​72 Hours of Pwnage: A Paranoid N00b Goes to Def Con

by pieter1976on 8/19/16, 10:56 AMwith 45 comments
by wyldfireon 8/19/16, 1:31 PM

    > “Aren’t those the people who break into computers?”
    >
    > “Yes—also phones, cars, airplanes, and human bodies.”
    > 
    > “I thought that stuff was illegal.”
While I think they're truly innovative and inevitable, the advent of "secure CPUs" [1] over the last decade or two will eventually become the norm. And once they do -- lookout, brother. The woman who was having this conversation scoffs at how Def Con can even take place if the subject matter is what she thinks it is. In a short time, the computer attacks which cause embarrassing leaks and expensive losses will add up to legislators deciding something must be done. At that time, the number of us who will still like and prefer to be able to run whatever code on whatever processor we care to will be so small that it won't matter.

[1] by "secure CPUs" I'm referring to ones that support signed bootloaders, facilitating good things like more-difficult-to-pwn-by-attackers and bad things like DRM and limiting code to proprietary walled garden app stores.

by a2techon 8/19/16, 11:58 AM

He should have gone to BlackHat if he wanted to see anything really interesting. Def Con is mostly a big party with life style talks and people talking about old stuff.

Thats not to say there isn't neat stuff to do at Def Con (I've seen plenty of neat talks) but its mostly a big party. There's nothing really scary going on there.

by LeonMon 8/19/16, 2:39 PM

TL;DR: author did some gambling in casinos and got drunk in strip clubs, barely attended any talks because he doesn't understand the jargon, almost got pwnd by connecting to the wrong WiFi.

Not really worth the time to read.

by jjnoakeson 8/19/16, 12:01 PM

There ought to be a way, at the OS level, to configure a machine so no network traffic goes in or out over an unsecured link except for the VPN application's traffic.

Then, if you configure secure links to be WPA at work, WPA at home, and your VPN, there should be little risk to joining an open network to bring up a VPN.

by ianpurtonon 8/19/16, 1:55 PM

If you can't afford Def Con or can't be arsed then https://www.reddit.com/r/netsec is fun.

by cyphergon 8/19/16, 4:19 PM

Vegas smells like cigarettes and garbage. Skip the long lines and absurd Vegas expenses and watch the talks from YouTube.

by Pica_soOon 8/19/16, 2:36 PM

Venture there with just one piece of non-hackable soft and hardware - a key generator that renews its key every h. If you are the only holder and perciver of the key after the next hour while this laptop stays on the internet -the money on a anonymous account is yours. Else The money returns into the jackpot.

In greed we thrust.

by outworlderon 8/22/16, 5:41 PM

I can't find anywhere in the article that says those photos were taken with permission.

I was under the impression that photographs were not allowed.

by throwanemon 8/19/16, 4:49 PM

I see Defcon doesn't have quite as stringent a media policy as HOPE, which booted Vice in response to blatant violation of the signed-consent requirement.

by krupanon 8/19/16, 5:01 PM

First I've heard of demonsaw. I can't tell from quickly perusing the website. Is it open source? Has anyone tried it?

by brotosson 8/19/16, 1:58 PM

Really boring article