Photos: Hacking at Defcon

To participate, would-be entrants must score well in a prequalifying round by answering questions ranging from hacker trivia to computer forensics and Web server administration.

For safety's sake, no metal projectiles were allowed (that is, no firearms). Instead, competition participants used projectiles like plastic pellets. Servo motors driven by a laptop controlled the gun. To penalize a shotgun approach, the contest rules included targets painted black that yielded negative points if they were hit.

Isaac Levy, a member of the New York City BSD User Group (pictured in the dunk tank) said he volunteered for the job "totally to support the EFF." By late Saturday afternoon, after nearly two full days, the Electronic Frontier Foundation had raised about $2,000.

A woman who gave her name as Michele volunteered to be dunked to support the Electronic Frontier Foundation. If conference attendees couldn't hit the target from about 25 feet away, they could pay $20 to walk up and push the lever to dunk their victim. Many did.

Teams (with names like GrayHat Militia and Aquateen Hacking Force) were given a locked metal box wrapped with wires with a simple circuit built on a breadboard inside on Friday. The task was to be the first to open the box, decode a picture puzzle, analyze the circuit and figure out the magic word. It was, by the way, "1057," which can be read as "lost" spelled entirely in numerals.

"I tried to think of a way to get hardware involved at con," Lost Boy said. (The skeletal hand and fangs were just there for decoration.)

Also at the conference, attorney Marc Tobias warned that many pin tumbler locks are vulnerable to opening through technique called bumping (click here for PDF). It relies on obtaining a "bump key" that has all cuts at the maximum depth. By inserting that key and rapping it sharply, the lock can be opened.

"From a legal standpoint, from a risk standpoint, we've got a problem," Tobias said. He recommended, among others, Medeco high-security locks.

Grand's creation used two light-emitting diodes, a switch and a Microchip PIC10F202 microprocessor. Of course, because thousands were distributed at a hacker convention, some attendees tried to hack their badges. One idea: Replace the badge's blue LEDs with infrared LEDs that could then be used to control televisions in Las Vegas bars and restaurants.

Any serious wireless hacker needs an external antenna to boost Wi-Fi signals. At Defcon this year, vendors were selling "WarDriving and Penetration Testing Cards and Kits" that would dramatically amplify a laptop's range.

This pair of pink undies asks for a username and password.

At a hacker convention, it might even be true. The "Wall of Sheep" is a Defcon project that sniffs out passwords and login data that are traveling over wireless connections. If it finds one, it'll display on a projector (though obfuscate your password just a little). Attendees are encouraged to use a wired connection instead--and encrypt everything, just in case.

Now that relationship is thawing. This photograph shows military, law enforcement and even some senior government officials showing up at Defcon for a "meet the Feds" preview.

The woman in this photograph, who did not give her name, verified her suspicions about this Fed (center) through a truly novel mechanism. She told the audience she had sex with the suspected Fed and then, when he was asleep, went through his belongings. The slightly embarrassed man acknowledged that he is a master sergeant in the military.

The code, as Kaminsky described it during a speech at Defcon, looks at dropped packets to detect whether any funny business is going on.

"It is automatically able to tell the amount of bandwidth between any two points," Kaminsky said.