[TriLUG] CarolinaCon - this weekend

Carl Crider c.crider at gmail.com
Wed Mar 11 08:38:31 EDT 2009


 I guess the Carolina Con website is taking a big hit this morning? Can't
seem to get to it.

On Tue, Mar 10, 2009 at 10:31 PM, Michael Ansel
<trilug at anselcomputers.com>wrote:

> Wow Alan, that was an awesome description: I wish I could explain it
> that well. For my part though, last year was the first year I went,
> and I absolutely loved it! Several of the talks were worth the $20 on
> their own, so the rest was just icing on the cake for me. Even topics
> I was already familiar with, like cross-site scripting, were looked at
> in a unique way that led me down a completely new path of research.
>
> I definitely cannot wait for this Friday, which brings me to my second
> point: Is there anyone going that could give me a ride to/from Duke on
> Friday and/or Saturday? I was going to borrow a friend's car over
> Spring Break, but she forgot to give me the keys before leaving for
> the Caribbean. :-/  Thanks so much if you can help!
>
> Michael
>
> On Tue, Mar 10, 2009 at 5:32 PM, Alan Porter <porter at trilug.org> wrote:
> >> Alan, can you please expound on why you think it
> >> would be good to go to?
> >
> > "DefCon Lite"... maybe that's a good image.
> >
> > On one hand, the entire thing had this unprofessional and low-budget
> > feel to it.  That was emphasized over and over by the MC, who had a
> > quirky self-deprecating sense of humor, with phrases like "you keep
> > their attention with your technical talk, while Nick and I run off with
> > admission money".  And other jewels, like introducing Sapna Kumar as (1)
> > hot (2) wicked smart and (3) really hot, all while she stood at the
> > podium, laughing.
> >
> > The MC gave the entire event a kind of cheap and sleazy ambiance, sort
> > of like Krusty the Clown.... with more expletives.
> >
> > Some of the talks showed live exploits of running systems, something I
> > had heard about, but never really understood fully.  We saw a web site
> > that was purposefully made vulnerable to SQL injections, and the use of
> > string format vulnerabilities to uncover the private key of anti-virus
> > software.
> >
> > One presenter ran through the many ways that game consoles have been
> > modified to run custom software, or to bypass the normal authentication,
> > with pretty detailed treatment of the security measures employed by game
> > consoles, and how they were defeated because they had to be backwards
> > compatible with older systems.
> >
> > There were other presentations that were given by security consultants
> > who work with police, discussing how they do forensics on a captured
> > machine.  And a guy from the Air Force who made a career out of planting
> > bugs and sweeping rooms for enemy bugs (after his presentation, he
> > revealed where he had hidden bugs in the meeting room).
> >
> > There were other sessions on rootkits, and how they can get closer to
> > the metal (application, OS, VM, BIOS, etc).  Sapna Kumar talked about
> > the RIAA.  One guy showed lots of Firefox plugins that can be used for
> > web app development as well as to alter data going to web sites to test
> > for vulnerabilities.
> >
> > And they wrapped it up with a Jeopardy-like game of hacker trivia.
> >
> > For me, personally, I felt like it was a good exposure to a lot of
> > topics that I had little knowledge of before.  There were interesting
> > people in the audience, and plenty of technology and humor to keep my
> > attention.  All for just $20.
> >
> > Alan
> >
> >
> >
> >
> >
> >
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list