Information Security News: Hackers come out to play

[InfoSec News <isn () c4i org>]

http://www.theage.com.au/articles/2003/03/10/1047144912114.html

By Nathan Cochrane
March 11 2003
Next

The public will get a rare glimpse into the computer underground next 
month when some of the country's most talented hackers and crackers 
gather in Sydney for the inaugural Ruxcon conference. 

Organisers say for too long the focus of computer security conferences 
has been on vendors peddling their products instead of sharing 
knowledge. The not-for-profit conference and convention will have 
demonstrations of offensive hacking techniques as well as how to 
combat them through presentations, technical competitions and 
interactive workshops. 

The conference name is derived from the underground Swiss Army Knife 
neologism, "Rux", which can mean almost anything, used as a noun, verb 
or adjective depending on context, says organiser "Kdz''. 

"It generally can be used much like 'rocks' but this is not always the 
case," Kdz says. 

"Some examples: 'I'm going to rux up some food' is similar to 'I'm 
going to get some food' and 'This guy just got ruxt' is similar to 
'This guy just got shutdown'." 

As with all such conferences, social and informal networking events 
are planned, including competitions in reverse engineering, 
vulnerability exploits, "capture the flag" and a quiz game. Proposed 
oddball events include a yoyo demo, chilli eatoff and a PC making 
competition where competitors race to build a box from jumbled parts. 

"We encourage the community to come forward and contribute ideas for 
anything they would like to see running at Ruxcon," Kdz says. 

The capture the flag contest opens a typical e-commerce network to 
attack by malicious hackers. The first successful attacker rises to 
system administrator level, then must defend against intruders while 
providing essential services to legitimate customers. Points are 
awarded to system administrators for their skill securing and 
maintaining the network, and to intruders for the novelty and success 
of their exploits. 

Conferences such as this have become popular over the past few years, 
bringing together the normally combative underground community, 
mainstream security industry and business. 

The granddaddy held annually for the past decade in Las Vegas, Defcon, 
started as a way to weave the different strands that make up the 
tapestry of the computer underground - hackers, crackers, phreaks, 
activists, cipherpunks and others - but has grown to subsume the 
security industry mainstream and attracts law enforcement officials 
keen to learn the latest techniques. Kdz says he hopes law enforcement 
officials will treat the conference the same way they would treat any 
legitimate security event. 

Although Ruxcon organisers say they do not condone piracy, a community 
local area network with filesharing capability for peer-to-peer 
transfers will be established along with a wireless access point. 
Participants will have to bring their own PCs or notebooks. 

Presentations are being sought and members of the public have until 
April 1 to submit proposals. 

Noted Canberra PHP programmer and freelance technical writer David 
Jorm will present an introductory-level talk on the state of web 
applications security useful for business and IT managers. The 
presentation shows each major type of web application vulnerability, 
how to attack it and how to write code that defends against it, he 
says. "The impact for technologies such as .NET and J2EE is that, 
although themselves architecturally sound, they build on technologies 
that are not,'' Jorm says. 

Sydney computer security consultant Rival, who has worked over the 
past decade in the field of computer forensics for clients including 
the ACCC, will speak about data recovery and discovery techniques for 
presenting forensic evidence. 

Advanced hackers will be drawn to the breaking network authentication 
lecture, presented by 18-year computer veteran "Ruptor". He says 
poorly educated users, IT professionals and developers are at the core 
of most security vulnerabilities, with users' demands driving new 
software features that are the cause of so many insecure products. 

Ruxcon will be held on April 12-13 at the University of Technology, 
Sydney, No. 1 Broadway, Ultimo. Entry is $30 to cover UTS facility 

www.ruxcon.org 


NEXT SPEAK 

Phreaking: /freek'ing/ n. [from 'phone phreak']: 1. The art and 
science of cracking the phone network (so as, for example, to make 
free long-distance calls). 2. By extension, security-cracking in any 
other context especially, but not exclusively, on communications 
networks. (Source: Hacker's Jargon Dictionary) 

Con: a convention. A semi-formal social gathering bringing together a 
variety of people from different walks of life around a central theme 
such as computer security, medievalism or New Age back-to-earth 
concepts. 

Peer-to-peer (P2P): a method to transfer files across a network 
directly between users, with each user having equal rights, usually 
supported by intelligent file and archival selection systems, servers 
and customised desktop software.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.