Saturday, February 16, 2008

Shmoocon, Day one plus

I'm here. Getting here was tough, someone thought mid-day on Thursday was the ideal time to work on the GW bridge, so a 15 minute section of NYC took 2 hours to cross. I have never been so happy to get to New Jersey in my life.

Thursday night I got hopelessly lost in the city, but then recovered and had a great dinner and conversation with Chris Hoff, Enno and the crew from ERNW, Sergey Bratus and others I am forgetting.

This afternoon's presentations included scary talks about intercepting and decrypting mobile phone traffic (GSM), password recovery through forensic image analysis, hacking the samurai spirit, and the dangers of web portals. There was also an outstanding talk by Syn Phishus (possibly not his real name, BeanSec folks might have some insight on that) about conducting an unauthorized "Phishing Awareness" exercise at work. The short presos ended with the always entertaining and informative Deviant Ollam with the latest from the lock picking world.

The keynote was to be delivered by Ed Felton from Princeton, but he has the nasty bug that's going up and down the east coast, so Alex Halderman (one of his post-grad students) filled in and did a great job with the presentation on E-voting systems. Short version, we're screwed. Slightly longer version, the most secure code on the systems is the OS, Windows CE.

More to come, film at eleven, etc.