Frequently you find a speaker who is covering a very interesting topic, but may not quite have a firm grasp on keeping a crowd interested. Public speaking is not a skill that I have mastered, and I feel that the folks that were talking about Sidewinder are in the same boat. Sidewinder is a promising piece of software that Shawn Embleton, Sherri Sparks and Ryan Cunningham are working on. Sidewinder is a fuzzer that uses genetic algorithms to evolve the fuzzed input in order to get the funky data to the place in the code where you want it. The next logical step of their application is to add some software to create exploits once you get to the place in the code where you suspect a vulnerability may exist. Keep an eye on these three, I see big things coming from their collective intelligence in the next few years.
Update I had a chance to speak with Shawn about the Sidewinder application and he told me it was all coded in just a few months. He isn't sure if he will have time to continue development on the application, but I encouraged him to as I feel it is a great concept and could grow to be one of the best fuzzers out there.
I just caught the opening intro from Jeff Moss aka Dark Tangent. He dispelled rumors that Microsoft had attempted to buy a track at the convention, explaining that he was hoping to have some of the Vista engineers at the con to talk about their work that would hopefully coincide with the imminent release of the new OS. As it turned out the Vista release date has been pushed back, so that didn't work out as planned.
The opening keynote was given by Dan Larkin, FBIU Unit Chief of Cyber Initiative & Resource Fusion Unit Cirf-U, a spinoff of IC3. He started out with some bad jokes about how far computers have come which elicited a sum total of zero laughs from the audience. His talk became more interesting when he talked about strides the feds had made in past years working with academia, industry and experts in the field. The FBI is actively investigating all types of cybercrime ranging from phishing to spamming to bank fraud and are uncovering vast organized crime organizations that span the globe.
I had a chance to talk to Dan Larkin more after his talk and I asked him about what percentage of the crime the investigate involves music, movie and software piracy and he said that the organized criminals involved really have their hands in anything and everything illegal that can make them money. He said 30% of the bad guys crime involves When it comes to music, software and music.
I am torn between three of the next talks scheduled, of which I will try and catch a few minutes of each: Bypassing NAC by Ofir Arkin, Black Ops 2006 by Dan Kaminsky and Trusted Computing Revolution by Bruce Potter. Dan's talks are always great and I've enjoyed Ofir's in the past as well. I am pulling the shots from the keynote off my CF card right now and will upload them as soon as they are done.