Title: ShmooCon 2006
Post by: don on October 31, 2005, 08:48:32 PM
The second annual ShmooCon will be January 13-15, in Washington, D.C., at the Marriott Wardman Park Hotel, just minutes from your choice of overly-curious 3-letter agencies. So register (http://www.shmoocon.org/registration.html) early to keep the feds from taking up all the space.
ShmooCon is a different breed of security convention.
In a nutshell, over three days, there are three tracks:
Break It! A track dedicated to the demonstration of techniques, software, and devices devised with only one purpose in mind--technology exploitation. You will bear witness to some of the most devious minds, source code, and gadgets on the planet that focus their energies on breaking the technology we mindless sheep keep on buying. Baaaaa.
Build It! A track that showcases inventive software & hardware solutions--from distributed computing or stealth p2p networks to miniature form-factor community wireless network node hardware or robotics even. Let loose your inner geek, and feel free to gawk. With all the neat stuff, it's important to take notes--that way we all have evidence to shoot down some sleazeball patents 5 years from now.
Bof It! A track that promotes the open discussion of critical information security issues in a "birds of a feather" format. From lightning open source code audits or wireless insecurity discussion panels to DRM rants or anonymity & privacy strategies--it's down and dirty, with plenty of controversy for folks who like hashing it out with fellow hackers. Feel free to throw your Shmooballs here, but no fisticuffs, please. Settle your differences with some head-to-head Xbox in the evening, instead.
Wardman Park Marriott Hotel (http://www.wardmanpark.com/)
2660 Woodley Road, NW
Washington, DC, 20008
Click HERE (http://www.stayatmarriott.com/2006ShmooCon/) for more info and / or to book your rooms.
Title: Re: ShmooCon 2006
Post by: don on January 15, 2006, 10:11:03 PM
ShmooCon Makes Washington Post with Windows Wireless Flaw
Windows Wireless Flaw a Danger to Laptops
At the ShmooCon gathering in Washington, D.C., today, old-school hacker and mischief maker Mark "Simple Nomad" Loveless released information on a staggeringly simple but very dangerous wireless security problem with a feature built into most laptop computers running any recent version of the Microsoft Windows operating system.
Laptops powered by Windows XP or Windows 2000 with built-in wireless capabilities (these includes most laptops on the market today) are configured so that when the user opens up the machine or turns it on, Windows looks for any available wireless connections. If the laptop cannot link up to a wireless network, it creates what's known as an ad-hoc "link local address," a supposed "private network" that assigns the wireless card a network address of 169.254.x.x (the Xs represent a random number between 1 and 254).
Microsoft designed this portion of Windows so that the address becomes associated with the name or "SSID" of the last wireless network from which the user obtained a real Internet address. The laptop then broadcasts the name of that network out to other computers within a short range of the machine (which may vary depending a number of things, including the quality of the laptop's embedded network card and things that may obstruct the signal, like walls, e.g.).
What Loveless found was that by creating a network connection on his computer that matches the name of the network the target computer is broadcasting, the two computers could be made to associate with one another on the same link local network, effectively allowing the attacker to directly access the victim's machine.
For full story: