Dec and Brendan talk about Kiwicon 2007

November 23rd, 2007 Drazen Drazic Posted in Research, To cool, Vulnerability Management, Web Application Security, cyber crime |

Kiwicon, New Zealand’s first hacker conference, took place in Wellington over last weekend. It was conducted with world class standard with great Speakers and smooth running from start to finish - our thanks go out to the organisers for all their efforts.

There were many familiar names, including Peter Guttman, Brett Moore, and Adam ‘Met1storm’ Boileau, as well as many first-time speakers who were warmly welcomed to the scene.

There were several presentations highlighting the effectiveness of old-school techniques against modern infrastructure, as well as introducing new techniques that are effective against legacy infrastructure.

Hntr painted a bleak picture of the security of critical infrastructure, with his presentation on SCADA and X.25 insecurity.

Adam ‘Met1storm’ Boileau explained how layer 2 attack techniques that have been known for decades are still effective against modern technologies.

Oddy’s speech was particularly enlightening, showing how Microsoft fixed (or not, as the case may be) an old Windows Proxy Auto-Discovery design error. They mitigated the problem for the .com domain, but for no other, and highlighted statistics showing hundreds of thousands of vulnerable machines.

More modern topics discussed included Thoth’s hyperviser virtualised rootkit placing further cracks in the argument that virtualisation will provide great security benefits. Tmasky showed us how a Playstation 3 can be used to bruteforce 1.4 billion MD5 hashes a second.

A good time was had by all, and the conference certainly didn’t stop at the end of the last presentation each day. The local Bars did very good business as well.

Keep an eye on the Kiwicon site for further updates and presentation information.