The Boston BSides conference is bursting at its seams and may have to find a new place to carry out its mission of providing inexpensive IT security training, educational sessions and informal networking where peers can share experiences and help guide aspiring security pros.
The conference this weekend at Microsoft’s New England Research and Development (NERD) Center in Cambridge, Mass., was full to capacity with about 400 people attending – the NERD limit, says Daniel Reich, one of the show’s organizers.
He says the organizers had to turn away about 100 others who wanted to attend, and after reading surveys by attendees and comments on Twitter, they may be looking for a larger venue for next year.
This includes possibly reaching out to co-locate with other Boston area groups such as BeaCon, OWASP and SOURCE Boston. Boston BSides is also considering becoming a legal non-profit to help with handling its finances.
Now the work is done by volunteers who choose keynote speakers, select those presentations that are made in conference sessions and staff the conference registration tables and keep things running smoothly, he says.
The cost to attend is $20 for the conference and up to $70 extra for workshops the day before. “That’s a lot of value to help you get started in a career in networking,” Reich says. “We want to keep it affordable, as close to free as possible.”
The hands-on training was new this year and the two full-day classes – Advanced Web Hacking and Introduction to Hardware Hacking - sold out almost immediately, he says.
Potential speakers submitted 51 proposals for just 18 slots. A committee winnowed them down to 27 that they felt really ought to be accepted, and faced a painful process cutting the final nine, he says.
The hardware hacking training by Brent Dukes covered how to recognize the components of a circuit board, identify the specific brand and model of them, find documentation for them and tap into their firmware. It included reprogramming a toy.
A half-day session on testing physical security presented by Keith Pachulsk delved into how to try to penetrate facilities in an effort to gain access to IT infrastructure, personnel and other assets. He does tis on behalf of clients who want their facilities and security measures tested, and he went into how to do this safely, which involved avoiding the very real possibility of violence by the clients’ security teams. He talked about how to get into buildings, move around them without detection once you are in and tapping IT networks.
A half-day training gave hands-on accounts of how to prepare for and participate in capture-the-flag security challenges. Presenter John-Nicholas Furst recommended tools and hardware to bring to these events and drew a picture of what it’s like to face other, formidable teams.
With a focus on advancing careers of younger security pros, Boston Bsides tries to bring in big-name keynote speakers so attendees get to interact with them up close. This year the two keynotes.
One was Peiter Zatko, also better known as Mudge. He was a key member of the hacker group L0pht and wrote the password breaking software L0phtCrack. Later he oversaw cybersecurity research at DARPA and worked at Google’s Advanced Technology & Projects division. He spoke about how attackers and vendors selling defenses can wind up in perverse relationships where they perpetuate a standoff rather than close avenues of attack.
The other was Gabriella Coleman, a professor of Scientific & Technological Literacy at McGill University. She spoke about the group Anonymous, whether it ought to be considered a terrorist group and an apparent effort to paint it as such by governments. She’s written a book on the subject called Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous.