Welcome To ShmooCon 2005

1
Welcome To ShmooCon 2005

• No Moose. We Swear.

2
Whats the Point?

• Dont believe anything I say
• Dont believe anything the speakers say
• We believe a conference is for the benefit of the
  attendees
• Not a muscle flex for the speakers
• Not an ego fix for the organizers
• Not a vendor pitch
• Not (just) a social event

3
A Different Kind of Con

• Designed from the ground up to get you thinking
• ShmooCon is an attempt to do something useful for
  the community
• Hopefully, this and other cons (ToorCon in San
  Diego, Layer One in LA, etc..) will inspire
  others
• Affordable
• We hope you feel you get more than your moneys
  worth, esp those that paid 99 in July
• Lots of freebies and ways to get a pass
• Accessible
• Mass Trans from BWI/DCA in downtown DC
• Next year, well get more space
• See Beetles BoF on Sunday if youre interested
  in the details

4
A Little for Everyone

• Build It - CONstructive
• Break It - DEstructive
• BoF It - Birds of a Feather
• Running a concurrent track so BoFs arent a late
  night/little attended event
• They are what you make of them
• Hold speakers accountable
• Talks should pass the so what? test
• Speakers should excite you (in a PC way)

5
Shmoo Balls and Shmoo Paddles

• A Mechanism for holding speakers accountable in
  real time
• Throw a ball at the speaker if you want to
  demonstrate your opinion
• Feel free to voice your opinion as well
• NOT a mechanism for personal hostility
• Only one ball per attendee keeps thing from
  turning into a blood bath
• Paddles give the speaker a fighting chance

6
Speaker Feedback Forms

• A critical feedback mechanism for us
• Important for the community
• If you havent noticed, many of the speakers here
  also speak at other places.
• Perpetuating useless speakers (like myself) or
  topics does no one any good
• Tried to make them easy to fill out

7
BBS Documentaries - Friday Night

• Jason Scott will show several episodes from his
  upcoming DVD on the history of BBS

8
Hack or Halo - Saturday Night

• Some can game, some can hack
• Halo - 5 minutes of head to head Halo action
• Hack - 10 minutes of use what you brought
  hacking on supplied images
• Winners stay on, losers go to the end of the line
• Didnt bring a loaded attack host?
• We have several Auditor bootable CDs for use by
  those that want to take a shot

9
Other Goings On?

• Book Signings at Culture Junkie
• FUR trip
• Clue Enforcers
• An unconventional take on the tech talk
• There is a wireless network
• We are using several wireless IDSs to try and
  find the bad people )

10
An Oral History of The Shmoo Group

• One last time
• Tech Support Group (tsg_at_alaska.net)
• The Shmoo Group (tsg_at_shmoo.com)

11
State of the Union

• Security industry has seen transition from
  passion to job
• Still not an engineering discipline
• We are not learning from our mistakes
• Or even our previous inventions
• Software security is a pervasive problem
• People do not want to pay for security, privacy,
  or anonymity
• They just expect it

12
The Bad (just examples)

• Weve reached the point where recommending to not
  bother with AV is criminal negligence
• We get our security research from press
  releases and Slashdot
• The Linux development model does not yield secure
  code
• The biggest problem with Bluetooth is bad code,
  not the protocol
• Hotspot security _still_ a disaster

13
The Good

• Security has gone mainstream
• Microsoft
• Firewall turned on by default in SP2
• Integrated enterprise platform
• Some universities actually teaching security
• Now they just need to learn its more than
  encryption
• Security products are beginning to focus on
  usability

14
The Ugly

• 98 of the traffic to a.root-servers.net is
  useless
• http//ucsdnews.ucsd.edu/newsrel/science/sdscRoot.
  htm
• Core Internet services still insecure (BGP, DNS,
  etc)
• But do they need to be fixed?
• Next gen protocols arent any better (ie VOIP)
• ALL code is security critical now
• MS JPG vuln, Phonelits S55 trickery

15
So What?

• Not to get cheesy, but its all on our heads
• People that care enough to come to a security con
  on Super Bowl weekend are the type of ppl that
  can make a difference
• Lets re-evaluate what we think the problems are
• Many talks here will help reset your
  understanding Tinas BoF on patch management,
  Johnnys Google talk just to name a couple

16
The Sponsors
17
Id like to thank the Academy

• Beetle - The Architect
• Heidi - Speaker / Reg Goddess
• Rodney - Speaker Selection / Press
• Freshman - PHYSEC
• Cowboym / Ken - NOC
• The Hotel staff
• All the other staff and unnamed helpers

18
See you at the talks!