I first went to a BrumCon in 2004. Unfortunately I wasn't too impressed. Or at least the depth of the talks didn't go as far as I would have liked. In many cases they were just interesting without any real substance you could take away and plan to use. However, this year was a little different.
The event has gain a decent amount of notoriety over the years and I'm please to see that the numbers have increased since I last attended. The event this year attracted just under 100 people, all crammed into a small conference room at The Thistle Hotel on the Hagley Road, just outside the city centre. It was a good venue for the event, and meant lunch could either be in the hotel bar or one of the pubs on the other side of the road (there are a few decent ones). The Britannia Hotel, where they used to hold it, might have been in town, but not the best of venues.
The day started with 'IP "what?"' by Zipser. A basic introduction to IPv4/IPv6 and what it means to you and I. Zipser himself admitted he wasn't an expert, and had gathered his knowledge because he himself was curious to know about. As such, although the talk could have gone further, I actually felt he placed the emphasis in the right place and provided enough detail in order to delve further for yourself. Although I've been aware of IPv6 for sometime, I've never really known how it differed from IPv4.
Next up was 'What's On The Cards: Security Issues Surrounding Card-based Authentication." by Karamoon. This was a very interesting talk around how lacking card-based authentication systems are. Some from a social engineering perspective, but many just because of the way that readers are prone to error. At the end of the talk he gave a few suggestions as to where to look for more material, so I've made a few notes and plan to investigate further at some point. Purely research of course.
L-s-L then presented 'Mobile Java programming: For fun, profit and voyeurism.' This talk was about writing neat little java applications on your mobile phone, PDA or similar. While L-s-L didn't go into a lot of detail, he did demo a quick script of how you can access an address book on your mobile phone from your computer. There has been more fun usage I've seen with this kind of thing, not least of which was Richard Clamp's Device::Ericsson::AccessoryMenu module, but the talk did show how easy it was to implement your apps. L-s-L did mention that he knew of Perl apps doing similar stuff too though :)
Sneaky Russian was then up with his 'UPnP NAT Manipulation: Yeah that's (U)n(P)rotected (N)etwork (P)hun' talk. Sneaky has never done a talk before and was quite nervous about t. Once he got into the flow of the talk, he did seem to enjoy himself, and he did come across well. His talk, with demo, showed just exploitable many routers can be, by being able to change the NAT table without going through the secure admin interface. He'd ended up delving deeper in to what UPNP did simply because he was writing some code and made a mistake.
'"All Your Email Are Belong To Us": The meat and guts.' was my talk for the day. I didn't know how into the 'Zero Wing' game phrase Re-LoaD was, although I'd expected everyone would have heard of it by now (mind you, I am old now and remember when the game was about the first time around), as he insisted on playing one of the videos that you can pickup these days from sites like B3ta before my talk ;) For my talk, I basically went through some basic spam and virus filtering, and showed some stats and pretty pictures from MessageLabs data. I was a bit worried that I wasn't going to be of too much interest, with such good talks before me, but thankfully I got asked some really interesting questions, which showed I had aimed the talk about right.
The last talk of the day was by Jonathan Wignall, entitled 'Your Games 0wn U: Please Update Me.' He jokingly pointed out that he was the first person willing to use their realname at the event. The talk itself identified just how scarily the online gaming industry is abusing the trust of their customers. One of the first slides Jon put up was of an update screen. Two curious messages rang alarm bells for him, when he first saw them and many people in the audience spotted them too. The first was that it was pointing out that the user was behind a firewall, and by clicking a link it explained how to open roughly 3000 ports for the game engine to use. The second was a patch download that was over 400MB and was taking 7 hours to download. Now, while 400MB might be a lot, 7 hours on a high-speed broadband network! On further investigation Jon identified that the peer to peer network the game employed meant he was uploading more that he was downloading, hence why it took so long.
The event ended with an Ex-H4xOr Panel discussion with all the speakers. There were some interesting questions, and I even got to answer a few too. I think was a much improved event since the last time I attended, to the point I'm thinking of even attending some of the Brum2600 meetings in the future. The core group members are a nice bunch of people and know some really cool things. They're a lot more into hardware than i am, but I'm sure I could still learn a thing or two.
The event also had a 'Hack The Flag' competition going on during the day. I've never really been into to sysadmin hacking, so didn't bother even attempting to secure the little box in the corner. The guys from Hull did and even put a nice web page of themselves to prove the fact. Although Re-LoaD purposefully left some vulnerabilities open, he made it even easier by changing the root password to 'root', which a few got miffed at as they thought that was too easy. Some of these guys work as security consultants for living, so it's no surprise they were on in next to no time.
I wonder what BrumCon7 will feature?
Thank you for that report. Are slides/recordings/transcripts available?
What you said about the games presentation reminded me of this.
Re:Games and respect for users
barbie on 2006-10-11T12:03:25
Are slides/recordings/transcripts available?Not as yet. L-s-L has said on the brum2600 list that if anyone wants to upload their slides, then he'll add a link on the website. I'll update my blog if anyone does upload their slides.
