>>Uh, this is uh Go Null
Yourself or how Doctor Strange
Love is one of the greatest movies ever [audience laughs
whistles and clap] so, err, I am
called Jerdy uh ugh sorry uh I am a degenerate uh greets to
the, the degens uh no mercy but
little pocket dance Emelia’s, right? No, ummm, I hack things
for Ioactive I just wanna say
greets to the old school telefreekers uh since back in
1992 since I was living between
payphone to payphone they felt me out, so [speaker laughs,
audience laughs] so uh why this
talk, uh so I was hanging out with my buddy Farm, we were
talking about like ummm stupid
umm you know famous hackers tales, so you go to cons and
people tell you these, ss these
stories and half the time you like whatever its bullsh*t other
times it’s totally lols, a lot
of times its victims of weird computer bugs and umm sometimes
it’s totally real situations and
there is victims of these, these bugs from unexpected data but
it’s totally validata and we
kinda have questions about, can you, can you use totally
validata any scenarios and get
unexpected results and uh maybe profitable uh wallsy results who
knows, so some observations umm,
everyones seen this before, umm, yeah its a license plate cameras
umm, its err, you know somebody
attempting to do a SQL injection with a license plate nah
[audience ] it’s clearly a joke
like er ummm ya it wouldn’t work I’m sorry to tell you, it would
not work umm, but it does bring
up some good points because are these people actually thinking
about you know, that data as
being like attack surface, umm, who knows but ya we’ve been a
little skeptic about it and umm
this is super sketch company uh through this inherited can’t
really call them out uh its,
they basically uh data analytics and they they are a surveillance
network on like all U S citizens
they like sketchy heap maps on stuff and monitor all license
plate data and everything so umm
ya you can look up their manual and see some some weird stuff if
you are interested, but here’s
an example like they uh leak their manual,err somebody leaks
their manual and you can see how
cops will go ahead and search data up about people and query
like various LIP data basis uh
the DMV all sorts of stuff so umm getting on to the FOIA its
the freedom of information act
basically lets you request from uh federal agencies and uh far
as uh FOIA dude so uh he went
ahead and umm you know explained some of it to me he kinda gave a
few little tips like just so you
know if you, if you going to FOIA some stuff, umm they they
not gonna go ahead and get
something they don’t have you can’t just say like umm go, go
fetch like like if they have it
they will give it to you, but they not going to get something
you wan, that you want that they
don’t have right and also ask for electronic delivery because
uh it can, it can cost some
money depending on what you requesting but you read more
about at your heart’s content,
but basically you want to head your FOIA requests to the
Seattle police department ALPR
data base and uh in the state there was like 80gigs or 100gigs
or something err, it had all
sorts of sh*t, umm all the images umm all the location data
for the car that was scanned for
the car that did the scanning uh umm the OCR data for wanna
analyse the the image and other
other weird anomalies and other stuff we will get back to later
umm and they striped some some
sensitive stuff you know like about like hot cars and what not
but they but they forgot a few
things you know like not really important things like
credentials and stuff its no big
deal but umm, [audience laughs] ya err, but here’s an example on
a on a cop car you know those
are the cameras and they will be scanning plates so another
observation is that Mr. Null so
this is some dude and thats his surname believe it or not and
umm he there is an article up
there you can can just google and he had issues like
purchasing plane tickets and you
know people were like kinda skeptic like, this guy is full
of it umm makes you wonder is
this a warn of issue did aah did this happen back in 1992 with OG
telefreaker or did this happen
you know on 2019 umm it you know huge difference like would it
happen today and ummm why did it
cause a bug the the value null is different to the string null
so what the f*ck right and umm
it’s kinda crazy so umm sorry just a little bit of cringe well
I had to throw that in so uh so
I I think that the null story is real, personally umm because I
see data validation issues every
single day and computers are hard so I think that use cases
like this still exist and umm
makes us kinda of wonder are there any other types of uh
areas where we could provide
data like this and maybe cause issues or interesting outcomes
umm even though it is totally
valid and uh just uh just a small note this is all fake that
I am telling you this, like the
way the story is going in reality all I wanted was to
register a cool plate and I am
going to pretend that I did it in this order just fyi [audience
noise] umm but in the united
states we can make vanity license plates and there are
some rules, they can’t be vulgar
sexual stuff like that and you can’t misrepo misrepresent law
enforcements so cant be like FBI
or something ummm there’s some examples of some cringy plates
and umm ya texas pride so
[audience noise] so lets register a plate right ummm I go
to DMV website check if uh null
was there seen already I was looking for a cool stuff you
know like uh I don’t know like
zegfault right like null pointer then I was like oh f*ck null I
should look that and umm it was
available I I expected the DMV site just not allow it and crash
or error it or something cause
its a government website ummm but like umm no bugs happen do
register like wait wait and we
will mail a plate to you and cool lets let’s wait and there
it is [audience laughs] so it’s
pretty cute pretty cool plate right and umm so uh profit umm
is it possible to be invisible
citations maybe will a cop go ahead and uh try to try to scam
me and they will say like enter
real data enter enter [speaker laughs] you know you must enter
something other than null like I
dont know like umm if they wrote a ticket would it break
something I have no idea but
like time will tell will see if I get tickets or not but so
unforeseen consequences uh a
beer to the first person who calls out the a the a little
easter egg there the reference
[audience noise] who said that come get the beer come get the
beer I dont have the beer I will
get it later [audience laughs] ummm yeah half life of the sh*t
good man uh so I didn’t get the
ticket for like a year cos I am a good boy and um you and my
registration renewal come up so
you go to this ca DMV website says enter the last 5 year vin
enter your license plate like
easy enough and oops it broke [audience laughs] [speaker
laughs] so agh so I was able to
register the plate and get it but I can’t reregister and of
cause I am like sh*t sh*t I have
to go to the DMV like nobody wants to go the DMV uh like
people who say like the DMV is
not a big deal they they cuckoo like when you live in LA the DMV
thats your whole day so um well
luckily I was able to use a reference number I didn’t need
to go and I registered it but
but cool so uh later on I ended up getting a ticket so I go
ahead and grab it off my
windshield and its says null on it sh*t you know uh it has a
citation number it has some info
for me to go ahead and pay the ticket and I went ahead and paid
the it like a sucker and you
know and ummm clearly my predictions are wrong there were
no issues I I did get a ticket
uh but atleast I have a cool plate right so about a week
later I I open up the mail box
and I have a grip of envelopes and uh and I open them up and
there are a lot of citations
[audience laughs] [speaker laughs] [audience claps] um yeah
they they all addressed to me
but umm well er didn’t know I had a car Honda, Toyota,
Porsche, Mercedes you know
[inaudible] [speaker laughs] I’ve I’m living big right so
errm so my prediction was really
wrong right because when I went in there it was like I’m I’m not
gonna be able to get a ticket
I’m the sh*t like I’m invisible but but instead I got all the
tickets [audience laughs] so
[speaker laughs] so yeah yeah so this company I had to go and pay
and and you look up the ticket
number the citation processing centre so it’s a private company
that happen to be based out of
New Port Beach California which is totally coincidence I got my
ticket in New Port Beach and and
I was like why I am giving money to like a P O box and I was
super weirded out turns out they
are stationed there and I drove passed them all the time and
didn’t realize ummm you know
sketchy basically collection agency for the government and um
you can go on their site and you
can do a query for a plate and a state so I go ahead and query my
plate and the state of
California [audience laughs] [speaker laughs] so [speaker
laughing] [audience laughing]
[audience claps] yeah fun [audience laughs] so so I call
them up and you know at this
point its still fun right aah its a bug [audience laughs] my
wife is pissed [audience
laughing] so [speaker laughs] like you know she she thinks I
am actually gonna pay the money
she ha you know she like aah [audience laughing] [speaker
laughing] and umm so I call this
guy and umm of course a total d*ck hey I need a I got a got a
great story for you give me your
citation number no no man this is more involved give me your
citation number ok umm which one
yeah [audience laughs] uh so I go ahead umm and I gave him
everything and ummm he basically
says how do I know these aren’t all you [audience laughing]
[speaker clears throat and
laughs] and and he wants me to like show him all my
registration history and mail
everything back and uh I was like I’m not mailing sh*t back
to you I’m keeping all this as
evidence of your mess up and er umm it just didn’t really go
well my response was like
basically f*ck off like we’re done here [audience laughs] is
that 10 ok perfect umm so uh
after our discussion I’m telling my wife about it and I go ahead
and I am trying to explain to
her like um like this is ridiculous like uh you know like
Cyprus college I don’t go to
Cyprus college there’s uh pla there is a car that got a ticket
at 11:00am there is a different
car that got a ticket at 13:00 pm like it’s clearly not me the
guy thinks I can change my
registration fast enough but clearly wasn’t me I was wasn’t
worried about that, but after
the call I I go to show her look here’s here’s the one I have
physically that was mailed to me
yeah I don’t know if you can read it but it says it’s a Honda
plate Null and I go look look I
will bring it up. Now it says it is an Infinity and it has my VIN
nr [audience muffled] oohoohooa
so they changed the data to uh basically make me look guilty
for these tickets umm because I
did tell the guy I don’t drive a Honda I drive an Infinity so so
now their whole database is
basically points at me not all of them, but a lot of them. So
uh are there any lawyers here
[audience laughs] because I am [speaker laughs] because I don’t
know if I have legal footing
Ummm but basically Ummm this is bullsh*t [audience laughs] umm I
don’t know like I don’t know the
impact right umm does this sync with the police department does
this sync with the DMV Ummm are
there bench warrants for my arrest am I Is my license going
to get suspended I have no idea
right so umm it also opens up a ton of questions too like
potential for mis-conduct like
why why does a random employee have right access to this you
know the cop writes the tickets
and sends it to them what happens if it is a disgruntled
ex and they decided to load up
their ex with tickets and you just guilty like there’s nothing
Ummm can you social them can you
get them nah its an off by 1 you know it was actually a 0 not a 1
like uh who knows it’s
ridiculous though right. So there’s poor solutions. So I
went to the LAPD and I said hey
man this is the situation and the guy just like looking at me
and I’m just like I don’t
f*cking know [audience laughing] [speaker laughs] he said change
your plate [audience laughs] I
said said no [audience laughs] I didn’t do anything wrong. So I
called the DMV and they said we
don’t deal with citations we only suspend you if someone asks
us too but you should change
your plate [audience laughing] said no I didn’t do anything
wrong. So I called the citation
processing center again and they decide you better proof without
a doubt theses 100s of citations
are not yours, also you should change your plate. [ audience
laughing] So I hang up right, so
I so I sent this tweet out don’t know if you can read it. But it
basically says thanks cadmv you
idiots like nobody nobody has a good solution you know its back
one there were gunny emojios
that sent like a different message but apple changed this
now I am like squirting myself
with a squirt gun well it’s a little silly if you look at it
now, but, but they actually
responded to me which is crazy umm I don’t know if its a PR
company or something but um they
contacted this company and they actually voided out a bunch of
tickets and they were uh they
ended up sending me a email she’s just like hey I‘m getting
this taking care of ummm I just
need you tell me which 1 of these are actually yours
[audience laughs] so yeah and
umm so they didn’t actually fix the issue they just voided out
said 0 dallars but but then it
just kinda started climbing up of cause right so what uh are
some future possibilities umm so
clearly theres a total lack of data entry ummm standards like
it’s just retarded so uh I
started going like like no cop is running up to a car going
like aah there’s no plate I am
gonna go put a Null like so I thought wha what is a totally
vaild plate that would that
would do this that I am missing that’s a valid license plate you
could register that so I
searsched searched on their data base for the word missing
tickets what about none tickets
no tags tickets [audience laughs] what about no plate
tickets [audience muffled] so
thank you so yeah you can umm you can be just like me
{audience laughs] beer [speaker
laughs] [audience laughs and claps] umm there’s an article
down there umm about this guy uh
he got no plate back in like the 70’s and he uh he has been
fighting the good fight for like
forever and he goes to court and his like yeah it wasnt me but
yeah theres a article about umm
ya but going back back to the the ALPR data so umm as you can
see umm the the cop cars when
they driving around Seattle they kinda reading like everything
sides of buildings random
constructions signs so there’s another one what happens if you
register a plate in esauwn,
jeep, I don’t know ummm and there’s some other anomalies so
uh you see there’s a ton of
variations of the word police so it’s clearly you know reading
the sides of cop cars so if
somebody in the Seattle area wants to try this umm you know
you can’t impersonate a uh a
police officer but maybe you can talk to you know a lady at the
DMV and explain how you a huge
fan of the, of the band police [audience muffled] and get
POL1C3 or something and a drive
over the 520 bridge and tell me if you get a toll that’s the
only thing I am interested in
like I’m curious like [speaker laughs] [audience laughs] like
is this like uh a white list
like get so many of them they like aah f*ck it[audience
laughs] just so uh ya remove it
but uh anyways quick summary umm basically I still get tickets in
the mail and stuff I still have
my dope plate and uh my total is currently at 6000 dollars
[audience laughs] umm [audience
good for you] ummm yeah yeah so breaking news breaking news so
last night my wife text me a
picture because so before that I’m telling all these people
like like this I’m gonna sue the
sht out of them, I’m gonna I’m gonna get a boat and umm
[audience laughs] [speaker
laughs]and they like they like you idiot like like nothing like
this is is some some some flaw
it’s gonna get fixed it’s not real like the the moneys not
real like this isn’t an issue
yet and my wife sends me a picture last night and I got a
thing in the mail from DMV and
it’s time to register my my vehicle again and and uh they
want me to pay some tickets
before I register [audience muffled] so I am in a sticky
situation now because I’m not
paying those tickets and uh but my registration expires like in
3 weeks or something so
[audience muffled] errm I don’t know what’s gonna happen but if
you wanna hit me up or something
I’m on Twitter and IRC cos I’m old umm but I eer guess we done
I uh don’t know if there are
questions to be honest I doubt there are gonna be interesting
questions not to be a d*ck
[audience laughs] uh but but I’m sure there’s more stories that I
would love to hear so if we have
time and anyone has similar stories please come tell them
that would be great. I don’t
know how this works [audience laughs] [audience claps] I mean
uh [audience claps] [audience
cheers] whooo does someone bring you a microphone or uh>>no
crowd mics>>oh no crowd mics
whatever [off mic question] ok I didn’t hear you uh you wanna
come talk on the mic [audience
muffled] are you a lawyer>>lawyer>>are you a fed [off
mic] [audience laughs] [speaker
laughs] [inaudible off mic] come up on stage. Who else is coming
up on stage [audience laughs]
come on no like seriously this it’s the last talk who gives a
sh*t [audience laughs] [audience
clap] [off mic unintelligible] sorry what>>Ok so there’s
theres a term you should pay
attention to called spoliation>>ok>>ok and not a lawyer but
what it means is that it is
someone knowingly alters data for pending lawsuit the lawyer
who is protecting or a part of
that team who allowed it can loose their license at the bar
alright and the minimin and you
automatically win your lawsuit, period [audience cheers]
[audience claps]>>does this
mean I get a boat>>well so when you collect evidence that their
data basis has been altered to
alter the data from its original state to your VIN they spoliated
data for a pending lawsuit which
means the reason they were so happy to update you was to save
themselves from legal hell
[laughs]>>ok so I would definitely say you take pictures
of their records before or after
they charge you with these tickets and you should
definitely get yourself a
lawyer, not because you need it but because they do [audience
laughs]>>alright [ audience
cheers] whoop whoop [audience claps] anyone else, eh er come
on up here uh ok I can repeat it
from here>>Does boats have license plates [speaker laughs]
>>He asked if boats have license
plates ummm [speaker laughs] [audience laughs] I’m pretty
sure they do we will call it the
aquaholic and uh we will make it NULL [speaker laughs]>>So I
actually checked for a plate I’m
from Chicago>>Chicago>>NULL is available in the state of
Illinois just letting you know
>>NULL NULL is a-available in the state of Illinois if any
body is curious>>Everyone
should get a NULL plate>>Everyone should get a NULL
plate, it’s fun it’s fun [off
mic inaudible]>>So like their [speaker laughs] [inaudible off
mic] I think like literally this
will happen is like some some salitation problem [inaudible]
and>>See I had I had like no no
concerns like I thought their sh*t was solid I didn’t think
anything was gonna happen so I
just just wanted a cool plate [audience muffled] cross my
heart [speaker laughing]>>State
of Virginia>>Oh yeah>>[inaudible off mic] Charged
for uncontrolled tags>>This guy
gets charged for other people’s tags, what whats your plate in
the state of Virginia and easy
pass it’s just a random plate and you get charged [off mic
unintelliglbe] what do you do
you don’t pay it, don’t tell me you pay it [audience muffled]
you had to pay some? Dude let’s
team up [audience chatter] so>>So this only happened once
>>Yeah yeah so umm so yeah the
moment the moment I got my first ticket and I actually paid it I
think what happened was like the
net like holy sh*t we associated it finally and now now have an
address and stuff and yeah some
of those tickets are from 2013 I didn’t have the plate back then
2014 they really old and stuff
and somewhere modern you know umm I ya I didn’t get them until
after [off mic inaudible]>>Was
all old ones>>Yeah yeah all from Newport Beach California
yeah. Is that everyone [off mic]
>>What about the company>>The company>>Yeah>>We don’t want
to talk about them [speaker
laughs] [audience laughs] [speaker laughs] I am a paranoid
a paranoid schizo we don’t have
to talk about them uh they owe me [inaudible off mic]
>>microphone>>shhshh are we
done [off mic inaudible] what [off mic] er if it’s big enough
[off mic inaudible] can we host
Defcon on it [audience cheers] [speaker laughs] we can er call
it Nullcon [audience laughs]
Jergycon, if you get a big enough boat lets do it,
PrirateCon let’s go [audience
laughs] are we good? Thank you [audience claps]