Sophos Australia at AusCERT 2009

Dear Diary,

Last week was AusCERT 2009 – the biggest, and arguably the best, computer security conference and trade show in Australia.

The event takes place at the Royal Pines resort in South East Queensland, far from the madding crowds, or right in their midst, depending on your opinion of the Gold Coast, yet handily close to AusCERT’s headquarters at the University of Queensland in Brisbane. Note to Californians: that’s Brizbun, Australia, not Brizz-Baine, San Mateo.

At AusCERT events, the trade show booths surround the lecture rooms, allowing four – and sometimes five – parallel conference streams to take place amidst the exhibition, neatly and effectively mingling vendors, speakers, delegates, journalists, and even – during the brief period he was able to join the event – Australian cabinet minister and deputy leader of the government in the Upper House, Senator the Hon Stephen Conroy. (You may know him better as the chief proselytiser for Australia’s controversial internet filtering trials.)

Duck flaps his arms
Oh, and me. I was there too, wearing what I believe are called, in business English, multiple hats: vendor, delegate, speaker and panelist. To those four you can probably add: technosceptic and worrier-about-erosion-of-privacy, leaving me to claim the full quota of Six Thinking Hats promoted by that well-known American fellow.

I gave a talk on Cryptography and Malware, looking at the evolution of the sometimes ironic relationship between the use of cryptography as an anti-malware tool by the Good Guys, and its use for offensive purposes by cybercriminals. We started with Cascade, a virus more than 20 years old, and we finished with LuckySploit, a contemporary cybercriminal JavaScript toolkit which shamelessly thieves Tom Wu’s JSBN implementation of browser-based RSA encryption.

Er, ahem. I was also, if you don’t mind – and I certainly didn’t – the winner of the inaugural AusCERT Director’s Award for Individual Excellence in Information Security. Just days after my annual pay review was done and dusted. Such is life.

Duck looks quite pleased

Where was I? Ah, yes. The trade show booths. I don’t like to brag, as you can see above, but as the booths went, I think there was only one truly cool one. Sophos’s! We went for a Dr Who theme, courtesy of a marketing department which actually embraces sci-fi geekdom, and we had a cryptographic puzzle to go with it.

Marketing loves Daleks

Get the T-shirt, decode the URL, fetch the second part of the challenge, and from that solve the third and easiest part to claim a prize. Check it out. Don’t you wish you were there? Such an easy challenge. You could have solved it the first evening!

Yet only two of the three prizes were claimed. Some people offered “fatigue” as an excuse. Others simply admitted that when it came both to attending cocktail parties and to reverse engineering, they couldn’t cope with the dual-processing. (We’ll do another such contest at Ruxcon later this year, where we expect more determined multitasking.)

We had to resort to lottery to award the third prize. To add insult to injury, one entry was presented by a pair of solvers who had apparently heard only of the letter, and not the spirit, of endeavour. They simply took a photo of the T-shirt and outsourced the work via email to a colleague left behind at head office. Point of order: next year, bring your buddy along. He clearly deserves it.

Sonic screwdriver torch
So why not have a go at the puzzle yourself, starting from the T-shirt image above? We have five sonic screwdrivers, a.k.a. keyring torches, left over from the show. We’ll send one to the sender of each of the first five satisfactory answers emailed to

There aren’t really any rules, but my whim is final. Solutions which appear to be your own unaided work, which are amusingly explained, which don’t come from someone working for a computer security company, and which are toadyingly addressed to: Mr Paul Ducklin, WINNER, Inaugural AusCERT Director’s Award for Individual Excellence in Information Security, Sophos Pty Ltd, North Sydney, New South Wales, Australia, may be treated preferentially.

Thanks to AusCERT for a great conference. I hope to go next year. If so, see you there!