Having sufficiently recovered from my week-long trip to Buenos Aires its time to spread the word about some of the innovative research presented at Argentina's two most prominent security conferences. My coworker Ali and I first attended BA-Con, the newest conference venture from Dragos Ruiu (of CanSecWest, PacSec, and EUSecWest fame). Some of the highlights included an entertaining (and at the same time depressing) talk from Harri Hursti regarding the current and past state of eVoting procedures and architecture. Harri described such design flaws as global master keys, poor encryption, default passwords, methods by which one can simply obtain administrative access to some of the machines, and even what he referred to as--if memory serves--101 class bugs in the software.

We also attended an informative talk by Hendrik Scholz entitled "All the Crap Aircrafts Receive and Send". Hendrik's presentation discussed the structure of the plaintext protocol airplanes use to communicate to ground crew and airports. From the audience Cedric Blanchard voiced a hilarious example of how this could be abused by spoofing a request for 20 new seats for the incoming airplane. The results being a ground crew with the necessary equipment awaiting the plane's arrival on the tarmac.

Following this talk was Jose Orlicki with his presentation about social networks. Jose implemented a library that enables one to scrape social networking sites and search engines to profile individuals and map out their relationships with others. You may remember Maltego which does similar data gathering. Jose showcased his implementation by demonstrating a chat bot that impersonated one of his target individuals by utilizing vocabulary similar to their own using his gathered data. His entertaining case example was an Ivan Arce bot chatting with characters from the Matrix movie.

I wasn't able to attend Julien Vanegue's talk, "Hacking PXE without reboot (using the BIOS network stack for other purposes)", as I was preparing for our talk that immediately followed it. I was told the slides will be available on the BA-Con website some time soon.

Following BA-Con was ekoparty which is now in its 2nd (public) year. Ekoparty talks were hosted on a theater stage and were packed with somewhere around 300 attendees. The conference also ran a wargame called Packetwars and a lockpicking competition which was won by Hugo Fortier, one of the organizers of Recon.

We originally had trouble locating the conference so we missed out on some of the talks we would have liked to have seen. One such talk was Julien Vanegue's presentation on Evarista, a piece of software based on the ERESI framework. The ERESI framework implements an intermediate representation that enables one to more easily perform runtime and static analysis. Julien's Evarista is focused on static analysis and is the same research as documented in Phrack issue 64, article 8.

We did catch some good presentations on day two, including a talk from Nelson Murilo and Luiz Eduardo on a new wifi monitoring tool dubbed Beholder. Following their talk was Hugo Scolnik a mathematics professor who talked about a possible new method of factoring numbers in an attempt to attack RSA encryption. His talk was in Spanish but math is universal and so his slides conveyed some aspects of his approach. However I'll wait until someone translates his work before attempting to comment on it's validity.

Following the conference lightning talks were given at a local pub. Most were in Spanish and I am far from fluent. However, Andrew Cushman from Microsoft's Research Center did give a quick rundown of some of the new Microsoft initiatives first announced at Blackhat this year.

Both events had a great turnout and interesting presentations. The security community in Argentina is definitely thriving with such companies as Core and Cybsec headquartered there. Hopefully these conferences will continue to put the spotlight on the region and we personally look forward to attending both conferences next year.