I’m in Washington D.C. this weekend for ShmooCon 2008. The first day (US-EST) has officially passed, and what a day it has been! Registration started at 1pm with a long line of seemingly all 1200 attendees at once. Okay, probably not. In fact, we got through the line in just a few minutes – that’s efficiency for you!
The first talk of the con was h1kar1, who reported on a project consisting of an open-source, brute-force attack on the GSM session key derivation algorithm. See http://wiki.thc.org/. In other words, if you use a GSM phone (for example, anything from AT&T or T-Mobile in the US), your conversations can be scanned and decrypted in a matter of seconds by commercial hardware costing under US $1 million. Of course, governments could already do that via various means, but it’s different when a wide variety of private sector entities have that kind of power.
Later this evening I did an interview with Hak5. Man, those guys have the love, lugging that video equipment around and giving people like me a chance to talk about our work. Thanks a lot, Hak5 folks!
Looking forward to tomorrow (today, EST) …