[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Ruxcon: A security conference with a difference
From:       InfoSec News <isn () c4i ! org>
Date:       2003-04-24 4:07:46
[Download RAW message or body]

http://www.zdnet.com.au/newstech/security/story/0,2000048600,20273776,00.htm

By Patrick Gray
ZDNet Australia
23 April 2003

COMMENTARY -- From mysterious men on rooftops with telephoto lenses,
to attendees trying to use "household appliances to launch
non-conventional buffer overflow attacks", the inaugural Ruxcon IT
security conference in Sydney had it all.

It was the first time the unique event had been held, but hopefully,
it won't be the last. Although primarily promoted through word of
mouth and limited press coverage, it still managed to attract around
300 attendees.

Vaguely modelled on the annual Defcon conference in the US, which has
become the world's loudest and proudest hacker get-together, Ruxcon
was established to offer presentations and workshops on "offensive and
defensive" security techniques, in a relaxed and social environment.

It certainly wasn't a corporate affair; the event had a very informal
flavour--I didn't see a single suit.

Some notable activities included "capture the flag" hacking
competitions, where entrants compete to compromise a system on a local
area network, chili eating contests, and a pool tournament.

Fun stuff aside, a point of great sensitivity among attendees was the
usage of the word "hackers" in the media, so with that in mind it
should be pointed out that the term is being used in this article to
describe technology enthusiasts who "tinker with technologies in
unconventional ways", and not criminals.

In this way, it's appropriate to refer to Ruxcon as a hacker
conference. It was about a bunch of people, with an interest in
messing around with computer security techniques, getting together and
sharing ideas.

The concept can only be a positive one for the security industry and
wider security community. Contrary to the beliefs of some, it will do
little to accelerate information sharing among law-breakers, a group
that represented a tiny minority of attendees.

Speaking in general terms, black-hat (bad-guy) hackers are quite
paranoid. They aren't likely to admit that they have broken a law to
someone they meet at a conference, and they are thus unlikely to share
information with new groups or individuals. They can do that online
anyway.

The Australian Federal Police sent a heavy contingent of officers who
were somewhat bemused at how mistrustful many attendees were of them,
even though they didn't try to conceal their presence. Needless to
say, they weren't the most popular group at the bar after the event,
but there was no hostility toward them.

Organisers told me security officers asked two men to leave after they
were observed photographing attendees as they came and went, but no
one seemed to know their identities. I won't begin to speculate.  
Anecdotal reports say they weren't as open as the federal police when
it came to naming their employer.

It was the first time a "proper" hacking conference had been held in
Australia. Cheaper security events are often "hijacked" by vendors who
put all of their effort into trying to sell their "cure all" products
and offer little valuable information to delegates. Those that do
offer excellent technical information are usually frightfully
expensive.

Most decent security conferences cost thousands of dollars to attend.  
Ruxcon, on the other hand, cost attendees AU$30. There wasn't a single
vendor banner, and the only thing on sale was official conference
t-shirts. And alcohol.

The speakers were, on the whole, excellent. There were a couple of
so-so presentations--I was told that the introduction to assembly
programming was way too advanced--but security consultants were seen
at most of them, scribbling down notes at the rate of knots, no doubt
impressed by the quality of information that was being churned out by
the speakers.

One of the more colourful events involved a participant in the
"capture the flag" hacking challenge. He was attempting to enter the
competition and plug a myriad of nasty-looking electrical equipment
into the competition's network. He claimed he wanted to use
"unconventional techniques" to exploit the network, and was refused
entry. The organisers were undoubtedly concerned that his equipment
would blown up the network, reducing their expensive switches to a
sticky puddle of melted plastic.

By the end of the two day event at the University of Technology,
Sydney, the organisers were so exhausted they looked like they'd been
crocodile wrestling. It's doubtful that Ruxcon 2004 was high in their
minds but one can only hope this interesting event comes back. I'll be
sure to ask them when they've caught up on some sleep... hopefully by
the end of June.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]