Defcon

I just returned from the Defcon conference in Las Vegas. The conference deals with hacking and computer security (The organizers call it “real time social networking for ninjas”  and Wired calls it the “world’s largest computer security convention.”) This year a federal judge prevented 3 MIT students from giving their talk on how to hack the smart cards used by the Boston subway system. Fortunately, their entire detailed presentation was included on the conference CD. I went to a number of talks dealing with penetration testing. Joe Cicero talked about hacking into the typical web applications used by universities. Nathan Hamiel and Shwn Moyer gave an excellent talk on attacking social networks. Most related to my work was a talk on breaking into SCADA systems and a talk on scanning for active ports on the internet.

The conference wireless network is described as follows on the conference webpage:

It would be fair to describe the network as “hostile”. It has been described as ‘the worlds most hostile network,’ but such descriptions are just attempts at flattery. It is recommended that if you want to connect to the DEFCON network pretend that you are sharing out your entire hard drive to 5000 hackers.

In this environment I learned something the hard way. Even if you use https to connect to gmail, people can still steal your cookie and read your email. This is a bug in google. Defcon tries to provide a secure wireless network–see this Wired post