Kiwicon 2008 – Day 2

Just a brief update of day 2 as I found much more of today was over my head and for a more specialised coder type hacker. Roberto Liverani, again, from security-assessment.com from gave a demonstration on Black SEO exposed. This is the art of search engine deoptimisation. Instead of protocols to improve you ranking in Google search pages, he detailed procedures for misdirecting or otherwise reducing the ranking of any target website. Interesting, though making sites effectively disarpear from search engines could have some large ramifications, with some quite big elections coming up worldwide soon. I wouldn’t want to  be a webmaster for a large political webiste, let alone a commercial site such as a bank right now. SEOquake Firefox add-on is a handy tool which Roberto recommended us to understand a sites’ ranking.

Other highlights for me today included Karl Chaffey talking about many bluetooth sniffing things and detailing how much data he picked up from discoverable bluetooth devices he sniffed just walking past several sites in Auckland. Karl has a degree in physics and psychology and looks like someone I should probably have some shared interests in and should get in touch with. He also put us on to various bluetooth sniffing techniques, such as: Bluesnarfing, Bluebugging, Bluesmack, Bluestab, Bluespoof, Carwhisperer, HidAttack, Remote root over BT, iBug, Blueprinting and BTCrack. Worth chasing up for experimental purposes I think.

The highlight of the day for me, just before fatigue tuned me out was Paul Craig talking about how much data he was able to find just using Google that botnets had harvested from internet users daily activity, including webmail, credit card details, usernames, passwords, and all sorts of other private data. It was hair-raising stuff. Fortunately, Google seem to be on to it, but the amount of data that has been harvested via botnets is truly frightening. As Paul quoted, people underestimate the value of their information thinking that there is no reason for people to target them. There is, and they are. If I learned anything over the last few days it is how I need to understand VMware and to set myself up a couple of VMmachines. i will also perhaps start to take a bit more interest in the IP addresses that visit my blog and understand a bit more about what they are trying to do and what they know about me. Paul also unveiled a new trojan that reveals a previously undocumented Windows XP and Vista vulnerability. I won’t say much about it here, as I’m sure it will hit the media soon. Moth trojan is what you need to google.

What with getting up early after the kicking-in of daylight savings time here in NZ, I was pretty tired at the end of the day. Toby’s offer of a free ticket to go and see Wellington Phoenix play couldn’t tempt me from a bath and my bed.

Back to work – Monday morning and snacky time is over.