Security News > 2003 > March > Hackers come out to play
http://www.theage.com.au/articles/2003/03/10/1047144912114.html By Nathan Cochrane March 11 2003 Next The public will get a rare glimpse into the computer underground next month when some of the country's most talented hackers and crackers gather in Sydney for the inaugural Ruxcon conference. Organisers say for too long the focus of computer security conferences has been on vendors peddling their products instead of sharing knowledge. The not-for-profit conference and convention will have demonstrations of offensive hacking techniques as well as how to combat them through presentations, technical competitions and interactive workshops. The conference name is derived from the underground Swiss Army Knife neologism, "Rux", which can mean almost anything, used as a noun, verb or adjective depending on context, says organiser "Kdz''. "It generally can be used much like 'rocks' but this is not always the case," Kdz says. "Some examples: 'I'm going to rux up some food' is similar to 'I'm going to get some food' and 'This guy just got ruxt' is similar to 'This guy just got shutdown'." As with all such conferences, social and informal networking events are planned, including competitions in reverse engineering, vulnerability exploits, "capture the flag" and a quiz game. Proposed oddball events include a yoyo demo, chilli eatoff and a PC making competition where competitors race to build a box from jumbled parts. "We encourage the community to come forward and contribute ideas for anything they would like to see running at Ruxcon," Kdz says. The capture the flag contest opens a typical e-commerce network to attack by malicious hackers. The first successful attacker rises to system administrator level, then must defend against intruders while providing essential services to legitimate customers. Points are awarded to system administrators for their skill securing and maintaining the network, and to intruders for the novelty and success of their exploits. Conferences such as this have become popular over the past few years, bringing together the normally combative underground community, mainstream security industry and business. The granddaddy held annually for the past decade in Las Vegas, Defcon, started as a way to weave the different strands that make up the tapestry of the computer underground - hackers, crackers, phreaks, activists, cipherpunks and others - but has grown to subsume the security industry mainstream and attracts law enforcement officials keen to learn the latest techniques. Kdz says he hopes law enforcement officials will treat the conference the same way they would treat any legitimate security event. Although Ruxcon organisers say they do not condone piracy, a community local area network with filesharing capability for peer-to-peer transfers will be established along with a wireless access point. Participants will have to bring their own PCs or notebooks. Presentations are being sought and members of the public have until April 1 to submit proposals. Noted Canberra PHP programmer and freelance technical writer David Jorm will present an introductory-level talk on the state of web applications security useful for business and IT managers. The presentation shows each major type of web application vulnerability, how to attack it and how to write code that defends against it, he says. "The impact for technologies such as .NET and J2EE is that, although themselves architecturally sound, they build on technologies that are not,'' Jorm says. Sydney computer security consultant Rival, who has worked over the past decade in the field of computer forensics for clients including the ACCC, will speak about data recovery and discovery techniques for presenting forensic evidence. Advanced hackers will be drawn to the breaking network authentication lecture, presented by 18-year computer veteran "Ruptor". He says poorly educated users, IT professionals and developers are at the core of most security vulnerabilities, with users' demands driving new software features that are the cause of so many insecure products. Ruxcon will be held on April 12-13 at the University of Technology, Sydney, No. 1 Broadway, Ultimo. Entry is $30 to cover UTS facility www.ruxcon.org NEXT SPEAK Phreaking: /freek'ing/ n. [from 'phone phreak']: 1. The art and science of cracking the phone network (so as, for example, to make free long-distance calls). 2. By extension, security-cracking in any other context especially, but not exclusively, on communications networks. (Source: Hacker's Jargon Dictionary) Con: a convention. A semi-formal social gathering bringing together a variety of people from different walks of life around a central theme such as computer security, medievalism or New Age back-to-earth concepts. Peer-to-peer (P2P): a method to transfer files across a network directly between users, with each user having equal rights, usually supported by intelligent file and archival selection systems, servers and customised desktop software. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
News URL
http://www.theage.com.au/articles/2003/03/10/1047144912114.html