Notes from The Next HOPE

HOPE was this weekend at the Hotel Penn in New York City. Except for the choice of venues, it’s a pretty nice (and cheap) conference to get to. I went to several of the talks, although, not all of them would be interesting to purely security people – like cooking for geeks… The talks I did attend were interesting, if not ground breaking. HOPE isn’t generally where people release new code, tools or exploits – that’s Black Hat and Defcon in two weeks, but there tend to be more talks about hacker culture and privacy. The one talk I skipped that I would have liked to go to was the Social Engineering talk – at 9pm on a Saturday (I was already half asleep). I heard that they tried to social engineer a BP gas station, with some success.

I also hit up the talk on the American Bombe – yes, we had a few – a well researched and interesting discussion on how the US got started on that project and some of the stumbling blocks along the way. I also went to the HTTPS discussion, but it rehashed old SSL vulnerabilities and issues with the default CAs trusted in the browsers. One of the better talks I went to was the Locational Privacy and Wholesale Surveillance via Photo services talk by Ben Jackson. He discussed using the EXIF GPS data to stalk people. I promptly told my iPhone that the Camera app was not allowed to use location services.

For me, HOPE is more about the hallway track and meeting people and learning new things on the mezzanine level. This year, the lockpick village was so small that no one could fit in, so I didn’t stop by there – even if I did take my picks. There were more vendors on the M level as well, mostly books, with very little electronics as there have been in years past.

This year, I borrowed a friend’s ham radio and used my license for the first time in 10 years to get an N2H QSL card – along with my friend and several others. Just listening to the hams talk from N2H was interesting as well.