This week, a few CloudMiners are heading to Las Vegas for the 23rd edition of DEFCON, one of the leading hacker conferences in the world. Now, this isn't your typical tech conference full of million dollar exhibition booths, corporate sponsorships and "thought leadership" talks. DEFCON is a raw, gritty, down to earth gathering that's more like a giant playground for hackers and people with rolled-up sleeves who live and breathe behind their terminals. Information security professionals, federal agents focused on cybersecurity, and black hat hackers all make their appearances and play their role in one of the wildest hacker events of the year. The conference was founded on, and is still dedicated to, transferring knowledge, research and ideas that relate to securing technology in the digital age.
For CloudMine's representatives, admittedly a bunch of DEFCON n00bs, this event will be many things. First and foremost it will allow us to get further immersed in InfoSec and the world of privacy, security, and networked systems. We've been practitioners for years, both personally and professionally, but taking time to explore new ideas and learn from leading security experts (aka the most elite of hackers) in real world settings will allow us to better protect the customers and sensitive data stores we've built a business around serving. Furthermore this event will be a way for our team to dive deeper into all the vulnerabilities, exploits and hacks that are increasingly showing up in headlines now that software is truly eating the world. From Sony Pictures to Jeep to the United States Government, everything is getting hacked, and only those who are pushing the bounds of technological security will be able to stay ahead of the crippling opportunities for black hats and malicious people, governments and/or organizations to steal life-altering data.
Mostly, though, this event will be an incredible outlet for our leading security-minded technologists to explore, connect, and learn more about their passion for navigating the systems, pipes and digital connections we're building and talking about every day. It will be an all out immersion in to the world of cyber security and privacy, of which the outcome will be increased awareness and protection for ourselves, our customers, and our futuristic digital lives.
As we prepare to attend an event where everyone is literally trying to hack everyone else, we've pulled together a list of ways to secure your systems and prepare for DEFCON. We've broken down the list into two sections: one includes basic security features which you should be implementing in your daily, non-hacker-conference life, and another which is above and beyond, and is applies to ultra-sensitive security settings.
The best thing one can do to prevent massive fallout from hacks, breaches and data leaks is to be aware of vulnerabilities, take appropriate precautions to protect sensitive systems, and have a plan for if (when) your systems are compromised.
YOU SHOULD BE DOING THIS ANYWAY:
Encrypt your laptop (FileVault)
Use a VPN when not connected to your own Wi-Fi networks
Force encrypted web connections (HTTPS Everywhere)
Setup and enable firewall (Native OSX firewall, Little Snitch, etc)
Disable Wi-Fi network auto-joining
NEVER join random, unknown Wi-Fi networks (even when they're called Verizon Free Wi-Fi)
Update & patch all software (OS, browser, firewall, VPN, plugins, etc)
Don't plug in random USB keys, CD-ROMs, etc
Back up any technology you're taking with you (Laptop, tablet, smartphone)
NEW SECURITY & PRIVACY PRACTICES FOR DEFCON:
Use a secondary personal device as a "burner" phone: We're using gchat and gvoice with fresh throwaway accounts to keep in touch. Given the recent Android exploits we are using Ubuntu Touch with disk encryption.
Clear cookies, cache & all browser information across devices
Install Kali Linux on USB key for workshops, security, etc
Disable Wi-Fi and Bluetooth capabilities
Order a USB to ethernet connector
Withdraw cash from bank/ATM prior to landing in Las Vegas
Get your bitcoin wallet in order and loaded with coin
Order RFID blocking case for passport, credit cards, room key, cell phone, etc
Buy/Take portable charging pack so you don't plug your device in to any unknown ports
We're looking forward to a weekend of knowledge transfer, intellectual conversations, and bonding with other folks in to InfoSec, hacking and cyber networks. If you're in Las Vegas for the event, feel free to ping us on Twitter @CloudMine!