Rubi Con 2000

Scavenger Hunt

The enormous participation in, and enthusiastic (not to mention creative) following of last year's scavenger hunt made it clear what we must do this year: cooler prizes and stupider items. Last year the list consisted mostly of impossible-to-attain items like David Bowie and a bad Tool song. This year we take it one step further with intangible, metaphysical concepts: God, luck, lobster. Good luck finding my homuculus.

The rules are simple: the scavenger hunt continues through the entire weekend, or until most of the players get arrested. Run frantically through the hotel, airport, and surrounding communities stealing items on the attached list. Point values are intended to reflect the item's difficulty and/or inherent significance. Winners will be decided by total points and by how much creative cheating and/or conniving was used. Teams and groups are encouraged, although those lucky enough to be listed as a scavenger hunt item may not participate. Sorry, but them's the breaks.

Prizes will be awarded to the winning individual or team during closing ceremonies on Sunday. Last year we gave away a big box of Evil's porn. This year we found something even more tasteless and embarrassing. Eligibility of individual items is subject to our judges wrath. Please don't get caught breaking any laws, and if you do, don't mention Rubi Con.

The official list will be released at the con. This contest will be ongoing throughout the weekend, and will end just before closing ceremonies on Sunday.



Shamelessly plagiarized from a certain unnamed Las Vegas hacker con, but with less alcohol. Three teams of three contestants will compete against each other as our Quiz Master asks bizarre questions about Stalin-era Soviet doctrine and obscure mathematical concepts. Right answers are worth a certain amount of points. Wrong answers are worth public ridicule. At the end of it all, the team with the most points wins fabulous prizes.

Questions were written by 'con organizers and reflect their own petty idiosyncrasies and casual understanding of art, history, science and culture. Beware the Latin questions! Because none of our answers have been checked for accuracy, you may help yourself by answering not with what you think is correct, but with what you think the question writers think is correct. As a matter of practice, only those answers predetermined by the organizers will be accepted. Judges will decide special cases.

We begin Saturday evening at 21:00 hours. There will be three separate bouts of one round each. None of that double jeopardy nonsense. You are encouraged to sign up in advance, but any team vacancies will be made up from the audience. Helpful hits for participants: brush up on your Jung knowledge and Bjork, Portishead, and Cibo Matto trivia.


Spot the Ron

Con co-founder Ron Ulko is wondering about the building. If you think you spot him, point your finger accusingly and shout for all to hear, "Ron, Ron! That guy's Ron!" Alert an organizer and begin the deductive process. Often, Ron will admit to being who he is after little cajoling. If it can be verified that you did spot Ron, he confesses or some other evidence is available, you will get a swanky "I spotted Ron" t-shirt and be the envy of your peers forever. Ron will get an "I am Ron" t-shirt to wear around the assembly plant or to use while getting into automobile accidents.


Capture the Flag

The goal: Own boxes. Defend boxes. The Red Team of hackers throws everything it has against the Blue Team of defenders, and everyone struggles for the adoration of their peers. You pick a side, attackers or defenders, Red or Blue, and fight for glory and honor. This is considered a team event, but most players are expected to be solo. In other words: you have a "side" to fight for, but broad strategies or maneuvers across the entire team will be considered unnecessarily complex and are unadvised.

We will put up a handful of "Blue" boxes to be hacked, and all sysadmins in attendance are invited to join us by adding their own servers to the mix. Come and show off your elite security kung fu, and show that damn Red Team what it's all about. The Blue Team has it's own IP range, so you must sign up to play.

Red Team members must sign up to get in the Red IP. Torment the Blue Team with you elite hax0ring, and impress the ladies by taking down boxes with a k-leet mouse-behind-the-back trick shot.

The rulez:

1) To participate, your box must be running a "useful" service of some kind (smtp, pop, http, ftp, sniffing, etc.). People must be able to use said service and/or get an account upon asking the admin. This only applies to the Blue Team.

2) You must provide some kind of evidence to the Korps that you did indeed own a box.

3) Firewalls (dumb or otherwise) in front of your box are acceptable. However, you will automatically lose one point if you put one up.

4) Korps must be able to inspect your box (and, if warranted, be provided supervised root access) to see if it has been owned. You may be woken up OR asked to desist.

5) You can't take your own box down for more than 5 minutes. If you do, you will not qualify for the 2 points in that 12 hour period.

6) Blatantly shameless and stupid attacks on a box (that work) do not count. This includes hacking from the console or firing powerful EMP weapons at the machine.

7) If you wish to participate, contact a network administrator. You will be given an IP address within a range set aside specially for the two teams. Hacking a computer outside that range is considered malicious, is worth 0 points, and may get you a smack upside the head.

8) Participation gives explicit consent to full monitoring and logging. Likewise, network logs will be released at the end of the conference.

9) Participation gives explicit consent to unauthorized entry and manipulation/destruction of data on your machine. Be prepared to completely wipe and reinstall the box afterwards, and don't, for God's sake, leave anything important on it.

10) Blue Team members will automatically start out with 2 points if they are running a Microsoft OS or a Microsoft product as an integral part of the system.

11) The Blue Team may patch their box while the game is in progress. However, all modifications must adhere to rule 5.

Blue Team:
2 points: every 12 hours that box remains secure
-1 point: website defaced
-1 point: denial of service attack succeeds, unauthorized use of resources (ex: mail relay), hacker creates new user account, hacker is able to save a file on the server
-2 points: hacker gets elevated access (non-root)
-2 points: server is spoofed or redirected
-4 points: hacker gains root/administrator/supervisor access and the admin knows how
-5 points: hacker gains root/administrator/supervisor access and the admin does not know how

Red Team:
5 points: root access on non-MS box
4 points: administrator access on MS box
2 points: spoof or redirect server
2 points: elevated access (non-root)
1 point: save file on server, unauthorized use of resources (ex: mail relay), create new user account, deface website
-2 points: denial of service attack that does not ultimately result in elevated access (as FBI agents may be standing over your shoulder, you are discouraged from attempting DoS attacks)