The LISA ‘05 Conference Blog

There’s a really close intersection between the sort of people who attend LISA and those who read MAKE magazine. We all love to build stuff and tinker.

That’s the thinking behind a special evening program on Monday night we’ve arranged for this year’s LISA. We’ve invited two frequent contributors to the magazine (one of which is on their tech advisory board) to come and talk to us about their work and the philosophy behind the new resurgence of do-it-yourself-ing behind MAKE. They’ll also be bringing a bunch of stuff for attendees to see and play with after their talks.

(added bonus: the first 100 people attending the talk will receive a free copy of the magazine, courtesy of the nice people at MAKE magazine. If you’ve never seen the magazine, here’s a special online sampler for people reading this blog.)

Here’s the info on the talks for this special evening:

Talk I: Tweaking, Bending, and Making: Stories of a Hardware Hacker
Joe Grand, Grand Idea Studio, Inc.

Never before has the do-it-yourself ethos been so popular. Bolstered by loose-knit communities of curious tinkerers and O’Reilly’s new quarterly MAKE magazine, tweaking, hacking, and bending have all but reached the mainstream. Behind the projects lie individuals with the drive to make something better, to modify a product to do something it was never intended to do, or to just create something out of the ordinary. This approach to problem solving should be familiar to the USENIX community. 


In this fun and light-hearted session, Joe Grand, electrical engineer and obsessed inventor, will tell his story and that of MAKE magazine. Armed with some interesting, wacky, and/or curious hardware hacks, Joe will provide a show-and-tell that will hopefully motivate you to embrace the Maker mindset in your own lifestyle. 


Joe Grand is the President of Grand Idea Studio, Inc. (www.grandideastudio.com), a San Diego-based product research, development, and licensing firm, where he specializes in the invention and design of consumer electronics, video game accessories, and toys. Joe is the author of several books, including Hardware Hacking: Have Fun While Voiding Your Warranty and Game Console Hacking. He is on the Technical Advisory Board and is a Contributing Writer for MAKE magazine. 


Joe is also a globally recognized figure in computer security. He has testified before the United States Senate Governmental Affairs Committee and is a former member of the legendary hacker collective L0pht Heavy Industries. Joe holds a Bachelor of Science degree in Computer Engineering from Boston University.

Talk II: Hacking Silicon: Secrets From Behind the Epoxy Curtain
Bunnie Huang, bunnie studios, LLC

I’ll talk about basic methods and theory behind silicon hacking:

• motivation
• examples of silicon-based security
• overview of methods for decapsulating silicon chips
• methods for imaging chips
• theory behind deciphering silicon chips (briefest introduction)
• practical example of hacking a PIC microcontroller to recover data from security fused regions

Bunnie Huang (www.bunniestudios.com) has a strong background in silicon design and reverse engineering. bunnie completed his PhD at MIT on computer architecture, with an emphasis on the big-picture silicon implementation issues of large scale parallel machines. During the course of his studies, bunnie reverse engineered cryptographic keys out of the Xbox hardware and published his findings in CHES (Cryptographic Hardware and Embedded Systems) and in a book titled Hacking the Xbox. bunnie’s professional experience in silicon design (which includes 802.11b/Bluetooth radios, 10 Gigabit transceivers, CMOS photonics, and various prototype chips for silicon devices research) combined with his reverse engineering expertise gives him a unique perspective on silicon hacking.

Register for the conference here.

Dan is the author of one of my favorite sysadmin-related hacks of all time. I can still remember the glee I felt when I heard he had found a way to tunnel SSH over DNS (yes, you heard right) and had provided the code to do it. Later that year at BlackHat, he showed not just SSH, but audio and video streaming through DNS.

I came to learn this was just one of a series of tremendously creative ideas in security that put him permanently on my “people to watch” list. Other examples included innovative work in port scanning and network visualization. He’s also known for work on the practical application of some of the new attacks on MD5. I understand this year he made some waves with announcement of a security scan that showed 230,000 DNS servers are still potentially vulnerable to DNS cache poisoning.

I’m delighted that Dan has accepted an invitation to speak at LISA 2005. We might even get him to demonstrate some of the cool DNS hacking I mentioned plus some of the new stuff he has up his sleeve. On top of this, Dan has agreed to address the questions that system and network administrators must deal with when faced with these and other mind-blowing security hacks if (or more likely when) they appear on your network.

Here’s the official blurb for the talk:

There is set the of functionality we expect from our network. There’s the set of functionality your network is capable of. These two sets are not identical. This talk will explore security risks you may not even be aware your network is exposed to and will demonstrate new techniques for managing those risks. Mechanisms will be discussed for:

Establishing video-capable tunnels over DNS (and detecting such tunnels)

Evading intrusion detection systems by exploiting IP’s lack of statelessness

Reliably auditing internet-scale networks

Visualizing complex network activity

See Dan’s web site for a flavor of the sort of stuff you’ll be hearing at the LISA 2005 conference.