NZ Bound

Today was Kiwicon II – and it was a busy event – lots of speakers and a lot of delegates, mostly dressed in black as you’d expect. I’d better get myself into the hacktivist uniform tomorrow – I felt disappointingly underdressed today – I might even shave a goatie beard back in especially, Anyway, after Metlstorm (Adam to his mum) welcomed us to the day, the conference kicked off with the keynote session of the day, presented by cartel from thoughtcrime.

Cartel gave voice to a more ideological expression of hacker orientation and activity, or hacktivism, than the other more technical looking sessions. He talked about the proposed bill to look at rights pertaining to stop and search – which purports to give powers  to police to pry into computers seized in search.

He questioned some of the  wording in the draft bill, asking whether this gives authorities the potential opportunity to make unauthorised changes to your laptop. What iI think follows this is the question around how is this governed or forensically controlled? I’m not sure whether the draft legislation attempts to address this, or even wants to.

Cartel continued and talked about how customs agents at Auckland airport had demanded the authentication passphrase for his notebook user account and removed the laptop from his sight for 45 minutes.

When he got home and scanned his notebook for the activity that took place h found out that they looked at his attachments of emails while it was out of sight. He enquired after the fact and after something of a runaround he was told they were allowed to do this but would not say what law gave them the power to do this.

As a result of his experience, he told the conference that he has set up a script for duress authentication with a layer that is triggered after putting in duress password and also encodes what is done to your notebook when it is out of sight and has unauthorised access. A class example of hacktivism.
Lots more highlights of the day until it got a little over my head. Eon and Oddy talking about how they portscanned the whole of the .jp domain and found unprotected conference cameras and pwned them and showed us the results and gave some tools to try and play with (that’ll take me a while). Another big highlight for me was Peter Guttman talking about how easy it is to scan and clone RFIDs in passports and credit cards (the litte gold chip), and the type I and type II error tensions inherent in establishing and implementing biosecurity systems. They just don’t work and in no way live up to their manufacturer’s claim. In fact, most RFIDs that claim to be encrypted are nothing of the sort. Scary, and well-worth knowing, though I have been something of a skeptic of RFID chips for a while. In fact, I deliberately applied for my renewed UK passport on the last day possible in New Zealand to ensure it was issued WITHOUT an RFID chip in it, even though my passport still had 6 months to run.

Chips and tinfoil hats aside, it was a great day, though it got a bit techy for ignorant me towards the end of the day. Looking forward to seeing what tomorrow will bring – my first ever hacktivism conference continues …