Fri, 18 Jul 2014 14:00 (Serpico)
This discussion will look at the practice of exposing anomalies in network communications and computer processes in order to find evidence of interference (or intentional communication) from beyond the grave. Known as Instrumental Trans-Communication (ITC), the practice has roots as far back as the 1930s and has survived into the digital era. We will look at how these same methods are now being applied to Wi-Fi networks, custom software development, remotely networked sensors, and digital spectrogram systems designed to capture images of the spirits of the deceased.
Speakers: Wil Lindsay
Fri, 18 Jul 2014 10:00 (Serpico)
Session Initiation Protocol (SIP) is the gateway drug to VoIP (Voice over Internet Protocol). You will see how such a phone call is set up, and will witness an in-depth discussion of Asterisk, the open source PBX software that represents the new age of telephone switching in the 21st century.
Speakers: Richard Cheshire; Gaston Draque
Fri, 18 Jul 2014 20:00 (Serpico)
!Mediengruppe Bitnik are contemporary artists. In their talk, they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London.
Speakers: !Mediengruppe Bitnik
Sat, 19 Jul 2014 11:00 (Manning)
Hear from lawyers, activists, technologists, and international policy analysts from the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for freedom and privacy in the computer age. Since HOPE Number Nine, much has happened on the Internet. From Aaron Swartz' tragic death to Edward Snowden's revelations, from TPP to Stop Watching Us, they will put it all in context and answer your questions. This session will include updates on current EFF issues such as their efforts to end mass spying both at home and abroad, their fight against the use of intellectual property claims to shut down free speech and halt innovation, a discussion of their technology projects to protect privacy and speech online, updates on their cases against the NSA, litigation and legislation affecting security research, what EFF is doing to open access to scholarly works, how they're fighting the expansion of the surveillance state, and much more. Half the session will be given over to Q&A, so it's your chance to ask EFF questions about the law and technology issues that are important to you.
Speakers: Nate Cardozo; Kurt Opsahl; Adi Kamdar; Peter Eckersley; Eva Galperin
Fri, 18 Jul 2014 12:00 (Manning)
Barrett Brown, a Dallas-based writer and freelance journalist, was arrested in late 2012 and indicted several times on charges including the publication of a hyperlink. He was earlier pegged by the media as an "unofficial spokesperson" for the hacktivist collective known as Anonymous. But who is he really and what was he trying to uncover that made him a target of the feds? The prosecution was widely regarded as excessive and included a gag order, subpoenas, charges issued against family members, attempts to seize defense funds, and criminal counts so flawed that they were later dismissed. This talk will explore Brown's work, what happened during his case, the dynamics of his interactions with Anonymous and its implications for other journalists who work with hackers, and why his case outraged many of those who care for free speech and freedom of press.
Speakers: Kevin Gallagher; Ahmed Ghappour; Gabriella Coleman
Fri, 18 Jul 2014 12:00 (Serpico)
The Freedom of Information Act (FOIA) is a simple but powerful tool that permits any citizen to find out more about what their government does, permitting more informed participation in American society and government processes. This presentation will show how public records released under FOIA have been used to expose questionable surveillance programs, domestic drone programs, and even an exploding toilet. It also highlights the availability of an array of free, public resources to explore millions of pages of government records that have already been released, so you can see the results of your tax dollars at work. This talk will also review ways of overcoming some common agency roadblocks to get the records and data you want. Examples will be drawn from the GovernmentAttic.org and Muckrock.com web sites.
Speakers: Michael Morisy; Michael Ravnitzky
Sat, 19 Jul 2014 21:00 (Manning)
In the past few years, there have been foundational developments enabling hobbyists and seasoned professionals to research and develop the life sciences outside of classical institutions. Known as DIYbiology or biohacking, this shift in the bio-world takes its inspiration from mature hacker and open source cultures. In this panel, Canadian biohacker successes and struggles will be presented. Current legal, economic, and political landscapes that affect Canadian and global biohackers will be discussed and compared. What constraints and challenges are faced when it comes to doing synthetic or molecular biology outside of its conventional confines? How is the community membership growing and what does it take to accelerate this growth? Lastly, what growth are we anticipating for independent and open biotech research, as well as inter-laboratory and international collaboration? And how can the audience and other hacker communities get involved in this exciting shift?
Speakers: Kevin Chen; Connor Dickie
Sat, 19 Jul 2014 10:00 (Manning)
We all like to tinker and explore. Hacking, exploring, and publishing findings is important to our community as well as the world at large. Unfortunately, law enforcement and the operators of the systems you investigate may disagree and use the legal system to threaten or silence you. How can hackers, pen testers, and security researchers all protect themselves? Can you reverse engineer a device you just purchased? Can you investigate a security hole in another's web server? What can you tell others about your findings? This talk will consider how current U.S. laws affect one's ability to explore systems, collaborate, and publish findings. Q&A will follow.
Speakers: Alexander Muentz
Sun, 20 Jul 2014 17:00 (Manning)
We live in a surveillance state. Law enforcement and intelligence agencies have access to a huge amount of data about us, enabling them to learn intimate, private details about our lives. In part, the ease with which they can obtain such information reflects the fact that our laws have failed to keep up with advances in technology. However, privacy enhancing technologies can offer real protections even when the law does not. That intelligence agencies like the NSA are able to collect records about every telephone call made in the United States or engage in the bulk surveillance of Internet communications is only possible because so much of our data is transmitted in the clear. The privacy enhancing technologies required to make bulk surveillance impossible and targeted surveillance more difficult already exist. We just need to start using them.
Speakers: Christopher Soghoian
Sun, 20 Jul 2014 12:00 (Olson)
Basic Input/Output System (BIOS) is firmware that boots older machines. Unified Extensible Firmware Interface (UEFI) is a combination of firmware and a boot-loader that boots newer machines. As a result of the leaks by Edward Snowden, the possible existence of rootkits that can affect the BIOS and UEFI has been widely reported. Both of these technologies exist in memory that is not typically accessible remotely, which makes infection particularly difficult. The location of these technologies is even difficult to reach by the operating system, which makes detection of such an infection at this level also a difficult problem. This talk will explore all of the steps that need to take place in order to accomplish this feat, review creative measures malware has taken to tackle these problems, and review methods for detection of these kinds of infections.
Speakers: Eric Koeppen
Sun, 20 Jul 2014 11:00 (Serpico)
Poisons can kill... but how? Why are some chemicals beneficial in small quantities but lethal in large amounts? How does a sometimes miniscule amount of chemical bring the whole system down? And how can these processes be counteracted such that the system may survive? Learn about how the complex cellular network of our body works and what happens when this network is disrupted.
Speakers: Jennifer Ortiz
Fri, 18 Jul 2014 19:00 (Manning)
There is literally nowhere else on earth where you can run an experimental mobile phone network with a potential 50,000 users and get away with it (legally). Nowhere else can you learn so much in as short a timeframe about people's relationships with their mobile phones or what makes a mobile network tick. Since 2006, the folks behind OpenBTS have been running the Papa Legba camp at Burning Man, providing fully licensed independent (free) GSM cellular service in the most unlikely of places. Johnny and Willow will go through the hardware and software tools they deployed in 2013, along with a discussion of lessons learned and future plans.
Speakers: Johnny Diggz; Willow Brugh
Fri, 18 Jul 2014 16:00 (Serpico)
Patent law is a subject of general loathing among hackers and those in the open source movement. While a few grudgingly agree that some things might be worthy of patents, the idea of patenting software seems to offend core values of our community. Despite that fury, it is difficult to pin down exactly what a software patent is. To what degree is a patent directed to software instead of a new and useful machine? How can you separate out those two concepts? This talk aims to present the core problems of software patents in a way that is accessible to hackers and other technologists and, in particular, will address the Alice Corp. decision by the Supreme Court in June. This talk is an academic discussion of patent law and should not be construed as legal advice.
Speakers: Ed Ryan
Sun, 20 Jul 2014 19:00 (Manning)
Every year, people make the same mistake. They book their return trips too early on Sunday. If you've done that this year, we encourage you to pay whatever the fee is to change your ticket and stick around. The HOPE closing ceremonies are always a blast, as well as an opportunity to win lots of cool prizes that we have accumulated over time. We'll also wax sentimental about how we (hopefully) managed to pull off yet another one of these events. So stick around Sunday evening. Think of Monday as a holiday - and beg forgiveness on Tuesday.
Sat, 19 Jul 2014 23:00 (Olson)
Recent revelations about massive data collection by the National Security Administration have brought sustained popular attention to the rise of pervasive surveillance systems. We have entered a moment of important dialogue about the surveillance state, the role and ethics of technology companies, the potential harms of mass surveillance to civil liberties and human rights, and the need for interventions involving technology, policy, and social practice. At the same time, the voices of communities that have long been most explicitly targeted by surveillance have been largely excluded from the debate. There are multiple, overlapping surveillance regimes, and they disproportionately target people of color, low-income, and working people, as well as activists in general. State, military, and corporate surveillance regimes are growing in scope, power, and impunity, not only in countries such as Iran, Syria, and China, but also within liberal democracies such as the United States, India, and Brazil. This talk will focus on projects and process from the MIT Civic Media Codesign Studio (codesign.mit.edu), which works with community-based organizations to develop civic media projects that connect to grounded strategies for social transformation.
Speakers: Sasha Costanza-Chock; Emi Kane
Sun, 20 Jul 2014 16:00 (Serpico)
At HOPE Number Nine in 2012, James spoke to people about how to build community infrastructure to provide support at a scale larger than just one project at a time. Then he went and built some. This talk is about lessons learned - how to replicate the successes and avoid the failures he's experienced in the last two years. The focus will be on his two case studies: 1) the formation of a localization community for anti-censorship and anti-surveillance tech (which went reasonably well) and 2) creating a heavier-weight code auditing organization for anti-censorship and anti-surveillance tech (which had some hiccups). There are lessons in both and they will be the basis of discussion here. The goal is to also seed some ideas on how to build this kind of infrastructure for other niches and the wider free software community.
Speakers: James Vasile
Fri, 18 Jul 2014 18:00 (Manning)
Why try to avoid them spying on us on their networks when we could just build our own? This is what the Rhizomatica project has done in rural Mexico, where they help to build and maintain community owned and operated GSM/cellular infrastructure. Come and hear about experiences in the field and how to deal with the technological, legal, social, and organizational aspects that come along with operating critical communications infrastructure from a community emancipation and autonomy perspective. If you enjoy freedom, community, and dismantling the corporations and governments that seek to monitor, control, and exploit us, then this presentation is for you. The talk will not be overly tech-focused, so don't worry if you haven't got the faintest idea or couldn't care less how a cell phone network operates.
Speakers: Peter Bloom; Maka Muņoz
Sat, 19 Jul 2014 14:00 (Manning, Serpico, and Olson)
We had to keep this bombshell quiet til the last minute since some of the most powerful people in the world would prefer that it never take place. (Even at this stage, we wouldn't be surprised at mysterious service outages, but we believe the hacker spirit will trump the unprecedented might of the world's surveillance powers. Fingers crossed.)
Daniel Ellsberg has been an inspiration to Edward Snowden and Ellsberg himself has expressed his admiration of Snowden's actions in releasing information revealing the extent of NSA's spying on civilians around the globe, including within the United States. Ellsberg changed the conversation in the height of the Vietnam War through the Pentagon Papers - by revealing deceptive practices by the government. Snowden has also dramatically changed the conversation on surveillance and intelligence-gathering with his revelations.
We're honored and proud to have HOPE be the forum via which these two American heroes converse. Snowden is, of course, still unable to leave Russia because of the threat he faces from the authorities in the United States. So he will be joining us and speaking on a video link right after Daniel Ellsberg's keynote.
Speakers: Edward Snowden; Daniel Ellsberg; Trevor Timm
Fri, 18 Jul 2014 21:00 (Olson)
As more devices join the Internet of Things, it is increasingly important that these devices remain protected from surveillance and compromise. This talk will show how to add specialized, commercially available, crypto Integrated Circuits (ICs) to improve the security of your BeagleBone, Pi, or AVR based platform. ICs such as a Trusted Platform Module, I2C authentication chips, and hardware random number generators will be discussed. The CryptoCape, an Open Source Hardware daughterboard, made in collaboration between SparkFun Electronics and the presenter, will be presented in detail. Lastly, this talk will describe the experience of running a Tor relay on a BeagleBone Black for over 200 days.
Speakers: Josh Datko
Sun, 20 Jul 2014 15:00 (Manning)
While a common philosophical and cultural thread ties all of us in open source together, the ecosystem is as diverse as the world itself. In fact, open source projects are a kaleidoscope of cultures that influence how they are approached, how teams interact, outcomes, and what type of people they attract. At the same time, open source is suffering greatly from a lack of diversity. Three percent are women, and many users from non-English subgroups feel their voices are not heard in the OS ecosystem. This panel will discuss: how open source projects can build bridges to help incorporate people from non native English speaking communities, examples of when lack of cross-cultural sensitivity goes wrong, descriptions of patterns and regional differences observed in various open source communities, and why the Dutch are some of the best open source volunteers ever.
Speakers: Sandra Ordonez; Bryan Nunez; Douwe Schmidt
Sun, 20 Jul 2014 10:00 (Serpico)
Without secure code and implementation, humanitarian projects can be used against the very people they are designed to help. This is a basic problem of social justice. If security is only available to people with money, privilege, and the fortune to not be in the midst of a disaster, then there is no security. As Internet crime rises and security solutions gain momentum, vulnerable populations are left out of the protection that the privileged few enjoy. Issues of trust, budgetary restrictions limiting low-barrier digital security tools, and the mass surveillance/digital disenfranchisement of the non-elite are the obstacles to a secure commons. Community building and resource sharing on the Internet is only accomplished when we take part in building social justice by using our skills to improve open source code security and its implementation across the humanitarian ecosystem.
Speakers: Lisha Sterling
Fri, 18 Jul 2014 21:00 (Manning)
The Dark Mail Initiative represents a collaborative effort to bring about a new generation of standards designed to provide automatic end-to-end encryption for email. The presentation will cover the "dmail" architecture, with a focus on the key elements of the design that allow it to overcome some of the most problematic traditional usability issues, all the while preserving a world-class guarantee of security. Dark Mail stands in a unique position against most competing technologies because of its commitment to complete transparency, both in the proposed open dmail specifications and in the open source implementation that is targeted for release later this year. The talk will also include a short discussion of the Lavabit legal saga that precipitated the dmail development effort, the design goals of the project, and an explanation of why these goals are important, both to the computer security community and to society at large. The discussion will conclude with a short update on the status of the reference implementation development effort.
Speakers: Ladar Levison; Stephen Watt
Sat, 19 Jul 2014 16:00 (Manning)
As technology becomes ever more embedded in the fabric of our society and even our clothes, we must grapple with ever more complicated tradeoffs regarding privacy and security. This talk will highlight disruptive wearable technologies that creatively and assertively address these modern technological and societal changes. Come learn about underwear that that tattles on a TSA agent's wandering fingers during a secondary screening, makeup that makes you imperceptible to facial recognition software, and eye-tracking glasses that let a paralyzed graffiti writer tag again. Most projects featured are open source or how-to guides, and span the last ten years. Becky Stern's intention is to inspire HOPE X attendees to think more about the physical body as a canvas for hacking, social engineering, fashion, and wearable tech.
Speakers: Becky Stern
Sat, 19 Jul 2014 20:00 (Olson)
Good news: it's becoming abundantly clear that more and more people want to use surveillance circumvention tools to protect their privacy. Bad news: most people can't figure out how to use them. Thankfully, usability research is no longer difficult to arrange or afford. Anyone - developers, designers, and project managers alike - can conduct user testing at any time, in any setting. In this presentation, you will learn everything you need to know to get started on your own qualitative user research, how it can help you understand and solve for your users' needs, and what it means for the future of surveillance circumvention technology.
Speakers: Kaytee Nesmith
Sun, 20 Jul 2014 15:00 (Serpico)
As developer-journalists, Harlo and Aurelia work with sensitive information about critical investigations of governments, institutions, and individuals - domestic and foreign. Barton Gellman of the Washington Post is one of three journalists who received classified NSA archives from Edward Snowden. The security and reliability of the information these panelists handle is of the utmost importance. Managing their resources and notes while maintaining the privacy and safety of their sources can be complicated as they work on collaborative teams of varying technical and subject expertise. This talk will go over how journalists collaborate covertly in the newsroom, reviewing some tools and applications for dead-dropping data, and protecting privacy where possible, at places like the Washington Post, the Guardian Project, the New York Times, Ushahidi, and Internews Kenya.
Speakers: Harlo Holmes; Aurelia Moser; Barton Gellman
Sun, 20 Jul 2014 17:00 (Olson)
This talk is a brief history of the people and events which shaped The Telecom Digest's history, presented by its current editor. (The Telecom Digest is the oldest continuously running electronic magazine about telecommunications on the Internet - and one of the oldest mailing lists still on the Internet in any category.) Bill will discuss the previous moderators and the events that led to his stewardship. There will be anecdotes from the archives, some discussion of the personalities that formed the digest, and brief speculation about its future. There have been some truly memorable posts over the years which will be focused upon. The day-to-day workflow will be described, along with the ways things have changed over the years, from manual efforts to Usenet access to the current Majordomo II list management software. Hear about the evolution of the digest from a mostly "Bell" centered e-zine, to the Wild West days of MCI and Sprint, up to the re-consolidations now underway. In addition, Bill will explain his philosophy of moderation and the ways he goes about it while seeking to lighten the moderator's technical workload, automate manual procedures, and his preparations to adapt for the new YaGooMail "walled garden" paradigm.
Speakers: Bill Horne
Sat, 19 Jul 2014 18:00 (Serpico)
The technology to turn e-waste into musical instruments is free, open source, and waiting to be fully explored. At this talk, you'll learn how the computer junk piling up in IT departments everywhere can be transformed into novel input devices, allowing kids and adults alike to create physical instruments to control electronic music.
Speakers: Colten Jackson
Sun, 20 Jul 2014 12:00 (Manning)
Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don't do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it's easier than you think!), these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work... allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than a staircase as far as building security is concerned!
Speakers: Deviant Ollam; Howard Payne
Fri, 18 Jul 2014 20:00 (Olson)
Do you experience numbness or weakness in your hands? Do you have a permanent case of Emacs pinky? Are you playing vi golf for your health? Since the release of the Macintosh 30 years ago, mainstream human-computer interfaces have changed little, and hardcore computer users (hackers, coders, gamers, etc.) are paying the price.
This talk will examine potential solutions to the repetitive strain injuries commonly experienced by computer users, including: head-based cursor control, ultra-ergo keyboards, foot pedals, and other optimizations.
Speakers: Carl Haken
Sun, 20 Jul 2014 11:00 (Manning)
Service providers have always had to shoulder a tremendous ethical burden because of the volume of personal information they hold, including files, metadata, and geolocation data. Some, like Calyx and Lavabit, have been willing to take extra steps to protect their customers' privacy rights. After Edward Snowden's revelations about the U.S. government, some larger providers have become more willing to fight for their users in court or speak publicly about surveillance demands. But many court dockets remain sealed. This talk will explore the telecommunications privacy landscape as we now know it, including the extent of the surveillance regime that some of us suspected all along. The focus will be on best practices for service providers at many levels: software design, API design, network design, policy, and more.
Speakers: Nicholas Merrill; Ladar Levison; Declan McCullagh
Sun, 20 Jul 2014 13:00 (Serpico)
Johannes of art tech group monochrom will indulge in a public rant about hacker culture and why it has to be saved from itself. Expect strong language, indecency, and valid critique of the status quo of hackdom. (No wonder his 2008 Google Tech talk got censored and never made it onto Google's YouTube channel.)
Speakers: Johannes Grenzfurthner
Fri, 18 Jul 2014 18:00 (Olson)
This talk will provide an explanation of the G programming language commonly known as "G-code." G-code was originally developed in the 1950s to allow numerical control of industrial manufacturing equipment. G-code's major user base is not traditional programmers or software engineers, but machinists, manufacturing programmers, and those who own 3D printers. In modern times, it is used to control everything from a home-built RepRap to massive CNC milling machines to make anything you could possibly imagine.
Speakers: Todd Fernandez
Sat, 19 Jul 2014 16:00 (Serpico)
We all know that law enforcement (and private companies, for that matter) can track you through your mobile phone. But how exactly does tracking work? How precise are they? When can they get this data? And is there anything you can do to obscure your movements without moving into a Faraday cage? This talk will discuss the various technologies that law enforcement, intelligence agencies, and private industry use to track individual movements. There are a surprising number of different techniques. Many involve the signals emanating from - and records created by - mobile phones, but there are more specialized - and surprising - tracking techniques in use as well. The tower data information contained in cellular call detail records, E911 "pings," tower dumps, IMSI catchers, aggregate metadata analysis, Wi-Fi and Bluetooth-based locators, traditional RF and GPS trackers, and some of the sophisticated "implants" used by intelligence agencies will all be discussed. Can you opt out without opting out of the Information Age? Not always, but there are a few countermeasures that work, as well as a surprising number that don't. There will be an analysis of a number of real-world cases of tracking, as well as tips on how to learn from the mistakes of others.
Speakers: Matt Blaze
Fri, 18 Jul 2014 14:00 (Manning)
Vivien Lesnik Weisman, director of the upcoming documentary film The Hacker Wars, speaks with Drake on the confluence of hacktivism and whistleblowing. Depending on one's perspective on who should regulate information, hacktivists and whistleblowers are either criminals or freedom fighters. Drake will discuss his own case and the dystopian dynamic that ensued when the criminal justice system was used as an instrument to destroy him. In light of his personal experience with the state, he will discuss the importance of specific stories of young hacktivists, along with that of whistleblower Edward Snowden, including their battles with the U.S. government.
Speakers: Thomas Drake; Vivien Lesnik Weisman
Sat, 19 Jul 2014 19:00 (Serpico)
Cryptocurrencies are here. Bitcoin is in the news and in the courts, and many other currencies are following, offering everything from anonymous transactions to redistributive economies to monetary sovereignty to, of course, doges. Related platforms promise to reinvent DNS, cloud storage, voting, contracts, even the corporation itself. To really understand what's happening, and how we can steer cryptocurrencies towards accomplishing social and political goals, we need to connect the breaking news with the deeper history of the technology of money. This will be a look back - before Hashcash and DigiCash, before Chaum, May, Diffie, Hellman and Merkle - and forward, into the future to plausible scenarios and speculations for launching projects now. What connects Belfast pubs in 1970 with the vault of the New York Federal Reserve, trading networks of the Islamic golden age, an Austrian ski village during a global depression, willows by the Thames, and an extraterritorial fortress on the outskirts of Singapore Changi Airport? Why are survivalists filling ammo boxes with rolls of U.S. nickels? Why do the differences in hash algorithms matter, and what covert software agreements underwrite the verification of physical bank notes? Money is one of the most significant social technologies that humans have invented, and cryptocurrencies are an opportunity to hack on the architecture of trust, verification, value, and credit that shapes how we can live. This talk, and conversation during and after, will explore what we can do with this opportunity.
Speakers: Finn Brunton
Fri, 18 Jul 2014 15:00 (Serpico)
We are hearing about the problems of software patents everywhere: in the tech blogs, in the mainstream news, from the President, and even out of the Supreme Court. We hear stories of patent trolls destroying technology companies and small businesses with patents on such simple ideas as scanning to email or in-app purchases. How did we end up with a patent system that generates patents that become the tools of legal abuse? This talk will look at the patent system like an insecure OS, one rife with vulnerabilities in dire need of patching. Just as an unsecured computer can be misused to the ends of malicious users, vulnerabilities in the patent system allow clever lawyers and patenters to obtain patents on simple ideas, ones that anyone with an ounce of programming skill would find obvious. We will look at how to get a patent on comparing and adding two numbers - a patent that actually exists right now. We will consider the flaws in the system that allow aggressive patent holders to exploit weak patents and extract money from real innovators. And we will talk about how to fix that system - but only with the help of all of us who care about the future of technology.
Speakers: Charles Duan
Sat, 19 Jul 2014 11:00 (Serpico)
Explore unlikely connections between well known milestones in technology, tech culture, and seemingly mundane things and events that helped bring them into being. The importance of these seemingly insignificant sparks could not have been imagined at the time of their introduction. The discussion starts with the story of how the Casio mini calculator led directly to the formation of the software giant Microsoft. Next, the talk will explore how early 1970s minicomputer field techs accidentally invented the first personal microcomputers, predating the Altair, IMSAI, and Apple I. The conversation will move to the hidden connections between Datapoint computer company CEO Harold O'Kelley, the Intel 4004 processor, and the eventual dominance of the Ethernet networking protocol over token ring and ARCnet. The presentation will conclude with a story of unlikely connections between a 1963 hearse, the Commodore 64 version of the Ghostbusters! software package, and the true uncredited originator of the story that the film and game was based on.
Speakers: Bill Degnan
Fri, 18 Jul 2014 22:00 (Serpico)
Outside of the hacker community, security as an afterthought has always been the norm. Too often we see the following: systems designed without thought for security, then later that system is compromised, and finally a hastily created patch is released (if we're lucky). But did you know that this "security as an afterthought" approach is what we currently teach in schools? Yes, even many of the best schools teach and treat security as a separate topic, leaving it for an advanced class that interested seniors or graduate students might choose to take as an elective. It is all too easy for an undergraduate student to gain a computer science degree without ever learning about the security concepts relevant to their specialty. Security is an integral facet of just about every topic in computer science. Rather than treating security as an afterthought, something that we address after all the foundations are fully in place, it should be treated as an integral part of networking, programming languages, operating systems, and just about every other computer science discipline. Especially offensive aspects! Fixing the way we teach security is a tall order, but it's a more lasting solution. Most short term solutions are Band-Aids on the root problem. Perhaps most encouragingly, we have an existence proof of security being successfully integrated in other fields. This talk will cover computer science curricula, how security is taught and integrated throughout course work in academia, and evaluate an exemplar in a different science where security is being integrated in early curriculum.
Speakers: Sarah Zatko
Fri, 18 Jul 2014 17:00 (Serpico)
We all know that HTTP is insecure, but the Snowden revelations of 2013 showed that insecurity runs far, far deeper than most of us could have imagined. It's bad enough, in fact, that anyone who still supports it is contributing to the weaponization of the Internet by government spy agencies. The speakers believe that nobody at HOPE X has any excuse to be using plain HTTP instead of HTTPS in 2014. In this talk, they will summarize what the Snowden revelations mean for protecting data in transit: scary stuff like how supposedly secure cookies on social network sites can be turned into custom beacons for marking victims of targeted malware. They'll talk about what every web service provider needs to do at the very minimum to mitigate these attacks, and what clients can do to protect themselves. Finally, they will share some success stories from the last year that show how Edward Snowden has raised the bar for web security and created a safer online landscape for the average user.
Speakers: Yan Zhu; Parker Higgins
Fri, 18 Jul 2014 22:00 (Olson)
I Am The Cavalry is a relatively new grassroots organization with volunteers from around the world, focused on issues where computer security intersects public safety and human life. Their mission is to ensure that these technologies are worthy of the trust we place in them. Manufacturers of medical devices, automobiles, home electronics, and public infrastructure have been quickly adopting computing technologies. Our dependence on computer technology is increasing faster than our ability to safeguard ourselves. Our technology has advanced to the point where we no longer have to ask "can we?" but we rarely ask "should we?" The hope is to fix this through education, outreach, and research. Hear lessons learned from fuzzing the chain of influence, getting root in the C-Suite, escaping echo chamber sandboxing, initiating two-way handshakes, and building human protocol-aware processes, etc.
Speakers: Geoff Shively; Beau Woods; Jen Ellis; Andrea Matwyshyn
Fri, 18 Jul 2014 16:00 (Olson)
The iOS operating system has long been a subject of interest among the forensics and law enforcement communities. With a large base of interest among consumers, it has become the target of many hackers and criminals alike, with many celebrity thefts of data raising awareness of personal privacy. Recent revelations exposed the use (or abuse) of operating system features in the surveillance of targeted individuals by the NSA, of whom some subjects appear to be American citizens. This talk identifies the most probable techniques that were used, based on the descriptions provided by the media, as well as today's possible techniques that could be exploited in the future, based on what may be back doors, bypass switches, general weaknesses, or surveillance mechanisms intended for enterprise use in current release versions of iOS. More importantly, several services and mechanisms will be identified that can be abused by a government agency or malicious party to extract intelligence on a subject, including services that may, in fact, be back doors introduced by the manufacturer. A number of techniques will also be examined in order to harden the operating system against attempted espionage, including counter-forensics techniques.
Speakers: Jonathan Zdziarski
Fri, 18 Jul 2014 18:00 (Serpico)
In 1992, TCP/IP co-inventors Vint Cerf and Robert Kahn founded the Internet Society, instilling their belief that "the Internet is for everyone" into the policies and operations that the institution has championed ever since. The Internet Society has become the de-facto organization that maintains attention and lobbies on behalf of the public interest on all issues of Internet policy. Thanks to SOPA, Snowden, and the recent FCC rulings, issues of Internet policy are now very much in the public eye, but certain details have been misunderstood or misrepresented in the frenzy of discussion and reports. This talk by members and employees of the Internet Society will help to inform and educate HOPE attendees, providing them a solid knowledge base and history of Internet policy to work from. The three panelists each maintain different areas of expertise within the field of Internet studies: Jeremy has researched and written on the early history of the Internet's development and the policies discussed by the Clinton administration that brought the technology into everyday use; David has long been active in grassroots Internet efforts and can speak to some of the less traditional perspectives on Internet governance; Avri will speak to the worldwide governance efforts and the deliberations around the Internet among several countries. The panel will examine the history of the Internet, the policies around it and some of the key initiatives it has helped to spark.
Speakers: Jeremy Pesner; David Solomonoff
Sun, 20 Jul 2014 18:00 (Serpico)
Kevin Warwick made history in 1998 with an RFID chip implanted under his skin. He went on to use sophisticated electrodes to control a robotic arm, achieved human to human nervous system hookups, and even tried transatlantic teledildonics with his wife. Fast forward to 2014 as eager consumers strap on wearable fitness monitors and allow Samsung's creepy eye icon to track their gaze, just so their video will pause when they look away. Worried about Google learning your habits from your Nest thermostat? Your Nike+ FuelBand probably knows a lot more about you, like those times you burned 150 calories at 3 am without taking a single step. Japan's smart toilets realize you're getting sick before you do, and they can tell your doctor. Or, perhaps, your insurance company. This talk presents some of the most intriguing privacy-invading body technologies and looks forward warily to the near future, when the skin cells you leave on a store's PIN pad might be DNA sequenced without your knowledge. You won't believe how many people are after your body-data, and how much it's going to be worth on the open market. There are things you can do to protect your bio-privacy, but you have to start now!
Speakers: Tom Keenan
Sun, 20 Jul 2014 10:00 (Olson)
The LambdaMOO server, the application server that still powers the LambdaMOO online community and that was the engine for hundreds of other text-based virtual worlds (MUDs), was first released over 20 years ago, in 1991. MUDs (Multi-User Dungeons) were the first networked virtual worlds; and they were popular long before Second Life, Word of Warcraft, and MMORPGs in general made their appearance. Even though much of the code in the current LambdaMOO server is unchanged from the early 90s, people today still download the code, compile it, and build little worlds with it. Motivated by a desire to build simple little immersive experiments that users could interact with and extend via programming, but frustrated by LambdaMOO's lack of features as well as source code that was several decades away from modern best practices, Todd spent the last four years modernizing the server, and building applications and a library of application building blocks. The result is a fork of the codebase called Stunt that speaks HTTP (instead of telnet), includes up-to-date cryptographic primitives, and sports language enhancements like multiple inheritance and garbage-collected, anonymous objects. On top of this platform, he built a simple, modern MVC web framework. In the process, he learned quite a bit about maintaining, evolving, and extending old code, and about interacting with a small but passionate community of longtime users! Sharing these learnings, rather than talking about the specific technical details, is the purpose of the presentation.
Speakers: Todd Sundsted
Sat, 19 Jul 2014 13:00 (Manning, Serpico, and Olson)
We're thrilled that the whistleblower of all whistleblowers - Daniel Ellsberg - will be one of our keynote speakers this year. Ellsberg was the cause of one of the biggest political controversies ever seen in the United States when he released the Pentagon Papers in 1971 and changed history. We are honored that Daniel Ellsberg recognizes the value and importance of the HOPE X conference and it's great to know that he'll be able to speak in person to a whole new generation of individuals who will also shape the direction of the world one day. We can only hope they'll also be ready to stand up for their convictions, no matter the cost.
Speakers: Daniel Ellsberg
Sun, 20 Jul 2014 10:00 (Manning)
Whistleblowers and online whistleblowing platforms have received quite a bit of attention recently. Discussions range from the feasibility of implementing a sufficiently secure platform online for whistleblowers, to the changing role of journalism, to the ethics of whistleblowing itself. The lessons learned from implementing multiple whistleblowing platforms in various contexts will be presented here. The main experience is from Publeaks, a Dutch whistleblowing system based on the GlobaLeaks platform, launched in September of 2013. (Publeaks now has almost all of the national press on board.) The development of other leaking sites - like Wildleaks in Africa - will be discussed. Globaleaks and SecureDrop will be introduced and compared. The panel will reflect on social and legal challenges that your group might be facing if you try to implement a whistleblowing platform. You will get some practical and theoretical insight into how you can create your own platform, whether for internal whistleblowing in an organization or for broad multi-stakeholder installations like Publeaks.
Speakers: Jurre van Bergen; Sacha van Geffen
Fri, 18 Jul 2014 15:00 (Manning)
If you're curious about what lockpicking is all about, this is the talk for you. Several different ways of opening a lock will be shown (picking, bumping, snapping, key impressioning) and explained in detail. No prior lockpick experience or knowledge is needed. This talk will start at ground level. Lockpicking has a clear analogy with the digital world (you have a firewall, therefore you are secure; it has a lock, therefore it must be safe). Consider that physical access will, in lots of cases, render your digital security measures obsolete. After this talk, expect to start rethinking your physical security.
Speakers: Doug Farre; JGor, Babak Javadi; Ray; Jos Weyers; Deviant Ollam
Fri, 18 Jul 2014 16:00 (Manning)
In the past decade, the hacker subculture of LockSport has seen a tremendous explosion. What was once the purview of dedicated specialists, far-flung hobbyists, and college students meeting in secret is now featured prominently at technical conferences, family-oriented science fairs, and even TV shows. The Open Organisation Of Lockpickers now has nearly 20 chapters across the Netherlands, the United States, and Canada. Sportsfreunden der Sperrtechnik is still going strong with hundreds of members. Locksport International has meetup groups in major cities. Regional groups like the Fraternal Order Of LockSport, the Longhorn Lockpicking Club, the FALE Association of Locksport Enthusiasts, and more conduct local meetings and engage in joint ventures with larger organizations. At the annual LockCon conference, sport pickers from over a dozen countries gather to learn from one another and compete head to head. Despite the shared interest and community between all LockSport groups, there is great variation between the cultures and values of these participants. This panel discussion will feature some of the key figures from various locksport organizations around the world and will hopefully highlight some of those differences and offer the audience a chance to ask questions about locks, LockSport, and competitive lock-opening.
(A primer on basic lock-picking and lock-opening techniques will be offered very quickly at the start of the session if you've never learned these kinds of skills before!)
Speakers: Doug Farre; JGor, Babak Javadi; Ray; Jos Weyers; Deviant Ollam
Fri, 18 Jul 2014 11:00 (Manning)
Forensics is tedious and occasionally mind numbing. Exploit discovery and development is extremely detail oriented, and requires strong coding skills. Good Blue Team defensive strategy and implementation is team based, precise, and careful. But put a white lab coat on and, apparently, it's all magic! From Abby's "It's commercial encryption, so it's
Speakers: Sandy Clark (Mouse); Joshua Marpet
Sun, 20 Jul 2014 16:00 (Manning)
North Korea prevents its citizens from accessing any form of independent media or information. Any citizen who attempts to access foreign broadcasts to seek information from the outside world risks being interned in one of the state's notorious prison camps. The very few visitors allowed into the country are strictly forbidden to bring any radios, GPS receivers, or other communications equipment. As a result, little independent and objective information about the propaganda-based mass media of the country has been gathered and published. Over four successive trips into each province of the DPRK, Mark has smuggled electronic equipment in and out to capture, monitor, record, and analyze hundreds of hours of local and regional domestic radio and television broadcasts used by the North Korean regime as a prime instrument of control over the population. This will be a fast-paced interactive audio/visual presentation of rare video, audio, and still photography together with an explanation of the social engineering techniques he used to successfully travel throughout North Korea and covertly gather information with concealed electronic equipment.
Speakers: Mark Fahey