Intrepidusgroup had a good time at shmoocon this year.  Jaime and I would like to thank those that came to our presentation on Saturday to learn a little bit about the history of Internet service providers changing the Internet on us when it doesn’t fit their business model.

After seeing the crowd rip apart a few other speakers we are grateful to those in our audience. As a presenter, I feel for the others, but I’d have to agree that the database security (Why are Databases so Hard to Secure) presenter deserved the lynching. Total weak sauce. I tried to stick it out but after 30 minutes I had to bail on that talk.

Something Shmoocon attendees should know: Many of us did not find out our presentations were accepted until January 11^th 2008. That doesn’t give the presenter a whole lot of time to prepare if their talk relies on collecting a lot of data or building a new tool. Overall I think this late notification had an impact on the quality of a few talks.

Shanit Gupta! Hey man.. I had a good time catching up with you this year. I picked up a lot of good kiosk and citrix breaking techniques from you. I was aware of some of the hot-keys but you showed me a bunch of others I didn’t know about. I think you probably learned the hard way about the challenges of live demos. I think you broke every rule of live demonstrations.

1. Don’t rely on the Internet
2. Don’t rely on wireless for a presentation
3. And especially, don’t rely on the wireless network a hacker conference provides you for a presentation

Brad – wish I could have seen your talk (PEAP: Pwned Extensible Authentication Protocol) with Josh but it was just too damn packed. I heard you rocked it. Good job! I’ll catch it on the videos.

The Renderman talk was meh— a good talk for newbs I suppose but Airport hi-jinks is nothing new to traveling security consultants. 

Should shmoocon let the presenter label their talk as “stuff for newbs”?  Maybe, it’s a tough call. On one side it would let more advanced attendees seek out more challenging material… but on the other side no one wants to self-label themselves as a newb.  Especially if they are attending a conference with their work buddies.  I saw this all the time in the many years I taught the Foundstone Ultimate Hacking and Ultimate Hacking Expert classes.   80% of the class who skipped the Ultimate Hacking course shouldn’t of have.  All too often I’d have students in the expert class who couldn’t FTP or map network drives on the command line. For the cons though, I’m getting rather tired of these old-obvious hacks being re-named so the press can go bonkers with it — “café-latte attack” kill me now.

So after the Shmoocon there is one thing that is certain. I’m getting a damn Asus EEE PC. They are just too cool and I’m not sure why.

Later,

-higB