Security Weekly
Content

What I learned at Shmoocon 2010

Another successful Shmoocon! This year’s conference was well run, tons of fun, and informative. As always what follows is my “What I Learned At Shmoocon” factoids:

  • The small feeling of safety I once had using GSM is completely gone. It now falls into the same category as “Wifi”.
  • Mike Poor looks hot in pink (and is the proud owner of a *really* stretched out pink ladies hack naked tank top)
  • Giving the I-Hacked guys a soldering iron results in “Bad things” (depends on your perspective). Injecting audio into the A/V system during a talk and monitoring hotel radio communications are some of the things that sound fun, but were definitely NOT attempted by anyone we know (for the record).
  • Even if it is 3:00AM and I have been drinking I can still “evangelize
    • PaulHoldingCourt.jpg
    Security Weekly Holding “Court” In the Hotel Lounge
  • Just because your Bluetooth dongle is paired with a mouse doesn’t mean it won’t accept keystrokes. This changes my perspective on Bluetooth security and how I use Bluetooth devices: I won’t use Bluetooth on anything that passes my data.
  • Kismet now supports passive and active Bluetooth scanning. I’ve been looking for a replacement to btscanner and hope this is it. By the way, make sure you give Mike Kershaw a beer and thank him for writing Kismet. (Rel1k also got a beer for his work on FastTrack and SET).
  • All nipples are not created equal
  • You can name a drink whatever you want and even call it a F%$*ing Lolipop (jagermeister and Root Beer)
  • Cigars are not as enjoyable when you are standing in the cold with snow blowing all over you
  • Being confronted with the following decision is not easy: Face dehydration (and possible resulting death) or use your credit card in the vending machine at a hacker conference.
    • Shmoo-vending.png
    Slide Your Card Here…..To Get Pwned
  • Our listeners rule and thanked us with beer (explains the dehydration eh?). We love our listeners (but not like that, well maybe). A side note, our favorite beers that we may, or may not have brought to the conference in an unmarked box, are G. Schneider & Sohn Aventinus and Westmalle Trapist Ale (Dubbel).
  • Don’t let Carlos get a hold of your toothbrush, ever. And don’t mention the toothbrush thing around his family (sorry Carlos!)
  • Mick is no longer allowed on the podcast sober, he is far more entertaining when is is completely drunk. He will express his undying love for Notacon and hockey and force you to love those things just as much as he does.
    • mick_and_jim.jpg
    Hockey & Notacon Bitches!
  • Lockpicking is great fun! I learned that you should check if the lock is open before trying to pick it. Nothing is worse that successfully “picking” the lock only to find out you’ve locked it, not opened it.
  • When the Shmooball launcher takes aim, run for cover. Larry, along with intern Darren, produced the most spectacular Shmooball cannon ever. While it may not have taken first place in the contest, Bruce can show you a perfectly round bruise on his rib cage as an example of its force.
    • Larry-Shmoocannon.png
    You Have 10 Seconds To Comply…

Thanks to everyone for a great time, espcially the Shmoocon staff, Security Weekly Crew, and of course all of our fans. We hope to have the store back up and running so you can buy some Security Weekly “Hack Naked” gear. Can’t wait for next year!

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.