This week I'm taking a break from my current series of top 10 web application vulnerabilities. Instead, I'll be talking about my experiences at ShmooCon (http://www.shmoocon.org/), an annual IT security conference in DC that has a very similiar feel to the (in)famous DefCon. As usual, ShmooCon was a whole-weekend experience, with lots of things going on besides the official talks: many different contests, vendor booths, lock-picking tutorials, you name it... Throw in about two feet of snow that fell in DC the Saturday of the con, and things start becoming even more interesting! In fact, I was very lucky to get out of town on Monday thanks to a fellow CapTecher who was headed back to Richmond by car.