Hardware and Honeybees – Central PA Open Source Conference

by on Oct.20, 2008, under Presentations

Here are the slides from my talk, “Hardware and Honeybees” from the Central PA Open Source Conference.  Thanks to everyone for attending a wonderful con!

Abstract:  Pennsylvania’s small farms occupy the majority of our state’s nearly eight million acres of farmland.  These small farms, often overlooked as consumers of technology, can benefit from the low cost and high flexibility of open source software.  In this talk, we’ll review some of the tools and techniques used at our small apiary ( to help manage a million or so honeybees, and discuss how they may be used in other similar agricultural applications.

Slides: cposc-oct-19-2008-honeybees-and-hardware-final.pdf

Gratuitous Honeybee Video:  Pennsylvania Bees enjoying some Florida Honey


Leave a Comment more...

Medical Identity Theft – Defcon 16

by on Aug.08, 2008, under Presentations

Thanks for attending the Medical Identity Theft talk at Defcon 16!

Abstract:  In less than an hour, during a scheduled pentest, our team was able to retrieve 3.2 million patient insurance records from a HIPAA-compliant medical facility. Using these records, we could have generated counterfeit insurance and prescription cards which would pass muster at any doctor’s office or pharmacy counter. If you are one of the 47 million Americans with no health insurance or happen to have a medical condition you wished to hide from employers or insurers, would you consider purchasing falsified medical documents? Thousands of Americans have already said yes, without thinking twice about the victim of their victimless crime.

What happens to you if your medical identity is stolen? You may find yourself liable for thousands of dollars of co-pays, deductibles, and denied claims. Is this because you forgot to shred an important document? Did you fall for a phishing scheme online? Of course not — it was entirely outside of your control, and it happened because the current HIPAA regulations are insufficient to protect your medical identity.

In this talk, we’ll review the current state of HIPAA and other laws covering the security of your medical records, and discuss what changes need to be made, both in policy in practice, to shore up the security of our medical records.

Slides: Defcon 16 Medical Identity Theft Slides.pdf

Here is the LWAPP decoder script that we demonstrated during our talk:

Cisco LWAPP Packet Decoder

Usage: lwapp_input.pcap

This script takes as input a .pcap file containing traffic collected between a Cisco LWAPP AP and its Wireless LAN Controller (WLC).  The LWAPP headers are removed from any data packets detected, and the resulting wireless client data is written to an output pcap file.

1 Comment more...

Introduction to Streaming Video – Mid-Atlantic Digital Library Conference

by on Jul.10, 2008, under Presentations

The slides from my talk, “Introduction to Streaming Video” from the first Mid-Atlantic Digital Library Conference, held at Bucknell University, are below.  Thanks to everyone for attending.

Abstract:   Increasingly, more institutions are streaming video and audio within institutional repositories and digital library collections to distribute multimedia content to global audiences. In this presentation, we will review the basics of web streaming and present a simple solution that will allow an institution to easily begin to stream video. We will demonstrate techniques using a combination of software that many institutions already own and some additional open-source utilities. We will also cover the steps required to integrate digital video services with the Akamai global distribution network and discuss options for incorporating the streamed video into digital library and institutional repository systems.

Attendees are encouraged to bring laptops to the session.

Slides:  madlcon_2008_smith_streaming_video.pdf

1 Comment more...

Rogue Season: Successful Hunting Strategies for the Network Administrator – NERCOMP

by on Mar.12, 2008, under Presentations

The slides from my talk at NERCOMP 2008 are below.

Abstract: Rogue access points (APs), those installed by unauthorized users, are a security, usability, and liability concern for all university network administrators. In this talk, we will present several time-saving methods of rogue AP detection that do not require expensive commercial applications or unwieldy directional antennae.

Slides:  nercomp_2k8_rogue_season_smith.pdf

Leave a Comment more...

Countering Attacks at Layer Two

by on Mar.30, 2006, under Presentations

Thanks to everyone for attending another great ShmooCon.  Here are the slides from my talk, “Countering Attacks at Layer Two”.    Enjoy!

Abstract:  Network security at layer two is often overlooked because many administrators do not consider attacks from within to be a credible threat.  This philosophy may apply to carefully firewalled data centers, but universities and other institutional settings are particularly vulnerable to attacks at layer two.  Furthermore, nearly all wireless networks, even those employing WPA or 802.1x, can fall victim to the inherent trust designs of the underlying ethernet protocols.  In this presentation we will demonstrate a number of layer two attacks and give examples of countermeasures that can be employed to minimize the exposure of your network.  We will also introduce L2KB, our tool which can respond in real-time to a number of layer two attacks.

Slides: Countering Attacks at Layer Two.pdf

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!