Network Security Blog

I’m more than a little sad Shmoocon ‘07 is over.  I haven’t had this much fun at an event in quite a while, excluding the Security Blogger Meetup at RSA.  Then again, the meetup was one night of fun, while this was 2.5 very full days of learning, meeting people and just hanging out.  There was a little partying too, but the fact that I’m from California helped a lot, since my body is still on Pacific time.  The fact I’m also old enough to know how to drink in moderation also placed me in a far better position than many of my fellow attendees both Saturday and Sunday mornings.  The fact that I was there representing Cobia and StillSecure also helped keep me out of trouble.

I have a lot to learn about traveling.  I hadn’t realized that Shmoocon started at 15:30 Friday afternoon and I traveled on Friday rather than Thursday night.  I missed most of Friday’s events, and almost missed Avi Rubin’s keynote address.  I have a lot of respect for Avi and the work he’s done, so I made up for arriving late by getting to meet him in person.  I’m not at all shy about just walking up to someone and introducing myself, which is exactly what I did.  With just a little luck, I’ll get a chance to get him on the podcast some day in the near future.

After the talk, I happened to run into Simple Nomad and tagged along to the hotel bar to meet a large contingent of attendees.  It’s a darn good thing I did, because after we’d been there for about 30 minutes, he asked me when we were going to the bloggers meetup.  I’d missed the timing on that and thought it was Saturday night.  I would have been in deep trouble if I hadn’t shown up, since as StillSecure’s representative I was picking up part of the bill for the event.  With a little help from Simple Nomad, I found the place it was being held in time and was able to uphold my part of the bargain.  I don’t know the exact number of bloggers, podcasters and readers/listeners, but I’d say a conservative estimate was 30-40 people.  Mubix did an excellent job of organizing the meetup, though once the majority of the folks left to go to a not-so-nearby bar, things got a lot more chaotic.  I finally got to meet Paul and Larry from PaulDotCom, the entire crew from Hak.5, Gene from SecThis, Obie and Brent from Cyberspeak as well as a whole host of readers/listeners.  Thanks again, Mubix.

Saturday morning I went to see Simple Nomad speak.  He’d apparently got a few hours of sleep after the night’s festivities and looked a lot more alert than most of his audience.  His talk was on a laundry list of topics, including some references to a talk he’d given last year on wireless cards in ad hoc mode at airports.  I think this was in the press again earlier this year, talking about how Windows systems will try to connect to an ad hoc network that has the same name as a legit network.  Let’s just say you’re probably better off connecting with EVDO or waiting until you get where you’re going rather than trusting any of the networks at the airport. 

Next I went to G. Mark Hardy’s talk, A Hacker Looks at 50.  Mark talked about his long and exciting career, from high school in the early 70’s through starting his own business.  The room was packed, and I think this was probably one of the talks most of the hackers at the event really needed to hear.  His point was that he’d never seen a group with such a disparity between IQ and income has he’d seen in hackers, and most of it was due to having vision and goals.  He encouraged everyone in the room to figure out what their own goals are, write them down and start working towards them.  I met Shava Narad from Tor (remember the interview?) face to face at Mark’s talk, but unluckily wasn’t able to catch up to her again during the show.

I felt a little guilty for following Simple Nomad again, but I ended up having lunch with him, G. Mark Hardy, Jason Scott, Mubix and, of all people, Kevin Mitnick, as well as a few others I don’t know.  I had meant to go to Richard Bejtlich’s talk after lunch, but when I weighed his presentation against talking with these folks, I have to say Richard unluckily came in second and I stuck around to talk.  I barely got to say more than “Hello” to Kevin, but the conversation between Mark, Jason, Mubix, Simple and I more than made up for it.  I wanted to ask Kevin for a interview for the podcast or for Podtech, but he was already being harassed at the event and I didn’t want to add to it. 

The rest of Saturday is a little bit of a blur, since I spent it talking on Cyberspeak, doing a video interview with Brent and Obie, and then participating in the PaulDotCom podcast.  I had a blast, but I would highly suggest no one ever sit next to Nick (aka Twitchy) after he’s started sipping Mountain Dew.  There was also a few interesting games of dodge ball with Shmooballs on the showroom floor, but the blood shed and property damage was kept to a minimum.  I didn’t do to bad for being at least 5 years older than anyone else playing, but I was hot and sweaty at the end.

This morning I went to a talk on home grown and badly implemented crypto, which was interesting, but not really my specialty.  Afterwards I stuck around for Major Malfunctions talk on cloning RFID tages and ended up being part of the talk.  If you watch the video, when it comes out, you can see my back while I hold the wires on a 9 volt battery since the leads had broken.  I also helped by holding a webcam to a RFID reader so the audience could see the readout.  Oh yeah, I’m technical.

The last talk I went to was about the One Laptop Per Child project, with Ivan Krstic, Sean Coyne, Jason Scott and Scott Roberts.  Ivan talked Bitfrost and the steps OLPC is taking to prevent the misuse of the laptops, while the other three talked about all of the possible disaster scenarios it could lead to.  I should have a short video interview with Jason and Sean up later this week.

The closing remarks were a lot of fun, with Shmooballs flying all over the place and a lot of giveaways.  I managed to pick up a couple more balls, a titanium fork and small tripod, though the tripod was the only thing I really ‘needed’.  My wife will probably make me throw everything but the tripod away fairly quickly after I get home.

Shmoocon is no where near as serious an event as things like RSA.  Everyone I met was happy to be there and really seemed to enjoy being with other people.  If I can make it next year, I will and you can be sure I’ll do my best to make sure I can.  I met more fun, interesting, exciting people at Shmoocon than I thought possible.  Now I have to go sleep, in order to make my 6:30 flight for Boston.  I hope I’ll get a chance to catch up with a listener, Jack Daniels, while there.  And yes, that is his real name, not a nickname.

Technorati Tags: security, McKeay, Shmoocon

Trackback URI | Comments RSS