My home on the interwebs

July 16, 2017

Biohacking and Transhumanism at DEFCON 25

 

Our bodies are wonderful biological machines. Sadly, they’re also flawed. Issues like neurodegenerative diseases and aging are difficult to ignore. The reality is that we’ve yet to become the best versions of ourselves through evolution. Biohacking is all about improving our bodies beyond what evolution offers. In some cases, it involves tweaking our diet and actively measuring the results of our efforts, whereas in others it involves using prosthetics to replace missing limbs or even computer/electronic systems imbedded into our bodies. Rooted in transhumanism, biohacking is all about helping humans reach their full potential and preserving the most valuable asset on the planet: the human brain and the memories within. While we’re far from having the technology to upload or conscientiousness and achieve immortality, humanity is taking small steps in that direction.

While there are many definitions, transhumanism is simply a philosophy focused on improving our biological functions through the use of technology. Transhumanism aims to reach certain technological advancements that will inevitably defeat death itself, and it’s based on the belief that one day we can separate our consciousness from our biological bodies and download it as digital information that can be uploaded into cyborg-like bodies that will never die. This is rather a simplistic explanation of the transhumanist philosophy, but I believe it’s a good start for those who want to understand its core principles. While it might sound like your favorite sci-fi television/streaming series, technological advancements are now made at a such a rapid pace that we can only wonder how long we have left until we can really say that we can improve our body functions trough implants or even robot-like parts. Biohacking is just the next step in learning more about our bodies and how to improve their performance. There are many approaches to biohacking, from using nootropics to improve brain performance to steroids to increase body strength.

Biohacking is already happening! Before you jump to conclusions about how radical the biohacking movement is, you should know that you probably use several biohacks yourself. Anything that you put in your body and that improves your performance can be considered a biohack. You can’t start your day without the energy coffee gives you? Caffeine is your biohack of choice. Biohacking doesn’t have to be a radical treatment. It could be something more subtle, such as creatine for muscles or nootropics for an improved brain performance. Any substance that you use to increase your body’s performance can fall into the biohacking category. But biohacking sometimes comes with a twist. It empowers regular people who don’t have access to studies in medicine and engineering to study their own bodies and experiment with them. For instance, some biohackers try to improve their body by adding small magnets near their fingertips in order to “feel” magnetic fields. This type of improvement of the senses helps make us aware of magnetic fields that otherwise can’t be observed by our senses.

Biohacking majority impacts the health industry too. From nootropics to tracking down changes inside your body after adopting a new diet or taking a new supplement, biohacking is empowering people all over the world to find out more about their bodies and experiment with them. For example, you now have the opportunity to find out to what genetic diseases you’re predisposed to, what genetic diseases you’re currently suffering from, what your ancestry is, and many other useful pieces of information, just by mailing in your saliva in a tube.

The company I’ve brought up time after time is 23andme, a service that analyzes your DNA and delivers the results of 240 tests. These results let you truly understand one’s self. You can easily find out if you’re predisposed to ailments such as cancer, neurodegenerative diseases, diabetes, and much, much more. There are also many websites that help you keep a record of your medical history as well as websites that can help you get an idea what supplements should you use based on your height, weight, gender, and current dietary intake.

What’s so revolutionary about all this? For the first time ever, anyone can take these tests in a very comfort of their own home, at a very affordable price. The company can even “guess” your hair color and eye color. But biohacking doesn’t end there. Hormonal treatments for aging and prosthetics for the disabled can help us both live longer and improve the quality of our lives. Many people who are interested in biohacking just get regular tests. They measure the impact of certain supplements, and they generally try to improve their health some like our friend’s at DEFCON’s Biohacking village go way beyond the fringe with body modifications.

These friends at DEFCON’s Biohacking Village take body modifications one step further, many members of these biohacking communities are looking forward to incorporating new technology in their bodies each year. Magnets that can help user detect magnetic fields, and LED’s have the potential to make life even easier. Optimists say that in a few years the LED’s inside one’s body will allow you to communicate with your smartphone, giving commands. For example, you’ll have the ability to open your car door with LED’s. Nanotechnology is also on biohackers’ minds when it comes to body modifications. What if we could perform “surgeries” from the inside of the body? What if nanobots can help us detect cancer cells in early stages? What if these nanobots constantly examine our health state and report data to our laptops or smartphones? As technology advances, biohackers hope that they will accomplish the ultimate transhumanist dream: merging the human body with machines that not only enhance its capabilities but also transfer the human conscience in digital form to an undying body.

We’re living in a time where we can no longer deny their weakness or ignore death. But instead of giving up, we fight using technology. The ultimate goal of transhumanism is to defeat our biggest enemy: the flawed human body. While it’s undoubtedly a biological masterpiece, it has many shortcomings as well. Biohacking is not just about incorporating technology in our bodies. How far you wish to take it also depends on your goals and how you want to experience life. Some biohackers are more concerned about their mental performance, while others try to fight or prevent certain diseases. Biohacking is not limited to a small segment of people. It comes in many forms. However, the pursuit is all about changing your body and your human experience for the better, and always aiming to become a better human.

Come check us out at DEFCON’s Biohacking Village DC25

~Michael Goetzman

October 28, 2016

IoT Security Testing Types

With the recent DNS denial-of-service attacks originating from compromised Internet of Things (IoT)/ Connected Devices, I thought it would make sense to break down all the various areas companies are struggling to keep these devices safe. The Internet of Things (IoT) can be defined as Cisco well states “a pervasive and ubiquitous network which enables monitoring and control of the physical environment by collecting, processing, and analyzing the data generated by sensors or smart objects.”

The problem with these devices is the perimeter of software and hardware realms that could be compromised. Security professionals working with product development can build better IoT ecosystems, but a full scope IOT security testing program encompasses MANY disciplines and volumes of knowledge – this is not something we can fix overnight. Here is a list of areas to consider when you are looking into IOT hardening.

Testing types:

  • Code Security Assessment “Code Review”: Security code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment. Covers both Automated or Manuel Reviews
  • Binary Testing: we create various ways to dynamically exploit the code on the phone like it would be in the real world
  • Hardware Testing: Not knowing the application details can be frightening, encryption and protection are important, here we use hardware-based attacks such as power-timing or side-channel to compromise the application.
  • Host Forensics: What does the application leave on the host that could make it vulnerable? Does any leftover data give attackers insight?
  • iOS/Android Environment Assessment “APK”: Digital Rights Management, Content Protection
  • Authentication/Authorization Review: How credentials are transmitted and stored. With authentication and authorization components, a trust relationship is established between IoT devices to exchange appropriate information.
  • Vulnerability Assessment/ Penetration TestingProcess of identifying and quantifying security vulnerabilities in an environment then simulate the actions of an external and/or internal cyber attacker that aims to breach the information security of the organization.
  • Automated FuzzingSoftware testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program.
  • System Architecture Security Analysis: Early assessment for General Hardening will reduce tons of additional work in the development process.
  • Cloud or Systems/Network Architecture Security Analysis: Does the application communicate with a back-end? If so, that should be in scope. We analyze the network traffic and how it relates between host and server, particularly with encryption, there are typically vulnerabilities.
  • Backend Systems/NetworkTraditional areas should not be forgotten.
  • Protocol Analysis: BLE/ WiFi, 802.15.4/Zigbee, USB, and Ethernet.
  • Database Security Review: Trust Modeling & Verification
  • Key management systems (KMS) / Cryptanalysis “cryptography”: Addresses problems associated with the design and security analysis of network protocols that use cryptographic primitives. Examples: public-key protocol, TLS, probabilistic, computational soundness, polynomial-time process, game-based verification
  • Malware Analysis: The number of malware threats targeting the segment is rising
  • API Analysis: Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact and APIs are used when programming graphical user interface (GUI) components.
  • Configuration Assessment: Reducing configuration drift and unauthorized changes with static analysis/methodology.
  • Security Documentation Review: A document that establishes standards for Information Security documentation – What risks were calculated and how to monitor/protect against.

The defenders have the difficult job to get it right every time, whereas the attackers/criminals only need to find one seemingly small weakness to bring the whole thing crashing down.

Regarding DNS attacks, the creator of DNS, Paul Mockapetris, said “DDoS threatens our values and freedoms, as well as our surfing”. Therefore, I believe security researchers, businesses, and government will learn from previous attacks and keep healing our system into a bigger, better, and stronger global network.

~Michael Goetzman “Korgo”

April 7, 2016

CYPHERCON 2016 Success

CYPHERCON 2016 WAS A HUGE SUCCESS, If you didn’t attend, make sure you check out the presentations and join us in 2017:

 

CYPHERCON’s Opening Ceremony Begins!

Presenter: Nicole Tatrow & Michael Goetzman “Korgo”

 

Security Control Wins & Fails

Presenter: Jason Lang

 

Offensive Wireless Tactics “used in DEFCON 23’s Wireless CTF”

Presenter: Eric Escobar

 

Keynote: China’s Hackers and Cyber Sovereignty

Presenter: Lieutenant Colonel Bill Hagestad II

 

You’re Right, This Sucks

Presenters: J0hnnyxm4s & Lesley Carhart

 

No encrypted data on this drive; just pictures of my cat

Presenter: Parker Schmitt

 

Curry and TARTS

Presenter: JP SMITH

 

All your Wheaties belong to us. Removing the basics that humans need for survival.

Presenter: Chris Roberts

 

The CYPHERCON PuzzleMaster Speaks

Presenter: BeLouve

 

Keynote: P.I.S.S.E.D. Privacy In a Surveillance State, Evading Detection

Presenter: Joe Cicero

 

Bypassing Encryption by Attacking the Cryptosystem Perimeter

Presenter: Trenton Ivey

 

Hypervault Demo & HTTP and SSH Tunneling

Presenter: Caleb Madrigal

 

Quantum Computation and Information Security

Presenter: David Webber

 

Medical Devices: Pwnage & Honeypots

Presenter: Scott Erven

 

Espionage – A weapon during the cold war

Presenter: Werner Juretzko

 

Thank you IronGeek for recording the CYPHERCON 2016 videos

July 29, 2015

Speaking at Hacker Halted

I am excited to announce I’ll be speaking on “DNA Security” at the EC-Council’s conference: Hacker Halted on September 17, 2015! http://www.hackerhalted.com/2015/speaker/michael-goetzman/

Talk Title: GATTACA – Final Warning!

Abstract: You were warned in 1997 that a not-too-distant future was approaching. This dystopian future is here now due to rapid technological advances, much quicker than we initially imagined. These breakthrough DNA technologies are exposing your deepest darkest secrets. Who can see this information? What will they do with this information? Little does anyone know they are only one data breach away from public exposure.

July 13, 2015

Speaking at the inaugural BioHacking Village (BHV) at DEF CON 23

I am excited to announce I’ll be speaking on DNA security at the inaugural BioHacking Village (BHV) at DEF CON 23 on August 6-9, 2015!  http://www.defconbiohackingvillage.org
Talk Title: Social implications of DNA acquisition & storage
Abstract:  The advent of rapid ‘Next-Generation’ DNA sequencing methods has greatly accelerated biological and medical discovery steering society into a paradigm shift, the genomic era, of personalized medicine. This trend promises an affordable insight into your personal genome potentially giving individual’s personal advantages. What information is hidden within a strand of DNA and what are implications of accessing this data? Will these rapid advancements enhance humanity without sacrificing ethics and personal exposure? Can society overcome challenges stemming from emerging technologies such as massive internet accessible databases and cloud storage?

March 21, 2015

Thank you Chappee Rapids Audubon Society

 

I was honored to have been presented with the Exceptional Service award last night by the Chappee Rapids Audubon Society!

Technology is important to local and regional nonprofit organizations for maintaining members, spreading news, and fighting challenges. While maintaining their twitter site, working on the website, and configuring their Google apps I’ve learned so much about birds and the community. I’m glad I could help the organization and ultimately the endangered bird populations! Please check out the Chappee Rapids Audubon Society website at http://craudubon.com 

Chappee Rapids Audubon Society - Exceptional Service Award

 

 

February 4, 2015

Thotcon Speaker

I’m pleased to announce I’ll be speaking at Chicago’s best hacking conference: THOTCON on May 14th and 15th 2015:

“GATTACA – Final Warning!”

Abstract: You were warned in 1997 that a not-too-distant future was approaching. This dystopian future is here now due to rapid technological advances, much quicker than we initially imagined. These breakthrough DNA technologies are exposing your deepest darkest secrets. Who can see this information? What will they do with this information? Little does anyone know they are only one data breach away from public exposure.

September 30, 2014

23andme – Real Gattaca Future of Medicine

Gattaca is a 1997 futuristic sci-fi thriller staring Ethan Hawke and Uma Thurman. The film presents a biopunk sci-fi vision of a future society driven by eugenics where potential children are conceived through genetic manipulation to ensure they possess the best hereditary traits of their parents. The movie focuses on Ethan Hawke overcoming genetic discrimination from the genetically modified “perfect combination of guanine, adenine, thymine, and cytosine” humans around him. DNA is everything in this world, from dating to job roles.

The movie is based on the premise of in “the not-too-distant future”, but flash into reality of 2014 and some could say we are already here. We have innovative companies like 23andme.com analyzing our DNA and guiding answers of the raw truth of health and ancestry information. Well, the healthcare information came to a stall in December 2013. 23andme.com was stopped by the Food and Drug Administration for giving too much information between providing scientific information and being a medical test.  In the meantime customers will still get ancestry data, be able to download their own raw data, and 23andMe will continue to use the data it collects for its own research. Regulatory review is in progress to define what direction the future will take on direct to consumer DNA results.

There is one loophole during the ongoing regulatory review which could take years, on ebay you can purchase 23andme DNA kits ordered prior to November 2013 that will grant you access to your DNA healthcare information. Most US consumers are waiting on the US government for decisions…

 

August 2, 2014

ENCRYPT – DECRYPT License Plates

Have you seen a Kia Spectra or Hummer H3 with Wisconsin license plates: ENCRYPT or DECRYPT driving around the Milwaukee area? Well, we’ll admit…that’s ours… we went completely Infosec / spy themed nerd crazy on our recent change to customized license plates. for our

encrypt / decrypt license plates

The credit for the idea of the spy themed plates came from Milwaukee’s most mysterious location: The Safe House Not sure what that is? check out the wiki of the famous restaurant & bar! They have on display Wisconsin license plates: Ncrypt & Dcrypt. When I was seeking possible clever choices for customized plates I saw Wisconsin now allows seven character plates and both were available.

HummerH3