I felt a bit sad today as HOPE_16 was wrapping up. I rose at 5:30 to start my day early and finish writing the blog. I started in my hotel room and made coffee. I miss the mornings when I’d rise and make Deborah coffee after spending so many weeks in hotels with her. We talked often on Sunday and used FaceTime; it is good to see each other.
As usual, I went to Quicken and started downloading all the financial transactions on my various accounts and credit cards. There was no criminal activity, and I updated some of the categorization so my reports and screens in Quicken better reflect the reality of my finances. I have a pretty good picture every day of my income and outgo. I was annoyed that the Bank of America website was down and disconnected from Quicken. Apparently, they had an outage, and Quicken required me to re-enter my connection information on Sunday evening. This happens when any connection breaks, but it does make you recheck that you are on your private network and not on something pretending to be the hotel or other “friendly” networks! While it is unlikely a criminal would raid me, it is possible I would be reminded, possibly quite spectacularly, had I lost my password to a hacker at HOPE_16. I would expect to discover, later, that I had a thousand one-cent transactions (500 +1 and 500 -1) in my account, serving as a reminder to be more careful with rather direct text on each. But nothing like that happened.
I remembered to keep my phone locked down and did not bring my laptop with me, though I saw more and more laptops as the weekend went on. I am unsure if Smithers, the name of my laptop, is secure enough for the Hackers’ Conference, as it’s still set to be very friendly. It did warn me that the hotel Internet connection certificates were bad, and I told it to ‘forget’ them.
I returned to the lobby after I showered, dressed, and all of that. A week of hotel life doesn’t bother me, but I do miss knowing anyone here. I have made a few acquaintances, and I am sure that at the next HOPE, I will feel more comfortable and bring my laptop (with it set to be less likely to wander, with VPN definitely running), which would open more workshops to me and make note-taking digital. I am writing everything in a book my sister gave me (though I broke the supplied pen).
I put away my laptop, looking a bit longingly as I do miss having Smithers, and grab my bag, the Strand Bookstore bag I bought for $1, and head out with my analog solutions to notes taken, pen and paper, and my iPhone. I put an apple, the fruit, and a bottle of water from the hotel in my bag. Victoria, a woman I met at the bus stop, complained that the last Q30 bus had ignored her. She is from DC and was upset that the buses here were not as friendly. I reminded her that she was in NY and told her I chased it down the day before, and they opened the doors in the street. I dodged cars to get on board. She laughed when I said one of us would have to take ‘one for the team’ and literally throw ourselves under the bus. Victoria, I learned, is IT for a non-profit in DC and does, among other things, InfoSec for her employer.
We soon had a whole crew of folks waiting for the bus to travel to HOPE_16, and the bus did stop for us; nobody had to stop the bus. We arrived, and, being hackers, half went one way in, while the others walked to another entrance. I said many good mornings as I am beginning to recognize folks. I headed to a talk on the impact of Quantum computers on security.
The presentation was high-level as this emerging technology, Quantum Computing, has been, well, emerging for a long time (and I have very little faith that it is real or usable). The presentation, with a non-English speaker, had CC running and covered the current state of the technology (very much still a lab experiment with rumors that sovereigns have it working and that China has already broken encryption with it).
Though I thought it was too early, there are recommendations to change encryption in the future to much more expensive and challenging to break methods. The suggestion is that organizations need to be ready for the new future in ten years and should start planning. Again, I thought it all very speculative, but I took notes on things to learn: Grover’s Algorithm, Shor’s Algorithm, Python Quantum called QuTip (yes, that is the name). Lastly, anything encrypted now and saved might be breakable in ten years. That presents some interesting challenges for long-term secrets that are exposed as encrypted material. Hmmm.
Next was an interesting group that was building drones in Mexico using 3D printers to deliver medicines to hard-to-reach communities in the mountains. I discovered it was the same guys who were doing the jewelry from the day before. Their most complex issue, I learned, was actually flying and not crashing the drone. The selected drone was more of an RC plane than the typical up-down drones you usually see. They are now trying to set up non-profits for this, and I did talk to them about checking with their local liberal churches, which they thanked me for, but I felt that was not going to happen.
Victoria, while we were talking, I mentioned my church, and she then suggested that we drop ‘Christian’ as it was too toxic now. She said the history and association with the far right made it a threat, and we liberal and moderate church-goers needed to drop the name church and find more friendly terms that are not associated with hate and a bloody history. She said this to be helpful. An interesting observation from Victoria.
I watched part of an OOCRO.org, Organized Crime and Corruption Reporting Project, presentation. This is a journalist project that helps reporters work across county borders to report on crime. They have an online tool, Aleph, with an excellent multilingual search that can take a word like ‘Putin’ and find the Russian version and use that too in the search. I tried it out during the presentation. I found lunch after walking out early — it was more of a sales pitch and something I am not likely to use. They did cover how they built the search, but I decided lunch was a good idea.
OOCRO.org has just implemented a 25% layoff following the USAID funding cut.
I made an error; I thought the book binding workshop was at 1, but it actually started at 11. I made a mistake when I wrote it down (dropping a 1) and did not double-check. I missed the workshop, but I had picked replacement items in case the class was full.
Instead, I attended a standing-room-only ATM Hacking presentation. The presenter, Roman Pushkin, an ATM expert, covered the history of ATMs and their hacking. He broke down how an ATM card strip is populated and how to hack one. He made it clear that hackers are different from criminals; hackers want to understand how things work and point out failures, whereas thieves steal. There seemed to be a general agreement on that. He then pointed out that a USB slot on most ATMs is the starting point for successful attacks.
Roman then produced a coin machine you see at grocery stores in the US, and pointed out the USB slot, and showed the manual for the coin machine online. He even built a machine to take over the coin machine. “We are Hackers and love little black boxes,” he said, demonstrating his ability to extract all the coins he wanted. He did not demo the hack of the cash dispensers in an ATM, but suggested that they, too, are USB devices and can be taken over in the same way. It was an impressive display, and he pointed out that ATMs could be better built to avoid this issue. It is just banks being lazy, he suggested.
(Please see my previous blog for a note on this, if this is shocking to you.)
For those who do not know these words, Large Language Models (LLMs) are a means to make chatbots and ChatGPT (and like tools) understand and produce meaningful text. The following presentation focused on hacking LLMs and exposing forbidden, protected, or claimed-to-be-excluded content. It seems that the LLMs are used even in video games, with Darth Vader being assigned one that was hacked (and using the now AI-controlled voice of James Earl Jones to spout facts once it was hacked; insane!). The presentation demonstrated how to exploit these LLMs to perform odd and sometimes awful tasks. The presenter has made the vulnerabilities clear to officials (yes, some folks monitor and report on this stuff). Still, a few of the LLM owners are actively pursuing more protections, and the new Trump laws will remove most requirements to address these issues. Yikes!
Lastly, ICEBLOCK’s creator gave a speech and was then verbally beaten up a bit by the Hacker community as he, Joshua Aaron, refused to make the code for the app open source. The community seemed more than willing to help, but Joshua was clear that he felt he and his family were endangered by the reaction of the Trump administration, the right-wing news agencies, and trolls. I felt for Joshua as did all the Hackers, though they were clear they disagreed with Joshua.
The closing ceremonies were late and confused. The report on the network, traffic, malware discoveries, and evaluation of the security of individual users was interesting. This is, I learned, a reason to show up for the ceremonies. About 30% of the folks on the network needed, according to the report, more security training. The number of folks connecting to their banks using open access was disturbing. Had HOPE_16 been a man-in-the-middle attack, it could have been unfortunate. They also identified various hacking attempts and malware running on some users’ computers. They supplied the device name so the impacted folks could kill the malware. They brushed off the attacks. China accounted for a significant portion of the traffic.
I walked back in the rain to the bus and caught the Q30 back, and then walked some more in the rain, getting damp, but not cold (until the AC from the hotel hit me). I ordered veal and mushrooms from the local Two Brothers Pizza (I had promised to try the veal) and talked to Deborah for a while. I walked for ten minutes, took a break, picked up my dinner–they remembered me, got back to the room, and spilled the salad dressing on myself, but I still enjoyed the food. Deborah and I ended our day together on a FaceTime call, and soon I was asleep.
I had a nightmare about 3ish, kicked off the covers, and then kicked the AC machine, and the pain woke me. No damage to me or the AC, and soon I slept again. I was reading a horror/SciFi book before sleeping, and it leaked into my dreams. Ugh! I dreamed I was on a burning hot floor with bare feet and had to get away. Some kind of trapped environment; the details are fading from my memory.
(Small rainbow as I walked back in the rain)
My foot is good. Thanks for reading!
Alohawild (Michael Wild's) Website 