Recently in Conferences Category

I recently attended InfoSec, and have already posted up a bunch of entries about the show:

* InfoSec Europe 2009: An Introduction
* Booth Girls: THIS is how you do it
* Best. Video. Ever.
* Some Observations

You can also see the image gallery for the trip here, and I have one more post to make...

While I was attending RSA2008, I had the pleasure of talking to Lidija Davis of Tech Talk Radio.

You can download the Podcast here, where we talk about all sorts of wonderful Web 2.0 things....

Last week I spoke at RSA 2008 on the subject of "Echo Boom Hackers". Long story short, "Echo Boom" kids are supposed to be that generation which has never been without an online world to live and play in, and so their take on the nature of privacy, anonymity and that interface between your public and private worlds don't quite work in the same way as (say) mine does. Yes, I grew up without the Internet. Sue me already. We also talked about how researchers and law enforcement could use their different attitude to our advantage when attempting to shut them down.

Inbetween emergency landings, awards ceremonies and book signings to attend I got the feeling this years RSA wasn't quite as interesting as last years event. The common complaints seemed to be "Too many sessions", "not enough interesting booths" and a general sense of "can't be bothered".


, originally uploaded by Paperghost.

I agree. I don't recall anywhere near the same amount of talks going on last year, and the inevitable result is half empty rooms and speakers wondering where all the people went. I only go to these events to speak or listen to others, and the majority of the talks I went to all suffered from a distinct lack of attendance. I was lucky - speaking with Robert Vamosi of CNet, we were doing our presentation in the Keynote Room 103 (complete with its own videocameras and producer), and so even though we talked on the last day, we still pulled in a good hundred or so people which is pretty decent. I'd have liked more, but then I'm just greedy.


, originally uploaded by Paperghost.

Anyway, if any organisers of RSA just happen to be passing by - because I'm sure they stop by here all the time - then please, REDUCE THE AMOUNT OF SESSIONS. I was informed while there that everyone would have access to the talks they missed, yet I've returned home to see that you now apparently have to have a full session pass to see the recorded highlights / listen to audio / whatever. This is a really bad idea, and simply makes a niche event even less accessible to those that can't attend (and don't want to pay the insane prices to do so).

Rant over.

Robert and I were in town to talk about a subject that probably doesn't get brought up much at RSA (in fact, it doesn't seem to pop up much anywhere) - the new breed of wannabe hackers, the lengths they go to with regards fitting in and the dangers and problems facing both their victims and themselves, and how those dangers can quickly (and irreversibly) bleed into the real world. That all sounds faintly scary, so here's Robert and I looking all smiley at the FaceTime booth.


, originally uploaded by Paperghost.

Phew. Here's a couple of photographs from the talk itself:


, originally uploaded by Paperghost.


, originally uploaded by Paperghost.


, originally uploaded by Paperghost.

The talk was divided into three main sections - a general overview of what I've seen out there over the last 12 months+, tips and tricks for catching hackers on social networking sites, Youtube and various other places using everything from Skype to advertising networks, and (finally) the dangers that these activities produce day in and day out. It was a tricky subject to approach - the idea was to ramp up the punch of the presentation towards the end, but too general an introduction might have resulted in people getting bored and walking out. There wasn't really any way round this, but thankfully people stuck around (I think one guy left halfway through, but that was because his phone was ringing so we'll let him off the hook).

Of course, there was also the added danger that people would be expecting a high level technical presentation - this is RSA, after all - and be baffled at the sight of 70 minutes of anecdotes.

Still, I love a challenge and the presentation seemed to go down really well with the audience. There's been a fair amount of coverage already (links at the end), and a number of people asked me to get involved with a few initiatives aimed at both keeping kids safe online and also trying to steer them away from hacking and cracking which was pretty interesting. I'm just glad people found us at all, because I'm sure we were originally scheduled for the "Hackers & Threats" Track but somehow ended up on the "Industry Experts" sessions. Not really helpful when you're running round half an hour before your presentation starts wondering why nobody knows where your room is!

Just like last year, you can click here and check out some 300+ pictures from my trip, starting with the emergency landing my plane made and finishing off with - er - more aeroplane woes. So many people had issues with aircraft at this conference, maybe that could be next years theme.

As for additional reading, well, there's a fair amount of it and will probably give you a better overview of what went on than I ever could. Eventually RSA are supposedly going to stream the talk we gave in full, but that might take a week or two - as soon as it's online, I'll post a link to it.

Further Reading:

Robert Vamosi: Meet the Echo Boom Hackers
Robert Vamosi: Echo Boom Hackers - A Dangerous Game
Robert Vamosi: Echo Boom Hackers - Shame

Matt Hines: Taking Down Teen Hackers

Tech Talk Radio: RSA 2008. (The Podcast itself is floating round on the main site somewhere, but I couldn't actually find it. If anyone locates it, feel free to pass me the link!)

Consumer Reports: Kids Turned Cybercriminals

I recently spoke at the ASC Conference in DC:

http://blog.spywareguide.com/upload/2008/02/asc081-thumb.jpg
Click to Enlarge

...and a lot of interesting issues were laid out for discussion (I should point out we didn't speak in the Capitol Building, I just like that photograph. Plus, it looks a bit more impressive than a picture of a hotel). Shall we have an obligatory shot of a board with a lot of companies listed on it? Sure:

http://blog.spywareguide.com/upload/2008/02/asc083-thumb.jpg
Click to Enlarge

That's a whole lot of companies right there! Anyway, the Conference had a lot of FTC people in attendance, and kicking things off was Ari Schwartz and FTC Commissioner Jonathan Leibowitz:

http://blog.spywareguide.com/upload/2008/02/asc085-thumb.jpg
Click to Enlarge

A repeated theme (that may or may not have been intentional) was that, to some degree, the "battle is won" - at least as far as trying to get "legit" Adware vendors to toe the line goes. Of course, there's still plenty of badness out there to contend with. The evidence from security forums and people fighting these infections on the frontline would seem to suggest PC hijacking is as rampant as ever, if not more so.

Shall we lighten the mood with some cameo shots of the antispyware big-hitters? (Click to enlarge each image)

http://blog.spywareguide.com/upload/2008/02/asc086-thumb.jpg
Alex Eckelberry!
http://blog.spywareguide.com/upload/2008/02/asc087-thumb.jpg
Bill Pytlovany!
http://blog.spywareguide.com/upload/2008/02/asc0810-thumb.jpg
John Levine!
http://blog.spywareguide.com/upload/2008/02/asc089-thumb.jpg
Lance James! (Long story..)

Stefan Savage gave a great presentation, where he looked at various elements of the underground economy of hackers - namely, what carders and data theft scammers get up to in IRC channels.

http://blog.spywareguide.com/upload/2008/02/asc0811-thumb.jpg
Click to Enlarge

My own panel featured Alex, Lance, Cindy Southworth of the awesome NNEDV and Luke Erickson of the FTC. We talked about some pretty heavy duty stuff, including how the increasing frequency of illegal pornography is actually causing some people in security to drop out of the business (because, understandably enough, they don't want that kind of material on their PCs lest the police come calling), how kids as young as twelve are happily trading credit cards and the kind of information Phishers and data stealers are collecting (the slides provided by Lance were an extremely interesting extension of what Stefan had been saying earlier on).

http://blog.spywareguide.com/upload/2008/02/asc2008128888-thumb.jpg
Click to Enlarge (Thanks to Bill P for the image!)

A lot of food for thought, and I'm hopeful the presentation I gave regarding the kids getting involved in hacking and cracking hit home with the FTC people in attendance.

At this point, I want to give a mention to NNEDV - I spent a lot of time talking with Erica Olsen of the National Network to End Domestic Violence, and it was frankly mind boggling how many anecdotal tales ended with "Yeah, she died / was killed / beaten to a pulp" etc. It seems depressingly likely that we've just scraped the tip of domestic abuse going hand in hand with monitoring software / keyloggers / all those other wonderful products sold as "surveillance tools" to "keep Junior safe online", which are in fact almost immediately used for much darker purposes.

Truth be told, the entire conference was a strange mixture of conflicting views - on the one hand, we were being told "we've won", but on the other hand, people like myself and NNEDV were showing how a lot of individuals were ending up as losers, with no hope of fixing whatever tech-related problem they happened to be in...from the comical to the life threatening.

I guess the Internet really is serious business.

Listen to the full conference (and check out the slides) here, and make your own mind up. Adware was, is, and will continue to be a problem for the foreseeable future - but beyond all the types of "ware" out there that we need to start concentrating on, we need to remember that every single time something bad gets onto a PC, a life can potentially be destroyed forever.

Now, more than ever, we need to keep fighting.

Time To Go

| | Comments (0)
http://blog.spywareguide.com/upload/2007/09/bye_to_sing-thumb.jpg
Click to Enlarge

Well, it's never good when you have to hang around in the airport for four hours until your plane can leave, but free Internet access in the terminal and the genius that is Changi Airport sorted that out.

Why genius?

Well, you know all the messing about you have at airports - the check in, the passport waving and (worst of all) the ENDLESS DELAYS caused by funneling the entire airport through those stupid X-Ray scanners and pat-me-downs and all the rest of it?

Not here.

You go to the "leave here" bit, show your passport and you are INSTANTLY in duty free.

But wait, I hear you cry, how can you be in duty free without the security checks? Surely you could just take any old thing onto the planes, security hazard etc etc.

Well, no. See, if you want to buy something and take it on the plane (like a bottle or whatever), you simply ask at the counter and they put it in special "airport approved" bags.

So, where are the security checks?

Oh, easy. You just hang around wherever you like until an hour before your flight leaves, and then go to the glass-encased departure lounge for your flight. They have the pat-down, the X-Ray machine and the security scanner inside your departure lounge, so you only go through the checks with the other people from your flight INSTEAD of the entire airport.

Which is, you know, genius.

I love this place.

Anyway, enough from me. You can see (most) of my photographs from the Singapore trip here. For the purposes of this blog entry, I'm now going to pretend I'm just getting on the plane instead of having already been home for something like a week and a half. Decompression, you gotta' love it.

Food Ahoy

| | Comments (0)
http://blog.spywareguide.com/upload/2007/09/fplace1-thumb.jpg
Click to Enlarge

Not that I have any particular obsession for food, but, you know.....food is awesome.

http://blog.spywareguide.com/upload/2007/09/fplace2-thumb.jpg
Click to Enlarge

....nope, I have absolutely no idea what I'm doing. Uh.....something in a bowl, please.

http://blog.spywareguide.com/upload/2007/09/fplace3-thumb.jpg
Click to Enlarge


http://blog.spywareguide.com/upload/2007/09/fplace4-thumb.jpg

Click to Enlarge


http://blog.spywareguide.com/upload/2007/09/fplace6-thumb.jpg

Click to Enlarge

...wait, didn't I order noodles? I'm pretty sure they're not noo - uh - never mind.

http://blog.spywareguide.com/upload/2007/09/fplace5-thumb.jpg
Click to Enlarge

...best strips-of-pork-in-a-broth-of-something-or-other I ever had.

Singapore: Time To Talk

| | Comments (0)
http://blog.spywareguide.com/upload/2007/08/singpre1-thumb.jpg
Click to Enlarge

See that building in the middle? No, not that one, the other one. Yeah, there you go. That's Copthorne Kings, where we'd be doing our talky-conference thing for a whole bunch of people. Unfortunately on the morning of the presentation I was dropped off on the other side of a particularly nasty dual carriageway at the wrong hotel. Much Run Lola Run style hilarity ensued as I has to seek out an overpass and leg it to the right hotel with minutes to go.

Eventually I ran into the right lobby to be greeted by this:

http://blog.spywareguide.com/upload/2007/08/singpre2-thumb.jpg
Click to Enlarge

....which was a bit more promising than the entirely blank stares handed to me by the dudes in the wrong hotel. (You'll notice that, rushed as I was, I still had time to take a picture. That's because there is always time to take a picture). A quick dive into the elevator and....

http://blog.spywareguide.com/upload/2007/08/sing8-thumb.jpg
Click to Enlarge

...I'm making my excuses and entering, which is odd because it's usually the other way round. Oh well. Before I knew it, the organiser had dispensed with his incredibly brief introduction and it was on with the show.

http://blog.spywareguide.com/upload/2007/08/sing1-thumb.jpg
Click to Enlarge

There were a number of talks on the day, the majority of which focused on presenting the audience with various kinds of solutions with regards the Enterprise environment. Honestly, it wasn't as dry as it sounds and this guy in particular:

http://blog.spywareguide.com/upload/2007/08/sing9-thumb.jpg
Click to Enlarge

...was incredibly funny and entertaining. I thought people might take this side of things a little too seriously based on previous experiences of more "corporate" events but it was quite loose and relaxed. Always a good thing, if you ask me. And I know you are.

http://blog.spywareguide.com/upload/2007/08/sing21-thumb.jpg
Click to Enlarge

The majority of my talk focused on the methods used to hunt down YoGangsta50 and "chase him offline". We also looked at a variety of hacks, cracks and exploits from around the World. In some of the other talks, the focus seemed to be on Phishing which is really taking off here in a big way - sadly I couldn't get hold of any other presentation slides, but there were some really clever examples.

Of course, the talks here focused on Enterprise and business use. My feeling is that, for the regular users, its business as usual with regards having to avoid the nasty stuff. Here's a perfect example, right?

Anyway, the conference finally came to a close and the general opinion was that it was a worthwhile event. I had a great time and would like to thank everyone involved in making the whole thing happen, and making sure I didn't get lost and fall in a river or something.

Till next time, Singapore...

Time to do some last minute checks with regards conference details and generally hang out at one of the many local stalls...

http://blog.spywareguide.com/upload/2007/08/singpre10-thumb.jpg
Click to Enlarge


http://blog.spywareguide.com/upload/2007/08/singpre11-thumb.jpg

Click to Enlarge


http://blog.spywareguide.com/upload/2007/08/singpre13-thumb.jpg

Click to Enlarge


http://blog.spywareguide.com/upload/2007/08/singpre14-thumb.jpg

Click to Enlarge

Behind The Scenes

| | Comments (0)

You know, a lot of work goes into pulling angry faces like this:

http://blog.spywareguide.com/upload/2007/08/sing6-thumb.jpg
Click to Enlarge

...yeah, I know it looks like I'm about to say something sweary, but honestly I'm not. I just rage and roll, apparently.

With that in mind, here's a couple of pics from a sort of "mini-event" that doubled as a prep session for the main talks...

http://blog.spywareguide.com/upload/2007/08/singsmall2-thumb.jpg
Click to Enlarge
http://blog.spywareguide.com/upload/2007/08/singsmall1-thumb.jpg
Click to Enlarge
http://blog.spywareguide.com/upload/2007/08/singsmall3-thumb.jpg
Click to Enlarge

Welcome to Singapore

| | Comments (0)
http://blog.spywareguide.com/upload/2007/08/singpre3-thumb.jpg
Click to Enlarge

A few weeks ago, I was honoured to be asked to go and speak at a number of events taking place in....well, you probably guessed from the title. For some reason, I was unable to post to Spywareguide from Singapore so you probably caught me rambling on about all sorts of random lunacy on Vitalsecurity.org instead.

Well, now I'm back and can finally post things and stuff about....things and stuff. If you see what I mean....

About this Archive

This page is a archive of recent entries in the Conferences category.

Botnets is the previous category.

Development is the next category.

Find recent content on the main index or look in the archives to find all content.