Kiwicon is an all-ages computer security conference (Hacker con) organised by members of the hacker and computer security community of New Zealand.
Kiwicon provides a venue for hackers and computer security professionals as well as other interested parties to get together and share knowledge, war stories and to consume a startling amount of beer. In the spirits of H.O.P.E. and DEF CON, Kiwicon intends to bring together the best and brightest from academia, the computer security industry, the hacker underground, those who manage critical infrastructure and law enforcement.
The conference format allows for talks of various lengths on a wide range of subjects of interest, informal discussions, socialising and competitions. In the past there has been free coffee, free breakfast, and always a healthy amount of free beer.
Contents |
For its fifth year, Kiwicon took place on 5th and 6th of November 2011, at a much larger venue, the Wellington Opera House.
The first Kiwicon was held during the weekend of 17-18 November 2007 at Victoria University of Wellington. Approximately 200 people attended the two-day event in 2007, many travelling from near and far to attend. There was a notable lack of attendance from the major corporates, which may not have been such a bad thing. The local security community came together for the first time to the first real Hacker con in New Zealand. The calibre of speakers was excellent with a great amount of media coverage as shown below and it was also the release of iKat the Internet Kiosk Attack Tool.
Kiwicon 2k8 was held on the 27th and 28th of September, once again at Victoria University of Wellington with an attendance of over 250 people. A much broader range of attendees arrived this year, with presale tickets selling out before the doors opened. People were greeted with an array of video phone captures that proved that video conferencing systems are insecure by default, and Ben Hawkes released his updated research into Vista heap exploitation techniques.
Kiwicon 2k9 was held during the weekend of 28th-29th of November 2009 at Victoria University of Wellington for the third year running, in Wellington, New Zealand. The event sold out with an attendance of over 350 people.
Kiwicon IV was once again held on the weekend of 27th-28th of November 2010 at Victoria University of Wellington, and sold out even earlier than in 2009. The title was a play on the term Four Horsemen of the Infocalypse.
Kiwicon hosts hacking competitions. Every second year is Tokémon, where hackers race against each other to exploit as many vulnerabilities as possible in the target systems. The first Tokémon was in 2008, with Tokémon 2 for Kiwicon IV in 2010. Kiwicon 2k9 saw the "Skid wars" event take place on the Saturday evening; with ~16 entrants hacking into virtual machines that been set up with known vulnerabilities left unpatched, using of script kiddy tools (hence the name). Kiwicon V involved a combined simulated attack on a power company called Operation Lights Out.
The first year that Kiwicon was run, a tradition of advertising the conference through Cross Site Scripting attacks on high profile sites was started. Usually these are not reported in mainstream press.
On August 29, 2007, persons associated with Kiwicon spoofed the NZ Herald website with a simple XSS attack. No actual pages on the server were altered. This event was reported on the rival newspaper site Stuff.co.nz.
Beau Butler (Oddy)'s wpad talk garnered extensive media coverage due to its public disclosure of a years-old supposedly fixed security flaw in major browsers and operating systems:
Nick Breese's Crackstation talk on PlayStation 3 password cracking also generated extensive media coverage:
Ben Hawkes talks Vista heap exploitation
General Media