In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For example, attendees have the opportunity to participate in a lot of contests run over the weekend, including various capture the flags events. One, in particular, caught my eye because I wrote a post about this a few years ago; it was called “Hospital Under Siege.” In this contest, security professionals are tasked with locating and rooting out the bad guys who have taken over various medical devices in a simulated hospital in order to disrupt patient care. Such contests are extremely relevant today considering that hospitals continue to be an easy target for hackers.

Then there are the presentations themselves. “Duplicating Restricted Mechanical Keys” of course caught my attention due to my fascination with lock picking. (Your locks, by the way, are not as secure as you might imagine….) I also attended a presentation by a teen fresh out of high school in which he discussed how he was able to exploit weaknesses in various educational software providers to gain access (and potentially change grades) to student information.

One that hit close to home at DEFCON this year was “MOSE: Using Configuration Management For Evil.” This was a discussion of tools used to provision software and of how MOSE can leverage these tools to distribute their own malicious payloads. Given that these tools have the keys to the kingdom, so to speak, the potential for damage is enormous.

Ron Wyden, U.S. Senator for the State of Oregon, was in town to deliver a speech on the privacy abuses and failures of the telecom (Read more...)