Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON

Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON
Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON

Jeff Debrosse, director of security research at Websense Security Labs, has produced a series of tips to protect attendees from being hacked before and during Black Hat and DEFCON, and most importantly, from being shamed on the 'Wall of Sheep'.

Before You Go:

  • Make sure you are fully patched with the latest AV, browser and other programs.
  • Delete cookies and clear your web browser history and cache. Browser (and other application) caches offer a rich amount of information on the user. If a notebook is stolen, forensic software can be used on the device to quickly divulge large amounts of information on the user, identify their habits and access sensitive information.
  • Encrypt sensitive files on your hard drive. If possible, go with full-disk encryption. There’s a lot of seemingly trivial information that people forget to encrypt.
  • Make a full backup of your computer and other devices prior to leaving for Las Vegas; Save all files you work on at the conference onto a cloud server or removable drive and; revert to this backup after you have returned.

While You are There

(This should include traveling to and from, including airport locations, particularly at time of departure):

Device security

  • Any device left alone is an invitation not just for theft, but compromise.
  • Turn off your Bluetooth and Wi-Fi connections and any application that requires the use of these functions.
  • Do not charge phones, computers or any other devices in charging stations or any public power outlet. USB or iPhone-ready power jacks are the most worrisome. Don’t use them! They provide a direct data link to the connected device – and you don’t know what (or who) is on the other end slurping that data. A great option would be to use a very small, low-cost portable battery pack that charges independently through an AC outlet. You can use this portable battery pack when traveling, as it is a very safe and convenient way to recharge devices.
  • Do not accept storage devices, USBs or files from people you don’t know, no matter where you find them. That “conveniently-found” USB drive may get dropped into your bag, and pretty soon, you may forget where you acquired it and inadvertently use it later.
  • If you carry any radio-frequency identification (RFID) enabled devices, such as your work badge, passport (some counties) or even some credit cards – it’s best to leave them at home or in your hotel room.
  • ATMs – Be cautious when using ATMs, especially machines close to the venue. Hackers can install card skimmers, or as they have done in the past, deliver a completely fake ATM machine to the hotel that hosted DEFCON in 2009.


Connectivity

  • Wi-Fi Pineapples abound – Be very weary of the wireless networks throughout the venue – and your entire stay at Black Hat.
  • When using the hotel’s internet, choose a wired connection in a room, if available.
  • Use your VPN at all times. If you are working with sensitive information, use a wired connection with VPN.
  • Avoid sending sensitive data while onsite.
  • When roaming, if you have the option, use a 3G or 4G cellular modem for internet access. It is the safest wireless option, though still not 100 percent secure.

What’s Hot on Infosecurity Magazine?