Patience is a virtue … and no one knows patience better than those who bought tickets and attended ShmooCon this year. Even with the addition of yet another Potter; getting through a snow-ridden storm on the way TO the con (or 2 storms if you are from DC); and 1,600 geeks leaving their comfort zone behind (Wardman Park) and accepting that ShmooCon is evolving … we can say that we made it through. Together.
Friday was an interesting day; I realized that the definition of “blizzard” is actually quite versatile in relation to those from the DC metro area and those from Boston. Nonetheless, the “blizzard” could not stop a group of 17 Core Security customers from coming together to share their expertise and war stories with one another, with or without a ticket to ShmooCon. There is an amazing community of IMPACT Pro users out there who not only work on advancing their own security practices, but also lend a hand to others groups who may not have it so easy. Sometimes it just helps to know you are not the only frustrated one walking down the road to compliance.
These same voices are an integral part of ensuring that the features we release to our user community are relevant to real-world pen testing. Of course it’s been said before (but it’s still standing truer than ever), we are in the midst of a seemingly never-ending arms race called security. If I can make a brief Iron-Man reference here, it’s like a Tomahawk missile compared to the Jericho missile. More sophisticated and enhanced ways to strike will constantly demand sophistication and enhancements in our ability to counter-strike….otherwise we will lose. Together.
ShmooCon is never just about the talks that occur on stage, but it’s about the voices that fill up the halls, booths, even the lock-picking tables. You are guaranteed to find true abstracts evolving right in front of you. Even though there is a lack of the typical hacker aliases now that Twitter has become the new social identity, don’t be afraid to make new friends. No matter which way you look at it, we are all here for the same purpose.
ShmooCon 2011 was a time to remind ourselves that yes, we still love pens that blink (Ooooo. Ahhh.), passwords are still a problem (size DOES matter); social networks are more secure than online banking; license plates at hacker cons RULE; and no matter what side you are fighting the good fight on, when it comes to a Shmoo party there is always room on the dance floor to have a drink and be friends.
Until next year my friends, stay safe…stay secure…..PEN TEST!
- Caitlin Johanson, Technical Specialist
P.S. In the spirit of Valentine's Day, both Dan Crowley and I would like give you a lil' something. If you missed Dan's talk at ShmooCon, no worries, we will give it to you in a nutshell, plus the tool he released to go along with it.
Now available for your URL enlarging pleasure ...
"The URL Enlarger is a tool that will take tiny, pitiful short URLs and increase their length almost instantly! Cry no more in silent shame, enlarge your URLs today!"
Long URLs still contain sensitive data, despite years of experience to tell us that putting that data in URLs is bad juju. Developers and admins still rely on URLs being secret to protect their data, despite this being a terrible idea. Use the URL Enlarger to try out different short URLs and harvest the long URLs returned from the URL shortening service of your choice, generating URLs through incremental generation, random generation, or by providing a dictionary file to use in guessing short URLs.