Kiwicon is a

New Zealand New Zealand ( mi, Aotearoa ) is an island country in the southwestern Pacific Ocean. It consists of two main landmasses—the North Island () and the South Island ()—and over 700 smaller islands. It is the sixth-largest island count ...

computer security conference held annually in

Wellington Wellington ( mi, Te Whanganui-a-Tara or ) is the capital city of New Zealand. It is located at the south-western tip of the North Island, between Cook Strait and the Remutaka Range. Wellington is the second-largest city in New Zealand by me ...

from 2007. It brings together a variety of people interested in

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

. Representatives of government agencies and corporations attend, along with hackers. The conference format allows for talks, informal discussions, socialising, key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modern exploits and

operational security Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, a ...

, security philosophy, New Zealand hacker history, related New Zealand law, and a few talks on more esoteric topics. Kiwicon was founded by Adam Boileau when the annual Australian computer security conference Ruxcon was cancelled for 2007. At the conclusion of Kiwicon X, it was announced that there would be no Kiwicon in 2017. The conference returned for 16-17 November 2018, called "Kiwicon 2038AD", with tickets selling out in under three days by 6 September.

Past Conferences

2007
- "Share The Knowledge" The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at

Victoria University of Wellington Victoria University of Wellington ( mi, Te Herenga Waka) is a university in Wellington, New Zealand. It was established in 1897 by Act of Parliament, and was a constituent college of the University of New Zealand. The university is well know ...

. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors,

information warfare Information warfare (IW) (as different from cyber warfare that attacks computers, software, and command control systems) is a concept involving the battlespace use and management of information and communication technology (ICT) in pursuit of a ...

, hiding files in RAM, cracking with

PlayStation is a video gaming brand that consists of five home video game consoles, two handhelds, a media center, and a smartphone, as well as an online service and multiple magazines. The brand is produced by Sony Interactive Entertainment, a divisi ...

, and attacks on:

kiosk Historically, a kiosk () was a small garden pavilion open on some or all sides common in Iran, Persia, the Indian subcontinent, and in the Ottoman Empire from the 13th century onward. Today, several examples of this type of kiosk still exist ...

s, telecommunications company ethernet, non-IP networks, and a serious Windows hole.
2008
- "Two Cons, One Vision" Kiwicon 2k8 was held on the 27th and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included:

mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizati ...

, using honeypots to detect malicious servers,

physical security Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physica ...

, using

search engine optimization Search engine optimization (SEO) is the process of improving the quality and quantity of Web traffic, website traffic to a website or a web page from web search engine, search engines. SEO targets unpaid traffic (known as "natural" or "Organ ...

to make websites disappear from search results,

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...

surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems,

biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify in ...

Citrix XenApp Citrix Virtual Apps (formerly WinFrame, MetaFrame, Presentation Server and XenApp) is an application virtualization software produced by Citrix Systems that allows Windows applications to be accessed via individual devices from a shared server ...

, and

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

via heap exploitation.
2009
- "Kiwicon III: Army of Darkness" Kiwicon 2k9 was held during the weekend of 28th-29 November 2009 at

for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professional vulnerability research, identifying online identities using

Bayesian inference Bayesian inference is a method of statistical inference in which Bayes' theorem is used to update the probability for a hypothesis as more evidence or information becomes available. Bayesian inference is an important technique in statistics, a ...

social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...

, radio sniffing, defending against

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

rootkits, an introduction to the New Zealand Internet Task Force, and attacks on: physical

access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

systems,

GPS The Global Positioning System (GPS), originally Navstar GPS, is a Radionavigation-satellite service, satellite-based radionavigation system owned by the United States government and operated by the United States Space Force. It is one of t ...

smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...

s, shared hosting platforms,

ActiveSync ActiveSync is a mobile data synchronization app developed by Microsoft, originally released in 1996. It synchronizes data with handheld devices and desktop computers. In the Windows Task Manager, the associated process is called wcescomm.exe. O ...

iOS App Store The App Store is an app store platform, developed and maintained by Apple Inc., for mobile apps on its iOS and iPadOS operating systems. The store allows users to browse and download approved apps developed within Apple's iOS Software Deve ...

, pagers, wireless routers, and scientific software.
2010
- "The four e:Sheep-persons of the Cyber Infopocalypse" Kiwicon IV was once again held on the weekend of 27th-28 November 2010 at

, and sold out even earlier than in 2009. The title was a play on the term

Four Horsemen of the Infocalypse The Four Horsemen of the Infocalypse refers to those who use the Internet to facilitate crime or (pejoratively) to rhetorical approaches evoking such criminals. The phrase is a play on Four Horsemen of the Apocalypse. There is not a universally ag ...

. Some talk topics included: a survey of unpatched devices connected to the internet, fast data erasure,

urban exploration Urban exploration (often shortened as UE, urbex and sometimes known as roof and tunnel hacking) is the exploration of manmade structures, usually abandoned ruins or hidden components of the manmade environment. Photography and historical inter ...

, web scraping, wardriving with Arduino, New Zealand's proposed Search and Surveillance Act, and attacks on:

RFID Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder, a radio receiver and transmitter. When triggered by an electromag ...

tags, Internet exchange points,

Amazon Kindle Amazon Kindle is a series of e-readers designed and marketed by Amazon. Amazon Kindle devices enable users to browse, buy, download, and read e-books, newspapers, magazines and other digital media via wireless networking to the Kindle Store. ...

Microsoft Office Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketin ...

and

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...

serialization In computing, serialization (or serialisation) is the process of translating a data structure or object state into a format that can be stored (e.g. files in secondary storage devices, data buffers in primary storage devices) or transmitted (e ...

.
2011
- "It Goes b00m" / "Shellcode, treason and plot" For its fifth year, Kiwicon took place on 5th and 6 November 2011, at a much larger venue, the

Wellington Opera House The Opera House is a proscenium theatre in Wellington, New Zealand, located on Manners Street opposite Te Aro Park. History The present Opera House replaced earlier buildings on Manners Street. The Imperial Opera House opened in 1878, but bur ...

. The slogans and the date of the event referenced Guy Fawkes and the Gunpowder Plot. Among the talk topics were: an example attack on a film studio, policing hacking from organized crime gangs,

, "

cyberwarfare Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic war ...

", New Zealand's new file-sharing law, automated memory corruption exploitation, Mac OS rootkitting, and attacks on:

NFC NFC may refer to: Psychology * Need for cognition, in psychology * Need for closure, social psychological term Sports * NFC Championship Game, the National Football Conference Championship Game * NCAA Football Championship (Philippines) * Nati ...

transactions, iPhones,

Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...

, and

garage door opener A garage door opener is a motorized device that opens and closes a garage door controlled by switches on the garage wall. Most also include a handheld radio remote control carried by the owner, which can be used to open and close the door from a ...

s.
2012
- "The Con of the Beast" Kiwicon 6 was on the 17th and 18 November 2012, again at the

. Talk topics included:

hacktivist In Internet activism, hacktivism, or hactivism (a portmanteau of '' hack'' and '' activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in h ...

communities, measuring security, security lifecycle, one-time audio passwords,

sniffing, biohacking, phishing, stealth web application reconnaissance, remote wiping

smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...

s connecting to Exchange, a social

network monitoring Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitorin ...

tool, and a wardriving motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.
2013
- "Cyberfriends"
2014
- "It's always 1989 in Computer Security" / "Hackers just wanna have fun"
2015
- "Cyberwar Is Hell"
2016
- "The Truth is In Here" Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15-18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on Pacnet from

Telstra Telstra Group Limited is an Australian telecommunications company that builds and operates telecommunications networks and markets voice, mobile, internet access, pay television and other products and services. It is a member of the S&P/ASX 20 ...

researchers, a phishing automation tool, benefits of

containers A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping. Things kept inside of a container are protected on several sides by being inside of its structure. The term ...

enabling an application to contain itself, the disconnect between security and business, spoofing

by changing the time, why

machine learning Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence. Machine ...

exploitation is good, a history of

lockpicking Lock picking is the practice of unlocking a lock by manipulating the components of the lock device without the original key. Although lock-picking can be associated with criminal intent, it is an essential skill for the legitimate professi ...

, remote activation of swipe-card readers, and exploits for iClass

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

, native web-based applications,

PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group ...

7, insecure random number generation, Amazon Web Services, infrared devices,

NodeJS Node.js is an open-source server environment. Node.js is cross-platform and runs on Windows, Linux, Unix, and macOS. Node.js is a back-end JavaScript runtime environment. Node.js runs on the V8 JavaScript Engine and executes JavaScript code ou ...

, and HTML _blank.
2018
- "Kiwicon 2038"

Advertising controversy

On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisations

The New Zealand Herald ''The New Zealand Herald'' is a daily newspaper published in Auckland, New Zealand, owned by New Zealand Media and Entertainment, and considered a newspaper of record for New Zealand. It has the largest newspaper circulation of all newspapers ...

and New Zealand

Computerworld ''Computerworld'' (abbreviated as CW) is an ongoing decades old professional publication which in 2014 "went digital." Its audience is information technology (IT) and business technology professionals, and is available via a publication website ...

. No actual pages on the servers were altered. Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks.

References

{{reflist

External links

Official website
Information technology in New Zealand Hacker conventions