Network News

X My Profile
View More Activity

Security Fix Is Heading to Vegas

I'll be heading into the soul-crushing heat of Las Vegas for six days next week to cover Black Hat and Defcon, two of the largest hacker conventions in the country. I'm planning to blog like a madman at the conferences, and hopefully trying out some interesting audio, video and other multimedia firsts for the blog.

The two conferences have changed considerably over the past few years.  But on a very general level, Black Hat is geared toward security professionals (training sessions cost $2,000 and the conference part $1,600), while DefCon ($80 cash-only entrance fee) attracts a far larger crowd, including security professionals as well as thousands of established, budding and wannabe hackers.

The gatherings are an opportunity for everyone involved in Internet and computer security -- including the defenders (white hats), the attackers (black hats), "gray hats" (those who straddle the ethical boundaries), as well as members of the law enforcement and the US intelligence community -- to meet and greet, to size each other up, and to share ideas and new hacking tricks and tools. Quite a few researchers wait until Black Hat and Defcon to present their latest findings and security software, and many attendees demonstrate techniques or tools that exploit previously unknown security flaws in the Internet infrastructure or in widely used software.

The venue being Vegas, there will also be plenty of lavish, tech-industry sponsored parties, games and hacker pranks. Among the games played annually at Defcon are "Spot the Fed" (this one needs no explanation), "Hacker Jeopardy," and "Capture the Flag," where hackers show off their 733t h@X0r skillz by competing to be the first to break into a series of test computer networks.

Some of the more interesting briefing tracks at Black Hat include "Owning Anti-virus: Critical Weakness in a Critical Security Component"; "Legal Aspects of Computer Network Defense"; and "Hacking in a Foreign Language." The conference will get started with a keynote address by Gilman Louie, president and chief executive officer of In-Q-Tel, the CIA's very own venture capital firm.

At Defcon, I plan to attend these presentations: "Bypassing Authenticated Wireless Networks"; "Asymmetric Digital Warfare"; "Hacking Google Adwords"; "ATM Network Vulnerabilities"; "Hackers and the Media- Misconceptions and Critical Tools to Combat Them"; "Introduction to Lockpicking and Physical Security" (I recently picked up a book and some tools for this just to check it out...turns out lockpicking isn't all that hard).

There's also a track entitled "The Legal and Ethical Aspects of WarDriving" that looks interesting. Wardriving, if you don't know, is the practice of driving around with a laptop and powerful antenna (and maybe a global positioning system device) and eavesdropping on or merely using wireless networks that don't belong to you. After the recent news of a Florida man arrested for wardriving, this is likely to be a packed session. I may also tag along on Sunday with a group of hackers as they engage in one of several scheduled wardriving competitions.

So, stick with me next week and we'll have some interesting geeks-n-freaks stuff to look at, in addition to some actual security "news" that may get announced at the conferences. We may even try to do at least one Web chat from Vegas, so don't be shy about posting questions.

Are you planning to be out at Defcon or Black Hat or both?  Got any tips for me on people to meet or sessions to attend?  Use the comments section below to tell me all about it.

By Brian Krebs  |  July 21, 2005; 1:55 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Mozilla Issues Another Update
Next: Scary Advice for the Vegas Trip


Please get your facts straight, wardriving has nothing to do with "eavesdropping on or merely using wireless networks that don't belong to you", it's the detecting and maybe logging the position of said network, nothing to do with hacking or using it. It's people like you that are misinforming people and giving wardriving a bad name.

Posted by: Chris | July 25, 2005 3:16 PM | Report abuse

so you're saying people don't drive around and use other peoples' wifi networks? or are you just saying YOU don't consider that war driving b/c you don't do connect? i bet you smoked pot once but didn't inhale either.

fact is, if you're driving around with a laptop open, or even sit on a park bench these days, if your computer has a wifi card built in - and most do these days - you're probably hooking up to someone's wifi network without even doing anything other than opening the lid of your laptop.

you can argue about whether or not it is legal to then browse the web after you've been given an IP address by the open wifi network, but after all...the hardware is merely functioning as it was designed.

btw, what do you think people do with all the pretty maps so-called "legitimate" war drivers put up on the Web for everyone to see? Well, duh. They use them as a map to find out where they can get free wifi.

Posted by: Right.... | July 25, 2005 4:24 PM | Report abuse

First off, he did not say anything of the like. Secondly these maps don't help too much especially if you live anywhere that has a population above 1 due to the sheer deployment of wifi throughout the world. I've gone through small farming towns in Western Canada that only had 1 or 2 streets, and in many of them every 2nd or 3rd house seemed to have wifi deployed.

As for Brian, the war driving session is one that you should not miss, as it sounds like you don't fully understand what the term means, nor the guidelines there are that war drivers follow.

Posted by: John | July 25, 2005 11:28 PM | Report abuse

Brian it seems that you could have some gray matter between your ears unlike alot of your media counterparts. I hope you get alot out of the "Hackers and the Media- Misconceptions and Critical Tools to Combat Them" session. Too many times benign technology oriented activities are used sononmously with criminal activities. You unfortunately are a victim also. We all know there are good hackers and bad hackers as well as good wardrivers and bad wardrivers. However the media has failed to diferentiate this and instead falsely uses the term wardriver or hacker when the really should be using the term criminal when reporting on someone who has crossed over the line. Being an active wardriver I take offense at your definition when clearly you never read the linked wikipedia definition. Wardrivers do not connect to any wireless AP for which they don't have permission. If they do then they are no longer a wardriver, but a criminal. The two are mutually exclusive.

The guy in Florida was not a wardriver he was a pathetic criminal sitting in his car stealing bandwidth.

Posted by: A wardriver and tinkerer | July 26, 2005 8:17 AM | Report abuse


Posted by: Anonymous | March 24, 2006 12:14 PM | Report abuse


Posted by: Anonymous | March 27, 2006 9:27 PM | Report abuse

Your site is realy very interesting.

Posted by: Online casino | April 14, 2006 8:58 PM | Report abuse


Posted by: Anonymous | April 18, 2006 7:41 AM | Report abuse


Posted by: Anonymous | May 5, 2006 10:38 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company