ShmooCon 4

Brian Bourne

16 years ago

Last weekend was the 4th annual Shmoocon. Tickets for the event sell out very quickly as they limit attendance. This year, 1200 self-proclaimed hackers came to the event that promised “less moose than ever”. Far from the formality of a regular conference, Shmoocon runs talks by researchers presenting new findings and new tools. Attendees are encouraged to throw “Shmoo-balls” (soft stress balls) at any speaker they disagree with, spawning spirited debate and keeping everyone honest. It’s all done in the best of humour, and results in a gathering of some of the smartest minds in the business working on very difficult problems. There is a true connection and sense of camaraderie among everyone I meet. Great event.

Certainly with over 30 talks, every speaker had new ideas, research or thoughts to share. A few things that I personally found most interesting:

You really don’t need to do anything but have wireless turned on to get your laptop “pwned”. Tools such as Karma make this easier than ever. While this isn’t really new, I just had more time to play with it, and some of the folks had written great extensions.

VoIP and the SIP protocol in general are just stacked full of serious security problems and a VLAN is not a sufficient security measure. Don’t believe me? Take a look at the latest release of VoIPHopper.

GSM is broken. H1kari described how it can be decrypted and is confident he can commercialize a hardware/software package to do decryption in near real time. Certainly a major advantage for law enforcement, but also a blow to privacy.

There’s lots more that happened, check the Shmoocon website for presentations in the next few days.