Group News

Why you won’t find PSKL at ShmooCon this year

by on Jan.22, 2010, under Group News, Whining

Well, it’s that time of year again: ShmooCon is right around the corner. Unfortunately, after attending every single ShmooCon thus far (also presenting at two of them, not to mention the commercials we made), we’re not going to be there this year.

Our spirits have finally been completely broken by the travesty that is the ShmooCon ticket purchasing process. Every year was a battle, but we really really thought they’d have it worked out by now.

They haven’t.

We’re fed up and we’re simply not going.

Before I go any further, I want to get a few points out of the way. This entire diatribe is based on a few assumptions. If these assumptions are not correct (or if you simply don’t agree with them), don’t bother reading any more. Also, if somebody from the Shmoo group were to tell me that these assumptions are absolutely not correct, then the con is not what I thought it was and it is not for me.

Assumption 1: The Shmoo group would like to build a community around ShmooCon. A lot of familiar faces (both presenters and attendees) make this small con special. While we understand perfectly well that ShmooCon will go on happily without us, we’d like to think that we’re part of that community (and valued as such).

Assumption 2: The Shmoo group’s motivation for selling tickets the way they do is that they want to keep the price down and allow people of all income levels to attend. Their motivation is NOT to create ridiculously over-inflated demand, force people to hoard tickets so that all their friends can attend, and then have an ebay market created around the hoarded tickets that are left over.

We tried to get tickets this year at all 3 chances. Only one of us succeeded. Others were foiled by the crappy captcha system, the link showing up at random places on the page, coding errors on the website, and general problems just connecting to the site while it is being crushed by traffic. Some of these problems were documented here

Many people seem amused that acquiring tickets has become a hacking contest or even a lottery of sorts. We are not amused. Shmoocon should not be amused. We have jobs, we have lives, we don’t need more challenges just to get friggin’ tickets to attend a con we’ve been supporting for the past 5 years. So what are the real problems here?

There are many.

  • The Shmoo Group should just give up trying to run the ticket sales themselves. They don’t have the hardware, the expertise, or the attention to detail needed to make the process fair. Let professionals handle it.
  • The idealistic “we’ll keep the price down” philosophy goes against all the rules of supply and demand. The size of the venue limits supply to a level significantly lower than demand. This is not natural. Nature abhors this kind of inequity and it should be remedied.
  • If a group of people would like to attend, they have no choice but to have every member try to buy as many tickets as possible in the hopes that they’ll have enough total tickets once the dust settles. Usually they end up having a few too many and the extras end up on ebay. Tickets on ebay often sell for $300 to $400. ¬†Many people have figured out that proper hoarding of tickets + ebay sales ends up netting enough profit to pay for their own ticket along with travel expenses. This high-demand, high-profit market should not exist.

We’re not just about bitching, we’re also about solutions. So here are our pie-in-the-sky ideas to address the problems:

Option 1: The Shmoo Community

Each November, email the prior year’s attendees with a unique code. That code can be used one time within 30 days to purchase a barcode for the upcoming conference. The attendee can choose to pay either $150 for a normal ticket or $300 for the “I Love ShmooCon” package. Tickets that are not sold after 30 days go up on ebay. Profits go to ShmooCon, not to Joe Tickethoarder. Sure, some people would buy tickets using their code and then sell them on ebay…but at least they can’t buy a BUNCH of tickets and sell them on ebay.

This would ensure that a community builds around ShmooCon. The downside is that lots of people can’t get in..which brings me to:

Option 2: The Venue

The Wardman Park Mariott has been a great venue for ShmooCon, but the available space really limits the number of attendees. As I mentioned before, demand for tickets is significantly higher than supply. You can fix this in one of two ways: decrease demand (by raising the price) or increase supply (by changing to a larger venue). Personally, I’d like to see the venue grow rather than the price. I understand, however, the Shmoo group’s hesitance to do so. They have a good relationship with the WPM and the size is “manageable” for their staff. A larger venue would introduce a number of logistical nightmares they would rather avoid (this is an assumption on my part).

So raise the price.

Option 3: The Price

I know, I know. You want to keep the prices down. Honestly, all you are doing is making the profits bigger for the people who buy the cheap tickets and sell them on ebay for the REAL going rate….and forcing the stampede at ticket release time.

The problem is: you can’t have it both ways. You can’t have a limited venue AND get everybody in who wants to come. This is why they didn’t hold Woodstock at Radio City Music Hall. By holding the conference in a small-ish venue, you have CREATED the exclusivity. There is nothing wrong with exclusivity. Use it. Profit from it….and use the profits to make the Con even BETTER.

One way to find the REAL going rate of your tickets is to let the open market determine it. Just list ALL the tickets on ebay, in waves, and see how much they go for. I’m willing to bet they would go for $250-$300 on average. Certainly cheaper than they sell for now, and I’d feel more confident buying them directly from the Shmoo Group rather than some shady seller. There’s nothing stopping some sneaky ass from selling the same barcode over and over again on ebay (or barcodes from previous years)…might be happening right now. Nobody would know anything was wrong until all the buyers showed up at the Con and tried to get in.

I’m genuinely disappointed that we won’t be attending this year. We really like ShmooCon and we really like the people who make it happen. I hope that they can find a way to keep it the Con they always wanted it to be, yet still be fair to the people who are willing to pay to attend.

Feb 3 UPDATE: ShmooCon 2010 tickets have sold on eBay for as much as $667. The 20+ tickets I can see that sold on eBay since late January (as far back as their history goes) have sold for an average of $443.

2 Comments :, , , , more...

Our ShmooCon Barcode Shmarcode

by on Feb.06, 2009, under Group News

Here is a pdf of our Barcode Shmarcode for ShmooCon:


Leave a Comment more...

2009 ShmooCon Commercial

by on Feb.02, 2009, under Group News

We finally completed our 2009 ShmooCon Commercial… Check it out:¬†

Leave a Comment more...

Defcon 16: Medical Identity Theft

by on Aug.04, 2008, under Group News

PSKL will be preseting at Defcon 16 – hope to see you there.

Medical Identity Theft
Friday, August 8, 6PM
Track #4 ( Stay there.. same room as Hacker Jeopardy!)

Eric Smith
Assistant Director of Information Security and Networking, Bucknell University
Dr. Shana Dardan
Assistant Professor of Information Systems, Susquehanna University

In less than an hour, during a scheduled pentest, our team was able to retrieve 3.2 million patient insurance records from a HIPAA-compliant medical facility. Using these records, we could have generated counterfeit insurance and prescription cards which would pass muster at any doctor’s office or pharmacy counter. If you are one of the 47 million Americans with no health insurance or happen to have a medical condition you wished to hide from employers or insurers, would you consider purchasing falsified medical documents? Thousands of Americans have already said yes, without thinking twice about the victim of their victimless crime.

What happens to you if your medical identity is stolen? You may find yourself liable for thousands of dollars of co-pays, deductibles, and denied claims. Is this because you forgot to shred an important document? Did you fall for a phishing scheme online? Of course not — it was entirely outside of your control, and it happened because the current HIPAA regulations are insufficient to protect your medical identity.

In this talk, we’ll review the current state of HIPAA and other laws covering the security of your medical records, and discuss what changes need to be made, both in policy in practice, to shore up the security of our medical records.

Leave a Comment more...

Our Shmoocon 2008 Commercial

by on Feb.14, 2008, under Group News

Just in time for the con, check out our Shmoocon 2008 commercial:

Leave a Comment more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!