I’m missing the ShmooCon hacker conference for the second year in a row because of family activities. But it remains a favorite of mine for several reasons. One is how its not afraid to explore how the human condition affects the security profession.
For starters, ShmooCon has given Johnny Long a platform.
Long, one of the world’s foremost hackers, has given presentations on why he started Hackers for Charity, a nonprofit organization using the skills of technologists to solve technology challenges for various non-profits and provide food, equipment, job training and computer education to the world’s poorest citizens.
Besides the obvious good that comes of this, the organization has done much to humanize hackers and help the world see them as more than introverts in basements using technology to break into networks for nefarious purposes. More than ever, hackers are seen as agents of positive change. Long deserves our thanks for that, and ShmooCon deserves thanks for giving him valuable exposure.
I also appreciate how ShmooCon has showcased the gifts of those who are different.
A powerful example of that was a talk renowned security engineer Marsh Ray gave at ShmooCon 2011, where he used the fragile mental condition as the basis of a talk called “A paranoid schizophrenia-based model of data security.” In that talk, he described working in a psychiatric hospital more than 20 years ago and getting to know Keith, a fellow who usually sat on the park bench strumming his guitar for spare change.
“Sometimes I would take a break from reading microprocessor manuals and listen,” Ray said at the time. “Keith had paranoid schizophrenia. He could explain how the world worked: ‘There is a great international conspiracy…’ he would say. Electromagnetic fields, government satellites, resonant dinner plates, you name it: He had it all figured out.”
Ray noted how Keith couldn’t trust the conflicting information coming from different parts of the brain. He knew he was vulnerable and spent much time and energy thinking about it.
“Does this not also describe our current relationship with data security?” Ray asked. “Our architectures have become so complex that they are inherently susceptible to internal schism, leaving us vulnerable to sudden manipulation by shadowy external forces.”
Ray noted that many of the things Keith predicted have come to pass. For example, including radio transmissions being monitored by satellite and underground markets emerging for the purpose of trading information.
There are many more examples from previous years. But those are the ones that really stand out for me.
Sorry to miss it this year, but I wish those who are there a fabulous, enlightening weekend.