hacking

I want to have an open-format discussion about why the internet is broken - from a security perspective. Most of it was designed without much security in mind. We're trying to use things that weren't designed as security features (ex: TTL in DNS records) as actual security features. Most of the time security is just an afterthought.

The topics can be anything: viruses, drive-by downloads, botnets, hackers, DRM, cross-site scripting, dns vulnerabilities, bgp problems, two-factor authentication, electronic voting, SSL, browser/plugin security, operating systems, people putting passwords underneath their keyboards, etc, etc.

Why can Mallory still read my e-mail in 2008?

It doesn't have to be all doom and gloom- we should also discuss possible solutions from the big picture (DNSSec?) to what we can do as developers, web designers, network/server admins, netizens, and citizens.

UPDATE: I'm currently trapped in NYC working on a project and am not at this late hour, entirely sure if I'll be back in time to do this session.

I while ago I built a demo merchant site for the express purpose of demonstrating web application hacking techniques. These include complex attacks, as well as some basic SQL injection, with attack payloads ranging from database enumeration to gaining system level access on the underlying web server through bad application code. I'll likely end up speaking a bit about secure coding.

I'd like to give a demo of common attack techniques which may be of great interest to developers, techies, and anyone that has wondered about attack techniques.

nVidia has been improving its general purpose programing offerings through a C-like language extension that allows you to use your graphics card for more general tasks. The latest graphics cards from nVidia have 240 stream processors to make use of. About 8 months ago we had Micheal from nVidia talking about this. AMD has also decided to adopt CUDA, and drop CTM (close to metal).

If we have the interest we should spend some time hacking on it.

UPDATE: Mac OSX 10.6 will support General Purpose GPU processing in their SDK, it may also be available for iPhone, and if the nVidia Tegra Chip gets into an Android device this stuff may be mobile too.

I have also been looking into how to best use other language patterns for GPU processing like functional patterns, and google's MapReduce. I am no expert at this stuff but if anyone else please join us. I just want to have a session to expose what we know in milwaukee and to build this community.