The two largest computer security conferences are coming up! The Black Hat Briefings (frequently referred to simply as
Blackhat) and
Defcon are at the end of the month. If you've never gone and have an interest in computer security, then consider going this year or plan for next year. I learn more from three days of chatting with people in the hallways at Defcon than I do from a year of reading forums and news postings.
Blackhat has a more professional aura. The audience are generally well-behaved, professional, and very interested in the presentations. A few people even wear suits!
In contrast, Defcon is commonly called the after-party. It is billed as the world's largest underground security conference. But with nearly 10,000 people in attendance, is it really "underground"? T-shirts, shorts or jeans, and a very informal environment is the norm.
All Blackhat attendees get free admission to Defcon, and many of the Blackhat speakers also present the same material at Defcon.
Changing Reputations
In the early days, Defcon was a smaller conference and had a very different atmosphere. It was a neutral place where good guys (whitehats) and bad guys (blackhats) could mingle and meet-your-enemy. Due to the large number of anarchists that attended the conference, Defcon got a reputation for destruction. However, Defcon 9 was really the last of the destructive years. Last year (Defcon 17) was really pretty tame. Sure, a few idiots got arrested while they were trying to
bungee jump off the roof, but the crowd is really pretty tame today.
And "crowd" is an understatement. With between 8,000 and 10,000 attendees, the hallways at Defcon are totally packed. In the good old days, you could get into any talk you wanted. (Even if it meant sitting in a steaming tent on a roof.) Today, the rooms are air-conditioned, but the rooms are so packed that you should plan on attending every-other talk.
Today, there are very few truly destructive people at Defcon. Where did the anarchists go? Defcon increase the entrance fee and the anarchists stopped coming. Today, it is $140 for all three days. You will likely spend more per day on a hotel room and food in Vegas than on Defcon's admission free.
At Defcon 9 (the first year I attended), the crowd was evenly divided among three types of people. There were whitehats that varied from law enforcement to corporate security professionals and academic researchers, true blackhat evil hackers, and feds who were trying to inventory the other two groups.
Each year, there are fewer and fewer blackhats who attend. (I suspect that it is the feds who scare them off.) Last year I recognized a total of two (2) true blackhat hackers. Everyone else was corporate, academic, or fed. As Omar the cabbie once told me, "feds rent cars and don't take taxis." So spotting a fed in the parking lot is pretty easy. The joke for the last couple of years has been around the "Spot the Fed" game. With so many government and law enforcement people in attendance, they should really change the name to "Spot the Hacker". (The
Meet the Fed panel has a game they play: Spot the Lamer.)
Spotting Hackers by the Book
I've decided to do something new this year... I'm going to Defcon and will be giving away 10 copies of my new book,
Ubuntu: Powerful Hacks and Customizations. To get the free book, you'll need to:
- Find me. I'm short and look like a computer geek. (I blend in well...) But I always wear my "Hacker Factor" cap and will be carrying a bunch of books!
- Mention that you read this on my blog.
- After getting the book: if you like the book, mention it on Twitter or in your blog.
- To show that hackers are everywhere, take at least 3 photos of people (or yourself) reading the book around Vegas. If you are in a cab, snap a picture of the cabbie reading the book. Riding a roller coaster at New York? How about a photo of you reading it upside down! Eating at a restaurant? Get a picture of yourself ordering from the book instead of a menu.
Each book will have a small instruction sheet with the two rules (blog/tweet it and take three photos) and an email address for sending your photos. I'll put the photos up on a web page.
I won't be giving away all of the books at once. However, 10 books are heavy, so they will be given away pretty quickly. Probably 3 books on Thursday and the rest on Friday. (I'm also not opposed to bribes.)
