Kawaiicon (previouslyKiwicon) is aNew Zealandcomputer security conference held inWellington from 2007. It brings together a variety of people interested ininformation security. Representatives of government agencies and corporations attend, along withhackers.
The conference format allows for talks, informal discussions, socialising,key signing and competitions. Talks are of various lengths on a wide range of subjects, usually including a wide range of techniques for modernexploits andoperational security, security philosophy, New Zealand hacker history, relatedNew Zealand law, and a few talks on more esoteric topics.
Kiwicon was founded byAdam Boileau when the annual Australian computer security conferenceRuxcon was cancelled for 2007.[1] After ten annual conferences Kiwicon took a break in 2017;[2] in 2019 Boileau stepped down and the conference was relaunched in a "less elaborate" form as Kawaiicon.[3][4] After two conferences, Kawaiicon took a break[5] before announcing a return for 6-8 November 2025.[6][7]
The inaugural Kiwicon was held during the weekend of 17–18 November 2007 atVictoria University of Wellington. Approximately 200 people from the New Zealand security community (and elsewhere) attended the two-day event. Talk topics included: the psychology of user security errors,information warfare, hiding files inRAM, cracking withPlayStation,[8][9] and attacks on:kiosks, telecommunications company Ethernet, non-IP networks, and a serious Windows hole.[10][11][12]
Kiwicon 2k8 was held on 27 and 28 September, with an attendance of over 250 people. A broader range of attendees arrived, with presale tickets selling out before the doors opened. Attendees were greeted with an array of video phone captures proving the insecurity of video conferencing systems. Topics included:mass surveillance, usinghoneypots to detect malicious servers,physical security, usingsearch engine optimization to make websites disappear from search results,Bluetooth surveillance, Internet probe counterattacking, speed hacking, and attacks on: wired and mobile phone systems,biometrics,Citrix XenApp, andWindows Vista viaheap exploitation.[13]
Kiwicon 2k9 was held during the weekend of 28-29 November 2009 atVictoria University of Wellington for the third year running. The event sold out with an attendance of over 350 people. Talk topics included: professionalvulnerability research, identifying online identities usingBayesian inference,social engineering,radio sniffing, defending againstdenial-of-service attacks,Linuxrootkits, an introduction to theNew Zealand Internet Task Force, and attacks on: physicalaccess control systems,GPS,smart cards, shared hosting platforms,ActiveSync,iOS App Store,pagers,wireless routers, and scientific software.
Kiwicon IV was once again held on the weekend of 27-28 November 2010 atVictoria University of Wellington, and sold out even earlier than in 2009. The title was a play on the termFour Horsemen of the Infocalypse. Some talk topics included: a survey of unpatched devices connected to the internet, fastdata erasure,urban exploration,web scraping,wardriving withArduino, New Zealand's proposedSearch and Surveillance Act, and attacks on:RFID tags,Internet exchange points,Amazon Kindle,Microsoft Office andJavaserialization.
For its fifth year, Kiwicon took place on 5 and 6 November 2011, at a much larger venue, theWellington Opera House. The slogans and the date of the event referencedGuy Fawkes and theGunpowder Plot. Among the talk topics were: an example attack on a film studio, policinghacking from organised crime gangs,operational security, "cyberwarfare", New Zealand's newfile-sharing law,automated memory corruption exploitation,Mac OSrootkitting, and attacks on:NFC transactions,iPhones,Android, andgarage door openers.
Kiwicon 6 was on 17 and 18 November 2012, again at theWellington Opera House. Talk topics included:hacktivist communities, measuring security,security lifecycle, one-time audio passwords,Bluetoothsniffing,biohacking,[14]phishing, stealth web application reconnaissance, remote wipingsmartphones connecting toExchange,[15] a socialnetwork monitoring tool, and awardriving motorcycle. In reference to a joke from the previous year, a homebrew beer labelled "cyberwar" was given to volunteers and sold at the afterparty.
Kiwicon X was at the largerMichael Fowler Center with almost 2,000 attendees, on 15–18 November 2016. Talk topics included radiation-induced cryptographic failures, a story ofactive incident response against attacks onPacnet fromTelstra researchers, aphishing automation tool, benefits ofcontainers enabling an application to contain itself, the disconnect between security and business, spoofingGPS by changing the time, whymachine learning exploitation is good, a history oflockpicking, remote activation of swipe-card readers, and exploits for iClassRFID,GUIs,macOS,native web-based applications,PHP 7, insecurerandom number generation,Amazon Web Services, infrared devices,NodeJS, and HTML _blank.
On 29 August 2007 persons associated with Kiwicon used simple XSS attacks to spoof websites of news organisationsThe New Zealand Herald and New ZealandComputerworld. No actual pages on the servers were altered.[21] Similar attacks were performed in following years on different websites, but these went unreported, as is usual in mainstream press for such attacks.[citation needed]