Tag Archives: DEF CON

Conference VOD: one half-decent thing we’ve gotten out of the pandemic

Posted on by
2

LAS VEGAS

The Black Hat security conference that wrapped up here once again left me wishing I could clone myself for a few days. Its info-dense schedule put as many as nine briefings in the same timeslot, requiring me to make some tough choices and hope that I’d picked a presentation that would yield enough news and insights to turn into an article.

(Spoiler alert: I did not always choose wisely.)

In the Before Times, the panels that I had to skip would have been lost to me until the event organizers uploaded video of them to Black Hat’s YouTube channel, often months later. But this year’s conference, run like last year’s as a hybrid in-person/online event, came with both streaming access to panels as they happened and video-on-demand playback 48 hours later for attendees.

This conference, unlike too many I’ve attended, also continues to post the presentations of speakers, so attendees don’t need to take pictures of every statistic-filled slide for posterity.

So I can treat my conference FOMO and see what I missed much sooner than I could have before. That’s one small side benefit of conferences having to make themselves open to remote attendees, a welcome democratization of events that in a better world would have happened without the pressure of a worldwide pandemic. It’s also personally convenient today because I’m already getting asked on Twitter about Black Hat briefings that I did not get to.

I do, however, still need to remember to catch up on these briefings before the 30-day window to watch them expires–the mistake I made last summer, when I had a much less busy schedule.

8/14/2022: I updated this to add a compliment to the Black Hat organizers for posting speakers’ presenations.

Advertisement

DVR debt, but for virtual-conference panels

Posted on by
4

For the past two months, I’ve been looking at the same five tabs left open in my Mac’s copy of Chrome. They’re all from Black Hat–as in, the security conference that happened online in early August, but which remains incomplete in my own viewing.

If this event had taken place in Las Vegas as usual, I would have watched almost all the talks I’d picked out from the schedule. That’s a core feature of traveling to spend a few days at a conference: All of the usual at-home distractions are gone, leaving you free to focus on the proceedings at hand.

Online-only events zero out my travel costs and offer the added benefit of vastly reducing the odds of my catching the novel coronavirus from a crowd of hundreds of strangers. But because they leave me in my everyday surroundings, they’re also hard to follow.

If I have a story to write off a panel–meaning a direct financial incentive–I can and will tune in for that. But for everything else at an online conference, it’s just too easy to switch my attention to whatever work or home task has to be done today and save the panel viewing for later, as if it were yet another recording on my TiVo. (Or to let my attention wander once again to Election Twitter.) It’s not as if other conference attendees will be able to note my absence!

So I still haven’t caught up with the talks at Black Hat. Or at the online-only DEF CON hacker conference that followed it. I haven’t even tried to follow the panels at this year’s online-only version of the Online News Association’s conference… mainly because I couldn’t justify spending $225 on a ticket when this conference’s usual networking benefits would be so attenuated. I feel a little bad about that, but on the other hand I also feel a little cranky about submitting a panel proposal for ONA 20 and never getting a response.

I would love to be able to return to physical-world events with schedules crowded by overlapping panel tracks that force me to choose between rooms. But there seems to be zero chance of them resuming in the next six months, even if a vaccine arrives before the end of the year in mass quantities. Web Summit, CES, SXSW: They’ll all be digital-only, happenings experienced only through a screen.

I should try harder to cultivate the habit of experiencing these virtual events in the moment, not weeks or months afterwards. Or at least I should try to catch up on the backlog of panels I’ve already accumulated. This last hour would have been great for that… except I spent it writing this post instead.

Update, 10/10/2020: It turns out none of those Black Hat panels were available for viewing anymore. Whoops! At least the tab bar in Chrome looks cleaner now, I guess.

Weekly output: network security (x2), election security, Google finding Apple’s bugs

Posted on by
2

Now it can be told: I spent all of the last two weeks on the West Coast, with my stay in Las Vegas for Black Hat and DEF CON sandwiched inside time with my in-laws in California. That let me have a much shorter trip to and from Vegas and then segue from WiFi security to a little wine tasting and, more important, a lot of napping.

8/12/2019: WiFi can be a free-for-all for hackers. Here’s how to stop them from taking your data, USA Today

I e-mailed this to my editor with the following note: “I’m sending this over the DEF CON conference WiFi, so if you only see pirate-flag emoji I trust you’ll call or text to warn me.” If you don’t want to read all 600-ish words in this piece, the top three are “encryption is your friend.”

8/12/2019: This tech could secure voting machines, but not before 2020, Yahoo Finance

One of the big reasons I decided to stick around Vegas for DEF CON–even though it meant I’d have to pay $300 in cash for that conference badge–was the chance to see the exhibits and presentations at its Voting Village. The proceedings did not disappoint, even if a DARPA demo from a project with the delightful acronym of SSITH is far from yielding shipping voting hardware.

8/12/2019: Google got Apple to fix 10 security flaws in the iPhone, Yahoo Finance

Black Hat offered a two-course serving of Apple-security news. Its first day featured a briefing from Google Project Zero researcher Natalie Silvanovich about how her team uncovered 10 serious iOS vulnerabilities, and then its second day brought a talk from Apple security-engineering head Ivan Krstić that ended with news of a much more open bug-bounty program.

8/14/2019: This Morning with Gordon Deal August 13, 2019, This Morning with Gordon Deal

I talked about my USAT column on this business-news radio program; my spot starts just after the 13th minute.

Weekly output: wireless service, Gmail phishing, social-media disinformation, DNA tests

Posted on by
Reply

I spent most of this week in Las Vegas for the Black Hat and first DEF CON security conferences. I knew Black Hat from last year, but covering its sponsor-free, community-run counterpart for the first time left me feeling overwhelmed at how much of it I’d missed after just the first day. The Flickr album I posted earlier today may give you a sense of that fascinating chaos.

8/7/2019: The Best Cell Phone Plans, Wirecutter

This update took longer than I thought it would, but it now benefits from a simpler set of usage estimates that better align with how much data most people use. This guide also features new recommendations for value-priced service and shared-usage plans.

Fast Company Gmail-phishing post8/8/2019: We keep falling for phishing emails, and Google just revealed why, Fast Company

I wrote up a Black Hat talk that revealed new insights about why people fall for phishing e-mails and reinforced old advice about the importance of securing essential accounts with the right kind of two-step verification.

8/9/2019: Fake calculations… an electronic weapon in the hands of autocratic government, Al Jazeera

I took part in an episode of AJ’s “From Washington” show with Ryan Grim of the Intercept and my former congressman Jim Moran (D.-Va.), discussing disinformation campaigns on social media. At one point, Moran paused to say “Ryan and Rob are extremely intelligent and informative,” which I trust was equally effusive overdubbed into Arabic. The conversation later pivoted to the political scenario in Sudan, a topic I am maybe as prepared to discuss as any regular reader of the Washington Post’s A section.

8/10/2019: DNA Test Kits: Everything You Need to Know, Tom’s Guide

In this first post for a new client, I went about 2,000 words into the weeds on the privacy, legal and mental-health risks of taking DNA tests that may create facts you’d wish you could uncreate. That’s not my last post on DNA testing for Tom’s Guide, so if you have questions I didn’t get to in this feature, please ask away.

This is the most interesting conference badge I’ve worn

Posted on by
4

LAS VEGAS–I’ve spent the last two days wearing a circular circuit board topped with a slab of quartz, which is not just normal but required behavior to attend the DEF CON security conference here.

DEF CON 27 badgeI had heard upfront that DEF CON badges–available only for $300 in cash, no comped press admission available–were not like other conference badges. But I didn’t realize how much they differed until I popped the provided watch battery into my badge (of course, I put it in wrong side up on the first try), threaded the lanyard through the badge, and soon had other attendees asking if they could tap their badges against mine.

These badges designed by veteran hacker Joe Grand include their own wireless circuitry and embedded software that causes them to light up when held next to or close to other badges. As you do this with other attendees of various classes–from what I gathered, regular attendees have badges with white quartz, press with green, vendors with purple, and speakers with red–you will unlock other functions of the badge.

What other functions, I don’t know and won’t find out, as I’m now headed back from the event. That’s one way in which I’m a DEF CON n00b, the other being that I didn’t wear any other badges soldered together from circuit boards, LEDs and other electronic innards.

(Update: Saturday evening, Grand, aka “Kingpin,” posted detailed specifics about his creation, including source code and slides from a talk I’d missed.)

You might expect me to critique the unlabeled DEF CON badge for flunking at the core task of announcing your name to others, but forced disclosure is not what this event is about–hence the restriction to cash-only registration. And since I have mini business cards, this badge met another key conference-credential task quite well: The gap between the circuit board and the lanyard was just the right size to hold a stash of my own cards.

Weekly output: Facebook customer dissatisfaction, Facebook meddling in the Middle East (x3)

Posted on by
Reply

Tuesday has me departing for Las Vegas for the Black Hat and DEF CON information-security conferences, aka Hacker Summer Camp. In addition to the usual risk of getting pwned, this year I and other attendees will also have to deal with a plague of grasshoppers.

Yahoo Facebook ACSI post7/30/2019: Study shows Facebook’s customer-satisfaction scores plunging, Yahoo Finance

A new survey from the American Customer Satisfaction Index showed people’s contentment with Facebook plummeting to depths you could call Comcastic–except the cable company still rated lower in ACSI research earlier this year. If this post seems somewhat familiar, you may remember me writing up a similar set of ASCI findings in 2010. The issue of what we’ve learned about Facebook in the intervening years is left as an exercise for the reader.

8/1/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

The Arabic-language news channel had me on air live–twice in this day–to talk about Facebook’s announcement that it had booted hundreds of accounts and pages run out of Saudi Arabia, the United Arab Emirates and Egypt for “coordinated inauthentic behavior,” its phrase for disinformation campaigns.

8/2/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

Saudi Arabia misbehaving on social media put the Qatari network into flood-the-zone mode–not difficult to understand, given the enmity between the kingdom and Qatar–and so AJ had me on for a second day in a row to talk about this story. If you don’t care about Gulf politics, please consider that the Facebook-meddling move here of impersonating local news sources could work in the many U.S cities and towns now starved for local news coverage.