Before I left this languish any more, here are my thoughts on Shmoocon 2009: it was a great time!
The First DayI was last in DC about 6 years ago for my 8th grade graduation, so it was fun to view the city again from a different perspective. Some friends from RIT drove down Thursday night and we crashed at another friend’s house around 2AM. We were up and moving by 10 the next morning, taking the Metro in to the city center. We checked out the White House and saw some of the major sites that I guess you’re supposed to see when you visit. Checked into Shmoocon around 1pm and then ran into Matthew Lesko, the question mark guy down below, who was just hanging out at the hotel that Shmoocon was being run at! Very friendly guy. There was only 1 track of talks on Friday, about 5 hours total. The only interesting talk of this bunch was given by some students from West Point, about identifying Large Binary Objects based off a map of their indentity. Very cool stuff. My friends and I crashed pretty early, we were all quite tired from the day.
SaturdaySaturday was a long day. We were awake and heading into the ‘con by 9am. I caught the Fail 2.0 talk by Nathan Hamiel and Shawn Moyer about hacking Myspace and other social networks, which I had caught previously at Defcon, and it was good to see that they had updated their slides based off the last 6 months and what had changed. Social networks stilll suck, but they are learning their lessons slowly. There was a packed talk by Jay Beele about man in the middle talks, where he released an HTTP-based man in the middle tool called Middler. Speaking of that, I should go check it out now… Actually, for most of Saturday, there was a TF2 tournament going on that I got sucked into… A bit of a waste of time, but it was great fun.
At the end of the day, I attended a great talk by Sandy Clark about “hacking” your way into academia. I really wish I had gone to this talk 5 years ago before I attended college. It really reflected alot of what I have been noticing in the world lately, with the flow of information becoming less centralized. A degree was a badge of accomplishment and skill about 20 years ago, guaranteeing you a job at a major corporation. Now, degrees have become watered down and information is easy to obtain. Companies perform rigerous interviews that test your skills because they will (sometimes) hire people without degrees. With a dedication to learn and accomplish, and an Internet connection, you can suceed. This talk was a great example of what thees conventions are about, with many people interjecting their thoughts and experiences during the talk. People kept sharing their stories for 20 minutes after the talk, I was very impressed.
WrapupThis was my first Shmoocon, but my 2nd hacking/security convention after Defcon this year. It was great to contrast the people, the talks, and the overall events. I had been told that Shmoocon was more serious than Defcon, being situated in DC and also being smaller in attendance (2000ish for Shmoocon, 8000ish for Defcon). I definitely believed it. Defcon felt like a giant party taking place on a rollercoaster ride, you grab a piece and hang on for the weekend. At Shmoocon, I felt like I could take part in almost everything and I think I did!
One of the best discussions I had over the weekend was with a guy named Patrick who loved to ask questions. It’s really the people that make these 'cons, the events they lead, the talks they give, and the people you meet and have random discussions with. People of all shapes and types come to share their knowledge and all they want is that people listen and argue with them. It’s a great forum for making connections and sharing knowledge, simply for the sake of knowledge. The security field is constantly evolving. It’s a never ending escalation, for better or for worse. Getting to these events and spreading the discussion about issues is a great thing.