http://www.zdnet.com.au/newstech/security/story/0,2000048600,20273776,00.htm By Patrick Gray ZDNet Australia 23 April 2003 COMMENTARY -- From mysterious men on rooftops with telephoto lenses, to attendees trying to use "household appliances to launch non-conventional buffer overflow attacks", the inaugural Ruxcon IT security conference in Sydney had it all. It was the first time the unique event had been held, but hopefully, it won't be the last. Although primarily promoted through word of mouth and limited press coverage, it still managed to attract around 300 attendees. Vaguely modelled on the annual Defcon conference in the US, which has become the world's loudest and proudest hacker get-together, Ruxcon was established to offer presentations and workshops on "offensive and defensive" security techniques, in a relaxed and social environment. It certainly wasn't a corporate affair; the event had a very informal flavour--I didn't see a single suit. Some notable activities included "capture the flag" hacking competitions, where entrants compete to compromise a system on a local area network, chili eating contests, and a pool tournament. Fun stuff aside, a point of great sensitivity among attendees was the usage of the word "hackers" in the media, so with that in mind it should be pointed out that the term is being used in this article to describe technology enthusiasts who "tinker with technologies in unconventional ways", and not criminals. In this way, it's appropriate to refer to Ruxcon as a hacker conference. It was about a bunch of people, with an interest in messing around with computer security techniques, getting together and sharing ideas. The concept can only be a positive one for the security industry and wider security community. Contrary to the beliefs of some, it will do little to accelerate information sharing among law-breakers, a group that represented a tiny minority of attendees. Speaking in general terms, black-hat (bad-guy) hackers are quite paranoid. They aren't likely to admit that they have broken a law to someone they meet at a conference, and they are thus unlikely to share information with new groups or individuals. They can do that online anyway. The Australian Federal Police sent a heavy contingent of officers who were somewhat bemused at how mistrustful many attendees were of them, even though they didn't try to conceal their presence. Needless to say, they weren't the most popular group at the bar after the event, but there was no hostility toward them. Organisers told me security officers asked two men to leave after they were observed photographing attendees as they came and went, but no one seemed to know their identities. I won't begin to speculate. Anecdotal reports say they weren't as open as the federal police when it came to naming their employer. It was the first time a "proper" hacking conference had been held in Australia. Cheaper security events are often "hijacked" by vendors who put all of their effort into trying to sell their "cure all" products and offer little valuable information to delegates. Those that do offer excellent technical information are usually frightfully expensive. Most decent security conferences cost thousands of dollars to attend. Ruxcon, on the other hand, cost attendees AU$30. There wasn't a single vendor banner, and the only thing on sale was official conference t-shirts. And alcohol. The speakers were, on the whole, excellent. There were a couple of so-so presentations--I was told that the introduction to assembly programming was way too advanced--but security consultants were seen at most of them, scribbling down notes at the rate of knots, no doubt impressed by the quality of information that was being churned out by the speakers. One of the more colourful events involved a participant in the "capture the flag" hacking challenge. He was attempting to enter the competition and plug a myriad of nasty-looking electrical equipment into the competition's network. He claimed he wanted to use "unconventional techniques" to exploit the network, and was refused entry. The organisers were undoubtedly concerned that his equipment would blown up the network, reducing their expensive switches to a sticky puddle of melted plastic. By the end of the two day event at the University of Technology, Sydney, the organisers were so exhausted they looked like they'd been crocodile wrestling. It's doubtful that Ruxcon 2004 was high in their minds but one can only hope this interesting event comes back. I'll be sure to ask them when they've caught up on some sleep... hopefully by the end of June. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Apr 24 2003 - 05:00:17 PDT