Kiwicon is a

New Zealand New Zealand ( mi, Aotearoa ) is an island country in the southwestern Pacific Ocean. It consists of two main landmasses—the North Island () and the South Island ()—and over 700 smaller islands. It is the sixth-largest island count ...

computer security conference A computer security conference is a convention for individuals involved in computer security. They generally serve as meeting places for system and network administrators, hackers, and computer security experts. Events Common activities at hacke ...

held annually in

Wellington Wellington ( mi, Te Whanganui-a-Tara or ) is the capital city of New Zealand. It is located at the south-western tip of the North Island, between Cook Strait and the Remutaka Range. Wellington is the second-largest city in New Zealand by metr ...

from 2007. It brings together a variety of people interested in

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

. Representatives of government agencies and corporations attend, along with

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

s. The conference format allows for talks, informal discussions, socialising, key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modern

exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...

s and

operational security Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, a ...

, security philosophy, New Zealand hacker history, related

New Zealand law The law of New Zealand uses the English common law system, inherited from being a part of the British Empire. There are several sources of law, the primary ones being statutes enacted by the New Zealand Parliament and case law made by decisions ...

, and a few talks on more esoteric topics. Kiwicon was founded by Adam Boileau when the annual Australian computer security conference Ruxcon was cancelled for 2007. At the conclusion of Kiwicon X, it was announced that there would be no Kiwicon in 2017. The conference returned for 16-17 November 2018, called "Kiwicon 2038AD", with tickets selling out in under three days by 6 September.

Past Conferences

2007
- "Share The Knowledge" The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at

Victoria University of Wellington Victoria University of Wellington ( mi, Te Herenga Waka) is a university in Wellington, New Zealand. It was established in 1897 by Act of Parliament, and was a constituent college of the University of New Zealand. The university is well kno ...

. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors,

information warfare Information warfare (IW) (as different from cyber warfare that attacks computers, software, and command control systems) is a concept involving the battlespace use and management of information and communication technology (ICT) in pursuit of a ...

, hiding files in

RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...

, cracking with PlayStation, and attacks on: kiosks, telecommunications company ethernet, non-IP networks, and a serious Windows hole.
2008
- "Two Cons, One Vision" Kiwicon 2k8 was held on the 27th and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included: mass surveillance, using honeypots to detect malicious servers,

physical security Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physica ...

, using

search engine optimization Search engine optimization (SEO) is the process of improving the quality and quantity of website traffic to a website or a web page from search engines. SEO targets unpaid traffic (known as "natural" or " organic" results) rather than dire ...

to make websites disappear from search results,

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...

surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems,

biometrics Biometrics are body measurements and calculations related to human characteristics. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used to identify i ...

, Citrix XenApp, and

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

via heap exploitation.
2009
- "Kiwicon III: Army of Darkness" Kiwicon 2k9 was held during the weekend of 28th-29 November 2009 at

for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professional

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

research, identifying online identities using Bayesian inference, social engineering, radio sniffing, defending against

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

s, an introduction to the New Zealand Internet Task Force, and attacks on: physical access control systems,

GPS The Global Positioning System (GPS), originally Navstar GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Space Force. It is one of the global navigation satellite sy ...

, smart cards, shared hosting platforms, ActiveSync, iOS App Store,

pager A pager (also known as a beeper or bleeper) is a wireless telecommunications device that receives and displays alphanumeric or voice messages. One-way pagers can only receive messages, while response pagers and two-way pagers can also acknow ...

wireless router A wireless router is a device that performs the functions of a router and also includes the functions of a wireless access point. It is used to provide access to the Internet or a private computer network. Depending on the manufacturer and mode ...

s, and scientific software.
2010
- "The four e:Sheep-persons of the Cyber Infopocalypse" Kiwicon IV was once again held on the weekend of 27th-28 November 2010 at

, and sold out even earlier than in 2009. The title was a play on the term

Four Horsemen of the Infocalypse The Four Horsemen of the Infocalypse refers to those who use the Internet to facilitate crime or (pejoratively) to rhetorical approaches evoking such criminals. The phrase is a play on Four Horsemen of the Apocalypse. There is not a universally ag ...

. Some talk topics included: a survey of unpatched devices connected to the internet, fast

data erasure Data erasure (sometimes referred to as data clearing, data wiping, or data destruction) is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media b ...

urban exploration Urban exploration (often shortened as UE, urbex and sometimes known as roof and tunnel hacking) is the exploration of manmade structures, usually abandoned ruins or hidden components of the manmade environment. Photography and historical inter ...

web scraping Web scraping, web harvesting, or web data extraction is data scraping used for extracting data from websites. Web scraping software may directly access the World Wide Web using the Hypertext Transfer Protocol or a web browser. While web scrapin ...

wardriving Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet. Warbiking, warcycling, warwalking and similar use the sam ...

with

Arduino Arduino () is an open-source hardware and software company, project, and user community that designs and manufactures single-board microcontrollers and microcontroller kits for building digital devices. Its hardware products are licensed under ...

, New Zealand's proposed Search and Surveillance Act, and attacks on: RFID tags,

Internet exchange point Internet exchange points (IXes or IXPs) are common grounds of IP networking, allowing participant Internet service providers (ISPs) to exchange data destined for their respective networks. IXPs are generally located at places with preexisting ...

s, Amazon Kindle,

Microsoft Office Microsoft Office, or simply Office, is the former name of a family of client software, server software, and services developed by Microsoft. It was first announced by Bill Gates on August 1, 1988, at COMDEX in Las Vegas. Initially a marketi ...

and

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...

serialization.
2011
- "It Goes b00m" / "Shellcode, treason and plot" For its fifth year, Kiwicon took place on 5th and 6 November 2011, at a much larger venue, the Wellington Opera House. The slogans and the date of the event referenced

Guy Fawkes Guy Fawkes (; 13 April 1570 – 31 January 1606), also known as Guido Fawkes while fighting for the Spanish, was a member of a group of provincial English Catholics involved in the failed Gunpowder Plot of 1605. He was born and educated ...

and the

Gunpowder Plot The Gunpowder Plot of 1605, in earlier centuries often called the Gunpowder Treason Plot or the Jesuit Treason, was a failed assassination attempt against King James I by a group of provincial English Catholics led by Robert Catesby who sough ...

. Among the talk topics were: an example attack on a film studio, policing hacking from organized crime gangs,

, " cyberwarfare", New Zealand's new file-sharing law, automated memory corruption exploitation,

Mac OS Two major famlies of Mac operating systems were developed by Apple Inc. In 1984, Apple debuted the operating system that is now known as the "Classic" Mac OS with its release of the original Macintosh System Software. The system, rebranded "M ...

ting, and attacks on: NFC transactions, iPhones, Android, and garage door openers.
2012
- "The Con of the Beast" Kiwicon 6 was on the 17th and 18 November 2012, again at the Wellington Opera House. Talk topics included:

hacktivist In Internet activism, hacktivism, or hactivism (a portmanteau of '' hack'' and '' activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in h ...

communities, measuring security, security lifecycle, one-time audio passwords,

sniffing, biohacking,

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

, stealth web application reconnaissance, remote wiping

smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...

s connecting to

Exchange Exchange may refer to: Physics *Gas exchange is the movement of oxygen and carbon dioxide molecules from a region of higher concentration to a region of lower concentration. Places United States * Exchange, Indiana, an unincorporated community * ...

, a social

network monitoring Network monitoring is the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator (via email, SMS or other alarms) in case of outages or other trouble. Network monitori ...

tool, and a

motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.
2013
- "Cyberfriends"
2014
- "It's always 1989 in Computer Security" / "Hackers just wanna have fun"
2015
- "Cyberwar Is Hell"
2016
- "The Truth is In Here" Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15-18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on

Pacnet Pacnet was a global telecommunications service provider between 2008 and 2015. It was formed from the operational merger of Asia Netcom and Pacific Internet on 8 January 2008. It was owned by a private investor group comprising Ashmore Investm ...

from

Telstra Telstra Group Limited is an Australian telecommunications company that builds and operates telecommunications networks and markets voice, mobile, internet access, pay television and other products and services. It is a member of the S&P/ASX 20 ...

researchers, a

automation tool, benefits of

containers A container is any receptacle or enclosure for holding a product used in storage, packaging, and transportation, including shipping. Things kept inside of a container are protected on several sides by being inside of its structure. The term ...

enabling an application to contain itself, the disconnect between security and business, spoofing

by changing the time, why

machine learning Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence. Machine ...

exploitation is good, a history of

lockpicking Lock picking is the practice of unlocking a lock by manipulating the components of the lock device without the original key. Although lock-picking can be associated with criminal intent, it is an essential skill for the legitimate professi ...

, remote activation of swipe-card readers, and exploits for iClass RFID,

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...

, native web-based applications,

PHP PHP is a general-purpose scripting language geared toward web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by The PHP Group. ...

7, insecure

random number generation Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. This means that the particular out ...

Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide d ...

, infrared devices,

NodeJS Node.js is an open-source server environment. Node.js is cross-platform and runs on Windows, Linux, Unix, and macOS. Node.js is a back-end JavaScript runtime environment. Node.js runs on the V8 JavaScript Engine and executes JavaScript code ou ...

, and HTML _blank.
2018
- "Kiwicon 2038"

Advertising controversy

On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisations

The New Zealand Herald ''The New Zealand Herald'' is a daily newspaper published in Auckland, New Zealand, owned by New Zealand Media and Entertainment, and considered a newspaper of record for New Zealand. It has the largest newspaper circulation of all newspaper ...

and New Zealand Computerworld. No actual pages on the servers were altered. Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks.

References

{{reflist

External links

Official website
Information technology in New Zealand Hacker conventions