Black Hat net neutrality test (and odd Google Earth uses)

Welcome to IT Blogwatch, in which a Black Hat speaker tests for net neutrality. Not to mention how Google Earth is changing science...

Robert McMillan has the scoop:

A Seattle-based security researcher has devised a way to test for Net neutrality. Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, on Wednesday at the Black Hat USA security conference in Las Vegas. The software can tell if computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in VoIP (Voice over Internet Protocol) calls, for example, or treating encrypted data as second class.

Congress is presently debating whether to enact "Net neutrality" laws that would prevent this from happening ... Advocates of these laws say they are essential to preserving the openness that has made the Internet a success. Broadband providers say that such laws could prevent them from developing a new generation of services. Kaminsky calls his technique "TCP-based Active Probing for Faults." He says that the software he's developing will be similar to the Traceroute Internet utility that is used to track what path Internet traffic takes as it hops between two machines on different ends of the network. But unlike Traceroute, Kaminsky's software will be able to make traffic appear as if it is coming from a particular carrier, or being used for a certain type of application, like VoIP.

Ken Camp is watching with interest:

Dan’s an internationally known figure and widely respected in the industry. He’s listed on a couple of different agenda points, neither mentioning net neutrality. I suspect this will be a piece of his Black Ops 2005 talk. I’ll be watching for output and link whatever I find here.

Joe Barr caught Kaminsky's talk:

I caught Dan Kaminsky's session on Black Ops 2006 in the /dev/random track immediately following the keynote. His talk, the sixth he has given at Black Hat over the years, was a brisk stroll investigating pattern recognition that might be useful for fuzzing attacks. After introducing his grandmother, who got a round of applause for attending her third Black Hat, Dan rushed into his talk, skipping over some material in order to make up for the late start of the keynote.

Net neutrality was his first topic. He talked about how Comcast is already non-neutral, selling a premium service to allow customers to pass video or encrypted traffic without interference, and how the state of Washington had to move thousands of its employees off of Comcast because of their interference with the state's VPN. He also talked about various ways non-neutral networks could be detected, and ways to route traffic around them.

Paul Roberts is also there, with pictures!:

As Black Hat chief Jeff Moss pointed out in his opening remarks here this morning, back in 1996, the show had all of 100 attendees who gathered in the shadows of Defcon -- that _other_ hacker con ... Moss said that attendance is up 30 percent this year over last, with 15 percent of attendees from outside the U.S. You can see evidence of the growth all around: long lines, pillaged food stations and flash coffee shortages.
But Moss debunked the notion that the show had sold out, or that Microsoft had "bought" at track focused just on its upcoming Vista operating system. Moss himself took credit for that track, which features leading Vista engineers talking about the security features of the OS and the company's secure development process. Moss took Microsoft at its word when it said that Vista would ship at the end of 2006, and planned the track with that ship date in mind. Alas, with the date slipping further back into 2007, Moss found himself with a track focusing on an OS that is still, for all intents and purposes, still MIA.
Look for more posts from this year's Black Hat and more pix. Especially from later tonight when Black Hat's 10th anniversary runs smack into Caesar's 40th anniversary and plans for the world's largest Toga Party!

Paul Kapustka is self-congratulatory:

Let me pat myself on the back for doing the easy work -- predicting it would happen ... At least InfoWorld got a story on the proposed software... which is more than we can say for my former employer (and new Black Hat show owner) CMP Media, which apparently has a bunch of reporters there but no sign yet of any VoIP news... maybe they're all still at the party? Toga! TOGA!

Buffer overflow:

Around the Net

• Grey Matter Gruel: Pay Attention to me!
• Scobleizer - Tech Geek Blogger » Videoblogger jailed
• Discovering Identity: Mobile Phones and Identity
• Windows executive shuffle
• F-Secure: WLAN viruses, anyone?
• The Old New Thing: The implementation of anonymous methods in C# and its consequences (part 1)
• Carlo, Techdirt: FTC Says Rambus Monopolized Memory Tech Market
• Good Morning Silicon Valley: Vista testers to Microsoft: Even the bugs aren't stable yet
• Eric Roch: IBM Acquiring Webify is a SOA Success Story
• Brian Krebs: Hijacking a Macbook in 60 Seconds or Less

Around Computerworld

• Douglas Schweitzer: Apple releases the fix of 26
• C. J. Kelly: Don't go wireless at Black Hat
• Alex Scoble: Dell on road to improvement, one blogger at a time
• Robin Harris: Storage Gone Wild: Perps On Parade
• Jerri Ledford: Skimp on security and they'll find a way in
• Dan Tennant: Tomorrow's Treasures, Day 3 - SIGGRAPH 2006
• Shark Tank: Clock watcher
• Martin McKeay: Severe Intel Centrino vulnerability released
• SaaS Revolution: SaaS Economics
• Douglas Schweitzer: U.S. the leader in spam relay 

And finally... The Mapping Revolution: How Google Earth Is Changing Science

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.