[TriLUG] CarolinaCon - this weekend

Michael Ansel trilug at anselcomputers.com
Tue Mar 10 22:31:05 EDT 2009


Wow Alan, that was an awesome description: I wish I could explain it
that well. For my part though, last year was the first year I went,
and I absolutely loved it! Several of the talks were worth the $20 on
their own, so the rest was just icing on the cake for me. Even topics
I was already familiar with, like cross-site scripting, were looked at
in a unique way that led me down a completely new path of research.

I definitely cannot wait for this Friday, which brings me to my second
point: Is there anyone going that could give me a ride to/from Duke on
Friday and/or Saturday? I was going to borrow a friend's car over
Spring Break, but she forgot to give me the keys before leaving for
the Caribbean. :-/  Thanks so much if you can help!

Michael

On Tue, Mar 10, 2009 at 5:32 PM, Alan Porter <porter at trilug.org> wrote:
>> Alan, can you please expound on why you think it
>> would be good to go to?
>
> "DefCon Lite"... maybe that's a good image.
>
> On one hand, the entire thing had this unprofessional and low-budget
> feel to it.  That was emphasized over and over by the MC, who had a
> quirky self-deprecating sense of humor, with phrases like "you keep
> their attention with your technical talk, while Nick and I run off with
> admission money".  And other jewels, like introducing Sapna Kumar as (1)
> hot (2) wicked smart and (3) really hot, all while she stood at the
> podium, laughing.
>
> The MC gave the entire event a kind of cheap and sleazy ambiance, sort
> of like Krusty the Clown.... with more expletives.
>
> Some of the talks showed live exploits of running systems, something I
> had heard about, but never really understood fully.  We saw a web site
> that was purposefully made vulnerable to SQL injections, and the use of
> string format vulnerabilities to uncover the private key of anti-virus
> software.
>
> One presenter ran through the many ways that game consoles have been
> modified to run custom software, or to bypass the normal authentication,
> with pretty detailed treatment of the security measures employed by game
> consoles, and how they were defeated because they had to be backwards
> compatible with older systems.
>
> There were other presentations that were given by security consultants
> who work with police, discussing how they do forensics on a captured
> machine.  And a guy from the Air Force who made a career out of planting
> bugs and sweeping rooms for enemy bugs (after his presentation, he
> revealed where he had hidden bugs in the meeting room).
>
> There were other sessions on rootkits, and how they can get closer to
> the metal (application, OS, VM, BIOS, etc).  Sapna Kumar talked about
> the RIAA.  One guy showed lots of Firefox plugins that can be used for
> web app development as well as to alter data going to web sites to test
> for vulnerabilities.
>
> And they wrapped it up with a Jeopardy-like game of hacker trivia.
>
> For me, personally, I felt like it was a good exposure to a lot of
> topics that I had little knowledge of before.  There were interesting
> people in the audience, and plenty of technology and humor to keep my
> attention.  All for just $20.
>
> Alan
>
>
>
>
>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list