Sunday, February 24, 2008

Shmoocon Wrapup

The final day of Shmoocon 4 was a week ago and I'm already looking forward to Shmoocon 5, scheduled for February 6-8, 2009.

Last Sunday I started off in the Hacking Windows Vista Security session by Dan Griffin. Nothing earthshattering, but good info, including smart card middleware which trusts all input from the reader. Hmm, I remember hearing something about validating inputs being a good idea. Also info on using the MS CNG (crypto) API to add support for algorithms not natively supported by Vista. (MS shunned Schneier's Twofish, they better be looking over their shoulder).

Next was 0wn the Con presented by The Shmoo Group. The Shmoos have been very open about their cons and supportive of others thinking about running their own con. In this preso they talk about some of the nuts-and-bolts info, finances, decisions (good and bad), etc. A few interesting numbers, about 1220 people were registered (including regular attendees, speakers, staff and misc.) with an attendance of about 1150. Sponsorship was up dramatically over last year, this combined with other favorable factors allowed them to pay for the T-shirts and have all proceeds go to charity. The Shmoo Group is considering other events, but their primary focus will be the Con. I was amused that this session was listed in the "Break It!" track.

Third session of the day was a mistake. I chose Renderman's "How do I Pwn Thee? Let Me Count the Ways". It was a decent WiFi/Bluetooth/RFID overview for the uninitiated and would be great for a broader audience, it just wasn't meaty enough for this crowd- which Renderman told us in the beginning of the preso when he said he would rather have been in Josh Wright's preso in the next room. I should have listened to him. All I heard through the airwall from Wright and Antoniewicz's PEAP talk was two salvos fired from the now infamous Shmooball cannon.

Last year's Shmoocon wrapped up with a panel discussion on the security implications of the OLPC (video available here). This year the closing panel was "On the Social Responsibility of Hackers" subtitled "A modern day Walden". The panel members included Bruce Potter, Simple Nomad, J0hnny Long, Rick Dakan and Hackajar. Topics started off with "What is a hacker?" and cover issues such as hacker v. cracker, etc.

A few sound bites:

  • Bruce: "How do we define ourselves if not Hacker"?
  • Simple Nomad: "Hacker is our community, it is our word, screw people who don't understand."
  • Normal people ask "What does it do?" Hackers ask "What can I do with it?"
  • What's the difference between a Black Hat and a White Hat? A Mortgage.

Later topics included:

  • What positive activity has the Hacker community had to date?
  • Are there "greater goods" that are security related?
  • What can we as a community do for the greater good?

It was an active discussion with plenty of participation from the audience. Slides and video for this session (and all of the others, too) should be available from the Shmoocon website soon.

See you there next year.