Pumpcon 2008 Speakers:
A recent recipient of his bachelor's degree in sociology, AssRabbit wrote his undergraduate thesis on the "social memories" embedded in one of today's most well known websites, Wikipedia. His talk will explore the way in which the latter are established and how cohorts respond to their collective memories being distorted. Sound good?
How not to get yourself sued for doing stupid stuff
Jur1st is both a lawyer and a geek.
The Texas Instruments MSP430 low-power microcontroller is used in many medical, industrial, and consumer devices. It may be programmed by JTAG, Spy-Bi-Wire, or a serial BootStrap Loader (BSL) which resides in masked ROM.
By design, JTAG may be disabled by blowing a fuse. The BSL may be disabled by setting a value in flash memory. When enabled, the BSL is protected by a 32-byte password. If these access controls are circumvented, a device's firmware may be extracted or replaced.
This lecture continues where the previous lecture from Black Hat USA left off. While the previous part focused on the discovery of the timing vulnerability and its origin, this lecture will focus on the exploitation of the vulnerability. Topics include PCB design and fabrication, the stretching of timing in a bit-banged serial port, observation of timing differences on the order of a microsecond, and the hell of debugging such a device.
Travis Goodspeed is a neighborly reverse engineer from Knoxville in the Sovereign Republic of Southern Appalachia. He hacks 8/16-bit microcontrollers, the Texas Instruments MSP430 in particular.
Disclosing Security Vulnerabilities: How to do it Responsibly?
Disclosure of security vulnerabilities is done for many reasons. Some of these reasons include: an interest in improving security; warning the public before those with nefarious interests exploit the vulnerability; or for public recognition of skills. There are also different ways to do it including in print or presentations at conferences. Considering both the reasons for disclosure and how it is done affects how security vulnerability research is accepted by the general public, the security community, law enforcement and by the designer of the product being critiqued. This presentation includes how disclosure has historically been done and the differences between the computer and electronic security communities as compared to physical security (locks, alarms, etc.) communities. Relevant legislation, intellectual property considerations and applicable criminal law will be discussed.
Tiffany Strauchs Rad is the President of ELCnetworks, LLC, a technology and business development consulting firm with offices in Portland, Maine. She is also a part-time professor in the computer science department at the University of Southern Maine teaching computer law and ethics. Her academic background includes study of international law, intellectual property, and policy at Oxford University in England, Tsinghua University in Beijing, China, Franklin Pierce Law Center in New Hampshire, and Carnegie Mellon University, Pittsburgh, Pennsylvania.
PLUS Special Suprise Guests!!!