Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON

Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON
Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON

Jeff Debrosse, director of security research at Websense Security Labs, has produced a series of tips to protect attendees from being hacked before and during Black Hat and DEFCON, and most importantly, from being shamed on the 'Wall of Sheep'.

Before You Go:

  • Make sure you are fully patched with the latest AV, browser and other programs.
  • Delete cookies and clear your web browser history and cache. Browser (and other application) caches offer a rich amount of information on the user. If a notebook is stolen, forensic software can be used on the device to quickly divulge large amounts of information on the user, identify their habits and access sensitive information.
  • Encrypt sensitive files on your hard drive. If possible, go with full-disk encryption. There’s a lot of seemingly trivial information that people forget to encrypt.
  • Make a full backup of your computer and other devices prior to leaving for Las Vegas; Save all files you work on at the conference onto a cloud server or removable drive and; revert to this backup after you have returned.

While You are There

(This should include traveling to and from, including airport locations, particularly at time of departure):

Device security

  • Any device left alone is an invitation not just for theft, but compromise.
  • Turn off your Bluetooth and Wi-Fi connections and any application that requires the use of these functions.
  • Do not charge phones, computers or any other devices in charging stations or any public power outlet. USB or iPhone-ready power jacks are the most worrisome. Don’t use them! They provide a direct data link to the connected device – and you don’t know what (or who) is on the other end slurping that data. A great option would be to use a very small, low-cost portable battery pack that charges independently through an AC outlet. You can use this portable battery pack when traveling, as it is a very safe and convenient way to recharge devices.
  • Do not accept storage devices, USBs or files from people you don’t know, no matter where you find them. That “conveniently-found” USB drive may get dropped into your bag, and pretty soon, you may forget where you acquired it and inadvertently use it later.
  • If you carry any radio-frequency identification (RFID) enabled devices, such as your work badge, passport (some counties) or even some credit cards – it’s best to leave them at home or in your hotel room.
  • ATMs – Be cautious when using ATMs, especially machines close to the venue. Hackers can install card skimmers, or as they have done in the past, deliver a completely fake ATM machine to the hotel that hosted DEFCON in 2009.


  • Wi-Fi Pineapples abound – Be very weary of the wireless networks throughout the venue – and your entire stay at Black Hat.
  • When using the hotel’s internet, choose a wired connection in a room, if available.
  • Use your VPN at all times. If you are working with sensitive information, use a wired connection with VPN.
  • Avoid sending sensitive data while onsite.
  • When roaming, if you have the option, use a 3G or 4G cellular modem for internet access. It is the safest wireless option, though still not 100 percent secure.

What’s Hot on Infosecurity Magazine?