August 08, 2014

So you want to bring your laptop to DEF CON?

This week and last I have been attending back-to-back security "cons": Black Hat and DEF CON.  Needing to still stay in touch with co-workers and family, I brought my laptop.  Being a naturally paranoid person, I can explain to you a couple of the measures I took in taking my laptop to -- what has been affectionately labeled, "the most hostile network on the planet earth" -- and what you should and shouldn't do in taking your own kit to the con scene.

  1. "SHUT THEM ALL DOWN!!!"  I.e. you want to minimize your attack surface.  While this is good advice on any given day, its especially true if you're bringing your own box to Black Hat or DEF CON.  There are four command-line tools I used to "shut them all down": `netstat`, `chkconfig`, `lsof` and `service`.  (If you want to get technical, I used `grep` and `bash` too, but lets not be that guy today.)  How?  `netstat -nl | grep -v unix` will show you all the TCP and UDP ports listening.  `lsof -i 4UDP:$PORT` or `lsof -i 4TCP:$PORT` will tell you what process has $PORT open, which you then use to first stop the service from starting at your chosen run-level (using `chkconfig --level $RUNLEVEL $SERVICE off`) and then use `service` to stop it now (using `service $SERVICE stop`.)  Repeat until you have everything but your DHCP client running.
  2. Do NOT download ANYTHING while on the con's network.  Surfing the web is okay, provided you're not downloading whiz-bang new tools you learned about on the con's network, OR performing system updates (which my laptop kindly tried to get me to do.)  The reason is simple: DNS poisoning attacks or IP spoofing could allow another con attendee to redirect your request(s) to a hostile network or host.  The worst-case scenario here is that someone hijacks something like debian.linuxmint.com (or whatever your distro's repo is) and sends you forged updates that you then install... your box is now pwned.
  3. Use the lid of your laptop to protect your keystrokes from being observed while entering your password(s).  While cumbersome, this will in fact diminish the likelihood that your passwords will be observed without considerable effort while logging in.  As a recent talk at DEFCON intimated, Google Glass can be used to observe login credentials from up to 140ft (45 meters).
  4. Don't plug your USB devices into ANYTHING without either an intermediary, dumb, device between you and it.  This is because USB is inherently flawed and trusts the controllers it plugs in to.  In anticipation of this, I opted to bring two Tenergy Mo. 51037 battery packs with me to charge my phone and tablet.
  5. Just like your laptop, you should not download or install new software on your smart phone.  In fact, I went as far as turning off "mobile data", location services, wifi, and NFC (near-field communications) so I someone would legitimately have to hack the cellular service to get on to my phone.
A couple of additional notes about DEF CON:
  1. Bring cash -- no cards are accepted except at the Rio's facilities.  This means if you want to buy a cup of coffee but not at Star Bucks, you'd better have cash.
  2. Be prepared to wait in line for a *really* REALLY long time.  People this year were calling this "LINE CON".  Its actually absurd.  So much so that my plan for the remainder of DEF CON is to not attend talks, but to hang-out in the capture the flag arena, vendor floor and cyber cafe, then to buy the presentation videos and review them at a later date.
  3. Trust no one.  Seriously.  Especially not the Goons.  They are "goons", after all.
  4. If you aren't staying at the Rio, plan on hiking back to your hotel -- the line for the cabs is ABSURD.  OR, be willing to pony up the cash for a limo (its going to be 4x the cash, but worth not having to wait.  Consider pooling with others to diminish the cost of a limo.
Happy, and safe con attending!