Building Your Own Tor-centric ISP for Fun and (non)Profit

1500, Friedman
Speaker(s): Gareth Llewellyn
Following the Snowden revelations and with the U.K. government's revival of the Snooper's Charter legislation, Gareth was one of many people who accepted the EFF Tor challenge. Unfortunately, many U.K. ISPs' colocation providers do not appreciate Tor exits and, after several abruptly terminated servers, he decided to build his own privacy centric, non-profit ISP so he could operate Tor exits and offer Unix shells, etc. on his own terms. This talk explores the process of becoming a local Internet registry in Europe, dealing with RIR polices such as IPv4 exhaustion, Tor abuse complaints, and the deployment of a broadband product that only has a Tor bridge instead of a next hop at the end of a DSL connection.


FOIA at Fifty

1500, Lamarr
Speaker(s): Jameel Jaffer, David Pozen
The Supreme Court has stated that the Freedom of Information Act "defines a structural necessity in a real democracy." On the 50th anniversary of its enactment, now is an opportune moment to reflect on the role FOIA has played in our legal and political system. This conversation will bring together Jameel Jaffer from the ACLU and David Pozen from Columbia Law School to consider the past, present, and future of FOIA. They will discuss virtues and drawbacks of the FOIA model, FOIA's relationship with technology and other transparency mechanisms, the effectiveness (or ineffectiveness) of FOIA in the national security context in particular, and lessons to learn from foreign and state-level approaches to regulating government openness.


Medical Devices: Pwnage and Honeypots

1500, Noether
Speaker(s): Scott Erven, Adam Brand
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? This talk will discuss over 30 CVEs Scott has reported over the last few years that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented.
So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? Scott and Adam will discuss six months of medical device honeypot research, showing the implications of these patient care devices increasing their connectivity and steps that can be taken to reduce risk associated with these life saving devices.