Last year at DEF CON 7.O, I reported on the hacking group releasing the (debatably) great Back Orifice 2000 application in a sight and sound spectacular, but this year there was more fluff than stuff.
cDc's presentation set the tone by starting out with an audio track of a farmer and his daughter's encounter with a possessed disemboweled attack cow, and progressed to a lip syncing performance by the cDc front man Grand Master Ratte, and onto one of the most bizarre skits I've ever seen.
Thankfully there were several interesting speeches by other members of the cDc crew, starting with Sir Dystic. He made an announcement resulting from his recent NetBios hacking sessions, during which he said he discovered it is possible to remotely shut off drive shares on Windows machines. Sir Dystic said he will be releasing applications to scan for and disable NetBios drive shares shortly.
He said that, when he told Microsoft about the problem four weeks ago the software maker told him they already knew about it and were about to release a patch, but I don't think Sir Dystic believed them.
He said all versions of Windows would be affected, that "the solution is to use IPSec, and that doesn't work with Win95/98," and that "DSL and cable people are screwed." He mentioned a possible solution for those users of firewalling UDP port 137, though that may be unrealistic for most users. Another thing Sir Dystic discovered was that when a Windows machine logs into a network, it sends out a packet to ask the other computers whether it's OK to use the computer name it has, and that it's possible to tell it "no." He will be releasing an application that a user could run on a network to prevent everyone else from logging on at DEF CON in two weeks.
After another lip-syncing number or two by Grand Master Ratte and crew, Oxblood Ruffin announced that he had personally recruited a group of six programmers to work on a project to bring the uncensored internet to countries that censor their people's use, like China. Two of those people were the famous German hacker Mixter and the notorious BroncBuster.
"You can start looking for this change on the Internet next fall," Oxblood said. "That's all I can say about this right now. You will certainly hear more about it."
DilDog shared some of the things he's learned since he released Back Orifice 2000 at DEF CON last year, among those was that he can't deal with the 40 e-mails a day he gets, the vast majority of which are either asking for tech support or demanding updates. The e-mail overload has caused him to overlook legitimate e-mail from people wanting to report bugs. His solution, which he said he's spent a lot of time on, has been to, in conjunction with sourceforge.com, set up a repository for people to come and add changes and bug fixes and updates to BO2K, and version 1.1.
"The BO2K thing went pretty well. I would say pretty much mission accomplished for now," he said, however, "as an inventor I am moving onto other projects that I hope will change the world."
Drew Ulricksen is ZDNet's Web developer.