Conning the Con
Security Fix is getting ready to spend a few days camped out at the Marriott Wardman Park Hotel in Washington, D.C., the site of the second annual ShmooCon hacker conference, a gathering of nearly 500 hackers (and probably more than a few federal law enforcement types).
I missed the inaugural conference last year because I was out of town, and am very happy to have a hacker con that's local (i.e. close enough that I can run home and change or grab a bite if I need to). I may have to con my way into the con, however; it appears I have forgotten to register.
Anyway, the conference takes its name from the eponymous Shmoo Group , a gaggle of some 30-odd geeks who enjoy cooking up software tools to show just how broken much of the software and hardware we use every day really is -- from a security perspective, that is.
Among the tracks I plan on attending is a talk by renowned security expert Dan Kaminsky, who is expected to release -- among other things -- some more nifty data showing just how pervasive the whole Sony rootkit problem really is.
There will also be some new software toys released that allow a user to fiddle with wireless Internet access points in various naughty ways. Last year's headline-grabbing tool was a program that made it easy to set up an "evil twin" Wi-Fi hotspot, a program that could in theory be used to say, oh, trick someone into associating their laptop with your wireless network, which you just happened to name "Starbucks" to trick customers of the coffeehouse across the street into connecting to the Internet through your traffic-sniffer. This year's big Wi-Fi tool release is something called "evil bastard": "Complete with 'Point n' 0wn' interface, we set out to create the easiest and most evil network appliance available at your local Best Buy." Ooh. Can't hardly wait for that one.
David Hulton is on the roster to give a talk subtitled "0wning the Laptop," in which he plans to present a piece of hardware that a user could slip into the PCI slot of a laptop and to do all kinds of scary things. A hacker could use this to locate and download passwords and secret keys in memory, unlock screensavers and install memory-based and firmware based Trojans, among other things.
There is also an interesting-looking talk entitled "VoIP WiFi phone security analysis," as well as a presentation by a developer at Microsoft who will talk about security in Windows Vista, the next version of the Windows operating system.
The talks at hacker conferences are always educational, but the real fun is in mingling with the smart people that will be there. I'll try to find time to blog a couple of times while I'm at the conference. And I'll try to post some photos if there's anything worth shooting, assuming we have some willing (i.e. not quite sober enough) subjects.
Posted by: Matt | January 13, 2006 12:02 PM | Report abuse
Posted by: Richard Moore | January 13, 2006 4:44 PM | Report abuse
Posted by: tbird | January 13, 2006 5:03 PM | Report abuse
Posted by: Rodney Thayer | January 14, 2006 8:49 AM | Report abuse
Posted by: Beetle | January 27, 2006 4:37 PM | Report abuse
The comments to this entry are closed.