I went to DEFCON 18 (Barely Legal) 2 weeks ago. It was a great con and I can't wait for next year. The sheer brainpower on display in that hotel was impressive.
I saw some great presentations on everything from forensic methodology to custom malware, met some feds, and watched ReL1K pwn him some Windows 7 boxes with powershell (seriously nice work on the Social Engineering Toolkit).
I even got to see Hope Dworaczyk (Playmate of the Year) get awarded "Best Reason To Get Malware" by the guys from Barracuda labs. Friggin' sweet!
If you've never been, GO! It's an educational experience to say the least. Seriously, who knew you could get a mohawk to stand up over two feet tall?
There are some very cool things on the horizon for the internet:
Dan Kaminsky demo'd DNSSEC. Finally, a way to actually prove that an email, website or any other electronic communication actually came from who it said it did! Dan is a stinkin' genius by the way. I look forward to his next project, whatever it is.
Anybody heard about this whole "smart grid" thing? It's going to suck. Every single "smart" device out there is going to be a hackers dream. One guy put up a presentation called "iBurglar". It's a webscript that will parse the power usage data that people post on twitter, facebook, etc... It will turn around and produce a calendar of the best times to rob that person. Dude was not a burglar, he was just trying to make a point about how dumb it is to put that kind of personal information out there. It worked! Smart grid + dumb people = problems.
There were several talks about SCADA systems and their importance in the future of cyberwarfare. SCADA systems are web-enabled controls for our public infrastructure that can be tampered with to create"weapons of mass distraction". I doubt that they could ever be used to do any catastrophic damage, but they could be used to throw the general public into a tizzy.
Spiderlabs says "All your droid are belong to us" Thanks for letting me think that my droid was secure for the first 6 weeks I had it anyway......jerks.
More on DEFCON next week.
Did you know that the Zeus trojan has a web command center and a GUI for creating new versions? Ridiculously easy to own your own botnet!