In all of my years engaged in computer and network security, from the L0pht, @Stake, BBN, and the government - there has always seemed to be a disconnect between the attack, defense, research, and commercial worlds. While my talk does not pretend to be THE answer, it offers several novel ways to approach attacks, defense, and other fields. Culled from my work regarding Intelligence Communities, Economics principles, physics, and human nature the talk can be used for both offensive and/or defensive purposes (just like L0phtCrack, AntiSniff, etc.). It is not my position to presume who or what is good or bad, but instead to hopefully offer new and novel ways of engaging in information security (or the lack thereof).

cheers,
mudge

Oh shit. Another email from Citibank San Francisco! I have never been to San Francisco. I open the email header to check the IP address, and it again resolves to Moscow, Russia. Enough is enough. This time I will track Boris and Natasha down. I don't know Russian, but that's not a problem. I boldly log on to one of the most informative Russian hacker sites, go to the forum, open a second window, and translate my questions and answers in real-time. I feel like I could beat Garry Kasparov at chess right now. Preliminary research done. Now I have some decent information to compare my problem set against. OK, here we go. Number one on my list of questions for Russian law enforcement, cut and paste:
Response received, and double-secret Russian encryption broken. Anna Kournikova, I will soon have your e-mail address (Paris Hilton's was too easy). Now I have all the information I need in order to rat on at least this one group. Soon, I will script this, and flood Russia with abuse complaints. OK, my log entry and notes are in the right format, and it's ready to send. Linguistically, culturally, and politically lamer hackers could never have pulled this off. Pass the vodka.