Skip to content
Permalink
Browse files

Finish blog post

  • Loading branch information...
Skraelingjar committed Aug 30, 2019
1 parent 9df2784 commit b3bca384de2437e8f3db87065e1578dcb5c3ebfe
Showing with 20 additions and 6 deletions.
  1. +20 −6 content/blog/attending-defcon-27.md
@@ -1,7 +1,7 @@
---
title: "Untitled"
date: 2019-08-21T08:36:00-07:00
draft: true
title: "There is not enough time to see everything at DEFCON"
date: 2019-08-30T08:46:00-07:00
draft: false
cover: "defcon27.png"
author:
name: "Josh Bowen"
@@ -25,9 +25,23 @@ on the badge's inner workings. I can't wait to go back next year.

I spent most of my time this year attending various talks and presentations that covered a huge range of topics. One that stood out was "The TOR Censorship Arms Race: The Next Chapter" where a
member of the Tor project spoke about how various governments tried to identify Tor users, deny them access, and how they constantly work to keep their users anonymous. Another pair of outstanding
talks were from US Senator Ron Wyden (Oregon) "Can you track me now? Why The Phone Companies Are Such a Privacy Disaster" and "How To Buy ... Real-Time Location Data On The Black Market" by Joseph Cox.
talks were "Can you track me now? Why The Phone Companies Are Such a Privacy Disaster" by US Senator Ron Wyden (Oregon) and "How To Buy ... Real-Time Location Data On The Black Market" by Joseph Cox.
Both address problems that are (finally) of growing concern to the public. To distill them both down into one message; we carry around these devices in our pockets all the time and even without
listening to us, the location and metadata collected by service providers can tell a lot, government officials have been quoted saying "we kill people based on metadata". We, the public, need to hold
listening to us, the location and metadata collected by service providers can tell a lot about our lives. Government officials have been quoted saying "we kill people based on metadata". We, the public, need to hold
service providers and the government accountable for how they collect, store, share, and act on that information. This is not a new story but for some reason we have yet to act.
The talk that had the most impact for me was "Information Security In The Public Interest" by Bruce Schneier. He spoke about a need for trained security professionals to work with government, non-profits,
advocacy groups, and elsewhere to help shape policy and public awareness of technology.

The talk that had the most impact for me was "Information Security In The Public Interest" by Bruce Schneier.
One of my favorite talks was Douglas McKee and Mark Bereza's "HVACing: Understand the difference between security and reality!" They used BACnet, a standard protocol for building controller networks,
to send enough packets to crash a device and create write-what-where conditions. From there they wrote to memory and used a known attack style to gain a reverse shell. Once on the device they were able to
run persistent code to discover and monitor all devices connected to the network and self-wipe to the origional state to avoid detection. Their team found that there are hundreds of these devices exposed
to the internet worldwide. Any of those devices using the default credentials could be hacked remotely. Just imagining the impact of a remote attacker controlling the HVAC or other build systems, especially
where technology or goods are temperature sensitive, is crazy.

## Villages

One of the highlights of the conference was getting my amateur radio license with the help of some awesome volunteers at the HAM Village. It is something I have wanted to do for a while but hadn't
had the opportunity to do. They also had a couple cool displays and next year I plan on participating in the fox hunt (finding hidden transmitters). Unfortunately I didn't have time to get involved in
any of the other villages but I'm looking forward to spending time at the lockpicking, recon, and packet hacking villages.

I wish I had more time to explore, talk with people, participate in more activities, and check out the demos. Next time, I guess.

0 comments on commit b3bca38

Please sign in to comment.
You can’t perform that action at this time.