It’s conference season in the cybersecurity world with the Black Hat and Defcon events next week, filling Vegas full of hackers trying to pwn and one-up each other. Our team is looking forward to networking and seeing all the new demos, but we also know that these conferences can be dangerous for even the most savvy users. I made this briefing for our team headed to Vegas and I thought it would be useful to share with our friends who might be attending these or other security events.
10 tips to stay safe at security events (and on the plane)
- Make sure your OS and software are up to date!
Especially for you iPhone guys and gals, a new iOS update has come out this week to combat a security issue that you need to address before coming anywhere NEAR Vegas. Interestingly, there will be a talk at BH about this vulnerability (CVE-2017-9417).
- Make sure you delete all of the no auth Wi-Fi hot spots stored in your phones and computers before going to the conferences next week. It’s the easiest way to pop boxes and steal user creds at BH/DC.
• If you are on OS X, go to Settings > Networks > Wi-Fi > Advanced… Then delete all of your stored networks if they are not labeled WPA/WPA2.
• If you are on Windows 10, go to the network icon on the lower right corner of your screen > Network settings > Manage Wi-Fisettings > Manage known networks > click the network you want to delete > click Forget.
- Don’t connect to Wi-Fi hotspots in Vegas unless you 100% trust it. Defcon and Black Hat provide WPA enterprise networks which are relatively safe.
- If you want to be sure, use your hotspot. I typically only use my phone’s hotspot for internet connections with a USB cable connection when attending conferences.
- There will be people sniffing Wi-Fi on your flight to Vegas… don’t use the airlines Wi-Fi during your trip.
- If you have to connect to Wi-Fi, make sure to use VPN.
- Turn off Wi-Fi & bluetooth on your phones.
- Turn off Wi-Fi & bluetooth on your computers unless you are using it.
- Turn on disk encryption. You should always have Filevault turned on with your Mac anyway.
• If you are on OS X, go to Settings > Security & Privacy > Filevault and enable it
• If you are on Windows 10, follow this guide to using BitLocker Drive Encryption.
- Turn on your firewalls.
• If you are on OS X, go to Settings > Security & Privacy > Firewall and enable it
• If you are on Windows 10, open the Control Panel > click on System and Security > Windows Firewall > turn Windows Firewall on or off > in Customize Settings, select Turn on Windows Firewall and click OK.
Finally, for the intelligence agents attending, Black Hat is a treasure trove of compromise opportunities and a great beta test of their latest snooping technologies. For the truly paranoid, take only disposable devices (prepaid phones, Amazon tablets, …) and physically destroy them upon your return.
What are your favorite tips to stay safe at conferences? Tweet us @ZiftenInc to join the conversation!
Stay safe out there, and hope to see you at Black Hat next week. We’ll be waiting in booth 132.