2010-07-27

Really, Verisign?

Verisign's latest snail mail spam included a Verisign-branded USB drive with information on their new SSL Certificate features. The package was heavily loaded with all kinds of "Trust" rhetoric. At the request of the guy who officially got it, I threw it into my Macbook to take a look at it. It wasn't on any network and it's not prone to any known vulnerabilities that might allow something to run directly from the USB without any interaction (unlike Windows)


Really, Verisign? REALLY?

Autorun, Verisign? Really? AND Lame Adobe Flash? You honestly expect us to TRUST this kind of crap? To add insult to injury, the USB drive itself is only 64MB. You can't even install BackTrack on it or otherwise put it to any productive use.

2010-07-23

(Def) #ConSurvival

There's a pretty good discussion going on Twitter about "surviving" DefCon and Black Hat, which are both coming up very quickly. Sadly, I won't make it out there this year. Asmodian X gets in Wednesday night, though. You should try to catch up with him.


It seems that every year, people say "don't bring your laptop / cell phone / PDA / etc..." but that's not really a big deal. In 2008, I posted about this same phenomenon on the ramp-up to DefCon 16. The same advice holds. You should be doing this stuff every single day, not just before you enter the hornet's nest that is DefCon.
  1. Back up your data
  2. Don't store sensitive stuff unencrypted
  3. Keep your software up to date
  4. Use good passwords
Last year, my Evil Wifi rig caught more than 100 unsuspecting attendees on the first day and gathered about 1,000 valid session cookies from sites like Facebook, Twitter, Google, Yahoo, Amazon, MSN and LinkedIn. It's a good idea to tunnel everything while you're at DefCon.

To do this, I set up both ingress and egress filtering in my firewall policy. Nothing gets in, and only tunneled traffic gets out. I also take this a step further by disabling my wireless and sticking to my tethered Internet connection. You may wish to use a broadband wireless adapter. I probably wouldn't trust a MiFi-type device unless it can connect over USB with the 802.11 disabled. It's not perfect, but you'll be better protected than most people there.

Other, less-technical pieces of sound advice being echoed:
  • If you have the opportunity to go have coffee, breakfast, lunch, dinner, drinks with someone: take it. It doesn't matter how cool the talk is that you were looking forward to seeing, all the content will be on the web soon. Don't pass up the good networking opportunities.
  • Take care of yourself. Try to eat healthy, take a shower, wear deodorant, brush your teeth and get at least a few hours of sleep each day. And wear sunscreen if you're outside. You don't want to come home a sunburnt, smelly, grimy tired zombie.
  • Make it to B-Sides for at least a bit.
  • Make sure you keep some room in your luggage for schwag, t-shirts and contest prizes.
  • Go to a bank lobby if you need to use an ATM.
  • Check out the rest...