As mentioned last week, the Malwarebytes crew made it out to DefCon this year to check out all of the interesting talks and presentations given by various members of the computer/intelligence security community. This blog is meant to summarize most of what we saw, giving a brief explanation of which talks we thought were the most valuable and what topics should be of the most concern to our readers and customers.
That’s right, this week some of the Malwarebytes gang will be out in Las Vegas for the hacker convention: DefCon 20!
Who is going?
- Marcin Kleczynski – CEO
- Rebecca Kline – Director of Marketing
- Josh Hall-Bachner – Web Developer
- Doug Swanson – VP of Development
- Adam Kujawa – Me!
What are we doing there?
- DefCon is a great experience to not only get to know some of the computer security population a little more but to hear about lots of new and interesting things like:
- New methods of attacking a system via malware or manually
- New ways to program malware or otherwise
- Intelligence behind interesting things like politics, technology, the underworld, etc. (My department)
- Learning how to do other cool and awesome stuff!
What are we doing to prepare?
For anyone who has been there before, DefCon can be a chaotic place where it is important to keep yourself and all of your information secure. That being said, let me tell you what I am specifically doing to keep myself more secure and maybe it could help you be more secure when you go out of town.
- Don’t use public WiFi
- This doesn’t just mean don’t use public Wi-Fi at a hacker convention, don’t use it anywhere if you plan on doing anything sensitive.
- Turn off your Laptop/Mobile Phones ability to automatically connect to WiFi or BlueTooth or even GPS if you aren’t using those things actively.
- There are various methods of gaining access to personal information via any of the above mentioned mediums so it’s better to just leave it off.
- Keep everything in your pants.
- As dirt as it might sound, you should always keep things like credit cards, room keys, IDs, etc. As close to you as possible if you are going to be needing them, leave everything else in a safe if you don’t need it on you.
- Never trust the safe.
- A lot of hotels use the same kind of safe and it’s best to make sure that it’s not one that has already been determined easy to defeat. I would test out your safe, look up the brand and model and do a search for how to crack into it, if it seems easy, you might want to find a different way to keep your things secure. I’ve seen videos of people opening safes by banging on it hard enough in the right place, I’ve also seen the default maintenance code be used to open safes, all zero’s.
- If you can, don’t use any electrical equipment in any place that doesn’t seem secure.
- Obviously if you are on business you might need to connect to a secure connection or make secure phone calls and here is my advice for that.
- Use a VPN
- The first blog series I posted on Unpacked was about how to create a secure connection using various types of tools and tricks. I recommend reading over that again and using it to keep your data secure by connecting to a secure and anonymous connection. That way, if someone does happen to be spying on your connection, they won’t be able to see what you are doing or who you are connecting to.
That’s the best advice I can give for going to something like this, honestly if you are very afraid of any sensitive information being stolen than you should probably not bring that information.
You can keep an eye out for the Malwarebytes twitter feed for coverage of DefCon that will be coming from those of us that are going to be there, we will mention what talks we are going to, what interesting stuff we are seeing and any thoughts we feel like sharing about our experience, be sure to check it out!