Blackhat, whitehat, rootkit, cyber security, and bugs are just some of the terms that flew around my head the past weekend because I went to Kiwicon V. Having gone already last year, I kind of knew what to expect and was very much looking forward to 2 days of technical bombardment interspersed with demos of how the talented hack into the system of their choice.

Mind you: hacking is not just the bad, bad guys. There is also a lot of good coming out of hacking: software / web site producers are made aware of security holes in their systems that could be exploited by not so kind people.

It was amazing that some companies don’t care at all: vt for example took down 5 software packages frequently used in Hollywood and only 1 company really talked to him. Others were not as willing and still haven’t fixed their bugs.

I learned:

  • how insecure the iPhone is and how easily you could read the RFID information stored on an EFPOS card by using a mobile device.
  • that poop has an ASCII sign UTF8 character Unicode code point but in contrast to the snowman sign, it cannot be used in a URL. Go figure.
Poop can't be used as URL
Poop can't be used as URL
  • not to say CyberWar if I didn’t want to start on a drinking binge.
  • that I didn’t understand Erlang and couldn’t defile MacOSX on my own.
  • how to go rogue.
  • how to hide images in images.
  • about the National Cyber Security Center.
  • how not to go about your first hacking job and that if you do you better know some people in high hacker circles.
  • and was reminded of the security fails of the last year.
  • and much more

This year’s Kiwicon was the largest so far. There were over 600 participants, and we were in Wellington’s Opera House as the previous venue would not hold as many people. Just imagine 600 people mostly clad in black in the middle of Wellington on a sunny weekend.

Kiwicon is not just a conference, but it is an experience. The pre-conference emails are the funniest ever, the registration process produced random quotes as comments that made you laugh, name tags were not your typical plastic around paper, but laser engraved leather and VIP had hand-made ones. Participants can also learn how to pick locks and handcuffs, and how to work in a team to hack a big organization who does evil.

I am already looking forward to Kiwicon VI to learn even more and be awed by the things that some people find when they look more closely.

While listening to talks on exploiting RFID technology and hiding information in pictures via steganography, I was wondering how secure EyeFi cards were. Could somebody put malicious code on them which would alter images put on the card so that when they are transferred they would not just include the image taken by the photographer but also some hidden information, possibly code that could endanger the computer / server where these images can be uploaded immediately wirelessly?

CC BY-SA 4.0 This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Leave a Reply

Your email address will not be published. Required fields are marked *