The seventh HOPE conference was held this past weekend in NYC and I was there to take in the numerous talks. Such subjects covered were lock picking, Wikipedia’s evils, YouTube, FOIA, hardware hacking and a lot more. Special talks were also given by Steven Rambam, Steven Levy, Adam Savage and Jello Biafra.
MAKE magazine has become somewhat of a phenomenon over the past few years, and they are of course very well-known in the hacking community. After all, hacking covers a wide spectrum of things, and building your own products from scratch is undoubtedly a form of hacking. This talk was given by two of MAKE’s most active members, Phillip Torrone and Limor Fried, who just launched a new “Citizen Engineer” video series.
They showed off two new videos that were recently made available on the web site, which covered both building a SIM card reader and also, get this, taking an ordinary pay phone and hacking it to work in your house. Both projects require patience and certain technical know-how, but as long as you are willing to learn, both should be easily possible with the nicely-presented how-to videos.
The pay phone project interested me most, for two reasons. The first is that many early phone phreaks used payphones as the target of their hacks, and they’ve become a product synonymous with 2600 magazine. The second reason was simply because it’s COOL. Imagine the looks you’d receive, having someone over, and them catching wind of the PAY PHONE on your wall. Talk about a conversation starter!
The best part might be the price. Aside from the tools you’d require, many pay phones are now being decommissioned, resulting in thousands sitting in warehouses. This results in the ability to find one as low as $50 if you look in the right places. That’s less than most house phones nowadays, and they will pale in comparison to something this unique.
Throughout history, events will occur that will be written or typed and kept, whether it be government-related or something of a more personal nature (such as an FBI file, or documents relating to a certain crime). Eventually, that information will be cataloged and stored somewhere, in case it’s needed again in the future, and for historical reasons.
The FOIA came into effect many years ago which allows this stored information to be had by anyone who asks, depending on what it is, and whether or not it’s confidential. As Phil Lapsley discussed in this talk, if you are creative, you can sometimes acquire information you were not meant to see, with a little bit of creative thinking.
The general scope of the talk was to inform people on what the FOIA is, and how the process works to receive information requested. He made certain to let people know that receiving information you request will not be a quick process. Usually, the minimum is 60 days, but he’s has personally received some information almost a year after it was originally requested.
What information could you possibly want? Well, if there is some classic case that you are curious about, you could see about requesting related documents. Or, if you somehow think there may be an FBI file on yourself or someone you know, that’s another possibility. This talk was exceptionally informative though, and I regret leaving without a DVD copy. Be on the lookout for the audio though, which should become available in the weeks to come on the official site for this particular conference.
The name of this talk is a little odd, in that it’s hard to tell what it’s actually about without showing up. Matt Fiddler and Marc Tobias are professional lock-pickers who wanted to let everyone know how the majority of locks nowadays are not as secure as the companies who develop them would hope you’d believe. They covered everything from a normal house lock to the most secure high-security locks on the market.
Lock-picking a simple lock is not all that difficult with the right tools, but more advanced locks, such as the ones Medeco develops for high-security applications (think government-grade), are designed with much more elaborated mechanisms to both be lock-pick-proof and also bump-proof. Bump picking is the process of bumping a lock while a custom key or pick is inserted. The first thing Matt and Marc demonstrated on stage was bump-picking Medeco M3 locks, successfully. Surprisingly, all it took to break into one was fifteen seconds and eight to fifteen bumps.
The problems evidenced here are obvious. Medeco (and others, I’m sure), boast about having the most secure locks in the world, and because of this, they are used all over the place, especially in high-security environments. But as evidenced on stage, even their “Bump Proof” locks could be opened with bump-picking… go figure.
As the testing and results progressed over the years, Medeco has shunned both Matt and Marc off, which is no surprise. But instead of fixing their locks, they simply choose to ignore the situation. There are of course locks out there that are very, very hard to pick, but it’s important to realize that certain locks might very-well be easy to break into. It pays to read up on that particular lock, and understand the results of lock-picking attempts.
After all, if an eleven-year-old can pick a lock with little effort, then those with the ability to mend their own keys or have intense knowledge of lock mechanics will have even less problem.
Alright, so Wikipedia isn’t entirely evil, but it can be thanks to ‘evil’ editors. The talk was presented by Virgil Griffith, who created the now ultra-popular WikiScanner, a web-application that has the ability to scan all of Wikipedia to find out which articles are being edited by which users/organizations, and who might be up to some shady business.
Who would ever edit in a wrong detail, you ask? Well, this goes far beyond the little brat who thinks it’s just hilarious to write ‘penis’ all over the Xbox 360 page. No, this focuses more on companies and corporations who actually a) have less-than-desirable truths about them that they don’t want the general public to know or b) falsify their entry to make the company or product appear better than it actually is.
It’s probably not much of a surprise, but this happens a LOT. There have even been ‘web wars’ where companies edit other (competitor) stories to make them look worse than they actually are. It’s hilarious really, but it’s also a real problem. With Virgil’s tools, all of which were shown off at the conference, we can all find out first-hand who is making the edits, exactly what they edited and potential reasons, and also view various trends. He went over so many different tools, that it’s hard to cover here in a small blurb, but it was very interesting to say the least. Stay tuned to his website for all current and upcoming tools.