It's been about a week and a half since we got back from DefCon 17. What a trip! If you are into computers, and have even a passing interest in security related issues, then you really need to get out to DefCon at least once in your career.. you won't regret it.
Just what is DefCon? It's only the oldest and largest hacker conference there is! Every year thousands descend on Las Vegas for 3 days to learn the latest in security and hacking know how, make new contacts in the field, and renew old contacts. This year saw an estimated 10,000 people show up - well above the planning staff's initial estimate of 6000. Recession? What recession.. :) Among that crowd were the "celebrities", serious professionals, script kiddies, law enforcement, hobbyists. I even got to satisfy some idol worship by attending the presentation given by Adam Savage (of MythBusters" fame). An interesting guy who gets to do a lot of stuff us geeks would love to do!
Hmm.. that still doesn't really describe DefCon. Let me try again...
DefCon presents a number of speaking tracks with topics ranging from "how to do...", right up to "I wonder...". In that mix are a number of "how to exploit XXXXX" type presentations, where XXXXX could be a web server with SQL Injections, servers with buffer overflows, lockpicking (so you can get physical access), or even organizations - like a theoretical discussion of how to hack into air traffic control. But don't think for an instant that any of these presentations are intended to teach you how to break the law. Instead, they are meant to highlight flaws with the current implementations of various devices, programs, or operating systems so that the appropriate steps can be taken to remove those flaws, or at least minimize them. For me, the underlying thought of the whole conference is "If I don't know how the bad guys will be getting in, I can't plug those holes. So I have to learn the same tools and techniques the bad guys will use."
In addition to the presentations are the Competitions, Villages, and social networking.
- Competitions: "Capture The Flag" which is a hard core hacking contest where teams try to gain access and "steal" data from competitors. There is the legendary "Mystery Box Challenge" where the teams arrive knowing that there is a challenge of some sort but have absolutely no more details. This usually arrive via a "box" they need to gain access to and discover the clues leading to the right solution. This box might be sealed with a lock that has to be picked. Or it might appear to be a solid ball of metal (weighing 50+ pounds) that actually needs to be opened somehow, or it might be a simple electronic lock that has to be carefully picked so as to not destroy any precious clues. A Geo Challenge contest was held for the first time this year. It is similar to GeoCacheing where GPS coordinates are used to find specific locations, clues, or items. The badge hacking contest is always fun. The "badge" attendees get is actually an electronic circuit. The contest is to make that electronic circuit do something other than what it was designed to do. The badge this year had a microphone that would light up LEDs in response to the noise around it. One of the competitors merged 3 badges onto a helium baloon that would then steer away from the noise around it - an awesome thing to see. And even more competitions! Too many to list in this (hopefully) brief posting...
- Villages: The "Villages" are specialty rooms where you can interact with others on a similar topic. The Hardware Hacking Village is THE place if you have some electronics you want to "play" with, or if you want to compete in the Badge Hacking contest. The Lockpick Village is where any attendee could go to learn more about locks than they every wanted to know. Oh, and they could sit at the tables and try their hand at picking various locks. And of course the lockpicks could be purchased right there as well. The Wireless Village didn't happen this year, but may be resurrected next year. This village focuses on everything wireless - Wireless networking, Bluetooth, etc. They learn to get data from those wireless signals, inject new information, do Man In the Middle attacks, and more.
- Social networking: One of the rooms is set aside as a meeting place for the various competitions, but also serves as a place to rest and meet others around you. Beyond that is the Vendor area where you can buy any schwag you can think off. Shirts, books, stickers, bondage tools (?!), music, etc. Talking to the people behind the tables can be very enlightening as well.
And even more on social networking. Besides the usual "conference" type activities is a whole party scene the likes of which I have never seen anywhere else. Part of this are simply evening entertainment put on by the organizers - movies, games, etc. Hacker Jeopardy is a lot of fun and includes audience participation. The "10,000 cent Hacker Pyramid" was seen for the first time this year. Dan Kaminsky (one of the hacker celebrities) won the contest and took home 62 pounds of Canadian pennies. But the parties keep going after these events even. The various hacker groups throw their own parties - the Hacker Pimps, Hacker Ninjas, and more. Some of the parties are "official", most are not.
Of the official parties, the EFF Fund raiser was a blast. It was an expensive night, but worth it. If you are into computers, and ever find yourself in legal trouble for doing something you thought was innocuous, EFF is the team that will most likely save your bacon. I met a fellow this year who ran into trouble via the DMCA - he was VERY thankful for EFF and anyone who supported them. They hold an auction for various things that are donated to them. The Canadian team (that would be myself, and the Calgary crowd I was there with) irritated everyone else by either buying everything or driving up the prices. But it was all in fun, and the cash went to a worthy cause. One of the auctioned items was a one of a kind hockey jersey we had specially made for EFF. While we had our own jerseys (you can see them here - http://grover.open2space.com/node/237 - where I was venting about problems getting them created), this particular jersey had EFF in large letters across the back, and the arm. It sold for $75 USD (I think - I was just a little drunk), and the fellow who bought it said he was going to frame it and post it in his office in New York. I think that makes me a "real" artist now!!!
While the trip was more expensive than I had planned, it was only because there were so many cool things there I wanted. And the trip was very much worth it. I am planning on going back next year, and the Calgary crew has some fun plans for this. And this simple write up just would not due DefCon any justice. Hell, talking to people who have gone would not do it justice. You HAVE to go to DefCon to truly understand how utterly different/amazing/fun/useful it is. See you there next year!