Dave Bullock / eecue

photographer, director of engineering: crowdrise, photojournalist, hacker, nerd, geek, human

LayerOne 2005

This weekend I attended a security and technology conference called LayerOne. LayerOne is in its second year running and this year was even better than last year. It is really nice to have a security conference in the LA area (toorcon is pretty close being in San Diego).

I only live about half an hour from Pasadena, but I decided to book a hotel room for both Friday and Saturday. I showed up on Friday in the early afternoon because I still had to do some work on my presentation. Just for the record I want to state that Keynote is a far superior program in comparison to Power Point.

I worked on my presentation for a few hours and then decided to walk over to Afloat Sushi, which is one of my favorite restaurants in Pasadena. After eating about 10 plates of sushi I walked back to my hotel room and took a nap. A call to my cellphone from Kelvin awoke me and I rolled out of bed, realizing I still had an hour left of work to do on my Snarl presentation. Luckily Kelvin is easily amused, so I put on Fox News and finished up my work.

By the time I had finished typing Tacitus, Queeg and Capn had also showed up and we decided to walk over to the bar that the pre-party was located. It was about a mile walk and once we arrived my phone started ringing and Penelope was on the line. She was just showing up at the hotel and I didn#146t want her to walk alone so I turned around and walked back to meet her in the lobby of the Hilton.

As I neared the Pasadena Hilton my phone once again started ringing, this time with Flea on the line. He proceeded to tell me not to go back to the bar and that we were going to party at the hotel. The main reason for not going to the bar was that Arclight was baby-sitting his 17 year old cousin and she would not be able to get into said bar. So I agreed and as I walked to the hotel I saw Penelope as Flea, Arclight and Princess Mascara pulled up.

After trying to round up people to come drink and only successfully snaring Cyber, we headed out to the patio and started drinking a lovely combination of grain alcohol from mexico and Fanta. This concoction allowed us to become drunk quickly without having to imbibe too much liquid, which I thought was a good thing and may or may not have been after all. Kelvin thought he could drink like us, but as it turned out, he was wrong. He ended up sleeping in his vomit on a metal grate while we continued to drink. Some times I feel bad for Kelvin because he is the brunt of nearly every joke we make, but then he passes out in his own vomit and I just have to laugh.

The next morning Penelope and I woke up to room service which was actually really good, or maybe that had something to do with the hangovers. Penelope had to work and I had to sleep in, but when I awoke I headed down to the con to catch a few talks. I arrived just in time to hear the last few minutes of the APC sales pitch.

The following talk by Jason Spence was called Dirty CMOS Tricks and covered things you can do to BIOS settings in CMOS. The talk covered how you can change settings in the BIOS from userland in order to lock people out of their own systems and other nasty tricks. I was interested to know what effects Trusted Computing would have on these nasty tricks, and it seems like it will make even nastier tricks possible.

Up next was Major Malfunction#146s talk called Old Skewl Hacking - Infrared. Major#146s talked about how Infrared is everywhere and there is little or no security involved in the way it is implemented. He started by showing how he had brute forced his garage door opener and then moved on to the really cool stuff... hotels. Your average hotel room is mostly controlled by IR, including the minibar, the tv and the pay channels. Major showed how easy it was to reset the amount you owe in the minibar; watch pay channels for free; watch other people browsing the internet on their set top boxes; and even get access to the systems that run the hotel.

The next talk by Erik Berls was Layering in defense: Front ending WWW. This talk was about setting up squid as a reverse proxy in chroot with limited system calls and veriexec. I found the talk interesting, but I was more interested in what he had to say throughout the weekend about his ultra-cool security job at an unnamed company.

We took a break and I don#146t recall what we did for a few hours, but I can guarantee it involved drinking copious amounts of ethyl alcohol. When we returned to the con we were just in time for H1kari#146s talk about cracking encryption using Field-Programmable Gate Arrays(FPGAs). FPGAs are a collection of gates that you can program to do whatever you want. H1kari#146s FPGA was programmed to crack encryption and it did so about 10x faster than a standard processor, even though the FPGAs run at a much slower clock speed (200Mhz). I am very interested in FPGAs and I can see in them replacing standard processors in the future. Imagine being able to load new firmware in your Pentium II and have a Penitum III. I am planning on buying an FPGA development kit.

After the talk and a few Guinness's we walked to A#146Float Sushi where I inhaled 17 dishes of sushi. I was quite full and a bit drunk when we got back to the hotel, but we were just in time for some Polish Boxing matches. The first match was Queeg vs. Riverside who is about 1/3 the size of Queeg. Luckily for Riverside he was not quite as intoxicated as Queeg and after three brutal, bloody rounds he emerged the winner. The next fight was Pescador vs. Pappy and was much more civil. Pappy won 2 of three matches and the Polish Boxing ended for the evening.

The next morning I rolled out of bed long enough to eat the hearty room service breakfast and then rolled right back in to bed and slept until about an hour before I was supposed to give my talk. I had to borrow Arclight#146s laptop because the screen on my Powerbook doesn#146t work and facing the projection screen would make for an even more akward lecture. I exported my lecture from Keynote to Quicktime and stored it on my USB drive and made my way down to the convention hall where I set up my gear for the lecture.

The lecture went fairly well considering it was my first ever public speaking gig. Nothing went horrible wrong, although it did take a few minutes to get the demo going. In the end I think I enjoyed speaking and I look forward to giving another talk in the not too distant future.