Next month a large gathering of Australia's underground hacker community will converge on the University of Technology, Sydney for a two-day event called RUXCON.
The conference — whose presentations includes working titles such as Auditing the (open source) kernel [kfc style]; Writing exploits under MIPS/IRIX; The State of Web Applications Security; Breaking Network Authentication, from Passwords to Hardware; and Artificial Intelligence for the Lazy Hacker — is the first of its kind ever to be held in Australia.
Keen to get a better understanding of RUXCON, Howard Dahdah speaks to conference organisers about the reasons for holding the event, the legality of it, and who is expected to attend. As the respondents wish to remain anonymous, they will be simply referred to as 'RUXCON staff'.
Q: Why have the convention? RUXCON staff: The aim of RUXCON is to get like-minded people who have an interest in computer security together in one place. To allow them to exchange ideas and techniques that are being used today. We believe RUXCON is a unique conference, in that it is non-profit, has no commercial backing and is targeted specifically at the Australian security community. By providing such a conference we can focus on the technical content of the presentations without commercial interference.
We expect anyone with an interest in computer security to attend. From university students to professionals, from law enforcement to end users who are ultimately affected by the security issues which will be discussed at the conference.
Q: Who organises it? RUXCON staff: RUXCON is organised by a team of volunteers from all over Australia. Some of these people work in some areas of the computer security industry, others just have an interest in computer security.
Q: Do you intend for this event to be so mysterious, cryptic? RUXCON staff: We have not tried to make this mysterious or cryptic. Some people like their anonymity and we will respect that at the conference.
Q: How many people are going to the conference? RUXCON staff: From the pre-registration numbers it is looking like we will be expecting approximately 400 people, though as we get closer to the date this number will probably be revised.
Q: Are they all hackers? RUXCON staff: Is everyone who attends linuxconf.au a kernel developer? We expect attendees to come from all sorts of backgrounds. Not only people interested in security but interested in cryptography, legal policies regarding computers, or just a general curiosity about computer security. The event is open to the public, and all are welcome to attend.
Q: Is it all above board? RUXCON staff: The presentations on RUXCON will contain topics on computer security which cover both offense and defense. RUXCON as an association does not condone any activities which are illegal and is actively vetting any content for any information which may be against the law to present.
With regards to the physical premises, the licensed drinking area is restricted to those 18 years and older and we have the appropriate public liability insurance.
Q: How can facilitating hacking be legal? RUXCON staff: RUXCON is not so much about hacking as the understanding of the current state of computer security. With any advanced knowledge there comes the potential for misuse, however RUXCON only disseminates security information for the purpose of educating the wider community.
Q: Do you share hacking secrets at the convention? RUXCON staff: Many of the talks at RUXCON will be at a technical level and will cover many facets of security that are not well known to the wider security community. There will be something new to learn for everybody.
Q: Is this a conference for existing hackers, or are you after young kiddies to train up into hackers? RUXCON staff: The conference is open to the public. There will be technical presentations which will assume some pre-existing knowledge of computer security along with entry-level workshops for people who have an interest but are just starting to learn. Along with this there is a large social area where people can mingle and participate in challenges that will be running over the two days of the con.
Q: What is the average age of attendees? RUXCON staff: We will not be collecting demographic information from attendees. However, at a guess the majority would be 16-30. Most of the past conferences in Australia charge several thousands of dollars to attend, this severely restricts the diversity of delegates. Since RUXCON is non-profit we can have a much lower entrance fee and as such can allow more of the security community to attend. Hopefully, we will be tapping into parts of the security community that other conferences have not.
Q: Why are you asking for media coverage if you are an "underground network"? RUXCON staff: Yes, RUXCON is an event organised by some people with affiliations to the Australia security underground. By getting media coverage of the event it can help us reach other people who are interested in similar topics who don't know such a scene exists in Australia. Without media coverage, this would not be possible.
Q: Lastly. Why do people hack? RUXCON staff: People hack for all sorts of reasons, RUXCON cannot tell you something which would encompass all these reasons. However, computer security is something which interests many people with some even depending on computer security for our livelihoods. RUXCON is a way to let these people come together and to discuss and learn about techniques being employed out there today, without the vendor bias or the buzzwords. Without knowing these techniques how could one accurately defend against them?
RUXCON runs from April 12-13. If all goes well this year, the organisers will look at continuing RUXCON as an annual event. A list of presentations and activities that will be held at the conference can be found on the RUXCON Web site www.ruxcon.org