By Declan Ingram
Kiwicon 2008 has come to a close and the crowds have left with a trail of coffee cups and empty beer kegs. The line up this year for the second annual New Zealand IT Security / Hacker Conference included a mixture of the usual suspects and first time presenters, which is always good to see.
Highlights this year included “The Paul Craig Omnibus”, Brett Moore’s “Hacking Citrix in 2008″ and Longpipes’ “Sekret Lightning Talk”.
Paul Craig took us through his ultimate Trojan and a very interesting analysis of data collected by a botnet he discovered. Most botnet statistics seem to propagate via a marketing department making this frank and honest statistical sample all the more important. This sparked a sound debate on the true costs of these malicious systems – especially since the street value of the information was a mere few thousand. Ironically enough the logs included some $2500 odd being spent by the victims on anti-virus software. So if you feel your computer may be infected, don’t whip out your credit card on the same computer!
Brett Moore’s presentation on Citrix Insecurity had many in the audience quietly reaching for their phones to urgently get the problems fixed. Unfortunately Citrix seems another case where the marketing department has got on the security band-wagon but forgotten it mention it to the developers.
The keynote was a piece on Privacy, Freedom and Hackdivism by Cartel who gave us a brave and controversial account of his take on the current state of play. While there seemed to be little consensus from the audience on the exact solution – Reformist eDemocracy – the fact that people were talking about it means it was successful and it certainly set the state of plan for the rest of the con.
Peter Gutmann was certainly living up to his reputation of an abundance of well thought out ideas with his talk on biometrics. He describes a ‘not sure if you should laugh or cry situation’ of the new biometric passports which unfortunately left me feeling quite depressed about the political BS that was involved in the introduction of this obviously flawed technology.
Maybe it is rose coloured glasses but I do feel that overall the presentation content was a little better last year. There didn’t seem to be any big moments like WPAD, the playstation password cracker or WinLockPwn. Top notch speakers like Adam Boileau were definitely missed, although his contribution as an organiser and architect (with Brett Moore) of the ‘Tokemon’ hacking game were truly fantastic.
I will be watching with keen eyes to see if there are any repercussions upon Oddy and Eon for their talk on “Bugging the Boardroom with Video Conferencing”. While it was certainly entertaining it was treading a fine line. I will leave the details of the presentation for them to disclose as they feel fit.
Definitely worth the trip and as with last year, Kiwicon 08 was covered exclusively by Patrick Gray of IT Radio with his Risky Business program. You can hear interviews, presentations and more over at itradio.com.au/security.
Most slides should be made available on the www.kiwicon.org site soon.