Friday 9 August 2013

Cyber security is a hangover in Vegas

DEF CON was founded in 1992 or 1993 by Jeff Moss (no relation) and is "one of the world's largest annual hacker conventions, held every year in Las Vegas, Nevada ... Many of the attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, and hackers with a general interest in software, computer architecture, phone phreaking, hardware modification, and anything else that can be 'hacked' ...".

Not to be confused with Black Hat Briefings, which was founded in 1997 by Jeff Moss (no relation) and is "a computer security conference that brings together a variety of people interested in information security. Representatives of government agencies and corporations attend, along with hackers. The Briefings take place regularly in Las Vegas, Barcelona, Amsterdam, Abu Dhabi and, occasionally, Tokyo. An event dedicated to the Federal Agencies is organized in Washington, DC ...".

Would you like to attend DEF CON? One young lady who attended this year gave an interview to BuzzFeed magazine that gives you a hangover just to read it: "... But I had a good time. It’s always a good time. As long as you remember most of it. Or maybe you don’t want to remember. It just kicks your ass. But once a year? It isn’t the worst thing for your liver".

She was interviewed because she was the only ovine who had appeared on the Wall of Sheep and was prepared to talk about it. The Wall of Sheep is where the DEF CON organisers display the logon IDs and passwords of everyone at the conference who has foolishly allowed themselves to be hacked.

The way our young lady put it, "... at past Def Cons, I didn't really have to worry about it, because someone else was always there to take care of it. When we would get close, he’d say turn stuff off, don’t let any of your wireless devices accept any open Wi-Fi or anything. Turn off Bluetooth, anything that connects to you. So I had someone watching out for me before, but since this was my first one on my own, I didn't take precautions".

"This 28-year-old graphic designer from Utah agreed to tell her story on the condition that we preserve her anonymity — or what remains of it", say BuzzFeed. Not a lot: "I got my alert on my cell phone [saying] that I was using too much data. I knew something wasn't right, so I started making changes when I could. I left on Saturday, so I spent most of that night and the next day cleaning up my accounts that may be associated. I totally got owned. It's just such a rookie mistake".

We might take more care of our livers but we, too, would "totally get owned" by hackers if the occasion presented itself.

Anyway, DEF CON is the nice conference and, in light of the Edward Snowden revelations, Jeff Moss (no relation) asked the feds to stay away this year. Which they did. They went to Black Hat instead, where General Keith Alexander, the Director of the NSA [National Security Agency] and Commander of the DOD's [Departent of Defense] US Cyber Command was the keynote speaker.

The general would probably have stayed away from DEF CON this year even if Jeff hadn't asked – he was keynote speaker there last year.

Presumably the feds and the hackers attend these events to size each other up. Maybe there's a bit of trading – you tell me how you did x and I'll show you how I do y. Who knows? One thing is clear, though – the rest of us haven't got a clue. Or a chance.

Hypothesis: when we hear that such-and-such website is secure, or this mobile phone operating system or that slab telecommunications facility, we might as well forget it. None of it is secure. Not for the general public. And don't you believe anyone who tells you otherwise.


Anonymous said...

I would certainly agree that "none of it is secure" (see here for more on this: - but perhaps the more interesting question now, is what do we do? I suspect the benefits from using software-based systems are just too great for us to stop using them, so we need some smart ways of protecting ourselves, even though the security has holes in it.

360digiTMG Training said...

You completed certain reliable points there. I did a search on the subject and found nearly all persons will agree with your blog.
best data science institute in hyderabad

Post a Comment