DUST: Your RSS Feed belongs to you!

Video thumbnail (Frame 0) Video thumbnail (Frame 2351) Video thumbnail (Frame 3050) Video thumbnail (Frame 3652) Video thumbnail (Frame 4275) Video thumbnail (Frame 5252) Video thumbnail (Frame 6177) Video thumbnail (Frame 6812) Video thumbnail (Frame 7411) Video thumbnail (Frame 8093) Video thumbnail (Frame 8702) Video thumbnail (Frame 9460) Video thumbnail (Frame 10441) Video thumbnail (Frame 11041) Video thumbnail (Frame 11837) Video thumbnail (Frame 13831) Video thumbnail (Frame 17161) Video thumbnail (Frame 17825) Video thumbnail (Frame 18721) Video thumbnail (Frame 20758) Video thumbnail (Frame 23255) Video thumbnail (Frame 24376) Video thumbnail (Frame 25494) Video thumbnail (Frame 26141) Video thumbnail (Frame 26747) Video thumbnail (Frame 29223) Video thumbnail (Frame 30319) Video thumbnail (Frame 31317) Video thumbnail (Frame 33053) Video thumbnail (Frame 34486) Video thumbnail (Frame 35299) Video thumbnail (Frame 35930) Video thumbnail (Frame 36619) Video thumbnail (Frame 37354) Video thumbnail (Frame 38127) Video thumbnail (Frame 38767) Video thumbnail (Frame 39822) Video thumbnail (Frame 40774) Video thumbnail (Frame 41592) Video thumbnail (Frame 42219) Video thumbnail (Frame 42928) Video thumbnail (Frame 44228) Video thumbnail (Frame 44974) Video thumbnail (Frame 46096)
Video in TIB AV-Portal: DUST: Your RSS Feed belongs to you!

Formal Metadata

DUST: Your RSS Feed belongs to you!
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Law around the world is trying to control what is published on the Internet. After wikileaks case and HBGary ownage everybody could see how there are many controls that can be used to close a website, a domain name and to cut the communication between the source and the audience. What happened if someone wants to close your blog? Could you send any message to your audience? In this talk we provide you a new way to publish your RSS feeds using P2P networks as a failover system. Dust is "only" a Reader but could manage P2P Feeds, multiples http feeds from the same source, and the most important feature, can migrate from one feed to multiple ones without any effort for all your attendees. Chema Alonso is a Security Consultant with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politécnica de Madrid. During his more than six years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Black Hat Briefings, Defcon, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA, the meta-data extraction tool which he co-authors. Juan Garrido "Silverhack" is a forensics professional who had been working as security consultant the last seven years. He is the writer of two books about Forensic Analysis in Windows Environments and actually works as security consultant in Informatica 64.

Related Material

Video is accompanying material for the following resource
Word Personal digital assistant Multiplication sign Workstation <Musikinstrument> Video game Wave packet
Food energy
Metre Medical imaging Mereology
Trail Radical (chemistry) Service (economics) Integrated development environment Hacker (term)
Point (geometry) Rule of inference Word Internetworking Internetworking View (database) Multiplication sign GUI widget Computer network Spacetime Rule of inference Spacetime
Multiplication sign Blog Computer network
Impulse response Game controller Computer file Internetworking Rule of inference
Point (geometry) Internetworking Projective plane Matrix (mathematics) Matrix (mathematics)
Software Order (biology) Airy function Denial-of-service attack Neuroinformatik Point cloud
Point (geometry) Domain name Spherical cap Personal digital assistant String (computer science) View (database) Domain name Mass Core dump Coma Berenices Thermal expansion Plastikkarte
Injektivität Facebook Simulation Email Link (knot theory) Service (economics) Profil (magazine) Internetworking Multiplication sign Projective plane Address space Neuroinformatik
Point (geometry) Domain name Server (computing) Firewall (computing) Decision theory View (database) Protein Event horizon 2 (number) Direct numerical simulation Case modding Internetworking Computer network Physical law Information Key (cryptography) Structural load Moment (mathematics) Physical law Computer network Surface of revolution Connected space Internetworking Personal digital assistant Green's function Direct numerical simulation System programming Website Right angle
Domain name Service (economics) Physical law Projective plane Virtual machine Denial-of-service attack Facebook Direct numerical simulation Googol Different (Kate Ryan album) Internetworking Blog Internet service provider Routing Physical system
Domain name Dot product Content management system Computer file Projective plane Content (media) Bulletin board system Connected space Peer-to-peer Direct numerical simulation Message passing Internetworking Radio-frequency identification Computer network Canadian Mathematical Society Direct numerical simulation Freeware Physical system
Expected value Googol Information Blog Moment (mathematics) Order (biology) Content (media) Speech synthesis Energy level Limit (category theory) Rule of inference
Computer file Block (periodic table) Internetworking Multiplication sign Blog Mathematical analysis Content (media) Rule of inference
Domain name Presentation of a group Pay television Information Source code Projective plane Domain name Content (media) Googol Length of stay Blog Internetworking Personal digital assistant Different (Kate Ryan album) Blog Website Right angle
Scripting language Source code Pay television Pay television Information Source code Projective plane Peer-to-peer Malware Integrated development environment Different (Kate Ryan album) Information retrieval Blog
Source code Pay television Pay television Computer file Distribution (mathematics) Block (periodic table) Point (geometry) Source code MIDI Menu (computing) Line (geometry) Peer-to-peer Single-precision floating-point format Proof theory Blog Computer architecture
Implementation Email Link (knot theory) Computer file Block (periodic table) Domain name Counting Peer-to-peer Intranet Process (computing) Blog Website Text editor
Inclusion map Mathematics Computer-generated imagery Hash function Computer network
Web 2.0 Medical imaging Mathematics Server (computing) Key (cryptography) Computer file Link (knot theory) Personal digital assistant Hash function Computer-generated imagery Computer network Computer network
Peer-to-peer Scale (map) Sign (mathematics) Computer file Computer-generated imagery Hash function Computer network Unified threat management
Sign (mathematics) Group action Information Key (cryptography) Demo (music) Demo (music) Computer network Source code Authorization Key (cryptography)
Execution unit Mobile app Pay television Blog Virtual machine Menu (computing) Remote procedure call Gamma function Mereology Window Metropolitan area network
Subject indexing Pay television Broadcast programming Different (Kate Ryan album) Blog Computer program Information Internet Explorer Self-organization
Source code Computer program Electronic mailing list Maize Fingerprint Very long instruction word
Execution unit Pay television User interface Different (Kate Ryan album) Source code Right angle Error message
Wechselseitige Information Key (cryptography) Computer file Block (periodic table) Blog Java applet Public-key cryptography Newton's law of universal gravitation
Computer file Source code Virtual machine Public-key cryptography Hand fan Connected space Peer-to-peer Medical imaging Internetworking Blog Computer network Convex hull Selectivity (electronic) Newton's law of universal gravitation
Peer-to-peer Revision control Social software Information Demo (music) Constructor (object-oriented programming) Energy level Client (computing) Alpha (investment)
Demon Trail Boss Corporation Service (economics) Open source Java applet Code Connectivity (graph theory) Projective plane Computer network Cartesian coordinate system Open set Revision control Radical (chemistry) Hacker (term) Computer network Hacker (term)
hello hola how many you how many of you speak Spanish say only one two three that's impressive well hello everybody thank you for staying here talking after moxie and dan kaminsky is a top tax but someone has to do it so that's me well first of all let me introduce myself
this is the fourth year the fine talking here in in Def Con I'm from Spain some any of you had been one year before you know one of my talks any of you perfect well I'm from Spain I'm sorry for my accent I have fun horrible accent that's the problem with all the people from the Spain and I in my case is especially because I start to learn English when I was 33 years old right now and 25 but I started when I was 33 year olds and I got a lot of problem with English especially with the words that start with S like my country spain spanish i used to say a a spain like all the words spain station and so on and i got a lot of problems and my personal teacher my personal training was telling me not say a say spain in spain and i try to fix this problem saying a very small s and in the end i used to say i'm penny's and it sounds very well also when when you are in our party talking to a girl so I'm sorry for my English I'm from Spain how many of you have been to Spain any time in your life very well well if not
you have to know some things about the spaniels first of all we we know how to do parties this is one of the most famous parties in Spain is the summer ministries are very impressive party the
only party very similar to this is the Mardi grass in New Orleans as you can see that a lot of people on the street people from around the world and it's a seven days party 24 hours every day and every day we need to clean up the city so we release some booze I brought the
city and you have to run to get safe
this is real you have to run and if not you you will end up with some free
and doing a special things this is one of the parties this one as the my final but we got a party around the country
this another one it's tomatina it's a battle of tomatoes you can get into the whole city fighting with tomatoes this
impressive and it's very funny in the end everybody is like energy but not an
orgy well sometimes it's it is it lies like this well another one party that
you have to know from Spain is the fallacies this party's in Valencia I read every year and during the whole gr people are constructing this kind of sculptures are very nice sculpture as
you can see our 10 meters how and at the end of the day we need to burn them to
all of then no one survived this is a tradition Spanish Teresa because we need
to fight to to cope idea which is one of the most tasty food in the world and of
course in Sevilla for religious people this is the Holy Week in civilian all all the all the people from Andalusia the south part of Spain is carrying the images religious people but it's not only for religious people people because one week after there is the Upper East fair which is a different party where
you can drink sing dancing and so on is very fine and of course you go to spend
you have to visit my city which is Madrid a very nice city a city that never sleeps but like New York and it's quite nice so don't forget to visit my
country ok I understand they said I'm going to talk about I other thing it was supposed that this toll was where I talk about how to hack terminal services and Citrix environments but we are going to deliver this talk this afternoon in in track 2 and this top is a about a story
on the internet from my point of view from the point of view of an espana a guy in a very small country that we call which we could call a small bill because he's like a like a village well once upon a time we were very happy on the internet everything was was beautiful we got an Edward in which we can do we could do a lot of things it was everything was was perfect a fantasy
a fantasy world internet was on space of freedom and space where all opinions were allow it well nobody controls the network we use words like net neutrality or anonymou anonymity or a network with no rules and everything was perfect the only problem that we got at that at that
time is that that it was created in the Age of Aquarius and everybody thought that the rest of the people will be will be happy with this kind of network the only problem that we got was the trolls
you know that kind of people who who has nothing to do that comment in your blog I don't like this you are wrong other like this you around you know that kind of people yeah well even this problem we solve is with with with Sonny special
netiquette we use rules but it was an impulse is just a recommendation if someone tried to to be control to send a file with netiquette drools explaining explaining how to behave on the internet it was all the problem but sunday wiggle
its appeared with WikiLeaks we realize that internet wasn't that way I'm not going to talk about the weeklies project itself I not going to talk about if what they are doing is a crime or not I'm going to talk about the censorship that they suffered and what happened after WikiLeaks released the cables from bradley manning the idea is that at that point we realized that internet wasn't
that peaceful place there was a lot of a lot of problems with internet and we discover all together in only one week we lift the matrix and watch and see the reality of the internet first of all we
discovered that some governments could use hacking techniques to sat down computers to sat down servers like with the first thing that the software was a distributed denial of service it was supposed to be done by a powerful country it's supposed to be a Spain and it was the first step in this in this story after that the second
story was that they will kick it out front amazon in one day in one day it's incredible if you try to get an order from a from a judge in a spain you need more than three months but one with one only one day they were able to to kick out fa wikileaks from amazon then the
next problem with the internet domain and that's that's very important for us from our point of view from an expansion point and spaniard point of view that's a big problem because most of the companies in Spain are calm even my company it's a dot-com company and even we got dot over 80 LG companies and in this case in only one day this is the third of December they lost the domain of course after that the money with
paypal master cap and so on and the most
impressive thing is that time after the anonymous group get into the same and they try to do something against the people who were fighting to two-week licks one of the most important things that they do was the HB Gary federal
ownage it was very funny story with the Civil injection extracting the emails and so on but after analyzing the email addresses we discovered that there was crappy services that the government's not only the US government the government's from around the world where we're using a for instant tax be or 12 monkeys project that were project to control machines in of the citizen or computers front I don't know companies also they fake the facebook profiles now the idea is that there was a war of psychology managing profiles like playing sims and trying to to push ideas from the internet on the social network and the last one with the weird propaganda using images like like the one on the right side 22 through ideas across than the social network after that we realized that Internet has a lot
of protein also in the infrastructure one of them is publicly known as the Great Wall firewall in China I don't know if you were in China but is true is impossible to the watch porn the BGP attacking in a gyp the idea of this attack is when the revolution starting in Egypt the government could have all the network publication in the BGP servers so the network of Egypt was take F was take it out from the internet it was a radical decision but it works it worked for for the moment of course the law every country has a special low on the internet and all the countries are trying to get a bigger piece on the a bigger piece on the internet there is supposed to be international laws and of course American loads that for us for Spanish people is very important more important than our own low in on the internet also problems with the DNS with WikiLeaks it was very very famous but in Spain without a very special case which which was rojadirecta or this domain was a publishing in streaming through internet of football mods and braces and so on the idea is that a guy on a guy with a paid TV connection was recording the the event and sending the distri- internet and this website was polishing that information that's illegal in the United States of America but not is legal in a spain after a trial in a spain it was declared not guilty so nothing was supposed to to happen but without a trial the domain was completely disappear for us from a point of view of hispania that means that internet is not international it depends on sun low across the network so for us with our politician these are
politician the guy on the left size for president under guy on the left on the right side it's supposed to be the next president it's supposed to be the next president because this guy is doing the things very bad so it is very happy the other one is very happy I'm going to be the next president but after two election he have a hidden key bidding war select he wasn't a lit at all and
this is the other picture is Obama with St George massacre where the sea of Google Microsoft all of these companies are Americans companies and they are supposed to accomplish the American law so if we got in a Spain and a Facebook account we got in a Spain a google account or we got in a Spain I don't know an iPad or an ipad on an iphone what happened with my law what is the law I need to accomplish to use these service well the problem for for this
conference is about the the blogger the idea is that if you get a blog and you want to to write your your thoughts about whatever what happened if someone wants to shut to take you off on the internet well they got a lot of solutions to do this first of all they can take off the route they can do our known each of your machine if you get them the machine on on our service provider it will be very easy for them the second one is making it unavailable as we said we saw with WikiLeaks a government institution I don't know who has the tools to perform distributed denial of services of course also they can close the domain and again your service account or banning from the website jeans or throw over you the law so there are a lot of solution to to make you silence well some of the people around the war are working on different kind of project to fix this problem to solve this problem the first the first project is opening which is another DNS system is not depending on econ and as you can see a they are serving I'm going to use the tone they
are serving different domains like dot BBS doc free food dougie crawford dr.
india and so on the problem is that right now the dnas network I'm not connect so you need to install an especial software in German if you want to connect to duck on dot org domain and also to open Nick domains the second solution that was was proposed after weeklies problem was the distributed denying DNS system using p2p network but it was act only one idea it's very difficult to construct a DNS using p2p network and in the end this project was completely abandoned one of the the best one of the best project to to solve this problem is oh shit is so serious is a CMS from from Italy and the idea of this CMS is that it's completely serviced less it's a project in which you create your CMS and all the connection are through p2p networks and all the content is is PDP signed so in the end when you are browsing the browsing the CMS you are browsing the portal you just you are sending messages and downloading files from the pit p2p Network it was very well and it's impossible to to take down the problem with this CMS is that you have to create your website using this technology before you have the problem but most of the people on the internet don't think that way at the beginning
everybody creates it's a daily blog without any big expectation I create my blog I'm starting to to publish my thoughts articles may be a tool maybe whatever in the end after two years or three years probably if you are if you have been doing good things in your blog you will have an audience probably 3,000 people 5,000 people and so on at that moment if you get hungry get angry or Joe get or do get tired about something you cannot you cannot shout you cannot write whatever you want because there are rules rules like this this these are the
rules for from google for bloggers as you can see there are hate speech crude content violence copyright personal and confidential information impersonating orders level activities all of them sounds very well but the problem is that where's the limit if I publish a picture in which a guy is is the kicking another person and the guy who is kicking to the to the other person it's a powerful person it's a powerful entity will be my will my blog be closed who knows prolly or not and the most important with these rules is this this is the blower content
policy from time to time we may change of our content policies so please check back there here so the idea is that if you have nothing to hide therefore you have nothing to feel which is very famous until we change the policy so you are pallesen theme but tomorrow that's bad well what you publish is bad so I'm going to close your blog and that's all it's so easy and with the xml file there
is a big problem because these are very very easy to analyze a file is an xml file you can optimize the analysis of block balls and so on so it's easy to create rules or alerts to discover who is someone not not one it on the internet so what's the idea if
you got a blog and you are publishing an article and idea thought on the internet people who wants to read your thoughts is going to church salford you using your domain name is the most important right now most of the people connect to the ww whatever calm and read the information but every day more RSS subscription are in are increasing on the internet probably most of you only read information on the internet using RSS hands up only RSS not browsing the web site does RSS well the idea is that the RSS is the point of failure your audience is connecting not to you not to your blogger is connected to your RSS feed if your RSS feed is closed your audience is gone so in mic in my case i'm i'm blogging in my personal blog and own informatik on LOL mod it doesn't it cannot be translated to english and as you can see my feet is also in feedburner so i got a big problem because if google closed my account feedburner is also a google company so i'm going to to Los my blog and also my reader the idea is that we need to create some special techniques or technologies to avoid this situation to allow the blogger to always publish their content from different sources and that's the idea of our present of our
project if not just closing your RSS feed and everything was fine well what
was the idea of this project idea is to create a reader just a reader but with an a special feature the idea of this RSS reader is that it can retrieve information from different HTTP sources and also from sources published on p2p networks so the idea is that for the reader is only as a subscription but behind the subscription will have a lot of different HTTP sources and also different p2p networks what they do
let's suppose that we are reading our blogs like every day we got for subscriptions but in our environment with our technology the idea is that every subscription has behind different sources as you can see the subscription one has to http sources and also a p2p a source e the subscription 31 HTTP 1p 2p let the third sorry the script m3 the subscription to the same and there's a subscription for only one p2p source you can do whatever you want you are reading post that's the idea so in the end we
are going to create our reader like this it's a proof of concept and as you can
see we got different sources for each
it's a each block in this example 3 from
HTTP and one front p2p network the idea
is that it's so easy to add mooing a new HTTP sources other since the feet is an XML file just adding a line saying okay I'm the blogger I want you to add this new HTTP source just line if the reader read that comment and acts to the user okay the public ater subject you to add a new HTTP source for this subscription it's okay for you just click on OK you are going to add new sources to pimp sorry to the subscription that's very easy to migrate from 11 architecture with only one point of failure to an architecture with no one no one point of
failure and also the idea is that if you want to publish your your blog and your count your account is closed you don't need even to half a block you can create the feet from your local machine and distribute it using the p2p Network the idea is that if I got an XML editor and I create the my blog post using the XML editor and I or I have an intranet or whatever I can take the xml file use my personal my public my private pgp key signed this xml file this is important because in the p2p network there are a lot of file pollution attacks and we need to create special defense then you send us optimally you can polish on the p2p Network in this example in this implementation using Nutella so the idea
is that you can republish all the feeds from a file from from a website from an intranet even it's possible to send a txt file on an on an email system and they're sending an email with an automatic process publish the defeat on the p2p Network so the only the only
thing the only change that we need to do internally this the changes are done by bite us is that we create a fit like
this this is the defeat this is the name as you can see we got the channel then the date is important to discover the the most updated fit then we got the
house the someone has of the public PDP key this is the token that we are going to use to search for the files on the p2p Network and then the only change
that we do is to the image with we in
most that in most of the cases are related to a web server we are going to convert the image from our web server to a p2p p2p link and that link is just in the AL modifier we are going to add Nutella and the house of the file in the Nutella network so in the end all the images as you can see are going to be
polish also on the p2p Network our digital digital
sign so this is a when you publish your
your feet thus is going to dust rising you're the complete complete five feet and all the files needed to read your your your feet are going to be published on the p2p Network so the idea is that
the readers are going to to subscribe to the a public PDP key but that public PDP PDP key it's not necessary to be the author's PDP key it can be up the PDP key of another user who is sign information to me i like the information that he is selling and i want to subscribe to that guy so i'm going to add a source to the PDP key network so
let's let's see this in action with a demo I got too much in to built on
machines these and these of course all
the Mo's are going to fail but let's try
it well the windows XP machine has a has
a subscription to own informatica and allow the man which is my personal blog and as you can see the last blog post is hacking remote apps part 2 okay then we go to the other machine with us and we
are going to create a subscription for my personal blog index example I got three different feeds each of them it will if it is going to to be supposed as a different HTTP shores as you can see the first one is at 28th of July the
second one is are at 29 of july and the
third one is at a a third of ours ok now I'm going
to take the oldest which is this and I'm going to copy the feet and then i'm going to set up a channel name subscribe and then i'm going to use the other two as you can see is a la del mal and the third one is allah al mal three so I just I just need to add new HTTP source
louder mouth and a lot of the mall three okay right now in this in this subscription in this script error I got three different HTTP sources okay well
now i'm going to publish this bed this
blog with my apt p keys so i only need to publish the block select my private
key come on oh no what happen just let the file okay the key and the public key
for the name we need the public key just for the name of the feet okay that's all
all the files are going to be duster eyes and publish in the Select folder
and now in the other on the other
machine i'm going to add annual public key yes this which is the public key or
the of the public Gator okay if everything goes fine i'm going to update this blog and this blog will be updated for different sources for the user will be transferred completely transparent no matter from which source e this blog had been updated but in the end I got the last the last feet and as you can see even the images in the example I as you can see the image is related to the nutella network but in the end the image will be download in this machine we don't have internet connection so they image a having passed from there a note from the p2p network so that's the idea the idea
is just to create a real as you can see there is no information about the p2p network because we don't want to construct a p2p client we want to construct something that people use so we need to to create something cool for social media victims now people who use
the new technology the new tool that the new version so we are searching for designers to do something cool for that
kind of people with a very nice level with very nice interface and and so on
right now it's a it's an open source project is under an apache license you can download the code from thats project dot dot codeplex doctrine of course from nutella network and if you want to is writen in in java i'm sorry but if you want to use it or you have any question for us will be a pleasure today I'm going to deliver a talk with my component in my with a friend in the track to at 6 16 o clock it's it was supposed to to be called terminal application because we are going to do some crappy demons with terminal services and citrix but in the end we call it bosses love excel hackers to and tomorrow for focal hours i'm going to
deliver a workshop about 43 which is the new version of vodka I don't know if any of you know phoca thank you okay but
that's all thank you very much for your attention you