VEGAS -- It's a party. It's a conference. It's the Hacker Olympics. The
Alexis Park Hotel & Resort in 110-degree desert heat each summer
briefly becomes the epicenter of the security community for a few
sweat-drenched days. This weekend's DefCon 12 was no exception.
In Sin City, where nothing is as it seems, this world-renowned
hacker hootenanny is no different. Who's that man with the purple hair?
Did he write the latest virus or is he a federal agent in drag? Is that
presentation entitled "When the Tables Turn" about breaking into
computers or retaliating against those that are attempting to break
into yours? And will participants truly appreciate the difference?
At DefCon, billed as the nation's largest hacker conference,
you can learn how to attack Pocket PC, how to take advantage of poorly
protected DNS servers, hack hardware and subvert Microsoft's Group
Policy. You can support the Center for Missing and Abused Children or
the Electronic Frontier Foundation by dunking a federal agent, DefCon
goon or favorite hacker. If you wander around you might just become a
participant in a documentary; purchase a T-shirt that says "Frag the
Weak, Hurdle the Dead;" be handed a "personal firewall" which turns out
to be a condom; or a sticker that says, "I waited in line for hours at
DefCon and all I got was this sticker."
But DefCon is much more that three days of 24x7 partying, and
it's more than sharing cool hacks. It is also a very serious
opportunity for information security professionals and those that like
to hear and discuss ideas.
Among the sessions this year was one by SensePost called "When
the Tables Turn," on the controversial technique of counterattacks
against network intruders. Suggestions ranged from avoiding attacks
through best practices to using subtle changes to DNS or Web pages to
turn the tables on automated attacks.
Another useful session was Xelerance's Paul Wooters
introduction of a WaveSec, a Windows based wireless client that uses
IPsec to secure its connection to the access point.
To gain an idea of the range of topics, consider these:
- An informative talk on "censorship resistance
techniques" and examples of censorship presented by Rachael
Greenstadll, a doctoral candidate at Harvard University.
frailty of current computerized voting systems that could make it
possible to rig the 2004 elections and whether it was done in the past,
presented by Bev Harris (a grandmother and the author of Black Box Voting: Ballot -- Tampering in the 21st Century) and Rebecca Mercury, Ph.D and noted expert on e-voting vulnerabilities.
ordinary folks to use security, as evidenced by new protects that
encourage encryption. They include Joshua Teitlebaum's
still-under-development Cryptomail, which he hopes will solve the
"grandma problem" i.e., how to get your grandmother to use encryption.
DefCon is a place where people from diverse backgrounds can come
together, learn from each other, argue and even adopt new ideas. It
might even change your understanding of the term hacker from one that's
synonymous with "criminal" to one who delights in understanding how
In the words of Richard Thieme, celebrated visionary, DefCon regular and author of the new book Islands in the Clickstream, "You wouldn't think you would come to a hacker conference to find your ethical and moral center." Indeed.