Shmoocon is the East Coast's DEFCON. It is a conference where haxors and various other security players present their clever findings to a melting pot of enthusiasts hungry for wizardry. A couple of colleagues and I just returned from Shmoocon 2007 which took place this past weekend at the Wardman Park Marriot in Washington D.C., and felt that is was time and money ($150) well spent. It is my understanding that the lone objective of Shmoocon is to build the security community, and that any money left over after paying the bills goes to the Electronic Frontier Foundation (EFF) and perhaps other charities.
This was the 3rd annual Shmoocon, but the first one for me. I actually heard of this conference for the first time last year while at DEFCON. Word of mouth seems to be a good enough way to market this con. I understand that the first con had about 300 people, but the last one, and the one this year sold out. I would estimate the attendance to have been around 1000 to 1200 people. To land the tickets, I stayed up late and purchased them online (while celebrating the New Year) as soon as a block of tickets were released on January 1st; I missed out on a previously released block.
Enough background. If you're still reading this, you're probably wondering "what does he like about Shmoocon"? I'll break it down in the terms Shmoocon uses to describe itself; different, affordable and entertaining. This conference is not that different from DEFCON in concept, but far from what I think you would call normal if all you've been exposed to is FOSE or RSA, or some other multi megaCorp sponsored event; no suits; I liked that. This con keeps it real.
It is different in content as well. The three tracks (Build it!, Break it!, Bring it on!) covered topics ranging from physical security to security ethics; from hacking the airwaves to hacking disposable cameras; from entropy-based analysis of encrypted protocols to discussion like "Standard Bodies - What are these Guys Drinking?". To help solidify the essence of this conference, I'll share a stream of tools, comments and thoughts that registered with me in no particular order will in attendance:
network access controls fostering false sense of security - PCB Express - embedded web servers the size of an RJ45 coupler soon to be wireless - hard drive dissection - MHDD and Victoria - increased use of VMware in the community - lots of security related design flaws among Windows Mobile applications - SIPinator is cool - OpenWRT - SRTP - fwsnortbleeding snort - IPtables - PSAD - Netcat - Honeynet scan challenge - defense-in-depth - content filters less effective as more traffic is encrypted - statistical analysis of encrypted traffic - PISA - these shmoocon bags do make great six-pack coolers!
As you may have gathered, you can walk away with a sense of knowing a bit better where things stand in the security community, untethered from share-holder equity.
As far as affordable, we paid $150 to get in. Some pay less, some pay more; it has to do with how they make the tickets available. The bottom-line is that it is a huge bargain. Especially, if you happen to live in the D.C. metro area. We didn't stay at the Wardman Park Marriot, but it is a great place to operate out of on the first weekend of Spring.
Entertaining? Yes it was; a combination of hanging out at Times Square (closer to 42nd Street) and Oktoberfest (did I mention that the Shmoocon bags could hold a six-pack?). I loved that everyone seemed to have such varying personalities and background (Punk to CSO), but all were there with the common goals of soaking up some leet wisdom and insight, and having a good time.
Thanks Shmoocon. Well done!
No comments:
Post a Comment