geekEleet

Welcome to the continuation of my review of SecTor.  Make sure you read part one before you read part two.

Day 2 (for me) started off with a complimentary hotel breakfast - not the shitty kind either.  They had everything except bacon.  Who forgets the bacon?  Anyway, I was a little late getting to the conference this morning because the keynote by Stephen Toulouse just didn’t interest me.  We managed to check out from the hotel and make it over to the convention center for about 10:30am.  That left us about 15 minutes to spare before our first session…  Can you guess what it was?  I’ll give you a hint…

[more]Hopefully you got that.  It was “Ten Things Everyone Should Know About Lockpicking & Physical Security” by Deviant Ollam.  This guy ran the Lockpicking Village and has a tremendously helpful website over at http://deviating.net/lockpicking/ with tons of useful information and glorious lockpicking videos.  All of which are funny beyond traditional comprehension.  This session was a full hour and 15 minutes of everything there is to know about lockpicking.  He hammered us with information on the inner-workings and the inner-breakings of all sorts of locks and locking devices.  It’s scary to realize just how secure a lock isn’t.  Many locks can be opened with the simplest of tools - such as a beer can.  Interesting tidbit - the cheapest locks in Europe come with a warning on them advising you not to secure valuables with them.  These locks are more secure than some of our most expensive everyday locks in North America.

After a brilliant session with Deviant Ollam, we headed to the main hall for lunch and another keynote.  This time, it was no-tech hacker Johnny Long.  His presentation was flawless.  He was born for public speaking as much as he was born for circumventing security.  His mad presentation skills captivated the audience as he delivered a seemingly hypnotic display of technology free hacks.  For example, he told us about the time that he and Vince circumvented a high security, high technology door with a coat hanger and a wet cloth.  He showed us pictures he took at the airport with his camera phone.  A US Air Marshal, a representative from the Nuclear Regulatory Commission, a strategic electronic warfare guide from the US Military - a year before it was to be executed.  He took pictures of laptop screens.  The message of the day is to be mindful of what you display.

One of my favorites was the fake AT&T badge he made and used to access highly secure buildings.  It looked nothing like a real one.  Another was the red light camera tech that he pwned by asking a few simple questions.  As I mentioned previously, he’s not a bad guy.  He runs a charity that puts computers in 3rd world schools.  Check it out at http://www.hackersforcharity.org/ and be as wowed as I was.  Also check out his personal website at http://johnny.ihackstuff.com/.

After lunch I was very undecided as to what I should do.  I kinda wanted to attend the “Four Horsemen Of the Virtualization Security Apocalypse: My Little Pwnie Edition”, but I had to weigh that against hours in traffic.  Toronto is an awful place to get away from mid afternoon to early evening, so we opted to start our trek home.  Next year I plan to stay over on the last night to avoid traffic and enjoy the rest of the conference.  All said, the conference was a smashing success and I thoroughly enjoyed it.  I encourage anyone with a security interest to check it out. 

PS.  Only idiots do important things on the wireless at conferences.