Last weekend I attended ShmooCon 2009 in Washington, DC with my colleagues Brian and Mike. For my years in, around, and studying the computer underground, I’d rather embarrassingly never actually attended a hacker conference before. This, then, was an excellent opportunity to go to a local one with a reputation for openness and friendliness–and on someone else’s dime to boot. Some highlights:
- Matt Blaze’s keynote around arcitecture, secrecy, and telecommunications was excellent. Mr. Blaze didn’t provide deep technical analysis, but rather told a series of loosely-connected anecdotes under the theme “system design matters more than most people think”. To give an example: CALEA is a policy that layers a set of specific technical requirements on top of a system architecture that has grown organically and provided natural security controls. Prior to CALEA, law-enforcement had to request a phone tap, which was placed close to the subscriber’s line using a loop extender, and then that loop was manually recorded at the requesting police station. CALEA mandated a convenient, instant, standard interface for tapping telephones, which sounds lovely, but is expensive, and gives an easily exploitable view into phone switches. When that hole was exploited, hackers got to say “I told you so”.
- ShmooCon gives attendees the ability to dispense what it likes to term “instant feedback”. Sure, you can go to the conference website and fill out a feedback form, but that’s boring. If, during a talk, you feel that the speaker isn’t being entirely truthful, you can hurl a conference-sanctioned ShmooBall at the hapless presenter. The organizers do provide speakers with perspex shields, however. Some attendees build pneumatic, fully-automatic launchers to ShmooBall their friends into oblivion, which really takes heckling to a whole new level in my view.
- Meeting some heavy hitters in the InfoSec field. RenderMan even commented on my hat.
Getting the latest beta version of BackTrack 4, then using it to great effect to score second place in the “Hack or Halo” challenge on Saturday evening. Brian, Mike and I formed Team NYU and popped some boxes, somehow managing to score 14/17 points in under two hours. When Brian and I sat down, we decided that since we were unlikely to place very high in the contest, we should kick back, hang out, grab a beer, and see how many puzzles we could solve. Twenty minutes in, we glanced at the scoreboard, saw we were tied for second, and hit the afterburners. Mike joined us, scoring key points cracking a WEP key, and, most famously, calculating the Fibonacci sequence on his phone, and summing the sequence on his calculator for an epic win in the binary analysis category.
- Attending Jay “MF” Beale’s talk and witnessing the long-awaited release of Middler, then meeting Jay the following day.
Many thanks to the Shmoo Group for hosting a fantastic conference. All things being equal, I’ll be returning next year.
EDIT: Thanks also to foobar42 for graciously allowing me to use a couple of his photos; I was too busy hacking to take any.