is asterisked over... where can i find it? thank you. (dont mention my name, i know it isnt safe) # Um. # 1. That article was just a joke. Retard. # 2. You obviously know nothing about any type of UNIX operating system. # 3. We took that article (and several others) off the site because we're # being more selective about which ones we HTMLize. Search back issues for it # if you really want to see it. ------------------------------ From: Gryzor To: logic@sysfail.org Subject: Hello hello i am french and i want to creat an good site with an search motor inside, for that i search some zine underground i can't localized Total control Mag you have some information on it or you can send me these filez ?? # I'll let you know, just as soon as I figure out what the hell you're asking. ------------------------------ From: Jokers Wild To: sysfail@sysfail.org Subject: joining Hello, I am j0k3rs WiLd. I would like to join your group. I am an experienced hacker who lives in Georgia. I have been into "Security" for 3 years. I would be willing to contribute "k-rad" graphics to your web page. I use Photoshop. If you are interested email me back. # I'm sure you're one of the best security guys out there, but I don't think # we're ready for someone of your obvious skill level. I'll get back to you # when hell freezes over. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- That's it for issue 14. You can probably expect our next issue sometime in early November (I hope). =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-E-O-F-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-