The Word on the Street

I feel drained. And a bit fuzzy. All courtesy of Access All Areas III. The third installment of the ongoing UK hacker "thing" has just finished and I am going to have to wait a whole year for the next one. But, since this is the biggest complaint I have, I'm not complaining, sort of.

All we heard for the first hour after we got there was a story about the previous nights 2600 meeting. Sadly I wasn't there, but this is vaguely what happened. As you can imagine the night before the major con of the year a few celebrations were in order. Obviously some bright soul came up with the idea of getting ratarsed and going to some nice quiet internet cafe and shamelessly abusing their anonymous IP connections for their own nefarious ends. Things seemed to go according to plan until they actually got within 6 feet of the computers inside. Every single NT machine packed up, blue screened and pissed off home. Needless to say the management weren't too impressed and decided on a course of abuse, threats, bribes (I believe an offer of 500 quid was made to one person the get the net up and running again) and abuse. This particularly riled one rather masterly but also rather trashed member of the party who after doing some shouting (which translated to "I am a notoriushly evil hacker (hic) and I have come to reek shome deshtruction upon your network") was forcibly removed. I am assured that the net crash was a total co-incidence, and that declaring your allegiance to the dark side and freaking out the manager was an amusing but not particularly wise move.

The Useful Bits
The talks kicked off at about 10 and first off was a talk by Ross Anderson. He as talking on the low level of security and privacy even in large and so called 'safe' institutions like banks, credit and telecommunications companies, despite their claims otherwise. Potentially, this could have been quite a dry subject, however, this turned out to be a excellent first slot. Ross Anderson obviously knows his stuff and puts it across well. Not only did he outline the flaws but detailed the hidden agendas of some companies in *deliberately* putting security flaws in their products, and I thought they were just incompetent. Good stuff.

Barristers are not renowned for their interesting monologues but a talk on the legal consequences of hacking was always going to be well attended. However, Nick Lockett turned out to be switched-on and entertaining. From what I can make out, this guy hacks the legal system. No kidding. I think law may be another form of hacking. It seems very similar indeed. Infering weeknesses from the rules available and all that. Anyway, from what I have heard from people who spoke to him he is actually a good bloke as well. A sound barrister who runs linux. Too weird.

I managed to miss Richard Cox's and Stephen Kapps slots, which I later learnt to regret. Apparently Richard Cox knows more about BT than they do, or they would like to admit. At the time I was wondering around London looking for breakfast and hassling people in the network room to take part in my talk. Sadly the company that was going to supply the PCs for the weekend pulled out at the last minute (splitters :) so with only a days notice people were asked to bring their machines to network up. Thanks to the people that did bring machines there was a network of sorts running but sadly no IP connection to the net. No thanks to BT's massively bloated ISDN pricing policy for that.

Wow, lunch already. The morning flew by. There was just enough time to get a bit lost in London, grab some food and head back in time for a talk by Lorenzo Valeri on Information Warfare, or the lack of it. This talk was more about concepts than techniques and dealt with security breaches to damage a country's infrastructure. Scary stuff. The panel debate afterwards was particulary worth hanging around for. With Alec Muffet (or Mr Crack as he was often referred to), Lorenzo Valeri and Ross Anderson on the panel there was a good balance of views.

Then came Michael McCormack. He's not the most popular of journalists with hackers but you've got to respect the man. I may not agree with him on many points but he is always willing to defend his position and always listens to what we have to say. And really you can't blame him, he's a journalist (and he does write well) who knows about computers, rather than a hacker who can write stories. Anyway, thanks for showing an interest, however unsympathetic it might be :)

Dr Solomon. OK, so his talk may not have been exactly cutting edge, and he did talk about AOL too much, but he's worth watching because his elevator doesn't quite reach the top floor. Free socks, Davy Crocket hats and the music from Jaws. We can only hope he is an acid casualty.

This is where I did my talk on social engineering. From my point of view the talk went OK. And a few people came up and said thanks which I really appreciated. I did notice that virtually every hacker at the conference came in to listen, which was greatly appreciated. Thanks for the support. Hope it was useful.

The final talk was Dave Green and Dan O'Brien. F***ing brilliant. If you ever get a chance to see these guys don't miss them. They are hilarious. Who else would give a talk on fifteen reasons to rip software off ? If these guys aren't gonna be at the next conference I'm gonna buy a copy of Windows. Check them out at www.spesh.com. If I could only of seen one talk, this would have been it.

Over and out
The conference proper was over. But we didn't let that stop us. After a bit of hanging around we headed off to some pub near the conference venue. Saturday night in central London and we arrived at a pub with only two people in it. How's that for good karma. Anyway, it's always good to see old faces and meet new ones. Good to see the Need-To-Know boys there as well. Before I new it, it was time to head back. My precious few hours with the people in the know were over.

Only one day, no party and no net connection. But yet another blinding conference. Once again, no amount of thanks is too great for Simon Gardner. It costs him too much, causes him stress and he can't even come to the after conference celebrations because he has to clear up. We're not worthy. Nice one.

Once again, I met some sound people. Once again I won't mention any names because I'll only forget people and offend a few ! To everyone I met and who took part thanks very much. See you next year. Oh yeah, a couple of people were interviewed by Sky TV for a programme called Global Village on the computer channel. See who you recognise, or not.

Thanks to the people I travelled and stayed with and thanks to everyone who supported the weekend of phun.

Peace,

Harl

Addendum
I was handed a card during Access All Areas, advertising a Spring 98 Data and Network Security Conference. Anyway, it is reproduced below.

X-Comment1: This message did not originate from the
X-Comment2: above address. It was automatically remailed
X-Comment3: by an anonymous mail service. Please report
X-Comment4: problems or inappropriate use to
X-Comment5: 
Subject: [aaa-list] JANET CERT Secure (honestly) 2
Sender: owner-aaa-list@lists.netlink.co.uk
Precedence: bulk
Reply-To: aaa-list@lists.netlink.co.uk


Yep, another interesting anonymous post to the mailing lists :)
Enjoy hax0rs, and Neil, didn't you learn anything ? you're just not
secure!

Greets to the Army of the Twelve Monkeys, you guys rule even more than
us!


>Date: Wed, 2 Jul 1997 14:22:25 +0100
>From: " (John Salmon) (by way of N.Morris@ukerna.ac.uk       (Neil ..." 
>Subject:  Re: Access All Areas III
>Reply-To: cert@cert.ja.net
>Status: RO
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> This weekend sees the third running of the 'Computer Security and Hacking
> Conference' Access All Areas III; a meeting "aimed at computer hackers,
> phone phreaks, computer security professionals, cyberpunks, law enforcement
> officials, net surfers, programmers, and the computer underground". The
> event is due to take place in London on Saturday the 5th of July, 1997.
>
> Details of the event can be found on the Access All Areas web site:
>
>         http://www.access.org.uk
>
> As you will see from these web pages, the sponsors of this years event are
> Netlink (www.netlink.co.uk). However it is not clear from the information
> available if Netlink are providing the network connectivity.

I am told that the organisers will be building their own network. They will
not have access to the University of Westminster network, to JANET or the
Internet. As a precaution we shall ensure that there is no network
connectivity to the areas they are renting.

>
> During last years event we were made aware of a number of incidents
> originating from the UK commercial ISP (different to the one above) who had
> rented a router/lines to the organisers of the Access All Areas II
> conference.
>
> JANET-CERT would like to hear of any unusual activity recorded by routine
> monitoring this weekend.

John Salmon
Information Resource Services
University of Westminster

J.Salmon@westminster.ac.uk
Tel: 0171 911 5000 x 3820