The third annual ShmooCon convention kicked off in Washington, D.C., on March 23 and will run throughout the weekend with a series of lectures and presentations covering a wide range of enterprise security issues.
Held at the Wardman Park Marriott Hotel through March 25, ShmooCon aims to serve as an East Coast hacker convention -- and an unofficial complement to the annual Black Hat confab in Las Vegas -- focused on technology exploitation, security products, and discussion of newly emerging threats.
As in previous years, the list of scheduled speakers includes some of the security industry's leading personalities, including an opening keynote from Avi Rubin, a professor at Johns Hopkins University's Information Security Institute and one of the most outspoken critics of existing electronic voting systems.
Some of the best-known hackers scheduled to present at the show include Johnny Long, known recently for his white hat attacks on Google technologies; G. Mark Hardy, a government security specialist; and Katie Moussouris, who works for Symantec and has been known to use her smile to get by corporate security guards and then break into their companies' networks.
Hoffman maintains that Jikto will illustrate how easy it is for attackers to create cross-site scripting and other Web-based code injection exploits that can be carried out against even well-known and highly secured sites and applications.
"More and more Web worms are using AJAX to comb through sites, find new targets, and spread themselves," Hoffman said. "The rise of Web malware using AJAX is a big trend and the sophistication of these attacks is also increasing; AJAX is being combined with Flash in some instances for attacks that use the strength of each to deliver their payloads; we're seeing hybrid uses of multiple technologies."
By making his gadget public, Hoffman said he hopes more IT security executives will get the message about locking down their Web sites, which he admits is a very tough job. For its part, SPI markets penetration testing tools used by businesses to ferret out security issues from their online sites and applications.
Other noteworthy sessions planned for the sold-out event include talks on the positive impacts of enterprise security breaches, a hacker based in Iraq, vulnerabilities in Windows Mobile, and the overall security of radio frequency devices.