Another year, another Defcon! This was my third year attending. The biggest change this year was that the conference changed locations moving from the Rio to Paris/Ballys. Given I’m some what of a lookie loo I can’t say with super authority, but I thought the space worked as well as the prior location, leave the fact that the sky talks were on a separate floor and might have gotten less traffic. Given that in prior years they had an hours long wait, it may have been a good thing.
Since I live in Vegas, I didn’t have any concerns getting my pick there, like I did with Hope. Otherwise, this years highlights were:
- Seeing Cory Doctorow speak on general purpose computers. Nothing really new here if you follow him (author ID 1!), but it was fun to see it all wrapped up nice and dense and delivered with passion.
- Bruce Schneier is just awesome. His talk was actually just 45 minutes straight of Q&A, but with a super nerdy crowd, it did not disappoint. Like Doctorow there was nothing new, but I found Schneier more pleasing and inspiring to see than Doctorow.
- Holy crap Marc Rogers and Kevin Mahaffey, the Tesla hack guys, are awesome! They literally tore into a new Tesla and gained remote root. An amazing talk that was just high level enough to keep you following along but way deep enough to blow you away with how hard they had to work to achieve the hack.
- Samy Kamkar‘s talk on hacking garage doors and car fobs was tons of fun. I’d seen a video on the garage door opener before, but the fob attack was new; both were great to see revealed real time.
- The EFF presented on their Lets Encrypt certificate authority which will feature automated cert creation and installation. The demo was inspiring to see. The thought of TLS for everyone and their mother is totally great.
- I heckled Alejandro Mayorkas trying to force him to agree that crypto back doors are a Bad Thing. Unsurprisingly, he didn’t take the bait. I was bummed that his security entourage was too strong to let me shake his hand and thank him for speaking at Defcon.
Though I didn’t make it very far through the matasano crypto challenges, it is amazing to see how relevant the lessons learned in those challenges are. Hex, Base64 and XOR…every talk I attended had one of these concepts as a critical part of their hack.
Here’s a list of talks I attended:
- Alice and Bob are Really Confused – David Huerta
- Hacker in the Wires – Dr. Phil Polstra
Working together to keep the Internet safe and secure – Alejandro Mayorkas Deputy Secretary of Homeland Security
- Fighting Back in the War on General Purpose Computers – Cory Doctorow
- Bruce Schneier Q&A – Bruce Schneier
- Drive It Like You Hacked It: New Attacks and
- Tools to Wirelessly Steal Cars – Samy Kamkar
- How to Hack a Tesla Model S – Marc Rogers & Kevin Mahaffey
- ‘DLL Hijacking’ on OS X? #@%& Yeah! – Patrick Wardle
- The Packets Made Me Do It: Getting Started with Distributed Full Packet Capture Using OpenFPC – Leon Ward
- Let’s Encrypt – Minting Free Certificates to Encrypt the Entire Web – Peter Eckersley, James Kasten, & Yan Zhu
- Docker, Docker, Give Me The News, I Got A Bad Case Of Securing You – David Mortman
- Canary: Keeping Your Dick Pics Safe(r) –
Rob Bathurst (evilrob) & Jeff Thomas (xaphan)
- Medical Devices: Pwnage and Honeypots – Scott Erven
Pingback: Let’s Encrypt TLS & A+ on SSL Labs
Pingback: Blogs I Read – plip blog
Pingback: AppSec California 2017 – plip blog