Kiwicon, Day One, was filled with a good mix of entertaining and informative talks. Well worth attending even though some of the blocks of talks were a little long (eg, 2.75 hours in a row after lunch) which made holding concentration all the way through tricky. (It also helped that the weather was sufficiently overcast and drizzly that one didn't feel a need to be playing outside, but dry enough that the trek to the shops for food didn't involve getting too wet.)
Thanks to the con operating under that Chatham House Rule (wikipedia) -- which seems to be similar to the rules of ThursdayNightCurry, viz what happens at curry stays at curry -- I probably shouldn't reveal too many of the details.
But amongst the highlights for me (mostly based on things listed in the programme which is online so presumably considered public) were:
The description of Max Power journalism (in reference a Simpsons episode where there is the right way, the wrong way, and the Max Power way -- which is like the wrong way, but faster) and in particular the effect that modern communication mixed with the speed required to "get the scoop" can result in... less fact checking than might be desirable. Which offers all sorts of opportunitites for social engineering. Amongst the things that can go on is stock pumping (something that was also discussed at Defcon this year in the context of spam -- there was a period of several months where graphics spam for stocks by one particular spammer seemed very successful, and then it suddenly stopped working presumably once anti-spam tools started blocking it).
Detecting rootkits in the Linux kernel using "antilulz", which cross checks various tables (interupt, syscall, file operations, etc) against what they should be, amongst various other things. It apparently detects all known rootkits, including some not in wide circulation... but largely because Linux rootkits are pretty lame about being stealthy since the generally available detection tools are so primitive. (Antilulz isn't, yet, available, and may or may not be released.) Microsoft Windows, OTOH, has been through several more iterations of the rootkit/detector arms race and so the rootkits tend to be more crafty.
Using an Arduino for various security work, including with a software-defined (low speed) USB stack (the default microprocessor on the Arduino is apparently fast enough to bitbang the USB protocol connected via a custom shield). Yet more incentive to do something with the Arduino board I bought to try things out. It very much seems to be the "hackable" microprocessor kit for random projects (several of the LCA hardware hacking folks were using them too, which was the reason I bought one without a specific project in mind).
Yet more on the perils of shared hosting. The main take away seems to be that if your shared hosting runs everything under the same user privileges you might as well give up all pretence of security now. And even if it doesn't, there's not that much security in any shared environment. (Although I wonder if this might be an actually useful use case for SELinux Policy, assuming anyone could ever write a suitably comprehensive policy.)
Scanning "the NZ Internet" is a relatively quick operation (approx 7M IPs to scan, feasible to scan in the order of 10k/s for a single port without raising many people's eyebrows, so in the order of a few hours to scan each port). If you were to do so you'd find the usual collection of old, unpatched, insecure stuff. Having done so, for a bunch of common ports, you end up with a reasonable size database (1.1B rows) and need some data warehousing techniques. But without much effort, can answer some interesting questions in the order of 10 seconds. Getting anyone to care about the answers is rather harder. And the NZ Crimes Act potentially makes the posession of such information a crime, which doesn't exactly encourage research or trying to do anything productive with it (whether it does or doesn't is unknown since there is no case law; and the spooks have their own exception to the rule anyway).