>> So, ladies and gentleman, without further ado or anymore horrible jokes -- [Yelling] >> One out of two ain't bad! >> I said anymore for Christ's sake ok. I'd like to introduce the 7th, I repeat 7th, God knows why -- annual Fail Panel of Def Con. With the amazing august personages that are on it. And the amazing august personages willing to heckle them. [Cheers and Applause] >> Thanks everyone for coming -- yet again to yet another Fail Panel. [Laughter] >> As one of my lovely colleagues pointed earlier that means you all have sat through 12 straight hours of fail, over the last few years. We're amazed you keep coming back honestly. >> We're failing! >> You've failed to not come back it's true. So, I'm going to start off with -- we actually had an epic panel fail ourselves, which was -- those of you who've come in the past well know for the past four or five years, or more I've lost count, we have made waffles on stage. [Cheering] >> Yeah, and the fail turns out, you know, it turns out that producing food without a license is against health code. >> That's a fail. >> Yeah. Oops. >> Oops! >> It's true, but, it's what passes for food in many restaurants. So, it's close enough for the government. But it also turns out it violates Def Con's contract with the hotel. And that's less good. >> Boo! >> That's a fail. And the other thing -- [Accordion plays] >> Thank you, Thank you. [Laughter] >> You should feel free to donate money to the EFF, just for playing that. We did talk to the hotel and we got special permission this year, to give out donuts in exchange for EFF donations and so -- because they don't produce donuts at the hotel so they very generously allowed us to slide around a bit on the contract, so we have several -- I lost count, how many? What is it 90 some donuts? From the delightful Krispy Kreme. [Cheering] >> We do however have two very special waffles that Rich is going to talk about. >> Are they blue? [Laughter] >> Shut up now Gillis. >> I'm going to tell you a little bit about the waffles because these are some very special waffles that we produced that do not violate any contracts. Except for the social ones. >> So Chris Hoff has been on this panel since the start. He's now crying on an airplane back home due to severe back injury, nerve pinching, whatever else. And when we found out we can actually have waffles here this year -- we'll we could, but I won't go into that. We asked Chris -- he's got a bunch of maker bots because he runs Hack Kid. So, we are going to be auctioning off the last two ever fail waffles. [Cheers and Applause] >> We have the stealth fail waffle and the Vegas fail waffle. [Laughter] >> So, Jamie can you stand up and show your back to the audience. We are going to do this as a silent auction. So whoever wants to donate just put your donation amount pound fail panel, we'll see where we end up in the next two hours. All the money is going to go to a good cause, the EFF and some other tech related charities. That's it. So. [Applause] >> Tag your Tweets, whether you want the Vegas waffle or the uber waffle. The uber waffle does get you free admission to the fail panel for life though. [Laughter] >> For what's it worth, Rich and I will be on the fail panel at SecTor in Toronto. >> We will? >> Think about that. >> Nobody told me. [Laughter] >> Well we knew you were coming to Toronto so. >> Surprise! [Laughter] >> Right am I up? >> You are up. Alright, so. Put money in this bag and then take a donut. Now. >> Say it again. >> Now! >> Put money in the bag, take a donut. This is all for good causes. >> We can't handle separate instructions for you. Don't forget a donut. [Jeopardy theme plays] [Laughter] >> I'm the Hacker pyramid guy! Pyramid! [Laughter] >> Christ sake. >> If we get enough donations, Rob Graham will roll around in the money as I take a picture. >> Oh wow! >> I'm not an analyst, that's an analysts job. [Laughter] [Theme from National Lampoon's Vacation plays] [Cheers and Applause] >> Can I have some fries with that shake? >> There are lessons to be had from Clark W. Griswold. In order to tell the story of Clark W. Griswold I felt that I had to live the story of Clark W. Griswold. And take the road less traveled. It is a long God dam drive from Ontario Canada to Las Vegas. [Laughter] >> If you run the math you figure you're going to spend about 4K and it's going to take about 10 hours if you fly. Plus someone's going to touch your junk and you have to take off your shoes. If you drive -- I'm sorry I had to do all the math in metric because I still cannot puzzle out what the hell a mile is. [Laughter] >> It's going to run about 317 bucks. But it takes 35 hours. I'm thinking that I'd rather have the 3,500 and change to spend on the trip and I can sit in the car for a long time, can't I. In Infosec we tell you to leave your comfort zone all the time. Try saying, yes when someone asks you if they can do something. It's crazy talk, I know. For the last couple of years I've been traveling for a higher percentage of the time then I was promised when I agreed to work at the company. My ass is shaped like the seat of a 737. >> Yeah it is! [Laughter] >> Love this thing. When you think about the family truckster. What's the first thing that comes to mind? That great quote, "Never underestimate the bandwidth of a station wagon full of backup tapes" [Laughter] >> We don't have family trucksters anymore, except we do. I'm a dad. I have a whole passel of kids. I drive a mini-van. Fuck you, it's black. [Laughter] >> It can be configured as a two-seater. While configured as a two-seater it provides an opportunity to make more kids. [Laughter] >> I've driven to conferences before. This is a nice short four hour drive to Cleveland. For Nauticon where the river's not on fire anymore. Shmoocon even, it's like 8 hours. We drove into and out of the Shmoopocolypse in a mini-van. [Laughter] >> Even Derbycon is not that far. Surprisingly it's only about 40 minutes further than Shmoocon. Done that twice. No big deal, piece of cake right? Here's the easy part, the first 7 hours of the drive really don't impact me that hard. Because I married a girl from Chicago and I've done that trip about 150 times. [Laughter] >> Someone in the audience is calling me an idiot. Day 1. Yeah just one. Day 1. It's going to be a heck of a drive, we have to get all the way to Joliette. I have to leave my house for three weeks. I've never been away from home for three contiguous weeks. I'm afraid. All my stuff is in there. >> Rock and Roll! [Laughter] >> We get to the first regulatory hurdle. Regulatory hurdles are fun. I totally love the US customs and border patrol. >> And they love you. >> Let me say it again one more time. I love the US customs and border patrol. They're the best. You're starting to understand how this talk links you up to Infosec doesn't it. Yeah. They're the best at what? You got regulatory hurdles every time you turn around, right? Sometimes they're scary. You might wear an orange jump suit. Sometimes they just suck, you might lose your house. Sometimes you look stupid. I'm doing that right now. Regulatory hurdles not so bad. Coolest part of this particular regulatory hurdle, you're leaving Canada and going to Detroit. [Laughter] >> I love Detroit. >> Thank you. >> The thing is, I still have to work. So occasionally I do a little bit of driving, but mostly I am dependant on others. Yes, you can participate in a Con call in the back of a mini-van doing, ummm will call it 70 miles an hour across the mid-west. Totally do-able. The best part of this, you can have bad cell service. [Laughter] >> I love this particular Water Tower. It's like every now and then something just smiles at you. It's a lot like that at Infosec isn't it. You sort of have to work in shitty cramped conditions. Every now and then you get a smile. Yeah. We drove through the middle. >> Middle of what? >> The middle. [Laughter] >> For half an hour, I didn't have to touch the steering wheel. [Laughter] >> It was awesome. >> What were you touching? [Laughter] >> It's like I -- >> Now you know why he loves -- >> -- other people answer them, it's awesome. We went from Ontario, to Michigan, to Indiana, to Illinois. >> I'm sorry. >> For which part? >> All of it. >> Yes, the answer is yes. >> Don't worry it gets worse. >> It get worse is -- slightly, but your bang on. Day two, now you're in the middle of your progression here. It should only take three days, right? >> Wait did you go through Iowa? >> Yeah I went through Iowa. I'll tell you a story about Iowa in a minute if you quit jumping ahead for fucks sake. [Laughter] >> The first part was the easy part. Done it before, a million times. Now we're going through -- I don't know really how to describe sort of the western part of the mid-west. You know, I'm accustomed to sort of banjo country in the mid-south. Now we're into a place where -- they spend way too much time with cows. [Laughter] >> Way to much time with cows. Again, we've got to kill a big chunk of the country here, we're going from Joliette to Grand Island. It's do able. There's two seasons in this part of the country. Winter and construction. [Laughter] >> The trick is, you need to survive the construction especially the completely meaningless obstructions. Here's a closed lane. Went on for 2 and a half miles. How much construction was happening in that 2 and a half mile stretch? >> None! >> Nothing. This is again a perfect allegory for the God dam life that you live when you're in the middle of trying to mature your Infosec program. Meaningless obstruction for no good reason because someone has some spare barrel cones to put in your way. [Applause] [Laughter] >> I love you Jack Daniel. >> Illinois, Iowa, Nebraska. At the rest stops in Nebraska they have metal TPs. I know it is so racially sensitive. Apparently other things happen at rest stops in Nebraska too. Speaking from experience are we? [Laughter] >> Probably. Day three. We need to get out of Nebraska get into Utah. Trying to figure out how many spare wives and or Alex Huttons I can pick up on the way. [Laughter] >> And hopefully, survive. The road gets twisty as you go through Colorado you know. When you're going through this part of the country you've got to question all of your preconceptions. You have a lot of preconceptions. Everyone has preconceptions that they try and dump on you. What do you do about it? Well, when it's an Aztex in your rearview mirror and you're driving through the middle of America, you start to wonder how much of the meth you are going to have to buy. [Laughter] >> There's some level of expectation that you are going to be ingesting the meth. You don't have to if you don't want to. We got through Nebraska. We got through the mountains of Colorado. If you're going to -- >> I was in the car. [Laughter] >> I may or may not have been having trouble with oxygen deprivation as we crossed the continental divide and I may or may not have been conscious for that part of the drive. We're not talking about that though. >> Are there any family therapists or divorce lawyers in the house. [Laughter] >> Could be useful. We're supposed to take three days. And we ended up taken three and a half. We stayed in a hotel in the Fish Lake National Forrest. To help you with definitions here again because sometimes definitions get used wrongly in Infosec, there is no fish, there is no lake, there is no forrest. [Laughter] >> You're in the badlands of Utah. There are no plants. When the sign says there are no services for 120 miles on this road, they're not kidding. >> One remember -- In the mid-west we name place after places we've killed, removed or bulldozed. [Laughter] >> And a request to the audio tech in the back if you could bring up all the mics on the panel table that would be great please. >> Oh, you guys are allowed to be heard? Ok. >> You're in trouble now. >> Oh! >> There is no right way. [Laughter] >> I've determined. Every time you turn around there's someone telling you that the way you chosen is the wrong way. >> Isn't that marriage. >> Oh, Boo! >> Too soon! [Laughter] >> No, quit trying to have me assassinated you fuckers. [Laughter] >> He gets himself in enough trouble. >> There's no right way, especially if someone else's opinion is important. And let me tell you, this group, opinionated bastards the lot of them. This gets -- shut up. Are you working? >> Not really. >> Ok quiet working. Goons are noisy. Get through Utah. You go through the tiniest little smidge of Arizona where everything clenches up. And finally you get to Nevada and you start the long decent into Las Vegas. This is both figurative and literal. [Laughter] >> I've determined that the only way to succeed is to try. Even if it means coming back to Vegas every year. Eating shitty hotel food, committing myself to too many projects, hanging out with some of my best friends. And hoping to God it all gets better at the end. And that's it folks. [Applause] >> Just wait. [Music playing] >> Don't encourage him please. >> [Laughter]. >> Yes, we do need musical accompaniment. >> I think you goes are wrong, the cameras for videotaping this is actually behind us. It's you guys on the panel they were taking a photograph of. >> [Laughter]. >> Told you this was only going to get better. >> [Laughter]. >> All right. So Telidi -- oh no yes, you did it. >> We're up to $100 bid for the uber waffle. 25, 35, 40. Another thing falling on the floor -- 40 >> [Laughter]. >> 10% discount! >> All right. So after that brief interlude. All right, so a little about me, you probably have heard quite a bit. Just wait, just wait. So I'm a penetration tester and hardware hacker with a great group called InGuardians, I'm an HAM radio operator and I wasn't sure if he was able to make it up here, but I had a huge thank you to Mr. Cutaway who was my partner. >> Yes, oh, yes. As you can see from the screen shot from the application we're going to discuss shortly, we have a friend request from my partner Cutaway and he helped me do a whole lot of bunch of stuff. It was kind of awkward explaining to my wife that I had a partner and it was a guy with a really big beard. So Don, again, thank you for spending time with me working on this. We spent many --. >> A guy with a really big beard who plays the banjo. >> Wow, yes. >> And a hat. >> So we spent many an evening in a hotel room. >> [Laughter]. >> Doing hacking capture analysis and data recovery, yeah. That's what we're calling it now. And maybe a little penetration. All right. >> And some burping. >> Burping. So this whole Telidildontics things, it's a term coined by a gentleman name Ted Nelson in 1975. Now here is a guy that was really ahead of his time. And he is incredibly sexy, he is the first guy I want to think about when I think of Telidildontics. It's an electronic sex toy that can rep your computer reach orgasm. The woman in the top row, sexy librarian glasses. >> [Laughter]. >> We travel a lot for our jobs, give me a break. So episode 363 of false security weekly, we interviewed Pat talking about 3D printing. And she does sex toys. We wanted to bring it back to the whole security thing and of course this whole thing about Telidildontics comes up and she mentioned to us on the podcast a new product called, the Vibies. Yes, it's actually as great as it sounds. >> It's the victim. >> So this is our victim for this hack. They have a new product to market. They have both an Android and I-device model. They were initially at $79 now they're at $99 and after the introductory price they will be at $119. >> [Off mic]. >> I know, just wait. But wait, there's more! That's not all that we do. So it's pretty neat concept. It is a personal massager that connects to your mobile device over Bluetooth. Don is scratching his forehead right now. And so Bluetooth star and there are a couple different devices. One specifically for Android and one specifically for IOS for iPhone or iPad and it integrates with an app you can install for chat, picture transfer and remote control. Okay. So there were some delays in the development for the I-device. They were developed independently, which is a kind of odd. Part of the reason because of this was that the newer I-devices support Bluetooth low energy, so they had a different chip for the Bluetooth low energy version. The Bluetooth low energy version is yet to be released because the chip set they swapped in the middle of production and didn't tell them there was a difference and the battery life was only good for 2 hours, whether in use or not. So they had to go back to the drawing board and reset the whole process. It was supposed to be released July 30th. I'm still waiting on mine. Yes, I bought two, I brought the Android and the I-device. Yes, hardware is hard. All right. So what did we find with some of our early stuff? Yes, go Google image search Telidildontics. On the third page, there's a picture of Kevin Mitnic going like this. >> [Laughter]. >> I won't talk about what was on the first two, okay? >> [Off mic]. >> [Laughter]. >> You do know how to whistle, don't you? >> Yeah. >> We started looking at the Android traffic because they were shipped to us. All of the traffic was encrypted to the various services, however the app is still available for the I-devices. So we started looking at the Android standard Bluetooth. The I-device is allegedly Bluetooth low energy, which is all sorts of fail. We suspect it's using [indiscernible] which if you've seen any of Mike Ryan's talk, you would know that was a full fail. It was supposed to have been released already, but is not. However, you can still chat from an I-device from an Android device. And we're going to be doing a little bit of that. >> Way more than chatting. >> Oh, yeah. Yes, sir? >> So he has normally, again, a very special episode of chat, normally we chat two speakers, but today we're going to celebrate very, very old speakers. >> [Applause]. >> All right. How many people have never seen the failed panel before? Yeah about 20% of you. This fucking thing's been going on since dinosaurs roamed the Earth and I asked Rich and he said, what the fuck. >> It's always the last year. >> So if you gentlemen would like to create -- if someone wants to do --. >> [Off mic]. >> [Laughter]. >> Do we have to do everything around here? >> If we could bring some of that over here because frankly, I don't think I have enough. >> All right. >> [Off mic]. >> [Laughter]. >> It's always good when the Goon says, ooooh! >> [Off mic]. >> You should know Paul, since you are changing the rules, you have to participate. >> No. >> [Laughter]. >> [Off mic]. >> What are you doing? >> [Laughter]. >> Oh, sure, sorry. So --. >> When the field panel gets their shot --. >> And by the way, if anybody has a shout out there --. >> [Off mic]. >> Yeah. >> Anybody shooting the [indiscernible] will be shot. >> These people are crazy! >> [Off mic]. >> By the way, for those of you who have not seen the field panel before, this is pretty much it. >> [Laughter]. >> It doesn't get any better. >> [Applause] [cheers]. >> May the Gods go with you because nobody else will. >> [Laughter]. >> That's really good. [Laughter]. >> If I knew it was this good, I would have told them years ago it was my first time speaking. I would have told them every time it's my first time speaking. Is that it? >> No. >> I barely remember this one. >> [Off mic]. >> Thank you, Paul. >> Now back to Telidildontics. So the Android and the I-device applications were significantly different much the Android traffic was well encrypted, however the I-device traffic was not, even though we didn't have the vibrator attachment. So we started doing protocol analysis and started looking at all of data. It turns out it's all XMP traffic. And it was developed by a third party and used by folks such as the BBC and others. It also uses http for image reference and download. >> [Laughter]. >> So we decided to sniff a little traffic and we really were sniffing traffic in our hotel room. We had an open access point, wire shark and all sorts of good stuff. So Android to jabber traffic was encrypted for all the log-in, however the device to the jabber traffic was not. We were able to capture all of the authentication, the images, so forth and so on. Yeah. All right. So the focus was on our I-device to jabber traffic. And we had a couple thing we wanted to attempt. We wanted to be able to chat from a desktop. We wanted to enumerate pictures. And see if we could enumerate and send messages and ultimately see if we could make it by with something that's outside of their application. All right. So it's all jabber, right? Great. We took a known username and password for the service and plugged it into a desktop client and it didn't work. It failed. It wouldn't log in. So I captured, Don and I captured a session in an open access link and found that the jabber user and a password were patented together and encoded. >> I really hope they require them to have a longer password than that. >> Yeah, but it's not longer than that. >> Because size doesn't matter! >> [Laughter]. >> So by using a password in a desktop jabber client, we have 4 encoded username and password. However, it takes the password and does some other unknown encoding. However, if you take that other unknown encoded value out of the screen and plug it into your desktop client, it works just fine. So you plug that encoded stream into your desktop jabber client and you're now able to authenticate to the jabber user. So we now have a client. So now let's see if we can add multiple partners to our client. However, Vibies only allows you to have one partner at a time. >> Ooohh! >> Not available in Utah! >> [Laughter]. >> So it's time to go back to jail, apparently. But what we find is when you want to add another client since he we were testing with multiple users, with multiple partners, we were very promiscuous. When we added another test account, the partner that was dropped received an e-mail that says, hi, this is Vibies, your vagina is no longer a partner with you. Yes, I own the Vibies client name of "your vagina." Okay? But what we observed during each one of the sessions every time a chat was enabled was that an HTC request was given to an ACP server to get the users profile. Within that users profile lists the partner. Okay? So if I'm Don's partner, it will list that I'm his partner and he's my partner. So now if they are dropped, maybe we can figure out whose partners are which. We can capture the session key and replay it and change the partner every time. It is not exclusive it the user you are attempting to look up. Nor is it unique for requests. So --. >> Why is someone calling me? >> Just say no. So who cares, right? So every time we drop a partner and get a new partner, the person that we dropped gets a notification. Okay? So maybe they are two-timing. >> Why don't you just use a burner laptop? >> Why don't I just use a burner laptop? >> Yeah, because then you can have two different accounts. >> You do have bifurcation, don't you? >> No. >> When can tell when someone asks the speaker a question they have never thought of it before, why don't I use a burner laptop? >> [Laughter]. >> So you get the message that your vagina is no longer your partner and that means likely your vagina has another partner. So we replay it and ask for the profile for your vagina and it will list your vagina's new partner. Great! >> Great. >> [Laughter]. >> So up on the top left we have a stock request as captured from Burt and the username request for getting a profile for your vagina. It responds with a nickname of action makers. Action makers drops your vagina and picks up a new partner, DEF CON 22. So sure enough, action makers has a new partner. So we can do partner enumeration. >> We can start asking for every username or maybe go and make some educated guesses about some user names that we should guess. >> Such as some maybe listed on this slide. Okay? >> [Laughter]. >> Don't do this -- or do this at home. >> [Laughter]. >> It also does pictures. >> [Laughter]. >> Girls for the win? All right. So the jabber session also does picture sharing. It says, hey, has this file name been used? If not, it uploads it and download it is to the client with HTP. The prep reserves a 20 character image name of -- with some unknown authentication method using upper and lower and numeral key space. So a couple of image file names there as well. And it requires a session for retrieve. But if you're in a valid chat session, you can generate a valid session token and it's valid for every image you request, it doesn't expire, it's not unique for image. We attempted to reverse engineer the Android app. We spent 5 or 6 hours in a hotel room trying to reverse engineer the Android app. It was a complete utter failure. >> And because pulling in the third party jabber app, the libraries didn't decompile our initial attempt. So all of the IDs it compiled, but not for the jabber app. So we found some authentication that the HP client was using but not the jabber client which was associated with the file. >> So we can do potential image enumeration by capturing a token and ask for 20 characters. Don't do it! There are things on the Internet that cannot be unseen. Including pterodactyl porn. >> And the wireless router this time, it's not big enough. >> [Laughter]. Shrinkage. >> That's what she said. >> We do improve the concept with a couple of imagines that we owned and download and we did those, but quite frankly we ran out of time and, well, didn't want to see any more. All right. So, yeah, great, it echoes, it vibrates, it feels good. So what was the last goal? Let's make this one go to 11. So we captured a session of control of the vibrator remotely between two applications. It turns out all of the controls when you capture it from the I-device to a jabber device that has an attached vibrator, all of the messages are in plain text. Oh, that feels good! Lower! >> Capture the session is the new code word. >> [Laughter]. >> We're going to go reverse engineer and capture the session in our hotel room later, honey. >> So all of the messages to trigger vibrations on the remote device are all plain text, fairly standard format and messages with 5 different profiles and custom pulse settings so you can increase or decrease -- oh, man! I got red carded. >> [Laughter]. >> Can I get one of those, please? Keep them coming. Okay with no Vibies attached to an Android device, as Don found out with his phone, it vibrates the phone. >> [Laughter]. >> Whoo! >> So is that the vibrator in your pocket or just your phone? >> Many of you know I'm a Twitter troll and what I will do is get on Twitter, troll some people and put my phone in my pocket and for the next hour I'm getting messages from other people pinging back and forth and back and forth vibrating my pocket. >> What a very sad life you lead. >> You are saying this like it's a bad thing. >> It's the only action I get these days. >> [Off mic]. >> Apparently we do. That's okay. So in order to take remote control of the vibrator, it does require permission from the two partners. We have a request made to the person on the controller to the quote victim and what we found out through the testing, we intercepted some of the messages and I accidentally sent an accept before a request was sent. >> [Laughter]. >> Can we have some more creeper cards up here, please? >> All right. So here is a sample question -- oh, wow. Here take this. >> [Laughter]. >> All right. So we have a chat question from myself and Don Cutaway. We send some vibes. We do an accept some vibes, some more accept, some more vibes, and all sorts of good stuff such as too soft and mix it up. So the last message is a whole bunch of 11s. It turns out if you send too many 11s to the Android app, what does it do? It crashes. >> [Off mic]. >> [Laughter]. >> It can't handle the truth. >> So you're saying this one does not go to the 11? >> It does but only for a short time. >> That's deeply disappointing. >> Yes, I know. >> A couple of command lists, we can do a vibe request to control, we can do an accept as a response back, a reject so if Don doesn't allow me to control his vibrator, that's fine. We can end the session by revoking control and then we do some custom names including a pause, which from what I found is optional. >> [Laughter]. >> We sent some interesting vibe comments, 00 are pauses and we can do all sorts of fun stuff. Now the question is --. >> Enough foreplay, we want to see the demo. >> Okay. >> [Laughter]. >> Now we'd love to be able to spoof messages. I really wanted to revisit Dave's experience, but the problem is the request for controlling the vibrator gets in the way. So what we did first was figured we'd show is you a video of this vibrating all over the place. >> [Laughter]. >> So actually, you can't hear the sound on this, but this is sitting in the room with us and first we pulled out and he was like, what the fuck? And then we made it vibrate and he is cackling in the background, cannot control himself. >> Literally and figuratively. If you remember in many years past, I have always interested you guys to some very interesting music video because now we have you all hot and bothered. >> Wait, all of this is just to get to your main video? >> No. So here's the video and I'm going to fast forward this a little bit, but apparently this band is a real thing. The band is called Hefty Hideaway. >> [Music] I was walking through the forest, I didn't do it --. >> So I have a special thing, we're going to donate to hackers for charity over to the silent auction. This woman is interesting. She sells great shirts. >> [Music] I was already --. >> [Applause]. >> I'm not associated with this. I am not associated with this. >> Wait for it! Wait for it! You are all hot and bothered now, right? Okay. This is going to be in your minds forever. Watch out for my body rolls. >> [Music] I'm a dance floor tiger, laying out everything she has. Touching every single tag, >> She apparently smokes lots of crack. >> [Music] watch out for my body rolls. Watch out for my body rolls. This is how we do it. Watch out for my body rolls. Watch out for my body rolls. High kick, high kick. >> If with do this next year, you is need to match this up with Afro Circus is all I'm saying. >> Say that again. >> You need to match this up with Afro Circus if we do this again next year. >> All right, so let's do the quick demo. >> Finally, all the foreplay is over and we see the demo. >> However, we do need a volunteer. >> [Applause]. >> And you have to play for the privilege of the EFF. >> He's trying to connect. >> Trying to connect. >> I think it worked. >> Searching for it. >> While we're all waiting for Larry to get it up >> [Laughter]. >> You can still bid for a waffle, that would be good. >> Get online. >> Come on, Larry. >> Stretch it a little. Stretch it a little. >> Control me. I'm going to play with myself while he's waiting. >> [Laughter]. >> [Vibrating] >> [Laughter]. >> I like whales! >> [Laughter]. >> [Vibrating]. >> I want to! I want to! >> I've already asked to control your massager. Stop typing, come on. Stop typing. >> [Off mic]. >> [Laughter]. >> Where is my chunky Monkey? All right, the request was granted and -- >> [Off mic]. >> Ooh! >> [Off mic]. >> It did. >> You went for 12, 13 and 14. >> Larry, as you get older, this occasionally happens, it's all right. There's pills you can take now. >> I heard I can get them from Canada. >> That's where you go for your cheap meds and your hard...alcohol. >> It's broken honey. Do I need to call tech support? How awkward would that be? >> [Laughter]. >> [Off mic]. >> We've been trying to turn it on all day. >> Ooh! >> You all note as a married man, I was in and out in less than 10 minutes, right? >> All right, guys, request. >> Hit me. Hit me. >> Come on, make it work. >> Okay, we have some other entertainment while they're working on that. >> Press control/alt/delete. >> There are some very special fortune cookies that somebody brought in the audience. >> I just wanted a hug. >> All right. Well, with that, that was lots of fun. >> Pull out the cookies, don't get nervous. >> Seriously, do you really want to bend over up here? We have a vibrator. >> It's a Telidildontics. >> Hurt me. >> I'm not receiving. >> Hold on, hold on. Ready? >> You know why? >> Oh, you just revoked it! >> Connect. >> Oh, here we go, we're connected. Let's go! This guy has to come back next year. >> [Laughter]. >> Ready? Request. Accept. Take it, bitch! Give it to me. >> These are security cookies. >> Yay! >> [Applause]. >> Let's make this bitch go to 11! >> [Vibrating]. >> You know, that really sounds like a [indiscernible] to me. >> Do you want to hold it? >> [Off mic]. >> All right, who is next? Who is the next victim? >> What do you think? >> I'm just not impressed. But I say that a lot. >> Oooh! >> Actually, I gave it to my wife, I set it on the lowest setting and she said, what? And then I put it on high and she's like, that's okay. >> You've done better. Okay, next victim. >> So the top bid for the Vegas waffle is currently 60 bucks. You all can do better than that. >> [Off mic]. >> Oh! [Laughter]. >> [No audio]. >> Oh, yeah! >> Robert, how is your pocket, there buddy? >> It's not vibrating yet. >> Hey, all of the electronics are down there blocking the signal. >> [Laughter]. >> Unfortunately, my laptop has to be rebooted. >> [Off mic]. >> At this juncture, I'm the only one who has done a talk without mistakes, errors or stupid. Apart from driving from Hamilton to Las Vegas. I did drive for about a third. It's not Martin McCay sticking up for my wife. I think I'm going to be walking home. >> [Off mic]. >> [Laughter]. >> Does anybody have a spare red card? I could use a spare red card. >> [Off mic]. >> [Laughter]. >> 12! >> [Off mic]. >> [Laughter]. >> Have you tried turning it off and back on again? >> So one of the problems with security is that I have a password for the login for my user account, I have a 30 character password to [indiscernible] the hard drive, which means sleeps works well, but when I have to reboot it, it's like, fuck, I can't remember that 30 character password. >> [Off mic] >> I have wonderful [indiscernible]. >> [Off mic]. >> [Off mic]. >> Did you say you need twerking on the stage? She says no. >> [Laughter]. >> Hang in there, baby. >> That's not distressing, is it? >> Come on! >> What's great is when they pulsate this thing. >> Ready? You can't handle the truth. >> So having this thing actually vibrate in your pocket actually is distracting. >> [Laughter]. >> So I did this really [indiscernible] thing last year where I did this talk at a conference where they have like experts in passwords and what they did was, so I logged in with the screen showing during the login, and it was a 6 character password and it was really great. And everyone laughed at me because only a 6 character password. But it was great because, you know, with all of the networking turned off and the hard drive encryption, it doesn't matter it was only a 6 character password. So it was great. And my friend was presenting on misconception of passwords and that was a great misconception. >> [Off mic]. >> That's what she said. >> But the consequence of having a separate account to beef up the hard drive and the one to have your normal account is that -- >> this stuff is screwed up. >> Well --. >> So the moral of the story is, as with security, if you try to be too clever, you just screw yourself up. >> The password screen is a screen called unlock that I'm unlocking the hardware with and then I log into a completely separate account. >> [Off mic]. >> Almost there, almost there. >> Yay! Ooh! >> [Cheering]. >> Can we do the wave? I tried to get the wave done at Black Hat and no one would do it. And/or the chicken dance. >> Okay. Activation! Woo hoo! I never use this account so I don't --. >> Would you like to share your experience with Microsoft? >> [Laughter]. >> Congratulations, you're ready! >> Oh, my God, this is really hard! >> [Cheering]. >> Well, there's your problem right there! >> [Off mic]. >> Why are you using PowerPoint? >> Because I'm an idiot. >> You made a monitor reboot. >> Are you the APT? >> So, yeah, we have a fail here >> Stop touching yourself! >> Maybe we should get somebody technical over there, he says. >> You guys are old enough to remember Windows NT, right? It worked better than this. >> [Applause]. >> It's working. >> Don't touch it! >> Don't even! >> The death rattle of the fail panel. >> [Laughter]. >> It's on TRD. >> [Off mic]. >> Is this the directory to user? >> Here's the funny part, we're actually gaining audience while this is happening. >> [Laughter]. >> So here's how it works, I'm the CEO of security, so therefore, I'm going to have my tech support guy handle the problem for me. And unfortunately, I doubt that he can actually help me. >> Dave was the best you could do for tech support? >> I've just been informed we're an hour into the presentation and nobody who started the presentation with pants has lost them. >> [Laughter]. >> Maynor is standing up. >> [Off mic]. >> No, but Rich is and usually they are brothers in pantlessness. >> Does anybody else have their talk done? >> I have a low tech talk. >> You have a low tech talk? >> I do. >> We could be entertaining the audience. >> Who would like to help me do something that actually works? >> [Applause]. >> Give me the vibrator. >> Sometimes low tech is better according to her. >> All right, I need five volunteers from the studio audience. Come on up! >> [Off mic]. >> [Laughter]. >> All right. Thank you. Everybody turn around --. >> So you're going to do someone else's presentation while I figure this out? >> Turn around and face the audience. >> [Off mic]. >> No, no, no turn around and face. Now all of you are going to be voting on this, so pay close attention, all right? The first -- the thing that I want you to do, okay, get ready. >> [Off mic]. >> Get ready for this. What I need you to do is make a sound like a modem. Now if anybody here does not know what one is, you may leave and be replaced by somebody who does. >> Jack, sit down! >> [Laughter]. >> Just so we know it can be done, I'm not in the contest, but I will start. >> Do you have the name the modem? >> No, you don't have to name it, but you do know the sound. There is a prize involved, so do area best. >> What's the prize? >> You have negotiate. >> What's the frequency, Kenneth? >> I will go first to show it can be done, the sound like a modem, bee, bee, yeaw, yeaw. >> [Applause]. >> [Off mic]. >> That was a solid 300 bod connection. As I remember it, my modem sounded like this. [Silence] >> [Laughter]. >> But I was on Verizon. >> Oooh! >> No, no, you can't cheat with the equipment. That's what I said. >> Errr, ewoooewooo, sweeeeoooo. >> We have yet to get a B52 modem here. How about a 42 IS? >> Hey, Martin, go back to Europe. >> [Laughter]. >> Beeeeeep, beeep, squuuuu, beeee, squuuu, beeep. >> ATH. >> [Applause]. >> This is back from my youth. Your free AOL trial has expired. >> [Laughter]. >> Beep. Mom, hang up the phone! Hang up! No, hang up the phone! >> [Applause]. >> All right! Okay. So now we need a vote from the studio audience. >> Is Drew the winner? >> [Applause]. >> All right, all right. >> [Off mic]. >> This is the fail panel. Fail panel. >> [Off mic]. >> Yes, he is the proud recipient of a not quite new in box USR Courier modem. >> All right, so --. >> [Off mic]. >> So there's something you folks need to know about me. When we started this fail panel 7 years ago I was kind of a newlywed, no kids, really enjoying life. >> [Laughter]. >> It was a lot of fun. Now I have three kids, ages 5, 3, and 1. One of which takes double cover age due to his ability to climb up on things and fall off of them. And I just work and the kids and at the end of the day all I want is my 44 minutes of solace in front of the television. So my wife and I sit down and watch a show, and look, we don't always make the best decisions in life and -- it got better. It really did. Like the first half of the season, fucking horrible, Scott, oh, I can hack anything. Ah! >> It did not get better, Rich. I checked. You made this claim earlier this week. I validated and you're wrong. >> I liked the end of the season. >> [Off mic]. >> [Laughter]. >> So we're sitting there and it's kind of one of those nice and we're watching a show and the show ends and I did that one thing you should never do when you watch your last show after eating your shitty microwave dinner on the couch before going to bed, I checked my e-mail. Amazon web services, action required, your Amazon is compromised. It's a fishing attack. So some things went through my head, kind of involve that. Tour de France? Okay, you have to watch the video. There's a video of this. Wait, wait, wait. So this guy, the pinnacle of his athletic career, he gets run over with by a car and thrown into a barbed wire fence. And you know what, he finished the race looking like -- oh, I can't remember that part. Anyway. >> [Off mic]. >> You saw it? Yeah, right there. So anybody thinks that cyclists are pussies, you need to pick a different sport to criticize. So back to the presentation. So then I said that and I'm like, oh, fuck, my Amazon got hacked. My wife is not only technical, but she knows what I did for a living so she didn't think we would get large deliveries of toilet paper over the next couple of days. We did, but we ordered it, fuck Cosco. So I go to my desk and sign into my account and I say, I'm screwed, I need to fix this now. And the embarrassing thing is I teach cloud security for Black Hat. I developed security and I'm kind of fucked. So I go to my incidence response checklist and I go in and the first thing I do is revoke my access key. And I lucked out because this was my route account. And it was a test account -- not a test account, but one I used for random work. If you don't know anything about Amazon, if somebody gets your route account, you end up like [indiscernible] and it doesn't go well for you. So I went into the route account, revoke the credentials and checking the services. Checking services on Amazon to find out where you have been hacked is because these are all the services and there's like 9 regions and you have to click on every screen in every region to figure out what's deployed. I cheated and went to the billing queue. No unexpected charges but the number was not $34. And I checked for running instances. I went to other regions and all of a sudden I found out there were 5 extra-large instances in regions I don't use which is why I didn't use them. California and Ireland for those who care. I had racked up $500 in charge in 3 days on my personal account. So that sort of sucked. So I turned in all of the instances and at the last minute, by the way, this is the first time I have talked about a fail on the fail panel which is kind of cool. So I terminated the instances and I hit snap chat just in time. And I was like, what the fuck happened? I know I published on get help. I'm not an idiot, I put them in configuration file. I'm a hacker. And I use a black background with gray text. When you comment [indiscernible] and I just missed it and publish my route keys up on to get help. Wa, wa, wa, wa. Oops. Really need to learn how to leave. So I keep running through my incidence response process and I actually go ahead, take the snapshot, you can keep that as additional storage volume and start looking at it. It took about 3 seconds to find Kuda Minoor. Anybody know what that was? White coin. They had logged 5 really big instances and found the IP addresses, there was one in China and other places. So I had both the ATP and Russians after me. It was pretty interesting. I've uploaded my credentials, waited for 36 hours, the bad guys found it and Amazon actually found it because so many people actually make this God damned fucking mistake and they can find all the idiot it's like me. I think they have now gone into, I found out, they don't talk about that the Google Play Store because they have their credentials in the app store. They notify the owners of the credentials. That's not much of a sale though, but it's pretty fucking cool. It took me about 45 minutes for my incidence response to run through that entire thing. I did alerts, I did my route it now, posted my credentials on line because I'm an idiot and human. I got in there right away, I didn't screw around with it, I knew it was a test account, so I didn't have anything on it. And the best part, I blogged about it. You know what's really cool about having a blog? You get things from Amazon saying, hey, we read your blog post, we're reversing the charges. >> [Applause]. >> And so I posted it and then I realized I got a lot of comments. So I just got hit, pushed me keys to get up stupidly, ignoring Amazon's mail, I have a $4,162, we got over $19,000 racked up during 30 hours until they read their e-mail. The lab got hit with big money and that was posted after the $19,000 e-mail. So this is actually sort of a real thing. And the Wall Street Journal reporter called me and said can you tell me who your commenters are, I want to do a bid on this. Amazon is doing stuff to protect their users. And then a whole another presentation piece they didn't want to know about. So, you know, I realized I needed to have a better Internet response through all of this stuff. As part of that, I built a tool, just a little concept thing, I call it Security Squirrel. And what this tool does, if you have a compromised account, it will do all of the forensic stuff for you. So if you have to do incidence response for a compromised service. How long does it take? Hours? Days? Hours? Days? Okay, let's see how long this takes? And I'm tethered to my iPad, so we'll see how this works. It's not a vibrator, so it will likely work. >> Ha, ha, ha! >> There's an incidence I put earlier. Sorry, it's done. So what I just did is -- it's too fast. I took the meta data, all the operating system, all the details Amazon has and I moved it and it cuts off all in-bound and out-bound traffic. No administrators can see that instance any more. The only people who can see that in Amazon are the security team. Completely cut off from the network and the world. It actually disappeared from their AWS screen. I enumerated it. I attached the snapshots as external storage volumes so I can do my forensic analysis on it and it took like, what, 8 seconds -- no, 3, 4, 5, seconds. In the end, I learned my lesson. The best part was a different cloud provider read my blog post and hired me to come to their research and development conference to present this material and talk with their teams about how to protect their customers and got kind of -- let's just say thousands of dollars to do that, which is kind of what I do. So I have a new business model. Fuck up! >> [Laughter]. >> Blog about it, profit! >> [Applause]. >> So if there are any investors this the audience, I will be listing myself on the exchange soon. >> You really take failed to a whole new extreme. >> Fail fast, fail often. >> All right, so I have another minor request. We've been doing this fail panel for 7 years. This is the -- or this is the 7th year. >> This is the 7th year, hour 13 and 14 not-for-profit. >> It's quite likely the last one. Never say never, so I'm not going to say never. My 5-year-old daughter has this weird obsession that she thinks it's important to be famous and she asked me if I was famous. And I said I'm Internet famous, but not in a bad way, no porn. >> [Off mic]. >> [Laughter]. >> Yeah, so I was going to try to FaceTime here. If you don't want to be on camera, turn your face. Everyone needs to say hi, Riley and hi, Erin. I have a son, too, but he could give a fuck. Everybody ready? >> Hi, Riley! Hi, Erin! >> Thank you everyone. It's been great doing this, we might be back, but we've done everything from robots to Wi-Fi hacking, you know it. And on that note, let me load this up, we're going to go to Rob Graham. We have 30 minutes left, the donations. Feel free to continue donating even though the doughnuts are gone. The bids on the uber waffle is $100 and the Vegas waffle is 69, from some smart ass, but we like you anyway. >> I'm sitting here trying to figure out how to explain to my daughters what we do for a living. >> We have doughnut boxes. We will autograph the empty doughnut boxes. >> Any doughnuts left? >> We are long out of doughnuts. >> I have two nieces that live in Japan and their impression of Uncle Rob is this clown who arrives once or twice a year and they can play with. >> [Laughter]. >> So they're names are Miya and Mari, so if you could do the same thing you did for rich and say, hi, Maya, hi, Mari, that would be awesome. >> Oh, we can totally do that. >> Go! >> Hi, Miya! Hi, Mari! >> That's awesome! >> Wait a minute, you are all doing what you're told? Everybody, bid on the fucking waffles already! >> Yeah >> So I thought I would cover something that is actually pretty lame and that is how the news people report about cyber security. After the heart bleed virus spread throughout the Internet, you thought maybe we should stand up and say, hey, wait a minute, there's actually a problem with the way you report it on news. And I thought by now the kids graduating from college would have done this, but they know how to use the iPad but no idea how technology works. I have a friend who is kindergarten teacher, and for the poor kids, it's fine. But the middle class kids can't hold a Crayon because they are on iPads all the time. They need remedial teaching on how to actually draw something. And I think that's where the news is going is that route. There was a story about the inventor of zip coin and as it turns out, that story was based upon nothing concrete. And I was looking at the story and realized all the things the reported quoted as things that prove that this guy was the guy from zip coin, who was worth probably a billion dollars, half of them applied to me. And I was like down on the list of like 10,000 most likely [indiscernible] Moto. So I was going through the list and looking at my fellow fail panelists and thinking. >> [Off mic]. >> [Laughter]. >> And thinking that, all of these weird things about their life suddenly make sense. Like I was mentioning my Japanese nieces I get to see a couple times a year. That means I have this weird connection with none of the rest of you guys, it is unique to me, I have this weird association with Japan that would lead me to use that as my handle. Dave Maynard, one of his grandparents is Japanese so maybe that's how he's connected to Moto. The Emperor's wife claimed his penis was made in Japan, so he has this weird tie to Japan that the rest of us have. >> Hang on a second, mine is not remotable. >> I have to read this from the slides because I can't, you know, it's meaningless, you wrote a deconstruction of Japanese literature. Who else has written a deconstruction like this? So Rich is like Moto. And [indiscernible] couldn't be here because he picked a fight with a UFC fighter last night. >> [Off mic]. >> Or that. My story is better. He does jujitsu and martial arts and has that connection to Moto. Wendy is [indiscernible] and so maybe she is connected to Moto. So my point is, is the way these news stories are constructed is --. >> It took you that long to pars that? >> [Laughter]. >> [Off mic]. >> They pick a news story and then go hunting for evidence to support it. So there was [indiscernible] in Russia this year, in [indiscernible] Russia, NBC did a story where it starts out with, I don't know, a good looking guy saying stuff on TV and he said if they fire up their phones at baggage claims it's probably too late because the Russian hackers have already hacked you. So I looked into that. I took my little ninja phone that I got two years ago at ninja party and I installed an app that said fake GPS and I tried to replicate what the story reported. So I set my GPS location to Russia and installed a VPN so it was going through Russia. So if there was some evil hacker, they would be intercepting my traffic. I then did what they talked about, which was to search the Internet. And so I had to go through all my security settings and set things like, allow installation of market apps, where it can go to any other Internet and install an Android app. It gave me lots of warnings saying, do you really want to do this and I said yes. Now I had the problem, the news story was really about how some websites might give you an Android app. I couldn't find any Android app. So I had to look for things like update.APK looking for a hostile Android app. And then actually, there's a lot a hacker would have to go through to install an Android app. You have to hunt things down and go through options April here is the APK I want to install. >> Do, do, do, do, do, do. >> I'm getting excited just sitting here. >> So maybe the reporter doesn't have it go through all this struggle here, but it gave warning after warning like saying installing this app may harm your device. Do you really want to install this application? It makes phone calls on your behalf and goes through all your contacts. And what the story was on NBC's program was, and here's how they lead to it, was Melissa hijacked our phone before I even started my coffee. After he had gone through all of those steps. So when I saw this story, I thought, well, yeah, Russian hackers could be like having a cell phone baseband intercepting the Internet traffic. No, it was going through all of these steps one after the other, configuring his phone saying, yes, I want to install this malware on my phone. Even after those steps, yeah, I was hacked. >> This is the part where Rich's pants come off, by the way. Pants, pants, pant! >> [Off mic]. >> Yeah! [Cheering]. >> I want money, cash. >> We need more donations. He only drops for cash. >> Come on 20 bucks, 20 bucks, 20 bucks. I see 20 bucks. >> [Off mic]. >> [Laughter]. >> Come on, we need some more catch, come on! >> I need some more money! >> More catch! >> We have a message here from Mr. Rothman. >> So, Rich, you understand that we're a professional company and we can't have you taking your pants off all the time Rich, it's not acceptable. >> That's a good impersonation of Rothman. >> 120? 140? >> [Applause]. >> 7 years in a row! >> [Applause]. >> I will pay $100 to anyone who takes that picture. >> And now all of DEF CON knows I'm a natural red head! >> Rich, we have in fact, seen the Travelocity Nome. >> So there's this outcry about NBC and Newsweek and they said, no, we've investigated these things and these are the highest levels of journalistic excellence, blah, blah, blah. So there was a story about Jacob Asbomb during Christmas where he talks about the amp catalog, it's all various evil devices the NSA has. And one of them listens in on people, they get a response from the audio. And he went off on this whole thing about, oh, it causes cancer because it's at 1 kilowatt and for example, he was saying it was an evil cancerous device. And that's the stuff on the news, they all report it on, they say hey, Chavez may have been killed by the NSA 1 kilowatt. It does not cause cancer, it may burn you, but it's not going to cause cancer. So I said, why don't you talk to people like at DEF CON because everything --. >> Hey, Rob, is your presentation causing cancer right now? >> [Laughter]. >> So for everything in the amp catalog and every evil thing the NSA does, there's someone is here at DEF CON who has presented on or can present on it. And his response was typically, like blah, blah, blah, I must have missed it. It was actually kind of cool because last year at DEF CON they had a short story contest and I had written a story where that was actually the plot. I had not actually presented it, but I did a story about the guy who presented it and it was all cool. So this year at DEF CON, Michael --. >> Wait, doesn't this just prove you work for the NSA? >> Yes, I work for the NSA. >> You heard it here first, folks. >> You know, I hack the NSA. So Michael is the expert, I'm not the expert, he is the expert on such a thing. He is presenting on using what you see. In the picture here is a Hasbro for the little race car things and you use a radar gun to measure the speed. And it's the same kind of radar gun the police use to catch you on the road. And it produces a constant radar signal and it can be used to pull back audio and stuff. So that's an example of, for everything the NSA does, instead of like quoting some activist out there who may know something about cyber security, there's actually a thousand people here who have probably demoed that at DEF CON. >> [Laughter]. >> The worst example of this is Bruce Schneider and he is a smart guy, really creative, has insightful things to say and he knows a lot, but the press treats him as this prophet. >> He will watch this blog post saying, I wonder what I'm going to have for lunch today. And the story will come out saying Bruce Schneider says the NSA kills puppies. And I asked why they do this and they said it's the only guy they have heard of. So they pull it apart to support whatever weird thing they are claiming. So the Congressman who took that quote and said Bruce Schneider has noted, confirmed that [indiscernible] is selling [indiscernible]. But, again, what he said was, I don't know. Maybe that's a possibility. He didn't say he confirmed, he just said, well, I don't know. So there was a quote about -- again, Bruce Schneider on top of Bruce Lee here. It was an activist, the NSA wasn't involved and that becomes --. >> Oh! >> Premature! >> Well, that becomes a confirmation that experts have wondered --. >> I'm going to let you continue in a minute. >> Why are you so bad at computers? >> [Laughter]. >> Okay, gang! I have been given the 10 minute warning. The uber waffle is up to $150. Are you going to take that? $175 for the Vegas waffle. >> Thank you! >> 100 bucks! >> 100 bucks and keep it? >> Thank you. >> We thank you. >> [Off mic]. >> So if I knew how to use PowerPoint you would see the quote here, which is experts wonder whether vulnerability was deliberately started by the NSA. So it started by -- you can say anything, like, this morning, I got up and took a dump and suddenly that becomes something quoted in the news. So that's my thought. Okay, excellent. >> [Applause]. >> Dave needs a dongle. Dave needs a dongle. >> I know where to put the dongle. I put the dongle lots of places. I did, I put a dongle in the spot, I put a dongle in a spot more than once. >> [Off mic] >> I never use protection -- no, wait, I always use protection. I do. Is protection why I have a roll of nickels in my pocket? >> [Off mic]. >> Oh, yes. It's my dongle. >> I'm into that. >> [Off mic]. >> It's in upside down and apparently it still works. >> So we can't fail again. >> Again. Again. >> Because we keep failing, so for the last two years I've been playing with Dustin on [indiscernible] and after a joke turned into Hanson actually releasing a new album, I came to realize, this is not a joke. We should not play around with forces beyond our control. Hence, they might release a second album. I can't be responsibility for that. I have enough people who hate me over the original album. So Rob and I came up with something different. We scanned the Internet a bunch. Rob wrote a high speed tool, it's called NASCAN. If you want to scan the Internet, do it right now, do it from DEF CON. >> So nothing shows how badly broke defenders are. >>> Hold on, I'm getting a call. It's from Madam O. You know, what, it just keeps going. It's got stamina. Oh, wow. Nothing shows how badly these two are broken as people scanning jail.0.0.0. If you have ever used a map, you have dreamed of scanning the Internet. You can type in that address. So in a year, we have 145 complaints for scanning the Internet. The majority of those were particularly from [indiscernible] Hartly. So the average response time -- between us scanning them and somebody complaining about it is 24 hours. >> So what we do by the way --. >> Dude, that's way too much technical detail. That's way too much information. >> I'm going to do it anyway. It's important. >> We're getting this up and ready. >> But we get all of our abuse complaints back, so we get all the emails of people saying stuff. >> So -- no, no. >> [Laughter]. >> So the point is that we started getting emails like this, honestly, some people in the audience will send us an e-mail like this, they would want us to fuck off and die. >> Dave, it's for your butt. >> Right. >> My favorite one is the facility in Korea who CC'd an e-mail for everybody in the security. So we were able to get an entire list just from them reporting. And you may ask yourself, what type of egregious e-mail would cause you to copy everyone in your security? They outed themselves for somebody doing HTTP security. Even Rich couldn't make money off that business model. >> Our favorite thing, MMRSP. We would request all of the e-mails your clients have been sending for a year. I had to remove the company's name for privacy, but they sent us the same thing, the MMRST company name, they abbreviated and they put it in the username and then the storage address for the e-mail is the company name. So for instance if we had a company called the failpanel.com, it would be at the failpanel.com. They said these 400 clients have all sent us e-mails so this is your client list. When have gotten congratulations letters when they sign up a new client. That's how well we know their clients. >> [Applause]. >> And on that note, ladies and gentlemen, please don't do that. Thank you. >> [Applause]. >> We get a lot of messages that say is, please stop scanning us, they wouldn't tell us who they are or what their IP address is. And it's pretty funny because they don't get the fact that we don't know who they are. We're scanning the entire Internet, we don't know who you are. So there's a company -- I'm on a podcast and I launch a scan the night before. >> You know that we're done, right? >> And --. >> No, no. >> We're getting dossed here. >> I want to thank everyone for coming, you all donated $685 in cash for doughnuts and Rich to drop his pants. And I congratulate Rue for the Vegas waffle and come on up and get the uber waffle. Thank you, everyone. >> Thank you all! >> And the last thing is, at the end we have patches for our speakers, so I'd like to call everybody up. Mr. David Mortman, Mr. Rob Graham. You get a DEF CON speaker patch. James Arlin. Wendy Nebor. Get over here, David Mortman. >> Everybody get one? >> There's still a crap ton of stickers up here in you want them.