Kawaiicon

Last updated

Kiwicon X, held at the Michael Fowler Centre in Wellington (2016) Kiwicon X.jpg
Kiwicon X, held at the Michael Fowler Centre in Wellington (2016)

Kawaiicon (previously Kiwicon) is a New Zealand computer security conference held in Wellington from 2007. It brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers.

Contents

The conference format allows for talks, informal discussions, socialising, key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modern exploits and operational security, security philosophy, New Zealand hacker history, related New Zealand law, and a few talks on more esoteric topics.

Kiwicon was founded by Adam Boileau when the annual Australian computer security conference Ruxcon was cancelled for 2007. [1] After ten annual conferences Kiwicon took a break in 2017; [2] in 2019 Boileau stepped down and the conference was relaunched in a "less elaborate" form as Kawaiicon. [3] Organizers announced an indefinite break in 2023 [4] after the previous years' second Kawaiicon.

Past Conferences

The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at Victoria University of Wellington. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors, information warfare, hiding files in RAM, cracking with PlayStation, [5] [6] and attacks on: kiosks, telecommunications company ethernet, non-IP networks, and a serious Windows hole. [7] [8] [9]

Kiwicon 2k8 was held on the 27th and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included: mass surveillance, using honeypots to detect malicious servers, physical security, using search engine optimization to make websites disappear from search results, Bluetooth surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems, biometrics, Citrix XenApp, and Windows Vista via heap exploitation. [10]

Kiwicon 2k9 was held during the weekend of 28th-29 November 2009 at Victoria University of Wellington for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professional vulnerability research, identifying online identities using Bayesian inference, social engineering, radio sniffing, defending against denial-of-service attacks, Linux rootkits, an introduction to the New Zealand Internet Task Force, and attacks on: physical access control systems, GPS, smart cards, shared hosting platforms, ActiveSync, iOS App Store, pagers, wireless routers, and scientific software.

Kiwicon IV was once again held on the weekend of 27th-28 November 2010 at Victoria University of Wellington, and sold out even earlier than in 2009. The title was a play on the term Four Horsemen of the Infocalypse. Some talk topics included: a survey of unpatched devices connected to the internet, fast data erasure, urban exploration, web scraping, wardriving with Arduino, New Zealand's proposed Search and Surveillance Act, and attacks on: RFID tags, Internet exchange points, Amazon Kindle, Microsoft Office and Java serialization.

For its fifth year, Kiwicon took place on 5th and 6 November 2011, at a much larger venue, the Wellington Opera House. The slogans and the date of the event referenced Guy Fawkes and the Gunpowder Plot. Among the talk topics were: an example attack on a film studio, policing hacking from organized crime gangs, operational security, "cyberwarfare", New Zealand's new file-sharing law, automated memory corruption exploitation, Mac OS rootkitting, and attacks on: NFC transactions, iPhones, Android, and garage door openers.

Kiwicon 6 was on the 17th and 18 November 2012, again at the Wellington Opera House. Talk topics included: hacktivist communities, measuring security, security lifecycle, one-time audio passwords, Bluetooth sniffing, biohacking, [11] phishing, stealth web application reconnaissance, remote wiping smartphones connecting to Exchange, [12] a social network monitoring tool, and a wardriving motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.

Peter Gutmann speaking at the first Kawaiicon (2016). Kawaiicon 2019 Peter Gutmann.jpg
Peter Gutmann speaking at the first Kawaiicon (2016).

Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15–18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on Pacnet from Telstra researchers, a phishing automation tool, benefits of containers enabling an application to contain itself, the disconnect between security and business, spoofing GPS by changing the time, why machine learning exploitation is good, a history of lockpicking, remote activation of swipe-card readers, and exploits for iClass RFID, GUIs, macOS, native web-based applications, PHP 7, insecure random number generation, Amazon Web Services, infrared devices, NodeJS, and HTML _blank.

Advertising controversy

On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisations The New Zealand Herald and New Zealand Computerworld. No actual pages on the servers were altered. [18] Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks[ citation needed ].

Related Research Articles

Wardialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers—malicious hackers who specialize in breaching computer security—for guessing user accounts, or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network.

<span class="mw-page-title-main">Wardriving</span> Search for wireless networks with mobile computing equipment

Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

<span class="mw-page-title-main">Privilege escalation</span> Gaining control of computer privileges beyond what is normally granted

Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

<span class="mw-page-title-main">Hackers on Planet Earth</span> Conference series

The Hackers on Planet Earth (HOPE) conference series is a hacker convention sponsored by the security hacker magazine 2600: The Hacker Quarterly that until 2020 was typically held at Hotel Pennsylvania, in Manhattan, New York City.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

Ransomware is a type of cryptovirological malware that permanently blocks access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">Kordia</span> New Zealand state-owned enterprise

Kordia is a New Zealand state-owned enterprise. It provides a range of services, including connectivity, cloud and cyber security services, as well as managed IT, field services, broadcast and safety of life communications.

<span class="mw-page-title-main">Yahoo!Xtra</span> Defunct New Zealand web portal

Yahoo!Xtra was a New Zealand web portal that existed under that name from 2007 to 2011. It was a joint venture between Yahoo!7 and Telecom New Zealand. Yahoo!7 held a 51 percent stake in the company and Telecom NZ held 49 percent. Because Yahoo!7 is a 50/50 venture, Yahoo! proper was therefore a 25.5% owner of Yahoo!Xtra. Telecom announced in April 2011 that it had sold its share to Yahoo!7 and Yahoo!Xtra was rebranded as Yahoo! New Zealand.

Owen Thor Walker is a computer hacker living in New Zealand, who was discharged without conviction despite pleading guilty to several charges of 'cybercrime'. In 2008 he admitted to being the ringleader of an international hacking organization estimated to have caused $26 million worth of damage.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

Barnaby Michael Douglas Jack was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.

Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.

Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google and was formerly part of Google's Project Zero team.

<span class="mw-page-title-main">Troy Hunt</span> Australian web security expert

Troy Adam Hunt is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised. He has also authored several popular security-related courses on Pluralsight, and regularly presents keynotes and workshops on security topics. He created ASafaWeb, a tool that formerly performed automated security analysis on ASP.NET websites.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

<span class="mw-page-title-main">Cris Thomas</span> American cybersecurity researcher and hacker

Cris Thomas is an American cybersecurity researcher, white hat hacker, and award winning best selling author. A founding member and researcher at the high-profile hacker security think tank L0pht Heavy Industries, Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1998) on the topic of government and homeland computer security, specifically warning of internet vulnerabilities and claiming that the group could "take down the internet within 30 minutes".

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

References

  1. Patrick Gray (21 August 2007). "Hackers do the haka". The Sydney Morning Herald . Retrieved 21 Oct 2015.
  2. "Kiwicon X on Twitter". Twitter. 18 November 2016. Retrieved 21 November 2016.
  3. "Adam Boileau aka Metlstorm on Twitter". Twitter. 15 April 2019. Retrieved 2 July 2024.} "Kawaiicon FAQ". Kiwicon. 2019. Retrieved 2 July 2024.
  4. "Kawaiicon News". Kawaiicon. 15 February 2023. Retrieved 2 July 2024.
  5. ""Hacker Uses Sony PlayStation 3 to Crack Passwords"". Archived from the original on 2015-10-23. Retrieved 2015-10-19.
  6. "PlayStation speeds password probe". November 30, 2007 via news.bbc.co.uk.
  7. Patrick Gray (26 November 2007). "Flaw leaves Microsoft looking like a turkey". The Sydney Morning Herald . Retrieved 21 Oct 2015.
  8. "Kiwicon demo exposes serious Microsoft security flaw". NZ Computerworld . 25 November 2007. Retrieved 21 Oct 2015.
  9. "'Ethical' Kiwi hacker keeps Microsoft busy". Stuff.co.nz . Retrieved 21 Oct 2015.
  10. Ulrika Hedquist (28 August 2008). "NZ researcher warns of Vista vulnerabilities". NZ Computerworld . Retrieved 21 Oct 2015.
  11. Darren Pauli (20 November 2012). "Biohacking: Why is my kitten glowing?". SC Magazine. Retrieved 31 January 2013.
  12. Darren Pauli (19 November 2012). "Pwning Androids, iPhones with Exchange". SC Magazine. Retrieved 31 January 2013.
  13. "Hurt A Hipster Hacking Androids...", May 28, 2015, forbes.com
  14. "Top hacker exposes bracelet flaw". NZ Herald.
  15. YOUNG, RACHEL (November 12, 2013). "Hacker divulges card's failings". Stuff.
  16. Pauli, Darren. "Your data: Stolen through PIXELS". www.theregister.com.
  17. ""Kiwicon 9: Cyberwar is hell"". Archived from the original on 2016-06-11. Retrieved 2016-05-26.
  18. "Hackers hit New Zealand Herald website". 29 Aug 2007. Retrieved 21 Oct 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.