Advice for a Defcon Virgin

21 Jul 2009

defcon_banner

This year will be my very first year attending the Defcon conference over in Las Vegas, Nevada and I am very excited. To make the experience just perfect, I am asking for advice in many different places and compiling what I learn here. I will also do a postmortem to evaluate what was the most useful advice at the end of the event. So let me know what I should bring and what I should leave at home and what I should do to prepare in the comments section. ; )

Tips for attending a Defcon convention/ event

“wear good shoes… Drink lots of water :)” – @etcpasswd
“bring $120 cash for admission” – defcon faq page
“Don’t use unknown or unencrypted (WEP counts as unencrypted) WiFi APs” – frgtn
“Use encryption everywhere (SSH/SSL)” – frgtn
“Do not, I repeat DO NOT log into your blog or twitter over an unencrypted connection” – frgtn
‘don’t lick the strippers” – @attritionorg
“Use VPN to connect to a secure server (always check certificate when connecting)” – frgtn
“Check what services your MacBook provides to the network and disable everything you don’t need (you don’t need SSH in there for sure)” – frgtn
“Backup your computer and wipe it clean. Turn on firewall, use a really secure password and don’t connect to wifi” – Jesse Cole
“If possible, don’t even connect directly to your own server, even through SSH. Set up a Dreamhost account or something and tunnel the SSH through there. By making a connection of any kind to your own server, you’re pointing to it as a potential target!” – Greg Hewgill
“Stop by the pharmacy store on the corner and buy one of those cheap 5 dollar Styrofoam ice chests. Then hit the refrigerated section and get your favorite lunch meats and cheeses. After that get bread, chips, peanut butter, or whatever else you would like for lunches or dinners. Feel free to get milk and cereal for breakfast or my favorite pop tarts! You can fully stock your ice chest for fewer than fifty dollars. Trust me you can spend fifty bucks before lunch is over if you eat in or around the hotel. Also forget about buying ice. You will have an unlimited supply from the machine just down the hall from your room. If you arrive on Thursday be sure to check out the Toxic BBQ, It is a great deal and a great place to meet people.” – Douglas Hutsell
“You will find that as the conference goes on, the prices will start falling. In fact you will notice a significant difference on Sunday as the vendors are trying to sell off everything they brought. Keep an eye on the prices and apparent inventory on the items you are looking for. If there is something you absolutely must have then don’t wait too long to purchase it. However if there are some items that would be “nice to have” then you might wish to wait a while and see if the price drops. If you miss out you might talk to the vendor and work out a deal or a special on something else. You can also most likely buy the item from at a similar or in some cases even lower price online at their website. If you are looking for shirts and hoodies to wear at the conference, you will want to get those as early as possible as the larger sizes tend to run out. If you are a healthy larger man I would suggest making it your first item of business after getting your badge.” – Douglas Hutsell
“Plan out your expenses for the day and try to keep on you only what you planned for. This will make you think twice about spending what you did not intend to if you are forced to march all the way back up to your room.” – Douglas Hutsell
“Take the time to meet people starting with the toxic bbq and have fun” – @brennentom
“Use a disposable email address when passing it out to vendors for free stuff” – Me ; )
“To be ultra-paranoid, configure your firewall to drop all outging traffic and only allow stuff that you explicitly want, and that you’re sure is either encrypted or not sensitive. For example, it’d suck if you logged in to your machine and your AIM client decided to connect, promptly sending your password in clear text.” – derobert

vagas

A list put together by Chief over at http://it.toolbox.com/

Hit registration early
Go to every vendor display and drop a business card or let them scan your badge. Free stuff galore.
Don’t be afraid to leave a session and go to another. Just be courteous, quiet, and turn your cell phone to vibrate. PLEASE.
Do a periodic smell check. If you start smelling ‘not so fresh’ please return to your room and freshen up. Everyone around you will appreciate you
Attend the social functions
Take lots of notes and learn.
Guard your badge with your life. You lose it and it’ll be $100 to replace it. No kidding.
Buy lots of swag. DefCon has THE coolest swag.
Pick your sessions ahead of time and don’t be late if you actually want a seat.
Make new friends, you’ll never find people in the outside world like you’ll meet at DefCon.
Watch your alcohol consumption.
Don’t hack the ATM machines in the foyer.
Don’t steal other people’s stuff. The Goons will introduce you to the parking lot face first. (The reporter got off easy).
Bathe!
Wear shorts. Unlike Caesar’s, the rooms get a bit hot.
If you dare take pics, respect others and don’t get close shots of faces. Better yet, if you are with the press get a press pass. They are really nice about press passes. Not so nice about people that skirt press passes. I don’t blame them.
The vendor area is a great place to talk shop. Strike up conversations. You might get a great deal.

10 Tips for iPhone Users at DEFCON 17

provided by the iPhone Dev Team at http://wikee.iphwn.org/howto:iphones_at_defcon

This week, MuscleNerd and a few other unnamed dev team members will be at DEFCON 17 in Las Vegas. We’ll of course be carrying our iPhones on us like last year. Bringing an iPhone to a conference packed with hackers has both benefits and risks. Here are 10 tips for iPhone users at a hacker conference (or any technical conference). Most of these tips apply to jailbroken devices, but some also apply to stock devices too.

Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like twitter.com) to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you’ll end up on the Wall of Sheep. But you’ll be giving up your password to anyone else sniffing too.
Consider not using the hotel or conference wifi at all, especially if you’re getting 3G speeds anyway. Do not have your iPhone auto-connect to known networks. If you’re bringing a Mac to the conference and you use wifi, at least set up your firewall properly. Turn off everything in Settings→Sharing. Then in Settings→Security→Firewall, click “Set access for specific services”→“Advanced”→“Enable Stealth Mode”.
Learn how to use tethering to avoid wifi on your laptop altogether (and any hotel wifi charges too). By the way, the conference wifi generally doesn’t reach up to the hotel rooms, and vice versa.
If you’re avoiding wifi, consider buying 3G Unrestrictor in Cydia. It tricks applications that would otherwise insist that you be on wifi into using your cellular data network instead. Such apps include Skype, Slingplayer, iTunes, and many others.
Change your root and mobile passwords. Everyone’s iPhone starts off with the root and mobile password of “alpine”. You really don’t want to be in a hotel full of hackers who know your root password. You probably don’t need ssh access to your iPhone at the conference anyway, so uninstall it or toggle it off using SBSettings.
The above tips all apply at the McCarran airport, too. Don’t let your guard down on Sunday after the conference ends, since many of the people around you waiting for their flights out of Las Vegas will have just come from the conference too.
The conference events last from morning through well into the night. If you have firmware 3.0 on your iPhone and both bluetooth and wifi are enabled, you’ll very likely deplete your battery before the day is done. There are power outlets in each of the conference rooms, but those are often the first spots taken (especially late in the day). Consider disabling bluetooth and wifi if only for battery consumption reasons (and maybe even rollback to 2.2.1 ).
The “Hack the Badge” contest is a very fun event lasting the whole conference. If it’s anything like last year, the Hardware Hacking Village will be packed all weekend long with tinkerers trying to make their badge do cool and unexpected things. Kingpin has released very limited info about this year’s badge (to make the contest more exciting), but one thing he has revealed is that it will use a simple 3-wire serial interface. On the conference forums, he’s recommended that you bring your own level converter to make the serial voltages compatible with your laptop. But if you connect your badge to your iPhone’s serial interface, you won’t need a level converter. It’s already at the correct voltage.
The official twitter tag is #defcon. So fire up your preferred iPhone twitter client (for example, Tweetie) and add #defcon as a saved search. And don’t forget to use that tag yourself when you tweet about something at DEFCON.
There are several talks that may interest iPhone and Apple owners in particular. Scanning the talk titles reveals things like “Hacking the Apple TV”, “Is your iPhone Pwned?”, “Jailbreaking and the Law of Reversing”, “Hacking with the iPod Touch”, “Attacking SMS. It’s No Longer your BFF”, and “Runtime Kernel Patching on Mac OS X”, For hardware tinkerers, any talk with Chris Tarnovsky or Kingpin is a guaranteed winner. The iPhone Dev Team gave a talk at 25C3 in December but isn’t presenting anything at DEFCON 17. We have a talk planned for HAR 2009 in a few weeks.

http://www.flickr.com/photos/sophistechate/ / CC BY-SA 2.0

http://www.flickr.com/photos/a4gpa/ / CC BY-SA 2.0