Security Weekly
Content

What I learned at Shmoocon 2009

I really look forward to making this post each time I attend a conference. Some of you may remember my post from Shmoocon 2007. First, I want to say that Shmoocon is a fantastic conference, very well organized, and attended by some of the nicest and coolest people around. We had a booth at this year’s conference and it was great to meet everyone and interact with the community! I wanted to thank Larry and Byte_Bucket for all of their hard work and hours put in at the booth, you guys rock.
So, here’s a list of what I learned this year:
* Kiosk security is really poor in the hotels, and I will never use them to print my boarding pass ever again
* i-hacked.com guys are awesome and must attend every conference that we attend. hevnsnt and surbo, you guys rule (With your big fancy suite and free breakfasts)
* More Hack Naked T-Shirts will need to be printed and made available. We will need to bring way more to conferences as well, they were a huge hit! (And print more sizes, like XL and XXL, and more colors like red and purple)

cactus.jpg

* Always tell Paul who you are introducing him to, because he will FAIL, and miss the chance to meet my hero Brad “RBCP” Carter of PLA Radio! Missing my chance to meet Brad was the biggest disappointment on the con for me, keep up the great work! CACTUS 4EVA!
* Hack Naked stickers will also need to be printed in more quantities, as they are now ALL GONE!
* Being “passionate” about making feature requests for vendor products is okay, as long as you buy some of the drinks and laugh about it the next day.
* Playing poker with hackers is fun, and so is going “all in” when there is only $10 at stake.
* The Shmooball cannon is a huge success, and you should always bring spare parts and extra air tanks. Inspiration from the other designs means bigger and better things in the future. The 2009 cannon has already appeared on Hack-A-Day (Thanks Eliot!)

shmoocannon.jpg

* Running out of air when you are supposed to give a demo of the Shmooball cannon during your talk really sucks, but having awesome support staff to get one in a hurry rules.
* A 24 port mixer works better for the podcaster meet up than sharing microphones
* Recording audio at conferences is so easy with the new Marantz recorder, I really love this device
* BT4 beta was released at the conference, and it was great to meet muts in person (who worked his butt off gett copies of BT4 beta to conference attendees, go BT4 team, go!
* You can install BT4 beta onto a hard drive just as you would BT3, use the same instructions. Also, there is BT4 blog
* Jay “MF” Beale is not only a dancing maniac, but moves fast and can be tough to pelt with a Shmooball
* It felt good to hit Jay with a Shmooball for not releasing the milddler for quite some time
* MITM tools need to make a comeback and be extended, happy that Jay released “The Middler” on USB tokens during his talk ( I caught one too!)
* They actually make Brawndo – The Thirst Mutilator (Idiocracy), it tastes, well, pretty bad, makes you pretty wired, you end up more thirsty than before, and it comes out the exact same color as it goes in which is just weird
* Meeting a bunch of cool security people at a con makes you want to go to all the other cons that they are putting on, such as Notacon, and Dojosec.
* Everyone should “hack charities”

shmoobus.jpg

* Driving to Shmoo on the Jack Daniel Shmoo bus was an experience according to passengers, thanks to the Shmoobus for bringing a bunch of our friends from Boston and providing gear transportation
Podcast and exclusive interviews to follow, so stay tuned!
Paul Asadoorian & Larry Pesce

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.