Jeff Debrosse, director of security research at Websense Security Labs, has produced a series of tips to protect attendees from being hacked before and during Black Hat and DEFCON, and most importantly, from being shamed on the 'Wall of Sheep'.
Before You Go:
- Make sure you are fully patched with the latest AV, browser and other programs.
- Delete cookies and clear your web browser history and cache. Browser (and other application) caches offer a rich amount of information on the user. If a notebook is stolen, forensic software can be used on the device to quickly divulge large amounts of information on the user, identify their habits and access sensitive information.
- Encrypt sensitive files on your hard drive. If possible, go with full-disk encryption. There’s a lot of seemingly trivial information that people forget to encrypt.
- Make a full backup of your computer and other devices prior to leaving for Las Vegas; Save all files you work on at the conference onto a cloud server or removable drive and; revert to this backup after you have returned.
While You are There
(This should include traveling to and from, including airport locations, particularly at time of departure):
Device security
- Any device left alone is an invitation not just for theft, but compromise.
- Turn off your Bluetooth and Wi-Fi connections and any application that requires the use of these functions.
- Do not charge phones, computers or any other devices in charging stations or any public power outlet. USB or iPhone-ready power jacks are the most worrisome. Don’t use them! They provide a direct data link to the connected device – and you don’t know what (or who) is on the other end slurping that data. A great option would be to use a very small, low-cost portable battery pack that charges independently through an AC outlet. You can use this portable battery pack when traveling, as it is a very safe and convenient way to recharge devices.
- Do not accept storage devices, USBs or files from people you don’t know, no matter where you find them. That “conveniently-found” USB drive may get dropped into your bag, and pretty soon, you may forget where you acquired it and inadvertently use it later.
- If you carry any radio-frequency identification (RFID) enabled devices, such as your work badge, passport (some counties) or even some credit cards – it’s best to leave them at home or in your hotel room.
- ATMs – Be cautious when using ATMs, especially machines close to the venue. Hackers can install card skimmers, or as they have done in the past, deliver a completely fake ATM machine to the hotel that hosted DEFCON in 2009.
Connectivity
- Wi-Fi Pineapples abound – Be very weary of the wireless networks throughout the venue – and your entire stay at Black Hat.
- When using the hotel’s internet, choose a wired connection in a room, if available.
- Use your VPN at all times. If you are working with sensitive information, use a wired connection with VPN.
- Avoid sending sensitive data while onsite.
- When roaming, if you have the option, use a 3G or 4G cellular modem for internet access. It is the safest wireless option, though still not 100 percent secure.