It’s that time of the year again when the information security professionals, hackers and media convene in Las Vegas for the DefCon and Blackhat events. This is a chance for everyone to share research, participate in various events, discover new vulnerabilities, learn new attack techniques and generally collaborate as a community.
With less than a week until it all kicks off, there are a few key precautions that the security team here at SureCloud is taking, which we recommend you also follow. With such a collection of skills in one location, the risk of becoming a target or falling victim is heavily increased.
Equally, this advice can be expanded to wider precautions that you should take when travelling to similar events or in general.
- RFID Attacks – the RFID chip in your passport and credit/debit cards can be read from metres away. As demonstrated at previous events, by simply having these items on you, you are opening yourself to attacks. Although carrying cash presents its own risks, cloning of your credit card and identity could have a much wider impact on your security. Therefore, one key recommendation is to leave anything you don’t physically need inside your hotel room. When carrying items around ensure they are inside an RFID shield / wallet to prevent them from being read.
- Public/Open Wi-Fi – using public/open networks is risky at the best of times but especially at a security conference, using open networks is a very bad idea. Avoid them at all costs whilst at the event. A much generally safer option would be to use a cellular network, but ensuring you’re tunnelling your traffic, for example via VPN. If you are using a laptop or any other device, and you require internet – ensure you have a firewall setup to deny all inbound access and tether via USB for outbound access. Also, please ensure to turn off Wi-Fi and Bluetooth on the device and ensure that the services you are accessing via VPN are over encrypted protocols (HTTPS/SSH etc).
- Cellular Attacks – at previous events, attacks on cellular networks have been clearly demonstrated – be very mindful of these and ensure as per the above recommendations that you are not discussing or communicating anything sensitive without protecting yourself via VPN and additional encryption even within the tunnel itself.
- Update your devices and software – ensure that any device and all software on your device is fully updated before you step foot on the plane, train, car, boat or bike to travel to the event. This should include all third party software, anti-virus, applications and web browsers. Whilst at the conference, do not accept updates for software that pop-up or prompt unless you are absolutely certain of its origin. Many attacks target update mechanisms used by common software. Best practice – should you need to update whilst at the event, visit the vendor’s website directly, ensuring they are implementing HTTPS to assure validity of whom you are connecting to.
- Beware of malicious cash machines – as seen previously at DefCon, fake cash machines were put in place purposely designed to steal card details. Be very cautious of using machines during the event, particularly in or around Paris/Bally.
- Bring burner devices – do not travel with any data that you don’t want to risk losing. Consider taking a new built laptop and phone that can be formatted and reconfigured post the event. This is especially important if you are planning to use them in any of the labs/training workshops.
The most important and overall recommendation is to have fun and enjoy the event. SureCloud’s security team will be attending DefCon and we are very much looking forward to catching up with the community.
See you there!