Scheduling | Talks List (with audio downloads!) | Speakers List


2600 Meetings: Yesterday, Today, and Tomorrow

Rob T Firefly, Grey Frequency, Gonzo

In this panel, longtime attendees and website admins of New York City’s 2600 meeting will explain how an event that began in the 1980s as a simple way for local hackers to meet each other in person has grown into a major and vital part of the worldwide hacker community. The panel will recap the history of 2600 meetings, and explain the basics for those interested in getting involved with an existing meeting or starting a new one. Issues involved in operating a 2600 meeting’s web presence will also be addressed. There will most certainly be a recounting of some favorite meeting stories and experiences, and the lasting effects the meetings have had on all sorts of lives.

Saturday 2200 Lovelace | Download Audio: 16kbps or 64kbps


American Bombe: How the U.S. Shattered the Enigma Code

Shalom Silbermintz

Many people know the story of Alan Turing and his work at Bletchley Park in designing the British bombes, the machines used to crack the German Enigma codes. What most people don’t know is what happened afterward. When the German military added a fourth rotor to the Enigma, a new type of machine was needed in order to crack the codes and keep Allied intelligence out of darkness. These American bombes were the first multifunction computers ever built, and are an important part of the history of modern computing. It’s the incredible, gripping story of an enterprise that rivaled the Manhattan Project in secrecy and complexity, and ultimately led to the first modern digital computer.

Sunday 1300 Lovelace | Download Audio: 16kbps or 64kbps


Arse Elektronika: Sex, Tech, and the Future of Screw-It-Yourself

Johannes Grenzfurthner

We may not forget that mankind is a sexual and tool-using species.

From the depiction of a vulva in a cave painting to the newest Internet porno, technology and sexuality have always been closely linked. New technologies are quick to appeal to pornography consumers, and thus these customers represent a profitable market segment for the suppliers of new products and services.

Currently, all factors show that high-tech developments owe a great deal of their success to the need for further sexual stimulation. One could cite the example provided by the science fiction concept of a full-body interface designed to produce sexual stimulation. But it isn’t science fiction anymore. It’s DIY.

As bio-hacking, sexually enhanced bodies, genetic utopias, and plethora of gender have long been the focus of literature, science fiction and, increasingly, pornography, this year will see us explore the possibilities that fictional and authentic bodies have to offer. Our world is already way more bizarre than our ancestors could have ever imagined. But it may not be bizarre enough. “Bizarre enough for what?” you might ask. Bizarre enough to subvert the heterosexist matrix that is underlying our world and that we should hack and overcome for some quite pressing reasons within the next century.

Don’t you think, replicants?

Friday 1500 Tesla | Download Audio: 16kbps or 64kbps

======================================================== DDoS – How Evil Forces Have Been Defeated

Alessio “mayhem” Pennasilico

What if your infrastructure was attacked by a skilled and powerful organization, able to control many zombies all around the world? A real case history will be analyzed, with a long trip through sleepless nights, finishing with a DIY solution using OpenBSD based servers and a bit of cleverness, all of which eventually led to a happy ending.

Sunday 1500 Bell | Download Audio: 16kbps or 64kbps


Behind the Padlock: HTTPS Ubiquitous and Fragile

Seth Schoen

HTTPS is finally getting adopted all over the place – including Gmail, Twitter, Facebook, Google Search, and Wikipedia – as people realize that packet sniffing is easy and credit cards aren’t the only sensitive information we send over the Internet. At the same time, a new series of attacks and scandals have shown that TLS is rather fragile. SSL stripping lets attackers bypass sites’ HTTPS-only policies; a series of scandals over the past two years has renewed skepticism of certificate authorities’ role and the security of the global public-key infrastructure. More and more people are wondering who those strange organizations are, what they’re doing in our browsers, whether anyone knows if they’re doing a good job, and even how to pronounce some of their names. And recent evidence suggests some CAs may be inept – or cooperating with national governments.

Seth will explain the push to increase HTTPS deployment to protect privacy and fight Internet censorship, but also make its protections more meaningful and robust. He’ll describe the work on Firefox plugins that change the browser security model, and ideas on information sources that can supplement the certificate authorities. The talk will also include a look at SSL Observatory, which aims to collect data to catch rogue CAs in the act.

Saturday 1100 Lovelace | Download Audio: 16kbps or 64kbps


The Black Suit Plan Isn’t Working – Now What?

James Arlen

The suit plan isn’t working. At The Last HOPE, James told you all about the awesomeness of The Black Suit. But you’re finding that it’s not really working out… maybe it’s possible to lower the goal? Can we take advantage of the Econopocalypse, the fact that two years have gone by, and infiltrate the upper echelons without having to leave the Black Hat behind? With cyber humor, blistering criticism, and awesometastic possibilities, spend some time in a discussion about ways to get to the place we all want to be – employed and happy.

Sunday 1600 Bell | Download Audio: 16kbps or 64kbps


Botnet Resistant Coding: Protecting Your Users from Script Kiddies

Peter Greko, Fabian Rothschild

Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.

Friday 1500 Lovelace | Download Audio: 16kbps or 64kbps


“Brilliants Exploits” – A Look at the Vancouver 2010 Olympics

Colin Keigher

With the 2010 Winter Olympics having come and gone, it’s not too late to look back at what an event it was. From a technology standpoint, CCTV cameras and ticket sales will be looked at, and from a social standpoint, matters involving intellectual property as well as the police will be examined.

Friday 1700 Lovelace | Download Audio: 16kbps or 64kbps


Build Robots and See the World

Jonathan Foote

Computing and electronics parts are inexpensive enough these days to allow amateurs to build surprisingly sophisticated machines on a budget. Jonathan will talk about his experiences building kinetic artworks like Chassis the Drink-Serving Robot and SWARM, the collection of six spherical orbs that roll without wheels. He will discuss how it got started, how the robots work, and how knowing what you are doing is not always the best approach. Although they haven’t quite achieved world domination, he and his collaborators have exhibited robots at the Coachella Music Festival, the International Festival of Cocktail Robotics in Vienna, as well as the Techkriti Festival in Kanpur, India. The interested beginner will wind up with a bunch of tips and sources for getting started in robotics.

Friday 2000 Tesla | Download Audio: 16kbps or 64kbps


Building and Breaking the Next HOPE Badge

Travis Goodspeed

This lecture describes the design of The Next HOPE badge’s hardware and firmware, as well as the security of the same. Attendees will learn how to add a USB chip, how to reflash a badge with new firmware, and how to write new software for the device. Additionally, attacks against which the badge is – or is not – defended will be explored in detail. Topics will include the design of the Open Beacon firmware, forced firmware extraction, and the repurposing of badges into packet sniffers, radio jammers, Morse code beacons, and a dozen other things.

Saturday 2200 Tesla | Download Audio: 16kbps or 64kbps


Burning and Building Bridges: A Primer to Hacking the Education System

Christina “fabulous” Pei

Public education today consists of underpaid, overworked, and generally dissatisfied teachers who are tasked with force-feeding students overwhelming amounts of information, perfectly regurgitated onto multiple-choice exams. State exams, for their part, are written by people who understand neither content nor students. Over the years, we have successfully created an education system that stifles creativity, stymies logical reasoning, and stunts learning. Long gone are the days of self-motivated learning, when children used their hands and their heads, piecing the world together with all their senses.

Fortunately, we have hackers and hackerspaces. Makerspaces and art spaces, music spaces and theater spaces. Here are the last vestiges of true education, where individuals still take objects and learn from them – observe, break apart, analyze, fix, and piece back together. If we can accept the productive and creative capacities of such spaces, and use them as community centers for learning, we have the potential to become the next big force in public education. This talk will be about hacking education as we hack anything else. That is, break the existing system, throw out what gets in the way (tests, outdated formulas, teacher-centric classrooms), reconstruct the pieces conducive to learning (inquiry, manipulatives, the outdoors, the real world, use of tools), and piece back together an education system that works for us, rather than against us.

Sunday 1200 Bell | Download Audio: 16kbps or 64kbps


Buying Privacy in Digitized Cities

Eleanor Saitta

As new sensing technologies appear in our cities almost overnight, what does it mean to be visible or invisible? What happens when socioeconomic categories determine when, where, and how you’re seen? The asymmetry in who is visible, and where, is a long-standing urban problem, but it is now being built into our technologies and our cities.

The worlds of advertising, city planning, and law enforcement are each creating their own inconsistent visions. Privacy is not dead; rather, it is being selectively vivisected. What can we do to fix this? In this talk, a lot of problems and a few solutions will be covered, including the announcement of a new competition for the development of tactical countersurveillance tools.

Friday 1900 Bell | Download Audio: 16kbps or 64kbps


Cats and Mice: The Phone Company, the FBI, and the Phone Phreaks

Phil Lapsley

Ever since the first blue box arrest in 1961, the telephone company, the FBI, and the phone phreaks engaged in a long-running game of cat and mouse. This talk explores the moves and countermoves between the two sides from 1960 to 1980, covering advances in phreaking – new ways to hack the phone system and evade detection – as well as advances in finding and prosecuting those pesky phone phreaks. Based on exclusive interviews with phreaks, FBI agents, and telephone company security officers for his forthcoming book on the history of phone phreaking, Phil will focus on some of the more dramatic battles between the two sides that occurred during the heyday of analog phone phreaking, including the 1962 Harvard “spy ring,” a certain well-known phone phreak’s wiretapping of the FBI in 1975 (yes, you read that right), and the hacking of the military’s AUTOVON telephone network in the mid-1970s.

Sunday 1200 Tesla | Download Audio: 16kbps or 64kbps



Jimmie Rodgers

A general overview of circuit bending, as well as its history, and some examples of really cool bends. An assortment of bent toys will be displayed. This talk will cover a good deal on the basics of bending, and some of the techniques used to coax the sounds out of a variety of toys. You’ll learn what to look for in bendable toys, as well as techniques that are least likely to destroy toys. There will also be a basic workshop on circuit bending where people can build their own bent toy.

Saturday 2100 Lovelace | Download Audio: 16kbps or 64kbps


Closing Ceremonies

This is really worth sticking around for, as so many people do. Sure, there are those who leave early on Sunday because they have to get back to whatever it is they do in the real world bright and early Monday morning. But if you fancy something a bit more celebratory and different, we suggest you stick around as the conference truly winds down. This is where you hear some of the back story of the conference, get a chance to win some prizes, and hopefully help us put the hotel back in the state in which we found it. Maybe even a better state.

[Speaking of the hotel, at press time it appears that a major public hearing will be taking place the day after HOPE concerning the proposed demolition of the hotel where public opinion will be sought. If this remains the case, there will never be a better opportunity to show those in charge how important the Hotel Pennsylvania is to the world. You don’t have to be from New York to participate - in fact, the more people from all parts of the globe who speak up, the better. We will have updated information on this throughout the conference.]

We hope to see even more people than the usual huge mob for this special closing.

Sunday 1800 Tesla | Download Audio: 16kbps or 64kbps


Content of the Future

Michael S. Hart, Greg Newby

There are billions of cell phones and other mobile devices, computers, and dedicated readers in the world that can be used for reading eBooks and accessing other digital content. They may also be used for sharing, editing, annotating, and authoring. Is the future what the inventors of the digital revolution dreamed of? Yes and no. While digital content can be liberated and liberating, it is also being used to turn the masses into complacent consumer zombies. These wondrous tools for creating and sharing our own content might, at the same time, de-emphasize our ability to use the written word and logical thinking. In this session, the father of eBooks will share his thoughts on these topics and more. Despite corporate control and other negative forces, the liberation and proliferation of digital capabilities and content is changing the world for good, and will continue to do so. The session will discuss how software, creative thinking, and contributed labor have created the free digital content of today. More importantly, it will point the way to a future of content that achieves our dreams, and more.

Friday 1200 Lovelace | Download Audio: 16kbps or 64kbps


Cooking for Geeks

Jeff Potter

Are you interested in the science behind what happens to the food in your kitchen? Do you want to learn what makes a recipe work so you can improvise instead of simply following a set of instructions? In this talk, Jeff Potter, author of the forthcoming O’Reilly book Cooking for Geeks, will share the key insights into what happens in the kitchen from a geek perspective so that you can improvise and create your own unique dishes.

Friday 1600 Bell | Download Audio: 16kbps or 64kbps


CV Dazzle: Face Deception

Adam Harvey

As CCTV camera networks proliferate worldwide, so do automated face detection/recognition systems, which can rapidly identify faces in crowds and covertly log individuals’ movements. CV Dazzle is camouflage from face detection. It’s based on the original Dazzle camo from WWI and thwarts automated face detection/recognition systems by altering the contrast and spatial relationship of key facial features. Developed as a challenge to the growing prowess of computer vision, CV Dazzle undermines the capabilities of visual capture systems under the guise of high-fashion aesthetics.

Sunday 1500 Lovelace | Download Audio: 16kbps or 64kbps


Design of a Wireless EMG

Konstantin Avdashchenko

This talk is a summary of all the steps taken in designing a wireless EMG. Such a device is capable of using the faint electrical signals that muscles give off when used in controlling other systems. Konstantin’s current design is a combination of power supply circuitry to run off a lithium-ion battery, a nRF24l01+ chip for wireless capability, a PIC 18F4550 as the brains of the device, and an amplification board to amplify EMG signals. This presentation will show how each of these elements come together to create a wireless EMG. The talk will cover the sections of design, manufacture, testing, coding, and future work.

Friday 1700 Bell | Download Audio: 16kbps or 64kbps


Detecting and Defending Your Network from Malware Using Nepenthes

Marco Figueroa

Security analysts have a tendency to believe they are safe because the red alert light hasn’t blinked on their IDS/IPS device. This remains true even when organizations have invested the time and budget to deploy a myriad of different tools to defend against the overwhelming number of network defense issues we all tend to face. A key pain point among these issues is keeping malware and the subsequent bot herders who spread it off of your corporate network.

Nepenthes is an open source honeypot that allows for the collection of malware “in the wild.” It emulates known vulnerabilities and will download and capture the malware when it is attempting to compromise the honeypot. This collection process allows for further analysis and understanding of the malware in question. This presentation introduces this powerful and flexible tool and will discuss malware collection techniques attendees will immediately be able to take home and implement within their network environment and add another layer to their “defense in depth” strategy.

Friday 2200 Bell | Download Audio: 16kbps or 64kbps


Digital: A Love Story

Christine Love, Jason Scott

Earlier this year, author Christine Love released a computer game called Digital: A Love Story, an interactive adventure based about BBSes, hacking, and science fiction. Taking place in 1988, Love created a game that took place one year before she was born, utilizing as a research source for historical fiction.’s Jason Scott will interview Christine about the inspiration and creation of this game, what the BBS era offers as a story background, and a glimpse into how future generations will look at the hackers of today.

Friday 1400 Lovelace | Download Audio: 16kbps or 64kbps


The DMCA and ACTA vs. Academic and Professional Research: How Misuse of This Intellectual Property Legislation Chills Research, Disclosure, and Innovation

Tiffany Rad, Chris Mooney

Fair use, reverse engineering, and public discussion of research encourage innovation and self-regulates industries. However, these principles which define our vibrant and creative marketplace are fading. If a professional cannot constructively critique another’s research online without being burdened with takedown notices until the critique is obscured or functionally removed for long periods of time, we do not have a society from which we can learn from others’ mistakes and improve our trade.

Attendees will gain a greater appreciation about how the Digital Millennium Copyright Act (DMCA) is increasingly being used in ways that chill free speech, disclosure of security vulnerabilities, and innovative research. Using hypothetical examples and discussing case law, this talk will outline procedures for counterclaiming and alternatives to removal of allegedly infringing materials, including discussing why data havens (some in anticipation of enactment of the Anti-Counterfeiting Trade Agreement) are becoming more popular.

Sunday 1300 Tesla | Download Audio: 16kbps or 64kbps


Easy Hacks on Telephone Entry Systems

Davi Ottenheimer

Telephone entry systems are practically everywhere in the city. An investigation after a series of break-ins uncovered several shockingly simple bypass techniques currently used by criminals. This presentation explains how the common keypad box will grant full access to a building in under ten seconds using only basic tools. The presentation will also give details on a series of countermeasures that can significantly reduce the vulnerabilities.

Friday 1900 Lovelace | Download Audio: 16kbps or 64kbps


Electronic Take Back

John McNabb

Discarded electronic products contain many toxic substances which can pollute the environment and threaten human health. Many countries in the world require the manufacturer to be financially responsible for the collection and recycling of their discarded products, which provides an economic incentive to make the products less toxic and more recyclable. More and more U.S. states are adopting electronic take back laws. This talk will review the concept and practice of electronic take back, its track record in the E.U. and in the U.S., and why IT pros and IT security practitioners who want to support good environmental practices should support it.

Friday 1500 Bell | Download Audio: 16kbps or 64kbps


Electronic Waste: What’s Here and What’s Next

Stephanie Alarcon

Electronic waste is a problem that dogs technology buyers, system administrators, electronics manufacturers, and especially people who engage in informal – and often dangerous and toxic – disassembly. This talk will outline the history and scope of the problem, the environmental justice implications, the regulatory environment, industries that may be poised to face or prevent similar issues, and what we as technology workers can do to turn the tide.

Friday 2200 Lovelace | Download Audio: 16kbps or 64kbps


Examining Costs, Benefits, and Economics in Malware and Carding Markets

Dr. Thomas J. Holt

Much has been made of the growth of online black markets in Russia and Eastern Europe that facilitate the sale and distribution of tools and information designed to subvert and compromise computer networks and users. Specifically, web forums allow individuals to purchase access to sophisticated malicious software to victimize vulnerable systems and individuals, and sell the data they illegally obtain for a profit. While it is clear that malicious actors can acquire myriad resources to facilitate criminal activity, it is not clear what the return on investments is like relative to the costs of buying goods and services through these markets. This qualitative study examines this issue through an economic analysis of a sample of threads from ten active publicly accessible web forums that traffic in malware and personal information. Specifically, this talk will consider the costs of trojans, botnets, iframes tools, spam, DDoS services, and credit card information for victims and offenders to estimate dollar losses for victims relative to the economic gains for offenders who utilize and provide these resources. The findings will give significant insight into the role of malware and carding forums in the problem of cybercrime and the prospective economy revolving around computer intrusions and compromises. In turn, this talk can benefit computer security professionals, law enforcement, and anyone interested in better understanding cybercrime from the offender perspective.

Friday 1400 Bell | Download Audio: 16kbps or 64kbps


False Domain Name Billing and Other Scams

The Cheshire Catalyst

Telex directories have moved on. In ancient history (the 1970s), scammers would send “invoices” to companies listed in the telex directory, billing them for listings in their “telex directory.” Fax machines were killing telex, and e-mail and FTP provided the death knell. Now those people are showing up again, sending out invoices for “domain name services.” They are not invoices, and you don’t have to pay them. A look at some of the more infamous scams of technology that people have been taken in by.

Saturday 1000 Bell | Download Audio: 16kbps or 64kbps


For Its Own Sake and to Build Something Better: A Primer on Neuroscience, Bat Echolocation, and Hacker Bio-inspiration

Scott Livingston

This talk will introduce bat echolocation, in both behavioral and neuroscientific contexts, demonstrate relevance to engineered (sonar) systems, and provide a description of and results from Scott’s effort to study spatial aspects of bat sonar beams. There will also be an outline of ideas for improving ultrasound range finders (e.g., as common in robotics) and time for discussion.

Saturday 1200 Bell | Download Audio: 16kbps or 64kbps


Free Software: Why We Need a Big Tent

Deb Nicholson

There’s been a lot of talk about diversity in free software lately. This talk will cover why that’s important and introduce some of the tactics from the political organizing world that can be used to build a successful free software project and by extension a successful free software movement. Expect references to Saul Alinksy and Cesar Chavez as well as a bit of an introduction to free software and what it means for our increasingly technology-dependent world.

Saturday 1800 Lovelace | Download Audio: 16kbps or 64kbps


The Freedom Box: How to Reclaim Privacy on the Web

James Vasile

The world has finally realized that “spying all the time” is too high a price to pay for social networking platforms like Facebook. Now it’s up to the hacker community to respond and build a free software social networking distribution to empower end users and help them reclaim their privacy. Software Freedom Law Center attorney James Vasile will talk about the progress of the “Freedom Box” box project and how the hacker community can get involved.

Sunday 1400 Bell | Download Audio: 16kbps or 64kbps


From Indymedia to Demand Media: Participation, Surveillance, and the Transformation of Journalism

Chris Anderson

In the late 1990s, advances in digital content creation and distribution raised hopes that journalism and the media were becoming radically democratized. While these hopes have been borne out to some degree, old hierarchies and fissures are reasserting themselves as new forms of journalism become normalized. What’s more, digital technology affords more than just participation; it affords surveillance and algorithmically driven visions of consumption. This conversational talk will address these issues, with a jumping off point being a comparison of different journalistic “visions of their audience.”

Sunday 1100 Tesla | Download Audio: 16kbps or 64kbps


Geo-Tagging: Opting-In to Total Surveillance

Paul V

Many social networks allow users to expose geo-locational data. For example, Twitter allows each tweet to be tagged with the GPS location of the user. While perhaps harmless individually, once aggregated, these geo-tagged tweets can be used to build a profile of the user, revealing far more personal information than intended. A tool that aggregates tweets and helps visualize and classify where people are tweeting from will be demonstrated and the implications discussed.

Saturday 1500 Lovelace | Download Audio: 16kbps or 64kbps


Get Lamp Screening and Discussion

Jason Scott

In the early 1980s, an entire industry rose over the telling of tales, the solving of intricate puzzles, and the art of writing. Like living books, these games described fantastic worlds to their readers, and then invited them to live within them. They were called “computer adventure games,” and they used the most powerful graphics processor in the world: the human mind. Rising from side projects at universities and engineering companies, adventure games would describe a place, and then ask what to do next. They presented puzzles, tricks, and traps to be overcome. They were filled with suspense, humor, and sadness. And they offered a unique type of joy as players discovered how to negotiate the obstacles and think their way to victory. These players have carried their memories of these text adventures to the modern day, and a whole new generation of authors have taken up the torch to present a new set of places to explore. Get Lamp is a documentary that tells the story of the creation of these incredible games, in the words of the people who made them. Director Jason Scott has previously created BBS: The Documentary, partially filmed at HOPE, and will be on hand to introduce and show the documentary, as well as talk about the production of Get Lamp and his filmmaking, including lessons learned, trivia and stories told, and how exactly one goes about minting a commemorative coin.

Friday 2300 Tesla


GPS – It’s Not the Satellites That Know Where You Are

The Cheshire Catalyst

There are a lot of misconceptions surrounding GPS technology and how it enters into our daily lives. Cheshire will spend this hour addressing some of this and answering all manner of questions on surveillance, new and old technology, and all sorts of other related topics.

Friday 1000 Lovelace | Download Audio: 16kbps or 64kbps


Grand Theft Lazlow – How Hacking is Both the Death and Future of Traditional and Interactive Publishing, Journalism, and the Media


Writer, producer and director Lazlow, who has worked on titles such as Grand Theft Auto and Red Dead Redemption, discusses how the war for net neutrality will be lost. This talk will touch on how the battle between content creators and consumers is threatening journalism and democracy, and discuss the threats that both small publishers like 2600 Magazine and large interactive companies face in an online media landscape that expects everything for free.

Saturday 1200 Tesla | Download Audio: 16kbps or 64kbps


Hackers for Human Rights

Adrian Hong

There are tremendous humanitarian and human rights problems throughout the world today. While technology is generally seen as a force for good, plenty of closed societies have used technology to clamp down on their citizens and stifle human rights. Already the fight over Internet freedom and data security has cost the lives or liberties of dissidents in countries like Iran, China, Vietnam, and Russia. Citizens have been sentenced to long jail terms and hard labor for a critical blog posting, or accessing foreign news sites. Creative technological efforts can combat oppressive forces, protect dissidents, journalists, and activists, and save lives. There are some really exciting ways folks with all sorts of talents can get involved in the global effort for human rights and humanitarian improvement. Come hear about some of the efforts that seek to help the oppressed worldwide, and how you can help.

Saturday 1900 Bell | Download Audio: 16kbps or 64kbps


Hackers without Borders: Disaster Relief and Technology

Smokey, Elena, Dennison Williams

An hour long, multimedia presentation examining the past, present, and future roles that digital and wireless technology can play on the ground during natural and manmade disasters. This discussion will examine why government (FEMA and the National Guard) and big relief organizations (Red Cross and Salvation Army) have gotten the basic premises of disaster relief wrong, using Katrina and 9/11 as examples. Ingenious, informal technological innovations emerging during disasters that promoted effective self-organized relief efforts will be focused upon. The panel will also look at how the hacker communities can create novel and powerfully effective technologies to aid people, and support grassroots self-organizing during disasters.

Sunday 1600 Lovelace | Download Audio: 16kbps or 64kbps


Hackerspaces Forever: A Panel Presented by

Nick Farr (HacDC, Washington DC, USA), Mitch Altman (Noisebridge, San Francisco, USA), Sean Bonner (Crashspace, Los Angeles, USA / HackspaceSG, Singapore), Johannes Grenzfurthner (, Vienna, Austria), Markus “fin” Hametner (Metalab, Vienna, Austria), Alexander Heid (HackMiami, Miami, FL, USA), Nathan “JimShoe” Warner (Makers Local 256, Huntsville, AL, USA), Matt Joyce (NYC Resistor, Brooklyn, NY, USA), Carlyn Maw (Crashspace, Los Angeles, CA, USA), Far McKon (Hive 76, Philadelphia, PA, USA), Psytek (Alpha One Labs, Brooklyn, NY, USA)

We called your excuses invalid at The Last HOPE and you proved us right! Since launching at The Last HOPE, there’s been phenomenal worldwide growth in the hackerspaces movement. Continuing to build on progress, this panel discussion brought to you by will focus on strategies to help avoid drama, grow your hackerspace, and connect with your community.

Friday 2100 Tesla (2 hours) | Download Audio: Part 1 (16kbps or 64kbps) and Part 2 (16kbps or 64kbps)


Hacking for an Audience: Technology Backstage at Live Shows

John Huntington

Working behind the scenes at live shows, you will find people with titles like Master Electrician, Audio Engineer, Automation Carpenter, or Technical Director. These people won’t likely call themselves hackers, but that’s what they do: take technologies and techniques from larger industries, and appropriate, adapt, and extend them to the high-stakes, high-pressure world of live shows, where the failure of a two dollar part could cause the loss of a show and hundreds of thousands of dollars of ticket revenue. In this industry, every night all over the world, hundreds of technicians with nerves of steel do their best to anticipate the inevitable failures which all hackers encounter, and accommodate them gracefully, preferably in a manner which the audience never even notices. This session will cover who does what on live shows, give an overview of the technologies, and introduce some of the strategies used to ensure that the show goes on.

Sunday 1100 Lovelace | Download Audio: 16kbps or 64kbps


Hacking Our Biochemistry: Pharmacy and the Hacker Perspective

Jennifer Ortiz

We are complex biochemical machines. With advances in science and medicine, we have taken to pharmaceutically hacking ourselves. Hackers are in a unique position to understand the way we design and use drugs to manipulate disease states and to hack microorganisms that are attempting to hack us. With drugs we send chemical instructions to biological processes to change what they do. How do these instructions work? How can we tweak them? With thought-provoking examples, a pharmacy student shows how the hacker perspective is applied to our biochemistry to improve our quality of life.

Saturday 2300 Lovelace | Download Audio: 16kbps or 64kbps


Hacking Out a Graphic Novel

Ed Piskor

Having a completely different perception of hacking, cartoonist Ed Piskor discovered Off The Hook, 2600 Magazine, and many other sources related to the history of the scene. Feeling a strong link between the minds of many cartoonists and the hackers he was reading about, he has decided to create a comic book merging these two interests. Piskor will be talking about his creative process, the reaction that he has received within the community, and the experience of self-publishing this effort, aided by visuals from the books.

Saturday 1100 Bell | Download Audio: 16kbps or 64kbps


Hacking Terrorist Networks Logically and Emotionally

Hat Trick, Mudsplatter

This presentation will touch upon broad aspects of forensics, encryption, and social engineering, and how they relate to the tracking of extremists.

Hat Trick has over seven years of experience in this very unique field, and has put together one of the world’s largest open source databases of extremist multimedia. Topics covered include common vulnerabilities of extremist sites, the unique behaviors of extremists, how to get terrorist IPs and passwords, and what to do with them when you’ve got them.

Mudsplatter will discuss the psychology of manipulation, and how to gain access to even the most secure networks using simple tricks of social engineering. Topics include how to lie with confidence, getting the paranoid to trust you, using trolling to your advantage, and some of the most common liabilities of social networking.

Sunday 1000 Bell | Download Audio: 16kbps or 64kbps


Hacking the Food Genome


Cooking’s pretty awesome, but meatspace is such a drag! Can’t you just write a shell script to figure out what’s delicious? What would the programming language for the Star Trek Food Replicator look like? Join Gweeds and the Food Hacking team for an in-depth demonstration of the Food Genome – an open source culinary informatics platform used for designing menus, disassembling recipes, and visualizing the planet’s taste gestalt.

Sunday 1530 Tesla | Download Audio: 16kbps or 64kbps


Hacking Your GPS

Cass Lewart

There is more to a GPS than a pleasant voice telling you to turn right on Cedar Street, and showing a color display of adjacent ramps and intersections. This talk will focus on the technical implementation of the current GPS system, and how the user location is derived from precise clocks on satellites. You’ll see how to capture, send, and analyze NMEA data streams exchanged between your computer and GPS. Privacy issues, geocaching, and secret key codes required to manipulate GPS base maps will also be discussed.

Sunday 1000 Lovelace | | Download Audio: 16kbps or 64kbps


Hey, Don’t Call That Guy A Noob: Toward a More Welcoming Hacker Community

Nicolle (“Rogueclown”) Neulist

The hacker community strives to develop and exchange cutting-edge ideas. A key component of achieving that goal is continuing to involve new people in the community, since they can add fresh perspectives from which to view all types of hacking. However, either because of the perception of the hacker community as something secretive or nervousness about interacting with people who are supposedly more knowledgeable, it can be a daunting experience for someone new to not only get involved, but also to want to remain involved in the community. This talk aims to make people in the hacker community aware of the concerns that people new to it face, and provide concrete steps for building a culture of making new people feel welcomed and valuable.

Saturday 2000 Lovelace | Download Audio: 16kbps or 64kbps


The HOPE Network

At every last one of our conferences, something epic happens with the network we put together. Sometimes it involves international headlines, government investigations, and emergency corporate board meetings. Other times something spectacular happens. Either way, we’re setting aside an hour at the end of the conference to explain just what happened and how it all came to be.

Sunday 1700 Tesla | Download Audio: 16kbps or 64kbps


How to Bring Your Project from Idea to Reality: Make a Living Doing What You Love

Mitch Altman

Mitch has brought his personal pet projects (including TV-B-Gone universal remote controls) from idea to reality, and is fortunate to make a living doing what he loves. Mitch will outline the practical steps he took to bring his projects from a mere idea, through the steps of research, development, manufacture, sales and distribution, leading, finally, to collecting checks while in the comfort of his home (and while traveling the world). This talk will also show some of the pitfalls of running one’s own business.

Saturday 1500 Tesla | Download Audio: 16kbps or 64kbps


How to Run an Open Source Hardware Company

Limor “Ladyada” Fried, Phillip Torrone

In this session, open source hardware pioneers Limor “Ladyada” Fried of Adafruit Industries and Phillip Torrone of MAKE Magazine show how anyone can start their own open source hardware business. The talk will show how Adafruit runs its open hardware business, top to bottom – from choosing a PCB (printed circuit board) manufacturer to selecting which open source online shopping cart works best for selling electronics online. Limor and Phil will also give a detailed overview of the top ten open source hardware businesses, what they do, and what you can learn from their projects and products. If you’re considering turning your electronics hobby into a full-fledged business, this is a talk not to miss.

Saturday 1000 Tesla | Download Audio: 16kbps or 64kbps


Informants: Villains or Heroes?

We’ve all seen the headlines and know that much of the controversy has a presence right here at HOPE. For those who don’t know, or who just want a summary, one of our keynote speakers, Julian Assange, the main force behind whistleblower site, became a marked man after one of his sources was allegedly identified by someone within the hacker community. The leaker had reportedly boasted to hacker Adrian Lamo (after seeing his name in a Wired article) about sending 260,000 U.S. State Department classified documents to According to Lamo, that claim was enough to make him decide to call the authorities and become an informant. The U.S. government became extremely interested in finding out whether Assange had these documents at and it became abundantly clear that his appearance in the States to speak at HOPE would lead to interrogations, detainment, and possibly worse. At press time, the alleged leaker (an Army intelligence analyst), was being held incommunicado in a U.S. Army brig in Kuwait pending charges.

Our community has been thrust into the middle of this global controversy due to the multiple connections to the various players. There are a number of contentious questions and issues that we’re all dealing with right now. Was the leaker a hero for releasing information, including a widely sought video of U.S. troops killing unarmed Reuters staffers? Was Lamo a hero for turning someone in who was leaking classified information? Is a vital resource or a threat to society? How should we as a community deal with this? And is this story being reported accurately and fairly?

Join us for what will be a most fascinating and enlightening panel discussion where you’ll hear firsthand perspectives on the issues of leaking information and turning people in, subjects that have always been of great interest to those in the hacker world. If you made plans to go home Sunday afternoon, this is worth rescheduling your trip and paying any penalties involved. Trust us.

Sunday 1400 Tesla (90 minutes) | Download Audio: 16kbps or 64kbps


Injecting Electromagnetic Pulses into Digital Devices

Paul F. Renda

This talk is not about someone on the ground firing a ray gun at a jet and bringing it down. This talk is about someone on the jet injecting EMP into the wiring system and causing great problems with the aviation and the black box. This talk will have at least ten video demos of device pulses and one of a surge protector, along with explanations of a Marx generator and a MOSFET charging circuit. Going green, fly by wire airplanes, robotic control trains, densely integrated systems… these are all realities of our daily environment. One problem is that all of these make our lives more susceptible to an EMP disruption. Other topics will include TWA 800, Tesla coils, Byzantine faults and the power grid.

Friday 2300 Bell | Download Audio: 16kbps or 64kbps


Interaction with Sensors, Receivers, Haptics, and Augmented Reality

Pan, Ryan O’Horo, Micha Cardenas / Azdel Slade, Elle Mehrmand, TradeMark G. (Evolution Control Committee)

Electronic sensor technology has been increasing in resolution while decreasing in cost. The ubiquity of GPS receivers has created the ability to obtain location-based information on demand. At the same time, Augmented Reality interfaces are becoming more popular in the consumer market. From the micro-level of delicate touch sensors in haptic interfaces to the macro-level of GPS positioning, these trends make physically interactive computing more and more accessible. This session will provide an overview of motion/light/heat sensors, GPS receivers, haptic interfaces, and other interactive electronics. Along with an explanation of how they work, several projects that utilize these technologies in the consumer, creative, and social realms will be covered. There will be an audience participation section where users will get a chance to explore sensors and electronics themselves.

Friday 2300 Lovelace (90 minutes) | Download Audio: 16kbps or 64kbps


Into the Black: DPRK Exploration

Michael Kemp

North Korea scares people. Allegedly, the DPRK has a super l33t squad of killer haxor ninjas that regularly engage in hit and run hacks against the Defense Department, South Korea, or anyone else who pisses off the Dear Leader. The DPRK also has no real Internet infrastructure to speak of (as dictators don’t like unrestricted information), although it does have a number of IP blocks. This talk examines some of the myths about the DPRK, and some of their existing and emerging technologies. Some of the available infrastructure associated with DPRK (funnily enough, some of which is in South Korea and Japan) will be discussed and the potential technical threats posed by a pernicious regime analyzed.

Sunday 1400 Lovelace | Download Audio: 16kbps or 64kbps


Introduction to the Chip Scene: Low Bit Music and Visuals

Don Miller, Peter Swimm, Joey Mariano

This talk will focus on the global chip scene, an ever growing group of electronic artists that use low-bit and hacked computer and video game consoles to create music and video. Peter Swimm of True Chip Till Death will give an overview of the chip scene past and present. True Chip Till Death is the leading news site of the scene, providing thousands of fans with the latest news on releases, hard- and software, and live events. Joey Mariano and Don Miller will focus on the creation of music and visuals. Mariano, better known as Animal Style, is a musician from Philadelphia who creates music on the Nintendo Game Boy and Sega Genesis. He will give an introduction to various trackers, the tools most chip musicians use to create low-bit music. Miller, also known as NO CARRIER, will be discussing real time visuals. He’ll show you how to use your Nintendo Entertainment System, the Commodore 64, and other classic hardware to create live video for chip music events.

Friday 2100 Lovelace | Download Audio: 16kbps or 64kbps


IPv6 Playground: New Hope Update

Joe Klein

IPv6 Internet is expected to reach over 40 percent of all Internet traffic within the next four years. With this level of growth, expectations are that many new security problems will surface, as they did with IPv4. This presentation is an update to The Last HOPE discussion on the basics of IPv6. The topics will include updated methods of connecting to the IPv6 Internet, an update to the protocol, new attack vectors, new defenses, and a few new vulnerabilities.

Friday 1000 Tesla | Download Audio: 16kbps or 64kbps


Keeping Your Job While Being a Hacker

Alex Muentz

Hackers are curious above all other things. While we all think this trait should be rewarded (or at least not punished so much), sometimes employers don’t agree. As a lawyer, Alex has had more phone calls than he’d like from employees who were fired once they reported a security hole – or even showed an interest in hacking. This talk will discuss a few case studies, U.S. law, and some recommendations on how to protect your job while remaining an active hacker (or merely a curious person).

Friday 1700 Tesla | Download Audio: 16kbps or 64kbps


Keynote Address – Dan Kaminsky

Friday 1300 Tesla | Download Audio: 16kbps or 64kbps


Keynote Address – Wikileaks

Saturday 1300 Tesla | Download Audio: 16kbps or 64kbps


“Knock Knock Knock… Housekeeping” – The Ins and Outs of Hotel Locks

Deviant Olam, Babak Javadi

Hotels have some very unique requirements for locks. Their systems must support many mastered levels of access, accommodate frequent turnover and reissuing of keys, enforce duration limits for access, and do all of this with relatively low cost. For this reason, most hotels around the world have moved away from purely mechanical keys and instead rely on magstripes, perforated cards, etc. These systems are still hackable, however, and other bypasses abound in hotel rooms… so don’t think that simply locking the door after hanging a “Do Not Disturb” sign on it can provide all the privacy needed when you invite someone back to your room later!

Friday 1900 Tesla | Download Audio: 16kbps or 64kbps


Light, Color, and Perception

Jonathan Foote

The phenomenon of color has fascinated great minds from Newton to Picasso, and its complexities are still being unraveled. To understand light and the perception of color, you need physics, biology, psychology, and aesthetics – and this talk will cover a little about all of them. Along the way, topics will be touched upon like non-spectral colors, different color spaces, why laser light looks “speckled,” color-based optical illusions, and an intuitive explanation of the mysterious CIE chart. This material is rarely covered in either art or science classes and is a fascinating intersection of both.

Friday 1100 Bell | Download Audio: 16kbps or 64kbps


Lisp, The Oldest Language of the Future

Adam Tannir

Being the second oldest high-level language still in widespread use (after Fortran), Lisp is often considered solely as an academic language well-suited for artificial intelligence. It is sometimes accused of having a (very (strange syntax)), only using lists as data types, being difficult to learn, using lots of memory, being inefficient and slow, as well as being dead, an ex-language. This talk, focusing on Common Lisp, aims to show that it is actually an elegant, unique, expressive, fast, extensible language for symbolic computation that is not difficult to learn and may even change the way you think about programming. Lisp is primarily a functional paradigm language, but supports object-oriented, imperative, and other programming models natively. Rapid prototyping, iterative development, multiprocessor development, and creation of domain-specific languages are all facilitated by Lisp. There will be a discussion of the origins and history of Lisp, followed by a demonstration of the language, features that migrated to and from other languages, and concluding with a look to what may be in store for the future.

Friday 1800 Bell | Download Audio: 16kbps or 64kbps


Locational Privacy and Wholesale Surveillance via Photo Services

Ben Jackson

With the plethora of third party services that allow folks to post photos to their Twitter account, how hard would it be for someone to stalk a person’s location via the GPS metadata tagged in their images? Mayhemic Labs did the research and it turns out the answer is “not very.” Over the past few months, Mayhemic Labs has amassed a sizable database of people using these services – and what geographic information has been encoded on their publicly available photos. This presentation will cover the basics of how and why this research was done, why sharing such information is bad, why privacy is hard to get right, attempts at public outreach at, how you can replicate such a system, and various instances of privacy fail. Also, tools will be released that will allow you to test your own (or other people’s) photo streams.

Friday 1100 Lovelace | Download Audio: 16kbps or 64kbps


Lock Bypass without Lockpicks

Dan Crowley

You train as hard as you can, picking lock after lock, learning about all the different picks, different picking techniques and styles, anti-picking features, and how to manipulate them… then some guy with a screwdriver takes the hinges off the door faster than you can pick the doorknob. That’s right, there are ways to bypass locks which don’t involve direct manipulation of the pins, and they not only tend to be easy, but fast. This talk follows the story of Waldo, one hard-to-find hacker trying to wrestle the truth from the jaws of a shady corporation peddling suspicious medication. Waldo, having been captured and stripped of his picks, must escape using only his wits, and whatever he can find on his way out.

Sunday 1100 Bell | Download Audio: 16kbps or 64kbps


Memory Fun 101 – Memory Training for Everyone

Chester Santos

A powerful memory can be an invaluable asset in life. Memory is absolutely fundamental to learning, so improving one’s memory can have a profound positive impact on both academic and job performance. This seminar will entertain and educate attendees, while helping them to develop valuable memory skills that will enrich their lives.

In this fun and entertaining program, 2008 USA National Memory Champion Chester Santos will teach attendees the basics of memory improvement. Attendees will learn a number of memory boosting methods that will exercise their imagination and awaken their creativity. Participants will be shown how to utilize both sides of their brain in order to make information stick and become unforgettable. Attendees will participate in enjoyable exercises and will actually be able to feel their memory ability improving throughout the seminar. Everyone will leave this seminar with sharper minds and a solid foundation in exercises and techniques that will benefit them throughout their lives. Talk about providing HOPE!

Saturday 1600 Lovelace | Download Audio: 16kbps or 64kbps


Modern CrimeWare Tools and Techniques: An Analysis of Underground Resources

Alexander Heid

This talk will highlight the features, functions, availability, and impact of modern crimeware tools. The talk will have a specific focus on the Zeus payload and command/control application, and will touch upon other leading banking malware. In addition to detailed technical information, the talk will highlight the history and evolution of this particular trojan and the underground economy that drives it. Furthermore, there will be discussion of other tools that are often used in conjunction with the payload, such as remote exploit kits. The talk will also highlight mitigation techniques and basic design principles for web applications and server configurations that can help reduce the impact of crimeware on individuals and organizations.

Saturday 1500 Bell | Download Audio: 16kbps or 64kbps


Monkeysphere: Fixing Authentication on the Net

Daniel Kahn Gillmor, Jameson Rollins

Most modern public key infrastructure is built around notions of centralized authority, which is troublesome for those of us who want decentralized secure communications on the global network. Monkeysphere is a project to extend the OpenPGP Web of Trust into as many domains as possible, effectively supplanting hierarchical certification infrastructure like X.509, and restoring control over authentication and identification to the communications peers themselves and their own legitimately trusted introducers. Functional tools for authenticating peers over the World Wide Web and SSH have been introduced, with plans for more protocols. Come learn how the tools work, how you can take advantage of the Web of Trust in your own projects, and how you can contribute to building a more autonomous and decentralized global network.

Friday 2000 Bell | Download Audio: 16kbps or 64kbps


Much Ado About Randomness

Dr. Aleksandr Yampolskiy

Access to random bits is required by almost every security protocol. A common assumption in cryptography is that all parties have access to a perfect random source. Then we can prove that signatures are unforgeable, SSL is secure, and life is good. In practice, the situation is quite different as demonstrated by recent exploits of Debian OpenSSL library, WEP, and Netscape 1.1 keys. This talk will try to bridge the gap between theory and practice. The discussion will include what it means for a number to be “random” and demonstrate how some open source tools, as well as custom tools, can be used to find programs with poor sources of randomness.

Saturday 1700 Bell | Download Audio: 16kbps or 64kbps


The Need for a Computer Crime Innocence Project

Joe Cicero, Alex Muentz, Seth Schoen

High profile computer forensic cases like those of Julie Amero and Michael Fiola, where innocent people were falsely charged with downloading illegal files, illustrate the need for professional forensic standards for determining whether a user, or malware infecting their computer, downloaded suspect files. Joe Cicero discusses his experiences dealing with his college administration, attorneys, and the EFF over the problematic research issues that willful installation of malware brings about. He will discuss his project outline and testing protocols and procedure, detailing why certain decisions were made. Audience feedback will be requested on how to create an innocence project designed specifically for computer crime cases. Tech-savvy criminal defense attorney Alex Muentz and EFF’s Seth Schoen will round out the panel with their insights.

Sunday 930 Tesla | Download Audio: 16kbps or 64kbps


Net Wars Over Free Speech, Freedom, and Secrecy or How to Understand the Hacker and Lulz Battle Against the Church of Scientology

Gabriella Coleman, Finn Brunton

Following a brief lecture on Project Chanology, the question will be posed: how can we harness the power of lulzy virality, of pleasure, of trickery, of spectacular trolling for purposes above and beyond sharing the wisdom of Advice Dog? It’ll start with a brief look at great activist media in the past, from Guernica and the picture of the whole Earth to projects by the Yes Men – how they spread ideas and helped people get informed, organize, and act. What makes the creation of lulzy memes different? Learn about how to create exploitable forms and rapid variations, and mechanisms for bringing the best stuff forward. Can we make media memes with goals beyond lulz, and teach activists who’ve never heard of 4chan to make them too?

Part lecture, part workshop, this will feature cameos by Rageguy, Pablo Picasso, V,, Kathe Kollwitz, Courage Wolf, Stewart Brand, Sarah Palin, Batman, Goya, Philosoraptor, Adolf Hitler, Trollface, Shepard Fairey, Joseph Ducreux, David Cameron, lots of Spartan warriors, and lots and lots of (trollish) cats.

Saturday 2300 Tesla | Download Audio: 16kbps or 64kbps


No Free Lunch: Privacy Risks and Issues in Online Gaming

Don Tobin, Lyndsey Brown

Online gaming has been growing significantly over the past ten years. There are currently an estimated 1.5 billion unique registered accounts of online games worldwide. However, few people are aware of the risks associated with playing online games. The risks are also not limited to users in their own homes on their own personal computers. Many of these games are being played in the workplace, opening up a whole different set of risks. This research is an initial look at three popular online games – and the potential risks they pose. This initial work was broken into three tasks: analyze the posted privacy policy, terms of use/service, and other related documents of each game; install the game and analyze system changes; and monitor firewall traffic of game-related processes, especially when we are not even using the particular game.

Saturday 1400 Bell | Download Audio: 16kbps or 64kbps


The OpenAMD Project

Aestetix, Travis Goodspeed, Echo, Mitch Altman, Far McKon, cpfr

The badge for The Next HOPE is the result of a collaboration of several people over the last 11 months. Hardware, software, social interactivity, and more. This panel will cover how the badge works, how we keep track of where you are at the conference, what cool games you can play, and perhaps some clues to a few of our kule s3cr3ts.

Friday 1800 Lovelace | Download Audio: 16kbps or 64kbps


Own Your Phone


Ever wonder what makes your phone work… and how to make it work in ways that were never intended? You might be a phreak! Phreaking is one of the most exciting and fastest-changing scenes in the hacker landscape. Join TProphet and phriends for a phun look at some of the newest innovations.

Friday 1600 Tesla | Download Audio: 16kbps or 64kbps


Privacy is Dead – Get Over It

Steven Rambam

This will be a wide-ranging lecture covering databases, privacy, and “computer-aided investigation.” This talk will include numerous examples of investigative online resources and databases, and will include an in-depth demonstration of an actual online investigation done on a volunteer subject. Emphasis will be placed on discussing the “digital footprints” that we all leave in our daily lives, and how it is now possible for an investigator (or government agent) to determine a person’s likes and dislikes, religion, political beliefs, sexual orientation, habits, hobbies, friends, family, finances, health, and even the person’s actual physical whereabouts, solely by the use of online data and related activity. The final half hour of the talk will be devoted to Q&A.

Saturday 1700 Tesla (3 hours) | Download Audio: Part 1 (16kbps or 64kbps) and Part 2 (16kbps or 64kbps)


PSTN-based Cartography

Da Beave, JFalcon

Sun Microsystems use to say, “The network is the computer.” This talk will focus on that “other” computer. The neglected computer. The PSTN (Public Switched Telephone Network) “computer.” Throwing VoIP into the mix, it’s never been easier to “map” that neglected “computer.” This talk will discuss how to map the “Human Network” as well as new techniques in automated PSTN network scanning including more X.25 network goodies. This is the second part of “Hacking International Networks using VoIP” from The Last HOPE.

Saturday 2200 Bell | Download Audio: 16kbps or 64kbps


Radio Reconnaissance in Penetration Testing – All Your RF Are Belong to Us

Matt Neely

Tired of boring old pen tests where the only wireless traffic you see is 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring, and exploiting a wide array of radio traffic with real world examples illustrating how these techniques have been used to gather information on a target’s physical security, personnel, and standard operating procedures.

Saturday 2300 Bell | Download Audio: 16kbps or 64kbps


Reach Out And Touch Face: A Rant About Failing

Johannes Grenzfurthner

Hackers love knowledge. They try to find out how stuff works. And that’s great. Experimentation is a major part of hacking. It is in the most philosophical sense a deconstruction of things.

A specific use is never inherent to an object, even though technical demagogues like to claim that it is. Just compare the term “self-explanatory” and the term “archeological find.” It’s a pretty hard task to find out what technology is and what it should do if you don’t have a clue about the context. Usually the use is connected with the object through definition (“instructions for use”). Turning an object against the use inscribed in it means probing its possibilities.

Science and Technology Studies (especially Langdon Winner and Bruno Latour) have convincingly demonstrated that the widespread inability to understand technological artifacts as fabricated entities, as social and cultural phenomena, derives from the fact that in retrospect only those technologies that prove functional for a culture and can be integrated into everyday life are “left over.” However, the perception of what is functional, successful, and useful is itself the product of social and cultural, and, last but not least, political and economic processes. Selection processes and abandoned products (developmental derailments, sobering intermediary results, useless prototypes) are not discussed.

Well. What can we do?

We can fail. Beautifully.

Saturday 1900 Lovelace | Download Audio: 16kbps or 64kbps


A Red Team Exercise

Tom Brennan

Shall we play a game? This talk will focus on full scope security assessments and stealing intellectual property in five easy steps. It will take the form of a game that divides the audience into attack and defend teams for a builder vs. breaker educational workshop. Included in the discussion will be physical, electronic (network, application, wireless, telecom, and cellular), and intelligence gathering techniques used for offensive projects.

Saturday 1400 Lovelace | Download Audio: 16kbps or 64kbps


Risk Analysis for Dummies

Nick Leghorn

We all get that “gut feeling” about what is risky, but how do we communicate that to managers or other people in a meaningful way? And how can we determine what risks are worse than others in a justifiable manner? How do you even define “risk?” In this talk, you’ll learn about the most up to date methods of identifying risk, evaluating risk, and communicating risk to others, as well as some models used by the U.S. government and others to identify attack targets, evaluate building security, diagram attacks, and more. And no math problems harder than simple addition, guaranteed.

Friday 2100 Bell | Download Audio: 16kbps or 64kbps


Rummaging in the Government’s Attic: Lessons Learned from More Than 1,000 Freedom of Information Act Requests

Phil Lapsley, Michael Ravnitzky

Phil and Michael will conduct a guided tour through, a website that has (legally!) obtained and published hundreds of interesting government documents obtained via the Freedom of Information Act (FOIA). Based on extensive interviews with the site’s creators and through a half dozen examples they will describe some of the clever FOIA tools and techniques (hacks, in other words) that the site has employed to obtain informative, valuable, and sometimes even amusing documents and datasets from government agencies. They will also highlight similarities between the mindsets and approaches of hackers and successful FOIA requesters.

Saturday 2000 Tesla | Download Audio: 16kbps or 64kbps


Saturday Night Hacker Cinema

At press time, there were all sorts of rumors flying around about leaked hacker films and other brand new presentations that few have seen. While we can’t say with certainty what we’ll be showing, we most definitely can say that it’ll capture your attention and be a unique window into the wonderful world of hackers.

Saturday 2359 Tesla


SHODAN for Penetration Testers

Michael “theprez98″ Schearer

SHODAN is a computer search engine unlike others. Instead of scouring the web for content, SHODAN scans for information about the sites themselves. The result is a search engine that aggregates banners from well known services. For penetration testers, SHODAN is a potential game changer as well as a gold mine of potential vulnerabilities.

Friday 1200 Bell | Download Audio: 16kbps or 64kbps


Simpsons Already Did It – Where Do You Think the Name “Trojan” Came From Anyway?

Sandy Clark (Mouse), Matt Blaze, Bill Cheswick

SMS blockers, ransomware, licenses for trojans, factory installed malware… every day the news is full of accounts of innovative threats altering the landscape of the security arms race. But are these attacks really new? A quick glance at history shows us that these same attacks and defenses have been around for as long as there have been humans. Come hear about the ancient Greek firewalls (and firewall bypasses), about Roman security-by-obscurity, ancient port-scanning, and about Mozart’s “rights amplification” against the Pope. This will be a trip through the ages as the security arms race is analyzed. You’ll discover how we got where we are today and learn that even in security, history is always repeating itself.

Sunday 1200 Lovelace | Download Audio: 16kbps or 64kbps


Sita Sings the Blues: A Free Culture Success Story

Nina Paley

“If it’s free, how do you make money?” One year after the Copyleft release of her animated musical feature Sita Sings the Blues, Nina Paley presents the latest round of hard data from the project. Contrary to MPAA propaganda, the more the audience freely shares the film, the more they purchase DVDs, theater admissions, and merchandise. In this talk, witness the numbers that prove it.

Friday 1600 Lovelace | Download Audio: 16kbps or 64kbps


Smartphone Ownage: The State of Mobile Botnets and Rootkits

Jimmy Shah

Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC?

This talk will cover the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.

Saturday 1700 Lovelace | Download Audio: 16kbps or 64kbps


Snatch Those Waves: Prometheus Radio and the Fight for Popular Communications

Pete Tridish, Maggie Avener

The Prometheus Radio Project started with radio pirates fighting for local groups to be able to run community radio stations, and over the years has sued the FCC to stop media consolidation, built stations in places like Venezuela and Tanzania, and experimented with using off the shelf wireless technologies to do for hundreds of dollars what commercial stations spend tens of thousands for. This panel will help bring you up to date on the political debates in Washington about low power FM, open spectrum, and IBOC digital radio. They will talk about epic radio barnraisings where hundreds of people are brought together to build a new radio station over the course of a single weekend – and their plan for the next barnraising in the Hudson Valley.

Saturday 1600 Tesla | Download Audio: 16kbps or 64kbps


Social Engineering

Emmanuel Goldstein and Friends

People have been known to come to HOPE just for this panel, in which the history, stories, and demonstrations of social engineering are laid out for all to see – and hear. Something will invariably be revealed over the telephone by someone who really should know better in our traditional live demonstration that never fails to entertain.

Saturday 2100 Tesla | Download Audio: 16kbps or 64kbps


Spy Improv on Steroids – Steele Uncensored – Anything Goes

Robert Steele

Steele has gotten past the anger and is now offering up icy-cold straight public intelligence in the public interest. A recovering spy, founder of the modern Open Source Intelligence (OSINT) movement, #1 reviewer of nonfiction as rated by readers at Amazon, and now practicing what he preaches deep in the jungles of Central America, Steele, who reads in 98 categories and is down to his last of nine lives, will answer any question on any topic for as long as it takes. The record is four hours. He may die soon, so he wants to try for six hours.

Saturday 2359 Lovelace | Download Audio: Part 1 (16kbps or 64kbps), Part 2 (16kbps or 64kbps), Part 3 (16kbps or 64kbps), and Part 4 (16kbps or 64kbps)


The State of Global Intelligence

Robert Steele

Our first speaker at our first conference back in 1994 is back to once again presents an overview of global intelligence. Smart Cities, Smart Corporations, Smart Nations are the ideal. The “tribes” of intelligence – academic, civil, commercial, government, law enforcement, military, and non-governmental – are almost catatonically stupid as well as corrupt in their information pathologies. There will also be a brief overview of his new book, Intelligence for Earth: Clarity, Diversity, Integrity, and Sustainability, which, like all of his books, is free online and for sale at cost at Amazon.

Friday 1100 Tesla | Download Audio: 16kbps or 64kbps


Surf’s Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation

Daniel McCarney

Web application security has progressed by leaps and bounds since first being discussed in the early 2000s. XSS, SQLi, Directory Traversals, and other traditional attacks are becoming more widely understood by a greater demographic of developers. Unfortunately, we are just scratching the surface. There still exists a great number of attack vectors that are ignored. Cross Site Request Forgery is a prime example of this. It is a simple technique with powerful implications ranging from denial of service and firewall bypass to full blown site compromise.

The theory of CSRF will be presented here in simple to understand terms. An example of a virulent exploit of a real world social networking site ( using CSRF will also be shown.

Saturday 1600 Bell | Download Audio: 16kbps or 64kbps


T+40: The Three Greatest Hacks of Apollo

Stephen Cass

Forty years ago, manned exploration of the moon was in full swing. The three greatest hacks of the Apollo program occurred on Apollo 12, 13, and 14, in two cases saving the mission, and in one case saving lives. Drawing on personal interviews with the engineers involved and archival records, this talk will look at the technical aspects of each hack, including largely overlooked, but critical, details of how the lunar module was prepared for lifeboat mode during the Apollo 13 crisis.

Saturday 1000 Lovelace | Download Audio: 16kbps or 64kbps


The Telephone Pioneers of America

Kyle Drosdick

The Telephone Pioneers of America is an organization of mostly retired employees of the Bell System and affiliated companies. They remain active in the community as an organization that promotes their history and industry. You can find them in many communities across the nation, often in the very cities and neighborhoods they spent their careers working in. The pioneers have amassed lifetimes of wisdom working on the telephone system and intimately understand the technology and politics of it. The telephone company will never be what it was when they were employed there and they know that the next generation of pioneers may not ever actually work for “the company” as they did.

Using photographs, recordings, and artifacts, this unique treasure will become accessible to members of the audience, especially younger individuals who may not ever have used what is now vintage telephone equipment – like rotary dial phones. There will be a selection of functional and historically significant equipment for attendees to learn about and enjoy thoroughly. This talk is intended to help bridge the gap between hacker and pioneer.

Saturday 2000 Bell | Download Audio: 16kbps or 64kbps


Tor and Internet Censorship

Jacob Appelbaum, Seth Schoen

The Tor project has seen an increased focus on Internet censorship as many more users adopted Tor to get around blocking. In the past year, Tor was a popular means of bypassing censorship in Iran, China, and around the world. Firewall operators have been noticing. Tor has also had to contend with new organized efforts to block access to the network, and has rolled out the “bridges” blocking-resistance system in earnest. Alongside the perpetual need to get more Tor nodes, it’s become important to get users to run bridges – and to experiment with ways of communicating bridge addresses to users affected by censorship.

The current censorship landscape will be explored, along with the bridge mechanism and efforts to recruit more bridges. There will also be an update on how Tor developers are responding to the growing pains and dealing with scaling challenges associated with Tor’s popularity. You’ll also hear about the challenge of counting the number of users on an anonymity network, and how client software can force the use of encryption to protect users from some attacks after their traffic leaves the Tor network.

Friday 1800 Tesla | Download Audio: 16kbps or 64kbps


Towards Open Libraries and Schools

Gillian “Gus” Andrews, Jessamyn West, Ellen Meier

You can wear your “No, I won’t fix your computer” shirt, or you can try to make progress with the bureaucrats, teachers, bosses, and other tech n00bs who make maintaining the systems in your life utterly frustrating. In this panel, organized and moderated by Off The Hook participant Gus Andrews, two veterans of the battle to wire under-served areas talk about what works and what doesn’t when helping the uninitiate learn about the Internet, privacy issues, security, and proprietary software. Jessamyn West, blogger at and a MetaFilter manager, will talk about her efforts to educate librarians and patrons about the PATRIOT Act and digital literacy, and her technology advocacy with the American Library Association. Ellen Meier, a professor at Columbia University Teachers College who presses for greater access to the Internet and more pervasive use of technology in classrooms, will talk about what works and what doesn’t when working with educators and with administrators in Albany. The panel will welcome discussion, questions, and frustrations from audience members dealing with similar problems.

Friday 2000 Lovelace | Download Audio: 16kbps or 64kbps


TrackMeNot: Injecting Reasonable Doubt in Everyone’s Queries

Vincent Toubiana

TrackMeNot is a lightweight Firefox extension that helps protects web searchers from surveillance and data-profiling by search engines. It does so, not by means of concealment or encryption (i.e., covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. Because any query can plausibly be artificial, everyone’s search history ownership is now subject to a reasonable doubt. The challenge that TrackMeNot encounters is to search as a human. The adversary, a search engine capable of mining billions of user queries, should not be able to filter the artificially generated queries. Ideally, even a human should not be capable of filtering the queries that have been injected.

This talk will also detail the motivations in developing TrackMeNot: lack of transparency of search engines’ use of data and ambiguity of the privacy policies. Key elements of TrackMeNot implementation will be described and evidence will be revealed proving that a major search engine profiling algorithm is influenced by the use of TrackMeNot.

Sunday 1300 Bell | Download Audio: 16kbps or 64kbps


Video Surveillance, Society, and Your Face

Joshua Marpet

Video surveillance is pretty simple. Point a camera at something, watch the stream. But the technology has been integrating into our daily lives. From Makeababy websites, to “change your race” kiosks, facial recognition and the technology spawned from video surveillance is creeping into our lives. The police have taken notice of this, and are starting to interpret laws that make it difficult to photograph them legally. Do these technologies and laws imperil your privacy, your rights as a photographer, or even your life? This is a talk about where these technologies are going, how to stay out of jail, and how to keep your face out of official databases.

Saturday 1100 Tesla | Download Audio: 16kbps or 64kbps


Vintage Computing

Evan Koblentz, Bill Degnan

Many people believe Silicon Valley is where the most significant early developments in computers occurred. But the New York/New Jersey/Pennsylvania area was home to many major developments in microcomputer history. See and hear amazing historical and technical achievements of the computing pioneers of our region in the context of how we use computers today. Presenters will also present a comprehensive working exhibit of several early microcomputers all day Saturday.

Saturday 1200 Lovelace | Download Audio: 16kbps or 64kbps


Why You Should Be an Amateur

Ben Jackson

Lots of people think the “maker culture” is a relatively new phenomenon. However, one group has been doing it for close to 100 years: amateur radio operators. While some dismiss amateur radio as an aging artifact from decades ago, today’s radio amateurs are putting together wide area wireless networks, developing digital protocols that use the tiniest amount of bandwidth, and building radios from scratch. This presentation will review the basics of amateur radio, the advantages over unlicensed devices, and areas of interest you can apply to your existing projects.

Saturday 1800 Bell | Download Audio: 16kbps or 64kbps


Wireless Security: Killing Livers, Making Enemies

Dragorn, RenderMan

The message that wireless is unsafe has permeated the IT zeitgeist, however people still forget client devices. This talk by Dragorn and Renderman moves away from guarding the access points to guarding the clients. Considering the fun that is continually had by the authors at airports and public networks, this is a message that needs to get out.

Attacks targeting client devices are becoming more sophisticated. Kismet Newcore makes breaking WEP a passive action. Airpwn has received a facelift and is now capable of more unspeakable actions over open links (hotels, airports). Karma as well is flypaper for clients running wireless without any thought to protection. Recent vulnerabilities in browsers and other protocols that are often dismissed as “too hard to exploit to be useful” are suddenly very possible and dangerous when wireless is involved, and attacks crossing from layer 2 directly to layer 7 vulnerabilities will be shown.

Friday 1200 Tesla | Download Audio: 16kbps or 64kbps

Bookmark and Share