Via You Tube
DEF CON is the world's largest hacking conference, held in Las Vegas, Nevada. In 2012 it was held for the 20th time. The conference has strict no-filming policies, but for DEF CON 20, a documentary crew was allowed full access to the event. The film follows the four days of the conference, the events and people (attendees and staff), and covers history and philosophy behind DEF CON's success and unique experience. Written by Jason Scott
Thursday, August 15, 2013
What is Def Con?
Lately I have been posting computer related posts, Def Con & Are We that Naive. These posts are related to the security conference I did attend. For those of you reading and wanting to know what is Def Con they have put out a Documentary on what Def Con is all about. Today's post is to educate you on what is Def Con. Enjoy.
Wednesday, August 7, 2013
Def Con 21
Def Con 21
 |
| Photo by Jason Miller - Welcome to DefCon 21 Banner at the Rio Hotel |
 |
| Photo by Jason Miller - In Human Registration at the Rio Hotel |
Last year I told myself I was going to attend Def Con. I was so intrigued by the following subjects: hacking, black hat's vs white hat's, exploits(system or browser), and just all the cool stuff that you can do to a computer. I wanted to feel and see the pulse of the info sec community. Well one thing lead to another and I missed Def Con 20. How heartbroken I was but not this year. Def Con 21 would not be missed.
This year I made a conserted effort to attend Def Con and it was an amazing first experience. Before I get into my experience I was warned to watch out for people doing bad things at this conference. Watch out for people putting micro cell towers in their pockets, checking email on the secure or insecure wireless networks, turn bluetooth off on your devices, turned wifi off on your devices for that matter, and never let anyone try to use or put a USB stick into your computer. Needless to say I was worried however I also knew that only someone clueless to security would make these types of mistakes at this type of conference. These mistakes are something I didn't make and was glad to see the conference this year.
I decided to attend this conference because I am at a point in my career where I need to decide if infosec is a career I should pursue. I know that infosec is always changing which makes it fun and challenging however I do not know what entails being in infosec. I have been told by family, friends and co-workers that infosec would be a great career choice but I needed to see for myself. I have taken Ethical hacking Classes as well as Firewall and Forensic courses in school, which have been the most interesting. Even though they were the most interesting doesn't always mean it is a great career choice. I am huge enthusiast of hacking/pentesting and I feel it is something I will be good at after some practice. Def Con was the obvious choice to see if this field is for me. Here is my compact two day experience with community of Def Con.
Day 1
I got my badge! There are contest to solve the crypto that comes with the badge but not skills are not advanced enough to solve this puzzle just yet.
I went to the Keynote, Torturing Open Government Systems for Fun, Profit and Time Travel, Backdoors, Government Hacking and the Next Crypto Wars, and Evil DoS Attacks and Strong Defense to name a few. All of these talks were good talks and every interesting. The Keynote was a great intro to the Def Con crowd with numerous interruptions of "Why are you here", "Lies", and "The Government sucks." It was a great time. I met numerous people who were in the security field and who were just "there." Needless to say there were some amazing speakers and some speakers that lacked but overall it was a great intro to the world of security and hacking.
There were also numerous things besides the talks to attend: Hardware Hacking Village, Locking Picking Village, Wireless Village, & Tamper Evident Village. I stopped into some of the Villages but did not stay long. I was on the mission of attending talks versus going to the villages and participating in the extracurricular activities.
Another interesting point of day 1 was seeing the pro ACLU response to privacy rights and the EFF support. I have no followed these organizations closely regarding privacy however people are very passionated about these organizations. It opens my eyes to the organizations fighting for online privacy for all.
Day 1 was a good day.
Day 2
I was worried about the talks of Day 2 because after reading the title of the talks I was left much to be desired. However in retrospect the talks of day 2 turned out to be a intriguing day. Talks ranged from From Nukes to Cyber-Alternative Approaches from Proactive Defense and Mission Assurance, The Politics of Privacy and Technology: Fighting and Uphill Battle, Stalking a city for Fun and Frivolity, and Safety of the Tor Network: a Look at Network Diversity, Relay Operations, and Malicious Relays to name a few. Two talks stuck on my mind after leaving day 2; Tor & Stalking a city for Fun and Frivolity. The Tor Project protects users who want to browse online in privacy. Tor left me thinking about internet censorship and who are we as a people to censor the internet. However when it comes to morale items say "child porn" do we sensor the internet? It was a mixed bag in the room but it does make you think and wonder about internet censorship. Stalking a city for Fun and Frivolity was an amazing talk about how a small $57 device can allow you to stalk anyone you want. You can find out all the digital information you want because people just are not cognitive or care about what they do on public wifi. Like an Ice Cube song says "Today was a good day."
I missed Sunday due to having to catch a flight back home but next year I plan on being in Vegas for the entire conference. As a first time Def Con attendee it provided valuable insight into the hacking world with a chance to test my morale compass. It left me with a thought of Erik Snowden, Bradley Manning, The Jester, Anonymous. Are they doing good for the country and people in general or are they causing more problems. White hat or black hat is the question that I wonder about after attending this conference. This conference has taught me that not everyone is bad and people are breaking stuff but breaking it to fix a vulnerability for everyone as a whole. Def Con has a left an impression on me that can never be undone. Do you think you will ever attend a security/hacking conference?
I decided to attend this conference because I am at a point in my career where I need to decide if infosec is a career I should pursue. I know that infosec is always changing which makes it fun and challenging however I do not know what entails being in infosec. I have been told by family, friends and co-workers that infosec would be a great career choice but I needed to see for myself. I have taken Ethical hacking Classes as well as Firewall and Forensic courses in school, which have been the most interesting. Even though they were the most interesting doesn't always mean it is a great career choice. I am huge enthusiast of hacking/pentesting and I feel it is something I will be good at after some practice. Def Con was the obvious choice to see if this field is for me. Here is my compact two day experience with community of Def Con.
Day 1
I got my badge! There are contest to solve the crypto that comes with the badge but not skills are not advanced enough to solve this puzzle just yet.
 |
| Photo by Jason Miller - Human Badge at Def Con 21 |
I went to the Keynote, Torturing Open Government Systems for Fun, Profit and Time Travel, Backdoors, Government Hacking and the Next Crypto Wars, and Evil DoS Attacks and Strong Defense to name a few. All of these talks were good talks and every interesting. The Keynote was a great intro to the Def Con crowd with numerous interruptions of "Why are you here", "Lies", and "The Government sucks." It was a great time. I met numerous people who were in the security field and who were just "there." Needless to say there were some amazing speakers and some speakers that lacked but overall it was a great intro to the world of security and hacking.
There were also numerous things besides the talks to attend: Hardware Hacking Village, Locking Picking Village, Wireless Village, & Tamper Evident Village. I stopped into some of the Villages but did not stay long. I was on the mission of attending talks versus going to the villages and participating in the extracurricular activities.
Another interesting point of day 1 was seeing the pro ACLU response to privacy rights and the EFF support. I have no followed these organizations closely regarding privacy however people are very passionated about these organizations. It opens my eyes to the organizations fighting for online privacy for all.
Day 1 was a good day.
Day 2
I was worried about the talks of Day 2 because after reading the title of the talks I was left much to be desired. However in retrospect the talks of day 2 turned out to be a intriguing day. Talks ranged from From Nukes to Cyber-Alternative Approaches from Proactive Defense and Mission Assurance, The Politics of Privacy and Technology: Fighting and Uphill Battle, Stalking a city for Fun and Frivolity, and Safety of the Tor Network: a Look at Network Diversity, Relay Operations, and Malicious Relays to name a few. Two talks stuck on my mind after leaving day 2; Tor & Stalking a city for Fun and Frivolity. The Tor Project protects users who want to browse online in privacy. Tor left me thinking about internet censorship and who are we as a people to censor the internet. However when it comes to morale items say "child porn" do we sensor the internet? It was a mixed bag in the room but it does make you think and wonder about internet censorship. Stalking a city for Fun and Frivolity was an amazing talk about how a small $57 device can allow you to stalk anyone you want. You can find out all the digital information you want because people just are not cognitive or care about what they do on public wifi. Like an Ice Cube song says "Today was a good day."
I missed Sunday due to having to catch a flight back home but next year I plan on being in Vegas for the entire conference. As a first time Def Con attendee it provided valuable insight into the hacking world with a chance to test my morale compass. It left me with a thought of Erik Snowden, Bradley Manning, The Jester, Anonymous. Are they doing good for the country and people in general or are they causing more problems. White hat or black hat is the question that I wonder about after attending this conference. This conference has taught me that not everyone is bad and people are breaking stuff but breaking it to fix a vulnerability for everyone as a whole. Def Con has a left an impression on me that can never be undone. Do you think you will ever attend a security/hacking conference?
Monday, August 5, 2013
Are We That Naive?
 |
| Photo via: Washington Post |
If anyone uses a computer at their job, at home, a cell phone, or anything that involves the internet they must know that they have lost privacy. Just look at the free mail services that are offered on the internet. All of your messages are stored on someone else's servers, which means if someone wants to see the subject of your mail and who you are talking to they can. The people who use any cloud services must know their data lives on someone else's servers. People must rely on that companies word that they are securing your data and no one will access it unless it is an emergency. You have given up the right for privacy by using public services that you do not control. Now I know this may sound harsh but it is reality. The current generation over shares in every way. Twitter, Facebook, Google +, Blogger, Wordpress, Pintrest,Instagram, to name a few, are the social networks that people chose to broadcast their lives on. If you choose to share the information that is ok but when you find out about Prism, do not be upset, you have already put the information out in the public space. If you believe that you have set your privacy setting's so no one can look at your private data please know that the setting's are not a guarantee that it will be private. If someone truly wants to find out information about you they can. Exploits in browsers, extensive web searches, or friends who have lax privacy settings will allow unwelcome access to your data. If you want privacy don't post your life online.
Now back to Snowden and what he has done. Something that I find interesting is Snowden has released the information about Prism, which is one part of the NSA surveillance system, but has yet to truly unveil anything else which would help answer questions. Snowden say's he is holding onto most of the information to save his life, just in case the US tries to take his life. I do not see how this will truly aid him because the information needs to come out at some point in time and his asylum in Russia is only a year. Yes he can get asylum in another country but getting asylum may be difficult and getting their will be a challenge as well. If the US really wants him dead I do believe it can happen. Snowden has helped the citizens of the US by leaking tracking information data of NSA however we need more information if we are going to hold the US government accountable for their actions. If they are operating illegally how will we ever know? Snowden has already ruined/sacrificed his life however I would hate for all this information he has to be leaked by a newspaper after something has happened to him. I want to hear his full story of what is going on with NSA before he perishes and before all evidence of this program disappears. Snowden is definitely whistlblower but no patriot.
My question is how many other American's would do what Snowden did? I do not believe many of us would give up our lives in the same manner as Snowden. I asked that question of myself and I am conflicted. Could you be the next Snowden?
Subscribe to:
Posts (Atom)
LinkWithin
