Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

12/15/2014
10:30 AM
Andrew Ford
Andrew Ford
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)

Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.

For some reason, the competitiveness of startups in Silicon Valley can regularly put competitors at each others' throats.

Uber and Lyft seem to get the most colorful headlines lately with their recruiting wars. Yet any coffee shop with a decent pour-over will have technology folks steeping in anger while competitors copy technology or poach clients.

Maybe as a developer new to the security arena I just haven't been around enough security folks to see that they are all easy going and immune to the otherwise tension-filled tech arena of Silicon Valley.

Maybe. But, I don't think so.

That's why it was so cool this November to see The Latin American security community at the Ekoparty conference in Buenos Aires not angrily mumbling about their competitors at Blue Bottle Coffee, but instead joining with them in hardware and software hacking, lock picking, and mixing Fernet with Coke.

We weren't sure how helpful our English would be in Argentina, so in preparation we dusted off our flashcards, whispered back-and-forth to Michel Thomas CDs and listened to as many Spanish-speaking podcasts as we could. After a couple days though, we learned most researchers could speak some English and many were fluent.

That makes sense when a few things are considered. First, student researchers said that thick computer science textbooks rarely get translated to Spanish, so that's a few years of guaranteed English scholarly reading in English.

Second, most programming and library docs are written in English.

Finally, pretty much every relevant programming language started in English. So, if a researcher wants to achieve a cross site scripting attack on a Rails server, even in Argentina, it's easy to see how much English she needs to understand to find a solution.

Ekoparty hosted speakers that delivered information in both English and Spanish, but every talk was available in both languages through wireless headsets, courtesy of a couple of ridiculously fluent and technical translators.

Listening to talks translated on the fly might have been one of the most luxurious parts of EkoParty. Unlike American tech. conferences that often offer a buffet of merchandise, meals and drinks, Ekoparty was every bit as functional, with a little less fluff.

Maximiliano Soler, 27, Buenos Aires, says that doing good work with less resources is part of the culture in Argentina. Soler, 27, is a security analyst for the Industrial and Commercial Bank of China. He started learning about hacking through underground meetings more than 10 years ago in Buenos Aires.

This theme of "more with less" shows up in different ways. First, between talks researchers don't walk between freshly vacuumed hallways in some Marriot, they walk from a cavernous tent to what used to be a club. Next, corporate Goliaths and eager startups aren't eagerly pushing attendees to grab their T-shirts and mugs. Instead, locally run groups actually sell their own merchandise next to a "pretend this is your boss" punching bag to measure punching power.

Finally, everybody still needs something to hack on, but an attendee is just as likely to be pecking away on a 5-year-old Netbook as she is a shiny Macbook Pro.

Despite the difference in resources from its American counterparts, Ekoparty still offers premier security talks from top echelon researchers.

Vitally McLain, a senior security consultant at Matasano in Chicago said that at EkoParty researchers aren't afraid to dig into and share highly technical information.

McLain said bigger conferences like Defcon can be fun, but often times the size can be a distraction. Ekoparty had about 2,000 attendees, but McLain said it still feels like a smaller conference where you can get a beer with presenters after talks without stress.

"I think the size is important because it lends to people being able to talk to each other and collaborate more," he said. Defcon can be fun according to McLain, but high levels of security can make it feel exclusive.

"Sometimes there is an us versus them thing," he said. "Here it feels like everyone is in it together."

Andrew is a web developer who hails from Boise, Idaho. He learned web development after becoming frustrated with ornery content management tools. He loves riding his bike and hates failing specs.
View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27218
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.