LAS VEGAS -- It's a party. It's a conference. It's the Hacker Olympics. The Alexis Park Hotel & Resort in 110-degree desert heat each summer briefly becomes the epicenter of the security community for a few sweat-drenched days. This weekend's DefCon 12 was no exception.
In Sin City, where nothing is as it seems, this world-renowned hacker hootenanny is no different. Who's that man with the purple hair? Did he write the latest virus or is he a federal agent in drag? Is that presentation entitled "When the Tables Turn" about breaking into computers or retaliating against those that are attempting to break into yours? And will participants truly appreciate the difference?
At DefCon, billed as the nation's largest hacker conference, you can learn how to attack Pocket PC, how to take advantage of poorly protected DNS servers, hack hardware and subvert Microsoft's Group Policy. You can support the Center for Missing and Abused Children or the Electronic Frontier Foundation by dunking a federal agent, DefCon goon or favorite hacker. If you wander around you might just become a participant in a documentary; purchase a T-shirt that says "Frag the Weak, Hurdle the Dead;" be handed a "personal firewall" which turns out to be a condom; or a sticker that says, "I waited in line for hours at DefCon and all I got was this sticker."
But DefCon is much more that three days of 24x7 partying, and it's more than sharing cool hacks. It is also a very serious opportunity for information security professionals and those that like to hear and discuss ideas.
Among the sessions this year was one by SensePost called "When the Tables Turn," on the controversial technique of counterattacks against network intruders. Suggestions ranged from avoiding attacks through best practices to using subtle changes to DNS or Web pages to turn the tables on automated attacks.
Another useful session was Xelerance's Paul Wooters introduction of a WaveSec, a Windows based wireless client that uses IPsec to secure its connection to the access point.
To gain an idea of the range of topics, consider these:
- An informative talk on "censorship resistance techniques" and examples of censorship presented by Rachael Greenstadll, a doctoral candidate at Harvard University.
- The frailty of current computerized voting systems that could make it possible to rig the 2004 elections and whether it was done in the past, presented by Bev Harris (a grandmother and the author of Black Box Voting: Ballot -- Tampering in the 21st Century) and Rebecca Mercury, Ph.D and noted expert on e-voting vulnerabilities.
- Getting ordinary folks to use security, as evidenced by new protects that encourage encryption. They include Joshua Teitlebaum's still-under-development Cryptomail, which he hopes will solve the "grandma problem" i.e., how to get your grandmother to use encryption.
DefCon is a place where people from diverse backgrounds can come together, learn from each other, argue and even adopt new ideas. It might even change your understanding of the term hacker from one that's synonymous with "criminal" to one who delights in understanding how things work.
In the words of Richard Thieme, celebrated visionary, DefCon regular and author of the new book Islands in the Clickstream, "You wouldn't think you would come to a hacker conference to find your ethical and moral center." Indeed.