New Zealands best security oriented conference is on again!
On November 17th and 18th Wellington will once again play host to bogans, black hats and the fuzz in a 2 day orgy of hacking, cracking and 0-day. Details are scarce so far, it’s early days yet, but I’ve no doubt it will be another eye opening experience.
This will be my third Kiwicon. Each time it serves to refresh my paranoia, reinforce my strongly held opinions on the security (or lack of it) of the systems we use every day and strengthen my tendency to be bullish about scurity concerns when designing and implementing my own systems.
At Kiwicon 2010 I witnessed the power of one, when a lone hacker outpaced groups of 5 or more in the hacking competition, perched on the arm of someone elses chair with a tiny netbook on his knee.
Kiwicon 2011 scared me off Apple i-devices when it was demonstrated just how easily their “security” could be bypassed, even on the latest version (at the time) of iOS.
Every time Brett Moore speaks I’m amazed by the depth and breadth of the attack surface available to the dark side. Every attempted mitigation made by software and hardware vendors seems to be compromised by, well, compromise. The need to make something backwards compatible is often the downfall of an otherwise elegant and robust solution. Heap randomisation you say? Wow, that would make buffer overflows really hard to exploit, but what’s that? I can turn it off for backwards compatibility? Awwww.
No doubt this year will bring more eye opening tidbits, I look forward to devouring every one. Also the beer.
Hope to see you there!