ShmooCon 07 - Day 3

Last but not least the final day of ShmooCon 07. Not as many sessions today, but I wanted to hear Chuck Willis from Mandiant - Assess the Security of Your Online Bank (Without Going to Jail).

While his talk didn't really focus on Online Banking that much, it was a good primer on non-evasive testing of web facing applications. Chuck fits the Mandiant profile - clean cut - smart guy... The tool that Chuck used in many of his examples is Paros. Hs slides should be posted on his site soon.

I also sat in on on Joel Bruno and Eric Smith's (PSKL) talk on - VOIP, Vonage, and Why I Hate Asterisk. They have done some neat work on RTP playback and in particular Vonage VOIP calls. You can find the SIPinator v1.0 code here. They also made a nice/funny commercial for ShmooCon.

The work the folks at the OLPC project are doing is way cool. Not going into details here, but ck them out.

Quick Summary -

Can't say enough about what a great value ShmooCon is and while not every session was exceptional, the event as a whole was. More highlights in the coming days as I parse thru notes etc...