Network News

X My Profile
View More Activity

Conning the Con

Security Fix is getting ready to spend a few days camped out at the Marriott Wardman Park Hotel in Washington, D.C., the site of the second annual ShmooCon hacker conference, a gathering of nearly 500 hackers (and probably more than a few federal law enforcement types).

I missed the inaugural conference last year because I was out of town, and am very happy to have a hacker con that's local (i.e. close enough that I can run home and change or grab a bite if I need to). I may have to con my way into the con, however; it appears I have forgotten to register.

Anyway, the conference takes its name from the eponymous Shmoo Group , a gaggle of some 30-odd geeks who enjoy cooking up software tools to show just how broken much of the software and hardware we use every day really is  -- from a security perspective, that is.

Among the tracks I plan on attending is a talk by renowned security expert Dan Kaminsky, who is expected to release -- among other things -- some more nifty data showing just how pervasive the whole Sony rootkit problem really is.

There will also be some new software toys released that allow a user to fiddle with wireless Internet access points in various naughty ways. Last year's headline-grabbing tool was a program that made it easy to set up an "evil twin" Wi-Fi hotspot, a program that could in theory be used to say, oh, trick someone into associating their laptop with your wireless network, which you just happened to name "Starbucks" to trick customers of the coffeehouse across the street into connecting to the Internet through your traffic-sniffer. This year's big Wi-Fi tool release is something called "evil bastard": "Complete with 'Point n' 0wn' interface, we set out to create the easiest and most evil network appliance available at your local Best Buy." Ooh. Can't hardly wait for that one.

Lance James of Secure Science Corp. (and author of the groundbreaking Phishing Exposed, which I am now in the middle of reading) will give a talk entitled, "Trojans and Botnets and Malware, Oh My!"

David Hulton is on the roster to give a talk subtitled "0wning the Laptop," in which he plans to present a piece of hardware that a user could slip into the PCI slot of a laptop and to do all kinds of scary things. A hacker could use this to locate and download passwords and secret keys in memory,  unlock screensavers and install memory-based and firmware based Trojans, among other things.

There is also an interesting-looking talk entitled "VoIP WiFi phone security analysis," as well as a presentation by a developer at Microsoft who will talk about security in Windows Vista, the next version of the Windows operating system.

The talks at hacker conferences are always educational, but the real fun is in mingling with the smart people that will be there. I'll try to find time to blog a couple of times while I'm at the conference. And I'll  try to post some photos if there's anything worth shooting, assuming we have some willing (i.e. not quite sober enough) subjects.

By Brian Krebs  |  January 13, 2006; 9:12 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Fixes Quicktime Security Holes
Next: More MS Patch Data


Hey Brian, are you planning on going to the Black Hat Federal conference in a couple weeks? It will be held at the Sheraton in Crystal City.

Posted by: Matt | January 13, 2006 12:02 PM | Report abuse

I'm curious if the Shmoo Group takes its name from the mythical creature featured in Al Capp's Li'l Abner comic strip. The Shmoo gave milk, laid eggs and had meat that tasted like chicken or steak depending on how it was cooked. The critters died of happiness anytime someone looked at them with hunger. These wonderful creatures nearly destroyed society because so many people no longer found it necessary to work. The strip was very popular when the Shmoos appeared in 1948 and for a few years it spawned various Shmoo merchandise.

I looked at the Shmoo Group site but didn't spot an explanation of the name in a quick scan.

Posted by: Richard Moore | January 13, 2006 4:44 PM | Report abuse

No, the "Shmoo" in The Shmoo Group is based on a nickname for one of the founding members, and nothing at all to do with Andy Capp.

Posted by: tbird | January 13, 2006 5:03 PM | Report abuse

We may be running a "hacker con" but we do have our act together about inviting legitimate press so of course we're happy to see you, Brian ;-)

Posted by: Rodney Thayer | January 14, 2006 8:49 AM | Report abuse

Small correction. 700 attendees. 800 people on-site includes speakers, staff, & Shmoo. Thanks!

Posted by: Beetle | January 27, 2006 4:37 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company