Presented at
DEF CON 17 (2009),
Aug. 2, 2009, 10 a.m.
(50 minutes)
It is widely known that MAC addresses are spoofable, however many access control models rely on them to uniquely identify devices. When host names are set to be user's real names and are broadcast to the Internet and accessible with reverse DNS lookups, everybody on the Internet, with no work, knows exactly who you are. You can't do medical research without saying JANE PHILLIPS IS CURIOUS ABOUT PREGNANCY and you can't study the effects of marijuana without TOM STEVENS IS READING UP ON SMOKING OUT. We will discuss the technical, legal, and ethical implications of transparency of identity online versus the war on combating piracy and how it pressures IT departments to design and maintain systems with these fallacies.
Presenters:
-
Dan Kaminsky
- Director of Pen Testing, IOActive
Dan Kaminsky has been operating professionally in the security space since 1999. He is best known for his "Black Ops" series of talks at the well-respected Black Hat Briefings conferences. Dan is one of few individuals in the world to combine technical expertise with executive-level consulting skills and prowess. Dan focuses on design-level fault analysis, particularly against massive-scale network applications. Dan regularly collects detailed data on the health of the worldwide Internet, and recently used this data to detect the proliferation of a major rootkit.
-
Endgrain
- Student of computer science at the University of Southern Maine
Endgrain is a Computer Science student from the University of Southern Maine. He has been involved in information security for almost 10 years. Some of his areas of interest include reverse engineering of software, web application pen-testing, and access control design.
-
Tiffany Rad
- Part-time Professor, Computer Science Department, University of Southern Maine
Tiffany Strauchs Rad, MA, MBA, JD, is the President of ELCnetworks, LLC., a technology, law, and business development consulting firm. She is a part-time Adjunct Professor in the computer science department at the University of Southern Maine teaching computer law and ethics, information security, and is working to establish a computer crimes clinic at Maine School of Law. Tiffany is also the co-founder of the OpenOtto car hacking project, organizer of HackME (hacker space in Portland, Maine), and has presented at Hackers on Planet Earth (HOPE) and Pumpcon.
Links: