Every year when I go to Black Hat USA and DEFCON, I am reminded of the constant battle between light and dark…wait…that’s Return of the Jedi…. I mean of the constant battle between infosec and the big bad hacker. And it’s not just the uber sophisticated hacks that involve fuzzing and SQL Injections (Am I showing my age there?) or any of the other really cool APT-level stuff.

As I walked around the floor at DEFCON, I realized that a huge amount of effort is not just spent in cyberspace but in meat space, as well. There is a very popular part of the Con called Lockpick Village where you can pick up a decent set of lock picks for less than a hundred bucks and sit around with several dozen of your new best friends as you learn how to pick various types of locks.

DEFCON 1 Black Hat

At this year’s Lockpick Village, there was a presenter who even talked about how you can try to duplicate a key from a photograph. The presentation came complete with slides containing images taken of a janitor with a set of keys dangling from his belt.

DEFCON2 Black hat

Another popular spot at DEFCON is Social Engineering Village where people are put into a soundproof booth with a phone and their research as part of a contest. They are given a target to call and try to get as much information as they can, up to and including usernames and passwords.

In the vendor hall, you can buy all sorts of tools to help you exploit the masses. Wi-Fi Pineapples that allow you to spoof well known hot spots to try and steal credentials, RFID cloning kits, bump keys…the list goes on and on.

Getting back to the realm of cybersecurity, there were areas dedicated to (Read more...)