Originally published at: http://boingboing.net/2017/07/25/attachments-are-somehow-ok.html
…
1 Like
Not a coder, hacker, or anything of that sort but i find the scene quite interesting. Some day i would like to hit up DEFCON but not being a professional i do not know if there is anything of interest to the layman. I do have a friend in Vegas who is going to school for coding, hacking and the like so i might have a chance to go some day, think it’s a bad idea?
And yes i’m aware of not bringing electronics to the convention, unless you want it compromised.
1 Like
Because everyone knows that email attachments are never an infection vector ಠ_ಠ
The funny thing is, the risks of these kinds of things are always there, being in proximity to a hacker convention certainly increases them a bit, but if you are planning to execute some kind of significant hack against a company, you’re probably going to launch it when their guard is down.
7 Likes
I’ve been, and it’s a great time. All you need is a little basic opsec and you’ll be fine. Most of the people you encounter are friendly and professional, and are there because of an academic and professional interest in computer security.
2 Likes
Neat 
I doubt i have any connections for getting in for free lol but hoping i’ll have a chance to attend in the future.
1 Like
Always kind of wanted to go.
I don’t think I would take any hardware or access any Web services that I wasn’t planning on burning at the end of the con, though… to the credit card.
(I’m not sure I would trust even an RFID card after walking into that hotel.)
2 Likes
Unless absolutely necessary for a job function, disable Wi-Fi.
But how will they function?
2 Likes
It would be very interesting to see a visualization of the “hacking” that occurs at DEFCON, as it’s difficult for the layman to read about it and know what’s being described. I know this would be a difficult task in and of itself, but I can only imagine that it would be very cool, as it always feels like I’m only seeing the tip of the iceberg.
1 Like
Occasionally some of the shenanigans bubbles up after DEFCON wraps up. Like casino electronic billboards being hacked and the like, or someone clever enough to hack airgapped laptops from other attendees, etc. Thus far all i’ve seen is the one internet connected aquarium at a casino being hacked.
1 Like
I’ve been to Defcon, and although I’m not in security, I have at least a primer in it via work and tinkering.
You’ll need some technical background to find the talks satisfying. But, I’ll be honest, it makes for great people watching. Not everyone knows this, but there’s 2 hacker cons that week: Defcon (the cheap, for-everyone con) and Blackhat (the expensive grownup con for people with security jobs).
Defcon is much more the shitshow with younger, mischievous folk with an axe to grind, or idle hands, wannabes, posers, script kiddies, etc… Blackhat runs something like $5k or $7k for a ticket, so it’s a huge barrier to entry and so it weeds out all those folks. At Defcon you’ll see a lot of people dressing up like you’d expect hackers in the movies to: wearing shirts or dresses with circuit board patterns, dyed hair, piercings, cool shoes, etc.
It’s a lot of fun, though. If you have some time off, and can afford the hotel prices I recommend going. Tickets are only on the order of a hundred bucks or something. And even if you can’t totally follow the talks, there’s a lot of cool stuff to see and do.
Last bit of advice, if you do go, keep your hands to your sides walking down the streets outside, or people will stick porn in your hands. That’s Vegas for you.
4 Likes
I lived in Vegas for some time so i’m familiar with the dumbass escort/stripper handouts. And no need for hotels for me since i have a few friends out there But thank you for your insight on the convention.
And yeah even if i could get into Blackhat for free i’m confident it’d all be wasted on me because i don’t have the necessary background to follow most of it so i have no aspirations for ever going to that lol. DEFCON seems more interesting to me anyway
1 Like
Agreed that Defcon is the place to be. I guess RE: people watching many of the Blackhat attendees stick around for Defcon. It is fun to pick them out of the crowd, or to just chat them up. Speaking of, there is frequently agents from various TLA’s there who want to stay current - - which is where the age old Defcon game of “spot the Fed” comes from. It is pretty good natured and said feds will cop and show their badge if a speaker calls them out in the audience.
And my God, the Defcon badges are sooooo cool. Mine from a few years ago you can solder ports on and it is a fully functional mini computer.
4 Likes
Some of the talks are definitely entertaining without the technical background: https://www.youtube.com/watch?v=1M73USsXHdc
2 Likes
I’d like to go, bring my PC and phone and see how they get hacked. Of course I’d remove all my important stuff.
If you’re interested in locksport or hacking consciousness, there’s some of that. But mostly it’s for coders and people who would like to be coders.
My strategy is to use a sacrificial laptop, which I wipe afterwards. Usually with dual-boot to windows and linux. I use no passwords that I’ve ever used anywhere else, and I don’t ever log into anything I care about from that machine.
If you use a cell phone and wanted to follow the same strategy, a cheap burner phone would be in order.
I think it increases my enjoyment of the event if I don’t have to care whether I am hacked or not, for example if somebody says they can remotely exploit a fully patched Windows machine I can say “here’s one, prove it!”.
DEFCON has had competitions in the past for hacking hardware. Xboxes, Nintendo consoles, Apple software or OS, etc. IIRC they’ve had ones to see who could hack certain things the fastest. I think it’s all really neat even though i don’t have the technical wizardry for it
Yeah, there’s always a Capture the Flag competition, and stuff like that.
Lots of interesting books and gadgets for sale, too, that you probably want to buy with cash.
1 Like
I suspect that the print peons are more concerned about the “my print job contains a totally hilarious application of the fact that PostScript is turing complete” types (who, while clever and not particularly malicious, will be responsible for the printer acting as a very slow NES emulator until somebody gets the print queue cleared, which will cause production to grind to a halt in a way that makes customers personally upset at them) than about the subtle-CC-skimming-malware types, who are a lot more dangerous to the organization; but have no interest in disruption or detection to that will be visible at the point of sale.
Hmm, PostScript for bitcoin mining… brb!
1 Like
That’s a pretty good point, and I’m pretty sure that this is more about reassuring nervous customers than anything else.
