What I learned about being a better developer from hackers at Kiwicon

Psoda blog author avatar
23 November 2016

Having only recently entered the workforce as a developer, I didn’t quite know what to expect when I arrived at Kiwicon X in Wellington last week.
After all, this was going to be my first ever conference and going to New Zealand’s top hacker’s conference is certainly a great place to start.
Walking through the doors of the Michael Fowler Centre, I was immediately awestruck – the conference hall was filled with lasers, flashing lights, fire and music. What a welcome!
But it wasn’t all smoke and mirrors – we soon got the hear some really interesting and well-presented talks on a wide range of different subjects.
One of the presentation I really enjoyed was “Pwning ML for Fun and Profit” by Davi Ottenheimer.
It certainly addressed points about machine learning I had never thought about or knew, such as how search-engine algorithms can actually reinforce bias – and learn from people’s negative perceptions. Davi shared the example of how the search term “professional hair” mostly served up images of white women, while “unprofessional hair” showed images of black women. This glitch is meant to be have been fixed, but testing this still showed similar results. Although media coverage of the issue might now be skewing the results.
This talk reinforced for me that you cannot just write algorithms and let them run unmonitored. As much as machine learning can make algorithms smarter, you still need to keep an eye on them to make sure they do the right things.
Another talk that stood out for me was antisnatchor’s “Practical Phishing Automation with PhishLulz” presentation.
He spoke about how some of the tedious parts of phishing attacks, like frameworks or scripts, could be automated, using a tool like PhishLulz.  It was really eye-opening and a little bit scary to see how easy it is for hackers to automate so many aspects of creating and executing phishing attacks, so they can spend more time developing more sophisticated exploits.
And then there were the hackers who nearly electrocuted themselves to show how they could hack into secure doors. That was a definite “don’t try this at home” moment!
Overall what Kiwicon taught me as a junior developer was just how many flaws there can be in a system which people can easily get around. It reminded me that you have to be really vigilant when it comes to the security of what you’re creating – you need to be very aware of all the possible vulnerabilities.
In all, my experience at Kiwicon X was pretty awesome. I was surprised at the number of people at the event – 2000 people, and was pleased to see a good mix of men and woman of different ages.
Sadly, this seems to be the final Kiwicon after running for 10 years, as suggested in this cryptic tweet from the organisers:

This would be a great loss for the New Zealand developer community and me personally, as I was already looking forward to going along again next year.
Chelsea Campbell is a junior developer at Psoda. She joined the team in 2016 after graduating with a Bachelor of Information Technology from Whitireia. She is interested in a career in web development, and unlike the rest of the team is not a coffee drinker – but has been accepted into the Psoda family all the same!

Leave a Reply

Your email address will not be published. Required fields are marked *