[ISN] Hackers come out to play

From: InfoSec News (isnat_private)
Date: Fri Mar 14 2003 - 00:27:15 PST

  • Next message: InfoSec News: "[ISN] [UCE] One Hacker's Love (fwd)"

    http://www.theage.com.au/articles/2003/03/10/1047144912114.html
    
    By Nathan Cochrane
    March 11 2003
    Next
    
    The public will get a rare glimpse into the computer underground next 
    month when some of the country's most talented hackers and crackers 
    gather in Sydney for the inaugural Ruxcon conference. 
    
    Organisers say for too long the focus of computer security conferences 
    has been on vendors peddling their products instead of sharing 
    knowledge. The not-for-profit conference and convention will have 
    demonstrations of offensive hacking techniques as well as how to 
    combat them through presentations, technical competitions and 
    interactive workshops. 
    
    The conference name is derived from the underground Swiss Army Knife 
    neologism, "Rux", which can mean almost anything, used as a noun, verb 
    or adjective depending on context, says organiser "Kdz''. 
    
    "It generally can be used much like 'rocks' but this is not always the 
    case," Kdz says. 
    
    "Some examples: 'I'm going to rux up some food' is similar to 'I'm 
    going to get some food' and 'This guy just got ruxt' is similar to 
    'This guy just got shutdown'." 
    
    As with all such conferences, social and informal networking events 
    are planned, including competitions in reverse engineering, 
    vulnerability exploits, "capture the flag" and a quiz game. Proposed 
    oddball events include a yoyo demo, chilli eatoff and a PC making 
    competition where competitors race to build a box from jumbled parts. 
    
    "We encourage the community to come forward and contribute ideas for 
    anything they would like to see running at Ruxcon," Kdz says. 
    
    The capture the flag contest opens a typical e-commerce network to 
    attack by malicious hackers. The first successful attacker rises to 
    system administrator level, then must defend against intruders while 
    providing essential services to legitimate customers. Points are 
    awarded to system administrators for their skill securing and 
    maintaining the network, and to intruders for the novelty and success 
    of their exploits. 
    
    Conferences such as this have become popular over the past few years, 
    bringing together the normally combative underground community, 
    mainstream security industry and business. 
    
    The granddaddy held annually for the past decade in Las Vegas, Defcon, 
    started as a way to weave the different strands that make up the 
    tapestry of the computer underground - hackers, crackers, phreaks, 
    activists, cipherpunks and others - but has grown to subsume the 
    security industry mainstream and attracts law enforcement officials 
    keen to learn the latest techniques. Kdz says he hopes law enforcement 
    officials will treat the conference the same way they would treat any 
    legitimate security event. 
    
    Although Ruxcon organisers say they do not condone piracy, a community 
    local area network with filesharing capability for peer-to-peer 
    transfers will be established along with a wireless access point. 
    Participants will have to bring their own PCs or notebooks. 
    
    Presentations are being sought and members of the public have until 
    April 1 to submit proposals. 
    
    Noted Canberra PHP programmer and freelance technical writer David 
    Jorm will present an introductory-level talk on the state of web 
    applications security useful for business and IT managers. The 
    presentation shows each major type of web application vulnerability, 
    how to attack it and how to write code that defends against it, he 
    says. "The impact for technologies such as .NET and J2EE is that, 
    although themselves architecturally sound, they build on technologies 
    that are not,'' Jorm says. 
    
    Sydney computer security consultant Rival, who has worked over the 
    past decade in the field of computer forensics for clients including 
    the ACCC, will speak about data recovery and discovery techniques for 
    presenting forensic evidence. 
    
    Advanced hackers will be drawn to the breaking network authentication 
    lecture, presented by 18-year computer veteran "Ruptor". He says 
    poorly educated users, IT professionals and developers are at the core 
    of most security vulnerabilities, with users' demands driving new 
    software features that are the cause of so many insecure products. 
    
    Ruxcon will be held on April 12-13 at the University of Technology, 
    Sydney, No. 1 Broadway, Ultimo. Entry is $30 to cover UTS facility 
    
    www.ruxcon.org 
    
    
    NEXT SPEAK 
    
    Phreaking: /freek'ing/ n. [from 'phone phreak']: 1. The art and 
    science of cracking the phone network (so as, for example, to make 
    free long-distance calls). 2. By extension, security-cracking in any 
    other context especially, but not exclusively, on communications 
    networks. (Source: Hacker's Jargon Dictionary) 
    
    Con: a convention. A semi-formal social gathering bringing together a 
    variety of people from different walks of life around a central theme 
    such as computer security, medievalism or New Age back-to-earth 
    concepts. 
    
    Peer-to-peer (P2P): a method to transfer files across a network 
    directly between users, with each user having equal rights, usually 
    supported by intelligent file and archival selection systems, servers 
    and customised desktop software.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 02:35:43 PST