Going to conferences like Black Hat in Vegas reminds me of going to college and the advice my dear old dad gave me. “Mike, have fun. Enjoy yourself. This will be the time of your life. And, don’t do anything stupid!” Sound familiar? Black Hat isn’t your everyday trade show. Starting Tuesday July 24, every eccentric, sci-fi loving guy and gal with a 130+ IQ (shocking I fit in rather well...except for the IQ part) who can do amazing things with a computer (ok, I can’t do this either) will be in Sin City.
Luke Skywalker: “I’m not afraid.”
Yoda: “You will be.”
So if you haven’t heard of Black Hat, it’s a show originally put on by hackers for hackers (now, “serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment”.) Black Hat 2012 is immediately followed by DEFCON 20, also in Vegas. (self-described as “the world's longest running and largest underground hacking conference”). You should be fine if you approach either Black Hat 2012 or DEF CON 20 with a healthy dose of concern/worry/neurosis. That being said, in 2007 a NBC Dateline reporter tried to record a conversation as part of her undercover reporting, and was summarily chased out (of DEFCON).
So here are my suggestions on what to do at Black Hat 2012 – and how to do it so you live (personally and professionally) to tell the story. The show is great – lots of great content. Some people think it isn’t what it used to be (they say the same about RSA Conference folks) and some of the industry elite fled to DEFCON, and even CANSEC. Also a good friend of mine, Chris Nickerson, runs the Security BSides Community. (BSidesLasVegas 2012 runs at the same time Black Hat is going on). BSides is for those who maybe couldn't afford Black Hat or DEFCON or for those who wanted to speak at those events but were rejected (talks were too edgy) for one reason or another. But back to Black Hat for second – something else to know: They have something called the Wall of Sheep. For any newbies, especially those non-hackers among you, there are a lot of people at Black Hat who are looking to find other people who do dumb things. So, to fully enjoy the show and not end up as an unwilling participant in someone else’s demonstration. So it’s important to follow The Seven Unwritten Rules at Black Hat:
- Wireless: Stay away from all Wi-Fi and turn off your Bluetooth; hacks are happening
- Encryption: Try to encrypt any information you must send. Use a VPN; people are watching.
- Don’t put it down: Any device left alone is an invitation not just for theft but infection, etc.
- Don’t accept gifts: Someone friendly handing you a USB drive may be hoping to own your info.
- Anything can be hacked: ATMs, room keys, RFID cards, anything, so, be vigilant at all times.
- Try to fit in: If you’re just another person wearing jeans and a T-shirt, well, that helps w/above.
- Don’t be a sheep: The Black Hat “Wall of Sheep” lists all those who get hacked; yes, publically! (see bullet #1)
Finally...the parties...If you're hitting the parties the booze will be free and there will be copious amounts of it. Remember that we all have that line to cross, and know where yours is. I’ve seen a whole host of well-regarded security folks obliterate the line and that kind of stuff lives on ... Again, as my dad said, “Don’t do anything stupid”. And, oh, I forgot to mention that he then said, “If you do something stupid, don’t get caught.”