Log in

No account? Create an account

Previous Entry | Next Entry

the rest of ShmooCon

More talks I caught at ShmooCon last weekend:

  • Extend your Code into the Real World: This was an intro to tinkering with electronics. The presenter had about enough time to explain why hardware hacking is cool, tell us some good places to buy components, demonstrate how to remove the 180-degree-limiting stop from a hobby servo, and explain how to wire four switches in an H formation to facilitate running a servo backwards or forwards. He mentioned he'd gotten his hands on a .NET CPU. What most caught the audience's attention was the parade of web-server-on-a-chip devices he pulled out, especially the tiny Lantronix XPort.

  • My Company's Trade Secrets: I wasn't totally paying attention during this talk, which included a demo of Mumsie (Malicious URL Monitor and Snort Injection Engine).

  • The Church of WiFi presents: A Hacker in Iraq: This was a standing-room-only talk. The presenter was an active-duty U.S. Navy officer who shared what he could about efforts to counter improvised explosive devices. Both he and the audience were really hankering to create some way for the hacker community to help this effort, but military is not eager to share information.

  • Wireless (and Wired) Networks @ Security Cons: The part of the discussion that I remember from this talk was about working with venue staff to set up a conference network.

  • Hacking Disposable Digital Cameras: I was already vaguely aware of what could be done with disposable digital cameras from some Make blog entries I'd skimmed. It isn't quite as straightforward as I'd imagined, though; it took considerable analysis for the presenter and his cohort to build a working interface to Pure Digital's line of disposable still and video cameras, and a low-level sort of arms race has developed between manufacturer and hackers when it comes to the interface in successive product generations. Some potential uses for a super-cheap digital camera would be taking pictures from a model rocket or kite.

  • VOIP, Vonage, and Why I Hate Asterisk: I didn't catch the first part of this presentation, so I don't know what's wrong with Asterisk, but since I now use VoIP at work and at home, I have at least a user-side interest in this stuff. PSKL showed off their SIPinator software, "an automated ARP spoof and dump against SIP/RTP Devices". Any home network that carries VoIP traffic and includes an unsecure wireless network is vulnerable to eavesdropping, and the SIPinator just automates that. You can secure your wireless network so you're not vulnerable on your end, but do you trust the networks of everyone you talk to? The presenters suggest telling your VoIP provider you want Secure RTP. Also, they made a cute video ad for ShmooCon.

  • RFIDiots: Adam Laurie is a thoroughly entertaining presenter. RFID isn't an inherently unsecurable technology, but you could be forgiven for assuming so given how incompetently it has been implemented. Laurie demonstrated how easy it is to clone RFID tags—not just the simple ones that transmit an identifier but also the ones that follow a challenge-response protocol and which we'd hope would be more secure, like the ones in new passports and car keys. In the keynote address on Friday evening, Avi Rubin had already showed us some work his grad students had done two years ago in breaking the ExxonMobil SpeedPass's encryption algorithm and thus demonstrating that RFID device's vulnerability to cloning by anyone who brushes past you. Now I'm interested in exploring how the SmarTrip card works.

  • Assess the Security of Your Online Bank (Without Going to Jail): This was a rather disappointing talk because it was so elementary. It was solid advice, but the technical level was just too low.

Outside of the scheduled presentations, I visited TOOOL's lockpick village to learn a little and acquire a few (legal!) tools. Although I'd normally hope otherwise, I'm sure I've got plenty of unsophisticated locks at home to explore, a few of them not even attached to a door.

Going into the conference, I only knew thewronghands and fireba11, but by glomming onto their social networks I met some very nice, very interesting people, notably ovrclokd and granting. After dinner at Roha with a contingent that took up half the restaurant, we wandered Adams Morgan and stopped for tea and conversation at Tryst. I was so happy to have a social alternative to the con's official cramped, beer-soaked bar party. Wandering back around to DuPont Circle, we landed at Kramer's, another treasure of a place I'd never visited before, and if it wasn't already 1 a.m. I could have been sucked in for hours.


( 7 comments — Leave a comment )
Mar. 27th, 2007 07:32 pm (UTC)
Hanging out with you was one of the best things about the weekend, even if you kept trying to beat me up for no reason at all :P

I'm glad you came. Very much so. It meant a lot to me, and I know Raven appreciated it - you were /the/ one she introduced as having met at LinuxChix - cool, no?

Now, get to work with that lock picking set, so you can school me on it.
Mar. 27th, 2007 09:45 pm (UTC)
Dang, I've been meaning to go to SchmooCon. This cements it.
(Deleted comment)
Mar. 28th, 2007 06:50 am (UTC)
I really wanted to see the Church of Wifi talk, but scheduling made it impossible. I'm glad to hear reviews of that and the online bank talk -- those were the two I really wanted to make, and didn't. In retrospect, I wish I had gone to Johnny Long's "No Tech Hacking" talk -- I heard that was great.

And yeah, pfft to the beer party. It was good seeing you!
Mar. 28th, 2007 03:23 pm (UTC)
Somehow I totaly missed this event!

The hardware speaker was Ryan Clarke from Parallax (of BASIC Stamp fame)...would have been great to chat with him!

I'm a Lantonix Xport fan myself...
Mar. 28th, 2007 03:25 pm (UTC)
it was fabulous to meet you! *hug* i really enjoyed squeezing into granting's backseat, sharing spicy food, wandering DC, and talking over tea with you. :) hopefully we can get together the next i'm up in that area... and if you ever get down to my neck of the woods, please let me know - you're welcome to crash with us.
Mar. 31st, 2007 09:05 am (UTC)
You should be careful about the lockpicking stuff... last I checked, it was illegal to possess lock picking tools in D.C. and the surrounding areas also had some laws around it. I have no idea how enforced it is, but it's a pretty serious crime. You shouldn't trust what people tell you (including me) about the legality of, well, anything, really, but lock picks especially. I found a number of conflicting resources back when I was messing around with it.
( 7 comments — Leave a comment )