DEFCON, the cash-only, aliases-welcome hacker conference took place in the moral vacuum of Las Vegas, Nevada this weekend, as it has every Summer since 1993. This year there was no shortage of controversial presentations and panel discussions. If you were short the airfare, the $150 entrance fee, gave up on the three hour line-ageddon to pick up your badge or – admit it – your boss (or spouse) just wouldn’t let you go, have no fear. The show was crawling with media, including computer security reporters and even the mainstream media (CBS and NPR were there). Here’s our round up of some of the major stories to come out of this year’s DEFCON conference.
The usual fare:
You know, DEFCON has been going on for almost two decades, and every year reporters come and file the same dumb stories on the lock picking contest and how “hackers hack hackers” on the Con’s network. We’re so glad to see that this year is no different, as the New York Times’ article on the “lock-picking” village” and this omnibus CNN story seem to indicate.
Social engineering:
The social engineering contest is a fairly recent addition to DEFCON – and a welcome one. There was some solid coverage of this year’s contest, which targeted the employees of various corporations by attempting to phish as much information out of them as possible. Oracle was the big winner, or loser depending on how you look at it, this year. According to a report from Reuters, one of the participants claims that purloining valuable data from Oracle was as easy as making a call, and masquerading as a member of that company’s IT department.
The good stuff:
The consensus opinion among reporters was that this year’s presentation by Moxie Marlinspike on the future of SSL certificates and authentication was excellent. Another interesting presentation on Web privacy that’s getting a lot of attention on news aggregation and social media sites is Michael “theprez98” Schearer’s “WTF Happened to the Constitution?” Of course, there was also a controversial panel discussion moderated by Threatpost’s own Paul Roberts (full disclosure: he’s my editor) on understanding Anonymous. The panel was supposed to include Aaron Barr, but he had to drop out at the last minute in the face of legal threats from his former employee and Anonymous plaything, HBGary Federal. For an insider’s take on the show, Kaspersky Lab experts, Tim Armstrong and Kurt Baumgartner each have interesting blog posts over on Securelist detailing a few of their favorite talks at this year’s DEFCON.
DEFCON: Bring the whole family!
If you were to rate DEFCON using the MPAA scale, it might have trouble getting to PG-13, with plenty of “mature language” and “subject matter” if not violence (against people, anyway) or sex (in public). But this year, organizers opened the door to the PG and G crowd for the first time with DEFCON Kids. The kids-only mini con, an analogue to the Hackid Con in Boston, drew more than sixty kids, Associated Press reported. DEFCON Kids included presentations and tutorials designed for and by the eight to 16 year old budding hackers. Among the children was a ten year-old girl calling herself CyFi who, according to a BBC report, discovered that manipulating the clocks on various mobile devices can open up exploitable loopholes.
If you are interested, there is a collection of presentations in PDF form here, and the word on the street is that these presentations will be getting posted to the DEFCON website (which was down at the time of publication) at some point in the near future.