[ISN] LayerOne Hacking Exposed

InfoSec News isn at c4i.org
Fri Jun 25 09:06:34 EDT 2004


Forwarded from: The LayerOne Staff @ layerone.info

How Tom's Hardware Guide Got It All Wrong

There's that well worn saying that declares "There's no such thing as
bad press."  After seeing all the traffic that Tom's Hardware Guide
drove to the LayerOne site yesterday, we'd almost be ready to agree.  
We pulled in almost 6000 unique visitors yesterday.  That's four times
the amount of traffic we picked up from a mention on Slashdot the day
before.

To be honest, anyone should be satisfied with this sort of buzz.  We
know we are.  But we're also disappointed with the reasons why people
are flocking to the site.  The article [1] on Tom's Hardware Guide,
borders on sensationalist journalism.  Despite having things clarified
to the author in both public and private forums, the article still ran
with a slew of half-truths and included events that were altogether
unrelated to the conference.

The first and perhaps most distressing portrayal that the article made
is that LayerOne is yet another hacker conference.  While it's nice to
be listed amongst the ranks of Defcon and Toorcon, we've strived
really hard to make LayerOne it's own beast.  Sure the inspiration for
LayerOne came from ToorCon, but we also pulled ideas and inspiration
from events like CodeCon and O'Reilly's Emerging Tech. As Danny
O'Brien said in the intro to NTK's NotCon the weekend prior to
LayerOne, the whole idea of the conference was to "cross the streams".
After hearing Justin Mason say that he picked up a few good ideas for
Spamassassin while talking with some folks at the conference we knew
we were on to something.

In fact we think there's a new breed of conferences on the horizon.  
One where open source coders can mingle with the people who look for
security vulnerabilities.  One where spam fighters can mingle with
biology majors to go off on the tangent of treating junk email as a
virus.  One where people who want to take a look at the amazing new
stuff people are working on but can't justify paying $1000 a head to
do so.

That was the whole concept for LayerOne:  Make it cool.  Encourage
growth and exploration.  Keep it cheap.  We think we're on our way to
doing that - but being dismissed as a hacker con sort of takes the
wind our of our sails.

Now, before we lose focus on why we're here we have a few more
reflections on the THG article that we found to be less than pleasing.  
To his merit, the author does a moderately decent job converting three
talks into Reader's Digest style summaries.  Only towards the end of
Dan Kaminsky's talk does he overreach a bit by trying to draw a dotted
line between the Akamai DNS outage on June 16th, 2004 to Dan's talk.  
Dan hasn't released any of the tools used in his talk yet, and if one
actually sat in on his talk you'd know the last thing any of the tools
could be used for would be to launch a Denial of Service attack.  
Even if the author didn't make that claim outright, he seemed to make
an affront to something sinister.

Finally, to clarify some things, the Irvine Underground party where
there was apparently a wrestling match between attendees was not a
sanctioned LayerOne event.  We had no altercations between attendees
at the actual conference, but we didn't really expect any either.  
Even though the author claims that we may never know why the hotel's
fire alarm was tripped twice on Sunday the answer is actually simple;  
A piece of paper had fallen over on the exhaust vent on the hotel's
sauna.  It wasn't any malicious hackers or miscreant kids causing
trouble as the author suggests.  It was a piece of paper and some
wind. This was also explained to the author but he seemed to not
report it. I guess the truth is boring.

Still, the saddest part of all of this is the author seems to have a
thing for blowing things out of proportion.  He said "The rumors will
morph into something outrageous by next year." in a public forum [2]
as if it were some sort of consolation.  The author of the article
seems to think that spreading rumors and disinformation will actually
do us some sort of favor.  If that was the type of event we were
trying to put on, perhaps it would assist us in some way.  But we're
not looking for those types of favors, nor are we attempting to
address the crowd he seems to think we are. We thank you for taking
the time out of your busy day to give us a few minutes to set things
straight.

	Your Servants,
		The LayerOne Staff

[1] http://www.tomshardware.com/business/20040622/index.html
[2] http://forum.defcon.org/showpost.php?p=46982&postcount=12





More information about the ISN mailing list