Kawaiicon

Kiwicon X, held at the Michael Fowler Centre in Wellington (2016)

Kawaiicon (previously Kiwicon) is a New Zealand computer security conference held in Wellington from 2007. It brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers.

The conference format allows for talks, informal discussions, socialising, key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modern exploits and operational security, security philosophy, New Zealand hacker history, related New Zealand law, and a few talks on more esoteric topics.

Kiwicon was founded by Adam Boileau when the annual Australian computer security conference Ruxcon was cancelled for 2007.[1] After ten annual conferences Kiwicon took a break in 2017;[2] in 2019 Boileau stepped down and the conference was relaunched in a "less elaborate" form as Kawaiicon.[3][4] After two conferences, Kawaiicon took a break[5] before announcing a return for 6-8th November 2025.[6][7]

Past conferences

  • 2007 – "Share The Knowledge"

The inaugural Kiwicon was held during the weekend of 17–18 November 2007 at Victoria University of Wellington. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors, information warfare, hiding files in RAM, cracking with PlayStation,[8][9] and attacks on: kiosks, telecommunications company ethernet, non-IP networks, and a serious Windows hole.[10][11][12]

  • 2008 – "Two Cons, One Vision"

Kiwicon 2k8 was held on the 27 and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included: mass surveillance, using honeypots to detect malicious servers, physical security, using search engine optimization to make websites disappear from search results, Bluetooth surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems, biometrics, Citrix XenApp, and Windows Vista via heap exploitation.[13]

  • 2009 – "Kiwicon III: Army of Darkness"

Kiwicon 2k9 was held during the weekend of 28th-29 November 2009 at Victoria University of Wellington for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professional vulnerability research, identifying online identities using Bayesian inference, social engineering, radio sniffing, defending against denial-of-service attacks, Linux rootkits, an introduction to the New Zealand Internet Task Force, and attacks on: physical access control systems, GPS, smart cards, shared hosting platforms, ActiveSync, iOS App Store, pagers, wireless routers, and scientific software.

  • 2010 – "The four e:Sheep-persons of the Cyber Infopocalypse"

Kiwicon IV was once again held on the weekend of 27th-28 November 2010 at Victoria University of Wellington, and sold out even earlier than in 2009. The title was a play on the term Four Horsemen of the Infocalypse. Some talk topics included: a survey of unpatched devices connected to the internet, fast data erasure, urban exploration, web scraping, wardriving with Arduino, New Zealand's proposed Search and Surveillance Act, and attacks on: RFID tags, Internet exchange points, Amazon Kindle, Microsoft Office and Java serialization.

  • 2011 – "It Goes b00m" / "Shellcode, treason and plot"

For its fifth year, Kiwicon took place on 5 and 6 November 2011, at a much larger venue, the Wellington Opera House. The slogans and the date of the event referenced Guy Fawkes and the Gunpowder Plot. Among the talk topics were: an example attack on a film studio, policing hacking from organised crime gangs, operational security, "cyberwarfare", New Zealand's new file-sharing law, automated memory corruption exploitation, Mac OS rootkitting, and attacks on: NFC transactions, iPhones, Android, and garage door openers.

  • 2012 – "The Con of the Beast"

Kiwicon 6 was on the 17 and 18 November 2012, again at the Wellington Opera House. Talk topics included: hacktivist communities, measuring security, security lifecycle, one-time audio passwords, Bluetooth sniffing, biohacking,[14] phishing, stealth web application reconnaissance, remote wiping smartphones connecting to Exchange,[15] a social network monitoring tool, and a wardriving motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.

  • 2013 – "Cyberfriends"[16] – 9–10 November
  • 2014 – "It's always 1989 in Computer Security" / "Hackers just wanna have fun"[17][18][19] – 11–12 December
  • 2015 – "Cyberwar Is Hell"[20] – 10–11 December
Peter Gutmann speaking at the first Kawaiicon (2019).
  • 2016 – "The Truth is In Here"

Kiwicon X was at the larger Michael Fowler Center with almost 2,000 attendees, on 15–18 November 2016. Talk topics included radiation-induced cryptographic failures, a story of active incident response against attacks on Pacnet from Telstra researchers, a phishing automation tool, benefits of containers enabling an application to contain itself, the disconnect between security and business, spoofing GPS by changing the time, why machine learning exploitation is good, a history of lockpicking, remote activation of swipe-card readers, and exploits for iClass RFID, GUIs, macOS, native web-based applications, PHP 7, insecure random number generation, Amazon Web Services, infrared devices, NodeJS, and HTML _blank.

  • 2018 – "Kiwicon 2038AD" – 16–17 November
  • 2019 – "Kawaiicon" – 17–18 October
  • 2022 – "Kawaiicon 2" – 1–2 July
  • 2025 – "Kawaiicon 2025" – 6–8 November

Advertising controversy

On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisations The New Zealand Herald and New Zealand Computerworld. No actual pages on the servers were altered.[21] Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks.[citation needed]

References

  1. ^ Patrick Gray (21 August 2007). "Hackers do the haka". The Sydney Morning Herald. Retrieved 21 October 2015.
  2. ^ "Kiwicon X on Twitter". Twitter. 18 November 2016. Retrieved 21 November 2016.
  3. ^ "Adam Boileau aka Metlstorm on Twitter". Twitter. 15 April 2019. Retrieved 2 July 2024.
  4. ^ "Kawaiicon FAQ". Kiwicon. 2019. Retrieved 2 July 2024.
  5. ^ "Kawaiicon News". Kawaiicon. 15 February 2023. Retrieved 2 July 2024.
  6. ^ "Kawaiicon Mastodon". infosec.exchange Mastodon. 23 July 2024. Retrieved 25 July 2024.
  7. ^ "Kawaiicon 2025". Kawaiicon. Retrieved 25 July 2024.
  8. ^ "Hacker Uses Sony PlayStation 3 to Crack Passwords". Archived from the original on 23 October 2015. Retrieved 19 October 2015.
  9. ^ "PlayStation speeds password probe". 30 November 2007 – via news.bbc.co.uk.
  10. ^ Patrick Gray (26 November 2007). "Flaw leaves Microsoft looking like a turkey". The Sydney Morning Herald. Retrieved 21 October 2015.
  11. ^ "Kiwicon demo exposes serious Microsoft security flaw". NZ Computerworld. 25 November 2007. Retrieved 21 October 2015.
  12. ^ "'Ethical' Kiwi hacker keeps Microsoft busy". Stuff.co.nz. Retrieved 21 October 2015.
  13. ^ Ulrika Hedquist (28 August 2008). "NZ researcher warns of Vista vulnerabilities". NZ Computerworld. Retrieved 21 October 2015.
  14. ^ Darren Pauli (20 November 2012). "Biohacking: Why is my kitten glowing?". SC Magazine. Retrieved 31 January 2013.
  15. ^ Darren Pauli (19 November 2012). "Pwning Androids, iPhones with Exchange". SC Magazine. Retrieved 31 January 2013.
  16. ^ "Hurt A Hipster Hacking Androids...", 28 May 2015, forbes.com
  17. ^ "Top hacker exposes bracelet flaw". NZ Herald.
  18. ^ YOUNG, RACHEL (12 November 2013). "Hacker divulges card's failings". Stuff.
  19. ^ Pauli, Darren. "Your data: Stolen through PIXELS". www.theregister.com.
  20. ^ "Kiwicon 9: Cyberwar is hell". Archived from the original on 11 June 2016. Retrieved 26 May 2016.
  21. ^ "Hackers hit New Zealand Herald website". 29 August 2007. Retrieved 21 October 2015.