summercon 2008 A new tradition of organization (5/30-6/1)

acidus [Billy Hoffman]
The gloves are coming off. This presentation will cover as many malicious things that can be done with JavaScript that I can cram into a 1/2 hour. Stealing history, search engine queries, router attacks, drive-by pharming, port scanning, web crawling, automated SQL injection, source code polymorphism, and sandbox detection.

Ben Feinstein
Many of us working in the security industry regularly deal with issues
related to PCI DSS compliance. In February the PCI Security Standards
Council issued a clarification around its DSS v1.1 requirement to protect
"all web-facing applications ... against known attacks." The Council is
now on the record as stating that this requirement can be met in two very
different ways: through performing application code reviews or by
deploying web application firewalls (WAFs).
This talk will explore the ModSecurity Apache module and how it can be
used as a WAF to cheaply and effectively meet the PCI webapp protection
requirement. Common deployment scenarios will be discussed, including
both in-the-cloud and client premise deployments. The ModSecurity rules
language will be covered and several ModSecurity Core Rules that are
representative of its capabilities will be dissected in depth.
Finally, some interesting uses of ModSecurity's content injection
capabilities will be discussed. Anyone up for hacking the hacker via
scripting injected into your webapp's response to an attempted attack?
This talk will show you how!

David Maynor
Cellular networks have always been a bit of a mystery. Shrouded in secrecy, defended by government regulations and fear of lawsuits has kept cellular spelunkers at bay. The key to open the Pandora’s box can be found in smartphones. Information and diagnostic utilities are sprinkled around devices that run Windows Mobile or phones of a more fruity variety. This talk will show how these tools can be subverted, duplicated and enhanced.

Gweeds
Gweeds is a hacker activist and has earned distinction as being the only
hacker kicked out of both cDc AND the L0pht for NOT being a hacker
sell-out. Gweeds will be celebrating his 50th birthday at Summercon, the
ONLY REAL HACKER CONFERENCE LEFT, which he has been attending since way
before the Con's acquisition by Microsoft VP Clovis. Gweeds is a longtime
member of PH4RTS, a non-profit hacker culture strikeforce fighting against
all forms of hacker co-optation, taking the fight to the oppressors.
Recently he has been co-opting Rachel Ray's television empire into a
thing called "Food Hacking", which mostly consists of his ripping off
pieces of his own body and making food out of them [on the internet!],
which he plans to present in detail.

decius [Tom Cross]
For years the courts have held that random, suspicionless searches of citizens by customs officials at border crossings are A-OK. But, today people are traveling with laptops that contain unprecedented amounts of personal correspondence, documents, music, multimedia, and other files. Should customs be able to pour through all of this personal information without any reasonable basis for suspicion? In April the 9th circuit said yes! I say, fuck that! Come watch the supposedly careful legal reasoning of a learned appellant court be completely eviscerated by some long haired computer dude who has never set foot in a law school.