Archive for May, 2012

BSidesROC 2012 The Results

May 23 2012 Published by under BSidesROC,Uncategorized

BSidesROC is over. There’s no reason to really give you a blow by blow but I think it might be entertaining to see some of the feedback we received from attendees. Both years that we’ve done BSidesROC we’ve sent out a survey email right after the event with a very quick survey that gave us some feedback on what people thought about the event. I really do take it seriously but also some of the responses were very interesting.

The responses we received were overwhelmingly positive which is good. But I’m not going to make a post about “Why BSidesROC 2012 Was a success!” I think it’s more entertaining to you, and more useful for next year, if we talk about what sucked.

Here are a summary of some of, what I regard as, more interesting survey responses.

Chartz!1!

 Closeness to death:

Why are you here?

Badges:

The badges this year were fake handcuffs. Last year they were dog tags. There was a lot of thought put into coming up with something different for badges. We didn’t want to do the uber-techno-arduinobased-microwave-generating-death-ray badge like Defcon and other cons do (mostly because we can’t!). And we didn’t want to spend any money because let’s face it, we dont’ have any. So our constraints were to find a badge that we think is cool, that will be ready to go by the con, and that won’t kill our budget if we buy $150 of them. The backstory on this idea was that sometime when we were driving back from BSidesDE, the van full of hackers decided that handcuffs were a good idea. The thought being you can learn how to shim or pick out of handcuffs so not only were they the badge, but a useful training tool. But we learned, they suck.

For your entertainment, here are some of the responses about how badges weren’t the greatest:

 If you’re going to give out handcuffs, you have to give out handcuffs.  Having a cheap version of something is worse than not having it at all imho.

Maybe get badges like AIDE has or Lascon had?

Drop the cheezy handcuffs

I could say that we’ll improve our badges for next year but I can’t promise that. 🙂 We enjoy wasting time brainstorming weird badge ideas so expect something weird and possibly stupid next year. 

Tracks and Seating: Failures

This was interesting because there were some last minute changes that caused some issues. We had 2 tracks this year that were originally meant to be “Presentation” and “Workshop.” Kizz Myanthia was kind enough to offer to do a workshop that went along with his presentation and it was going to last for 4 hours. It was going to be cool – attend his talk, and then do a hands on workshop into how to use Metasploit and the such. Kizz unfortunately got his workshop pulled because he was transitioning between jobs. His previous employer told him that he was not allowed to do his workshop because he was using the Pro version of their company’s tool. If you can figure out who I’m talking about, let me just say that this was because of the Sales/legal/corporate dictator department and not that of the cool people that are part of the pentesting portion of the company. If I’ve just confused you, don’t worry about it.

So that left us with a big 4 hour block that we needed to fill. Which we didn’t. 🙂 We had some ideas but I admit: FAIL.

Also added to the fail was the screens. They weren’t big enough to reasonably read. We figured this out way too late to make a change. Lesson learned.

Things We Won’t Change:

There are a few things that make a BSides different than a normal conference and we’ll continue to follow those tenants. Here are a few examples of responses that we just won’t change and why:

A better venue. More comfortable and better seating would be preferable. Maybe RIT would sponsor the event in the Golisano auditorium.

This is really good feedback but I want to point out why we won’t be doing this. First of all, we love RIT and I’m an RIT grad, but in my opinion it’s important to develop a community not based on colleges and universities. There’s a lot of reasons for this that is not going to fit into this post. Second, we don’t want a conference that looks like a conference. (Read my other post about “con” vs “conference.”) That being said, yeah the chairs did suck. We’ll see what we can do. 🙂

More vendor tables setup

We love our sponsors and we love people that support the hacker community. The problem with this is that other conferences have made vendor tables the focus of the con. We’re sensitive to having vendor tables and probably won’t have any in the future. This is a “Security B-Sides” thing and one of the reasons that we like the BSides framework. If you love sitting through vendor presentations, don’t give a crap about practical technical content, and want to pretend to be a “hacker,” then you should check out Hackerfest. This is the reason that BSidesROC exists.

Random responses:

Here are some random questions and their responses to the survey:

Q. What do you think we could have done better?

A. Mark’s mom

A. this is 2012, where was the IPv6?

A. More restrooms…

 

Q. What did you like the best?

A. Flying fucking sharks

 

Q. Name as many BSidesROC sponsors as you can without looking

A. Baby jesus

A. Oh no…I didn’t know there was a quiz!

 

BSidesROC Part II: Things we’re doing

May 09 2012 Published by under BSidesROC,Uncategorized

BSidesROC is this Saturday at 8am. Holy crap. I wanted to give a final post before the con so you can figure out what to expect the day of the event. If you haven’t signed up, you should get a ticket right now. Do so on the website. http://www.bsidesroc.com

Capture All The Flags

We will have a capture the flag style competition. The open competition will involve you and your team being rewarded for cracking security challenges. It’s going to be run by RIT’s student security organization SPARSA. The skill level is from into to 1337 so if you just wanted to take a crack at it, you can.

Present All The Talks

We have to have presentations. It’s just what we do. There will be a bunch of talks in multiple tracks this year. You can check out the schedule for a list of talks HERE.  Also, if you can’t make it to the con, the presentations will be streamed live on UStream. We’ve spent as much money as we can afford on audio and video equipment in an attempt to have quality streaming.

Pick All The Locks

Last year, The Open Organization Of Lockpickers came up to run a lock pick village and it was a smash. There were a lot of people learning how to pick locks for the first time ever. This was really awesome to me and that’s coming back. Since last year, there’s been a local TOOOL chapter that’s popped up so that they’ll be running the booth themselves. They’ll be doing presentations on the basics of lock picking and how locks work throughout the day. They have lock picks and practice locks that you can use to practice. Plus, they have lock picks for sale during the con.

Hacker All The Space

Since this is a hacker community event, we’re going to bring back the guys from the Rochester hackerspace, Interlock Rochester. They’ll be showing off what they do with 3D printers and fun toys. You should pay them a visit to see how the space is doing and maybe they’ll print you a trinket to take home.

Decrypt All The Challenges

We’re adding a new portion to BSidesROC. The Crypto-Challenge Of Doom! Or just the Crypto Challenge. If you’ve attended other hacker cons, this is a way to exercise your brain cracking a crypto puzzle. And if you’ve attended other hacker cons where they do this, you’ve probably met the guys that wins all of them, Darth Null. All of them is a little over zealous but maybe all the ones he’s attempted. He has put together the crypto challenge for us this year and I’m pretty excited to see what everyone thinks.

Eat All The Food

We will even feed you in the morning and afternoon. Bagels and coffee for breakfast and subs for lunch. Hurray.

Sponsor All The Things

Do I need to remind you that this is a free con that feeds your mouth for free and pumps your brain full of information for free and entertains you for free? Freely free freedom. Well this is because of our sponsors. No seriously, love these people and please tell them how much you appreciate them because these are the guys that understand what a hacker con is and are interested in giving money to the community. If you use their products, please remind them that you saw them at our conference so that hopefully they sponsor us next year. Go buy all their products and services and give them hugs.

Secure Network, Inc.

AdvizezX Technologies

HP Enterprise Security

Rochester ISSA Chapter

Tenable Network Security

Intrepidus Group

GreyCastle Security

Assured Information Security, Inc.

the mongolians     there is no dc585

BSidesROC Part I: Define Hackercon

May 05 2012 Published by under BSidesROC,News

There’s only a few days left for this years BSidesROC on 5/12/12. “Rochester’s first and only hacker con”. << Do you know why we say that? Not because we’re the only computer security conference, and not because we think other security conferences suck (well some do), but it’s because an info sec event is not the same as a hacker con. I’m talking about Rochester Security Summit for example. It’s been going on for years run by the local ISSA chapter and they do a good job. It is a corporate crowd.  You expect that when you pay a certain amount of money that there’s a certain level of professionalism. And the people that attend are info sec professionals. A hacker con on the other hand…

Con != Conference

“Con” used to stand for “conference” , and it literally still does but it’s also a reference to the “con” community. Defcon, Shmoocon, Comicon, (FurryCon?). Each of these are conferences but there’s something else to it. Different. If you’ve been to Defcon or Shmoocon, your expectation is to have a ton of fun, meet cool people, and take part in fun activities with such people. In some ways, it’s much more of an intense experience because you’re not walking in with your button down shirts enjoying a coffee while you sit at the white circle table that hotels always have. That would be a conference. At Defcon you’re walking in with a black shirt ready to be punched in the face by awesomeness. You may look around and notice a lot of younger people but it’s not that the crowd is necessarily young; it’s the ideas and the passion usually associated with young people. And that’s what it comes down to in con versus a conference; passion. These people want to be here, they’re not being forced by their employers. They want to see what’s happening in a community.

Hacker != Infosec

Hacker: That scary word that Rochester is learning to accept. Slowly. You know the word, and the politics behind it. But I think there’s a big difference between hacker and infosec, both in how they act and the way they think. Hacker and infosec have an overlap of course, but a hacker refers to someone with a passion to learn about security. Infosec on the other hand is a job position or career path. It’s business driven, professional, and pretty easy to define. By day, I am an Information Security professional and I attempt to be professional and goal oriented when it comes to my job. At night, I’m a hacker that wants to learn things related to security whether or not they benefit my career.

Y U SO Pedantic

The point is to show that BSidesROC is a different beast than any of the other conferences in Rochester. Maybe it’s not better if you enjoy professional cons. But definitely better if you have a passion for security and don’t take life too seriously. And if you don’t like paying for things. It’s also a warning for those people expecting to walk into a comfortable sit-in-your-seat-and-listen event. Because this is not it. If you haven’t been to a hacker con, I strongly recommend that you come to this one if for nothing else, to see what a hacker con is like.

By the end of the week, I’ll include some details about what’s happening at BSidesROC.