Black Hat 2013 in Vegas is only a week away. It’s time to get geared up for one of the industry’s most hacker-friendly event, and CORE is offering up our annual survival guide to Black Hat 2013. Black Hat isn’t your everyday trade show. Starting Saturday July 27, every eccentric, sci-fi loving guy and gal with a 130+ IQ who can do amazing things with a computer will be in Sin City. So if you haven’t heard of Black Hat, it’s a show originally put on by hackers for hackers (now, “serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment”.) Black Hat 2013 is immediately followed by DEFCON 21, also in Vegas. (self-described as “the world's longest running and largest underground hacking conference”). You should be fine if you approach either Black Hat 2013 or DEF CON 21 with a healthy dose of concern/worry/neurosis. That being said, in 2007 a NBC Dateline reporter tried to record a conversation as part of her undercover reporting, and was summarily chased out (of DEFCON).
So here are my suggestions on what to do at Black Hat 2013 – and how to do it so you live (personally and professionally) to tell the story. The show is great – lots of great content. Some people think it isn’t what it used to be (they say the same about RSA Conference folks) and some of the industry elite fled to DEFCON, and even CANSEC. Also a good alternative for those who couldn’t afford Black Hat (everyone has tight budgets to abide by) or for those who wanted to present should check out the Security BSides Community. (BSidesLasVegas 2013 runs at the same time Black Hat is going on). For any newbies, especially those non-hackers among you, there are a lot of people at Black Hat who are looking to find other people who do dumb things. So, to fully enjoy the show and not end up as an unwilling participant in someone else’s demonstration it’s important to follow The Unwritten Rules at Black Hat:
- Wireless: Stay away from all Wi-Fi and turn off your Bluetooth; hacks are happening
- Encryption: Try to encrypt any information you must send. Use a VPN; people are watching.
- Don’t put it down: Any device left alone is an invitation not just for theft but infection, etc.
- Don’t accept gifts: Someone friendly handing you a USB drive may be hoping to own your info.
- Anything can be hacked: ATMs, room keys, RFID cards, anything, so, be vigilant at all times.
- Try to fit in: If you’re just another person wearing jeans and a T-shirt, well, that helps w/above.
Finally...the parties...If you're hitting the parties the booze will be free and there will be copious amounts of it. Remember that we all have that line to cross, and know where yours is. There have been a whole host of well-regarded security folks obliterate the line and that kind of stuff lives on * An updated version of this popular annual blog