TRIAL BY FIRE:
SECURITY @ DEF CON 21
REED LODEN, INFORMATION SECURITY, LOOKOUT
It’s the world’s largest hacker conference
DEF CON IS AWESOME
Images via defcon.org and @mikko
But it’s easy to get burned
People will try to hack you
It’s a hacker conference after all...
DEF CON TOP 5 TIPS
• Be paranoid. Expect to be a target of social engineering.
• Leave devices at home or in the hotel sa...
CAN PREVENT HACKERS
Image via www.smokeybear.com
Your computer can’t get
hacked if you don’t take it!
What could happen if the stuff on
your computer got leaked?
• Confident...
• Keep mobile devices turned off unless needed
• Don’t install or update any software
• Keep it locked with a passphrase
• ...
• Limit calls and SMSes. Expect all messages and calls to be
monitored or recorded, so don't say anything
confidential.
• C...
Download Lookout’s
mobile security app
before DEF CON!
Remember, your smartphone or
tablet is just as critical as your
com...
DON’T CONNECT TO NETWORKS
DEF CON networks are extremely hostile. Don’t connect to ANY of
them!
• Avoid all networks at th...
ENJOY PUBLIC SHAMING? US NEITHER
Intercepted account info will be posted to the infamous WALL OF SHEEP.
So think twice bef...
• Watch for social engineering
• Don’t scan QR codes
• Don’t use ATMs at the Rio; bring cash with you to Vegas
• Beware of...
If you do have to bring your RFID
or NFC items (passports, credit
cards, badges or IDs), wrap them
in tin foil or put them...
BUT MOST OF ALL
HAVE FUN
BE SMART
LEARN SOMETHING
SEE YOU AT DEF CON
Come to Lookout’s talk, DragonLady: An Investigation of SMS Fraud
Operations in Russia, with @ryanwsmit...
@lookout
/mylookout
blog.lookout.com
Download mobile security before DEF CON
STAY IN TOUCH BEFORE, DURING, AND
AFTER DEF C...
Upcoming SlideShare
Loading in …5
×

Trial by Fire: Security @ DEF CON 21

4,647 views

Published on

DEF CON is the world's largest hacker conference, and it's easy to get PWND. Reed Loden leads Information Security at Lookout, and this is his summary of how to stay safe at DEF CON 21.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,647
On SlideShare
0
From Embeds
0
Number of Embeds
1,460
Actions
Shares
0
Downloads
7
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Trial by Fire: Security @ DEF CON 21

  1. 1. TRIAL BY FIRE: SECURITY @ DEF CON 21 REED LODEN, INFORMATION SECURITY, LOOKOUT
  2. 2. It’s the world’s largest hacker conference DEF CON IS AWESOME Images via defcon.org and @mikko
  3. 3. But it’s easy to get burned People will try to hack you It’s a hacker conference after all...
  4. 4. DEF CON TOP 5 TIPS • Be paranoid. Expect to be a target of social engineering. • Leave devices at home or in the hotel safe if you don’t need them. • Limit your texts and calls, and assume they’re being monitored. • Don’t connect to WiFi, Bluetooth, NFC, etc. • Remember hacking is not limited to computers and phones. Things in your wallet or purse (like credit cards, passports, IDs, access badges) might have NFC or RFID.
  5. 5. CAN PREVENT HACKERS Image via www.smokeybear.com
  6. 6. Your computer can’t get hacked if you don’t take it! What could happen if the stuff on your computer got leaked? • Confidential documents or info • Source code • Privileged access • Other intellectual property LEAVE YOUR COMPUTER Image via www.razorreef.com
  7. 7. • Keep mobile devices turned off unless needed • Don’t install or update any software • Keep it locked with a passphrase • Turn off WiFi, Bluetooth, NFC, etc. • Maintain physical possession of your bags and devices— don’t set them down! • Log out of work email, personal email, social networks so they won't auto-connect USE YOUR PHONE OR TABLET (SAFELY) 
  8. 8. • Limit calls and SMSes. Expect all messages and calls to be monitored or recorded, so don't say anything confidential. • Clear your list of saved WiFi networks and SSIDs to avoid wireless access point spoofing. • If possible, back up your phone, wipe it and restore it later • Watch out for weird behavior that might indicate someone is trying to intercept your calls, like: • Looks like you have full signal strength, but you can’t make a call • Your signal keeps getting downgraded to 2G, EDGE or GPRS PHONE AND TABLET USE, CONT. 
  9. 9. Download Lookout’s mobile security app before DEF CON! Remember, your smartphone or tablet is just as critical as your computer, and probably has lots of sensitive personal and company data on it. WAIT, YOU DO HAVE A SECURITY APP, RIGHT?
  10. 10. DON’T CONNECT TO NETWORKS DEF CON networks are extremely hostile. Don’t connect to ANY of them! • Avoid all networks at the Rio (where the con is hosted), all WiFi networks, all public networks... you get the idea. • VPN from hotel networks. (Unless you’re at the Rio... in which case don’t connect!) • Don’t log into your company’s services, like email, wikis, internal environments, etc. 
  11. 11. ENJOY PUBLIC SHAMING? US NEITHER Intercepted account info will be posted to the infamous WALL OF SHEEP. So think twice before logging in to check Twitter (or trying to update your MySpace like this example).
  12. 12. • Watch for social engineering • Don’t scan QR codes • Don’t use ATMs at the Rio; bring cash with you to Vegas • Beware of giveaways— CDs, USB sticks, anything electronic • Don’t use public charging stations. It might be juice jacking. • Don’t use dongles that aren’t yours, like adapters or converters for DVI, VGA, Thunderbolt BE PARANOID 
  13. 13. If you do have to bring your RFID or NFC items (passports, credit cards, badges or IDs), wrap them in tin foil or put them in a copper- lined envelope to block hackers. It’s like a DIY Faraday cage. (Or check out DIFRwear.com) TIN FOIL IS BACK Image via badattitudes.com
  14. 14. BUT MOST OF ALL HAVE FUN BE SMART LEARN SOMETHING
  15. 15. SEE YOU AT DEF CON Come to Lookout’s talk, DragonLady: An Investigation of SMS Fraud Operations in Russia, with @ryanwsmith13 and @timstrazz
  16. 16. @lookout /mylookout blog.lookout.com Download mobile security before DEF CON STAY IN TOUCH BEFORE, DURING, AND AFTER DEF CON See our full DEF CON security prep checklist

×