Tag: shmoocon

  1. Birthday weekend wrap up.

    19 February 2013

    Rather than stay home for my birthday (which I've done for the past few years) I decided to make things interesting this time 'round the sun. Sitwon and Haxwithaxe had secured a hotel room and passes for Shmoocon in downtown DC last weekend, so I threw my hat into the ring more or less at the last minute. Shmoocon is an excellent hacker conference, don't get me wrong, but I don't ordinarily get much out of it. It is, as they say around here, above my pay grade. That said, I decided to go solely to see what I could …

    Read more...

  2. Shmoocon 5 pictures are now online.

    02 March 2009

    I've finally put the pictures I took at Shmoocon 5 online.

    I should note, persuant to the photography policy of Shmoocon, that all people I photographed gave explicit permission for me to do so. Shmoocon doesn't permit photography in any of the presentation areas, and they don't like you taking pictures of people anywhere else unless the subjects give the OK. Taking pictures of inanimate objects, however, is permissible.

    Read more...

  3. Shmoocon 2009: ...duck!!

    08 February 2009

    It's been six hours since I got back from Shmoocon, and I'm still readjusting to a low information density environment. Shmoocon is DC's premiere hacker con, held early every February by a security research outfit called the Shmoo Group, which seems to have an odd interest in moose (judging by the repeating moose motif all over the place, from the free stickers to the laser cut acrylic convention badges). I've wanted to go for a couple of years but various and sundry things kept me from attending, so when I finally was able to score a ticket I jumped at …

    Read more...

  4. Source code to Javascript botnet agent leaked!

    03 April 2007

    Remember the software that Billy Hoffman demo'd at Shmoocon 2007 - the Javascript that turns any capable web browser into a zombie?

    One Mike Schroll snagged a copy while in the audience and posted it to his website. From there, about 100 somebodies downloaded copies, which no doubt have spread farther.

    You can bet that this is going to find illicit use soon. For Firefox users, I strongly suggest that you look into installing a plug-in called NoScript, which lets you decide whether or not to execute the Javascript embedded in a particular web page.

    As always, read the documentation.

    Read more...

  5. Cross-platform droneware: Bots written in Javascript.

    29 March 2007

    Billy Hoffman of the security outfit SPI Dynamics unveiled the fruits of his research at Shmoocon last weekend (which I'm still miffed about not being able to attend), botnet software written in Javascript that runs on any modern web browser. His prototype botnet agent is called Jikto, and it searches for cross-site scripting vulnerabilities in websites after beginning execution when the user looks at a malicious website or e-mail message. Periodically, it will phone home with vulnerable URLs and details of same. This means that even Net-capable cellphones can unwittingly be turned into botnet members.

    Javascript can hypothetically be dropped …

    Read more...

  6. What a day. I'm going back to bed as soon as I can.

    27 March 2007

    Because Bladeless Axe was in town for Shmoocon this weekend just past, we gave it our best shot to hang out while she was around here, which wound up in a couple of near misses culminating in Lyssa and I spending the evening hanging out with her last night until rather later than any of us had hoped. To the tune of finally going to bed at 0200 EST5EDT today because we went out for rather a late dinner...

    I'm getting old. I can't get by on four hours of sleep anymore. My ass, and most of the rest of …

    Read more...