ShmooCon 2009 Guide – Friday Recommendations

In my last two posts (“Up to this Point” and “General Advice”) I looked at the events leading up to this week and general advice for getting the most out of the conference. In this post I’m going to look at some of the different talks and activities going on Friday.

 As part of this discussion I’ll be giving my recommended activities. Keep in mind that these choices are based on my likes and dislikes. I’d advise reviewing the full list of activities yourself just to make sure you don’t miss anything that’s important to you.

Before I talk about Friday evening, I do want to take a minute to mention the plan for a Security Twits lunch meetup at 12:00pm at Harry’s Pub in the Marriott. If you plan on attending, RSVP at securitytwits{0x40} If you’d like more information, you can visit @securitytwits to see the original tweet.

And now, onto the evening portion of ShmooCon.

In typical ShmooCon fashion, Friday evening is dedicated to the “One Track Mind” talks. Of the “One Track Mind” sessions, three look particularly interesting to me. Being a fan of PaulDotCom and Larry’s imaginative hardware hacking exploits, how could I pass up “Building the 2008 and 2009 ShmooBall Launchers” by Larry Pesce and David Lauer at 4:30? Both SecurityJustice and Securi-D’s Weblog preview what they’ll be discussing.

Following those session, the “The Day Spam Stopped (The Srizbi Botnet Takedown)” talk by Julia Wolf at 5:00 seems like a nice post-mortem of a complex topic that I’m always looking to learn more about. In theory I understand how botnets work, but I’m continually looking for more details of them in action. And seeing a practical application of botnets—which this talk will provide—really drills those theories in.

The final “One Track Mind” session I hope to see is “Watching the Watcher: The Prevalence of Third-Party Web Tracking” by Brent Chapman, Tera Corbari, and Matt Devers at 6:30. Being a mildly paranoid person (which is probably why I migrated into the infosec field), I am always interested in learning more about who and what is profiling me through increasingly complex information gathering techniques. Plus, the advanced tracking mechanisms that many of these organizations use are simply facinating. Learning their techniques would at least help me disrupt their profile building activities. That’s my hope, anyways.

To finish out Friday night’s official activities, I’ll be going to hear what Matt Blaze has to say in his keynote talk. Speaking of Blaze’s talk in particular, one thing that has always bothered me ever so slightly at ShmooCon is that there’s no overview of the keynote. We always get nice bios but nothing concrete on the exact topic. Based on Matt’s background, it’ll probably involve the intersection of security and public policy in some way. Does anyone else have any ideas on his topic? Or did I just miss a major announcement somewhere?

According to Matt’s Wikipedia article, it looks like he’s been involved in some interesting things. He is credited with developing the forerunner of IPSec in ‘93, circumventing the wiretapping capabilities of the Clipper chip in ‘94, and rediscovering a vulnerability in “master key” security in physical locks in ’03. (It’s technically a “rediscovery” because it was an open secret among locksmiths). He also coined the term “trust management,” which means to “refer to the policy system which decides whether a particular entity should be permitted to carry out a particular action.” Currently, Matt is an Associate Professor of Computer and Information Science at the University of Pennsylvania.

Next come several unofficial ShmooCon Friday night events that you may want to take part in. There is some overlap with the official talks but you may want to check out the Podcaster’s Meetup. Setup begins at 7:30, with the live show starting at 8:00. Podcasters taking part include Hak5, PaulDotCom, CyberSpeak, Sucurabit, Security Justice, SploitCase, Unpersons, Phone Losers of America, and SMBMinute. After the recording, there will be some time for getting your books signed if you’re interested.

The FireTalks then start at 9:00. For those of you who don’t know, the FireTalk sessions include several 10 to 15 minute talks by those who have something interesting to say, but didn’t get accepted by ShmooCon or didn’t submit their proposed talk in time.

If you’d like more information, you can view the Podcaster’s Meetup post about the FireTalks, which I’ve pasted part of below.

“Have a talk that didn’t get accepted? Want the chance to share a project that you are working on? Think of FireTalks as a verbal blog post.

 The human experience is built on the ability to tell and learn from stories. At SchmooCon 2009, “FireTalks” is a supportive environment in which to either share insights or learn from others. Whether polishing a presentation (story) for conferences, meetings or training, FireTalks are the way to share, learn and improve.

 The inaugural FireTalks take place Friday night — following the Podcasters Meetup. Talks are limited to 10-15 minutes with four (4) scheduled talks and four (4) open slots. Open slots will be filled on a first come, first serve basis.

 Saturday night will be more relaxed. Come join us and present, listen and learn.”

Both the Podcaster’s Meeting and the FireTalks will take place somewhere around the press room. I guess we’ll have to figure out the location once we get there. As I mentioned in the “General Advice” post, be sure to check Twitter for constant updates about the conference.

Afterward the FireTalks are over, continue the fun with some networking at a local spot. Or if you’re interested, CharmSec is having a meetup after the keynote. Be sure to check it out if you can. You can view @charmsec for additional details. You may also want to follow @podcastmeetup on Twitter to get any last minute updates.

If there’s anything I’ve missed, please feel free to let me know by leaving a comment below.  Praise and criticism (and by that, I mean constructive feedback) is always appreciated. Additionally, has anyone figured out what the keynote topic is or where the post Podcaster’s Meetup/FireTalks “local spot” is going to be?

In my next post, I’ll be discussing Saturday’s activities with some recommended talks and other events. Choosing which sessions to attend will definitely be a lot harder given the wide range of options.


Was this post helpful? If so, consider passing it along to a friend or becoming a subscriber of our site. Or, you can always do both—we won’t complain.

2 comments for “ShmooCon 2009 Guide – Friday Recommendations

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.