Day 2 of Defcon was as good as the first. I've been finding the idea behind Hacker Spaces to be almost invaluable, and if I had a garage or something, could find myself creating something like that. Having come to Defcon as more of an observer, and desiring to get involved, I wish I had brought more stuff (like a solderig iron at least...) Hacker Spaces definitely satisfied my need for that.

Ne0nRain's "Hack Your Brain with Video Games" presentation was sorta "botched" because her "BioTetris" game got stuck in customs. The basic idea was that by hooking something up to your brain, and playing a specially designed video game, you could overcome mental disabilities, learn to conquer stress, or learn/perfect skills that would normally require years of practice. I'm all for cutting corners when it comes to learning.

The highlight of my day was Dan Kaminsky's "Black Ops 2007" talk. His talk last year was absolutely phenomenal. The idea of getting a graphical diff of a binary intrigued me last year, so I came back this year for more. The simple fact that it was a full house should tell you something. First, he demonstrated that he ported his graphical binary diff tool from last year to a Winamp plugin. He then moved on to his newest toy: a vpn concentrator in your browser (which he named Slirpie). This required quite a large amount of trickery, and I really wonder where he gets all his free time to do this, but it was a combination of a perl DNS server, a TCP implementation in Javascript (holy crap), and a Flash program that opens your LAN to the internet. Oops!

As I sat in Kaminsky's talk, I realized that there are WAY too many web applications (my own included) that assume the javascript being invoked to configure a page is the javascript you linked in your page. This is a bad idea, and I'm realizing it more and more as I write more GreaseMonkey code. Once the page is loaded and the javascript engine takes over, I win, hands down. It's my content now. This makes me want to go back through and perform a CRAPLOAD code audit on my own code... Yeesh

Daniel Peck and Ben Feistein presenting a tool called CaffeineMonkey which was designed to detect malicious javascript. This is a great idea, although I have my doubts as to how well it works with obfuscated javascript (they claimed it did rather well, which makes me wonder how). One thing I did find interesting is that as they collected 8GB of data from MySpace, the javascript was relatively banine, consisting mostly of trackers, etc. Considering that there is another talk tomorrow about MySpace attack vectors, this is quite surprising, considering the amount of phishing that goes on in MySpace.

The last talk I went to was a talk entitled "Hardware Hacking for Software Geeks." This talk was a bit disappointing for me, because it didn't cover anything I didn't already know. Granted, it was only 50 minutes long, they went over the tools you need to start hardware hacking, but I wanted to know a great place to get started, like PIC development and their tools or something. I picked up a few books on hardware hacking in the vendor area, so I guess that's where I start.

Seriously though, I'm sitting in the Hacker Spaces Prototype right now, owning everyone in Wii Sports, and feeling a good comraderie with other geeks. A girl just came in with a problem with her PCMCIA wireless card fighting with her wired NIC. We sat down and fought through it, and got her back up and working. Oh how I pine for a geographically close network of geeks.