Security Tips for Black Hat and DEFCON Attendees

Being a little paranoid when it comes to computer security is a good thing. When you travel to a security event like Black Hat and, in particular, DEFCON, that level of paranoia should be turned up a few notches. I’ll unfortunately miss both events again this year, but my colleagues at McAfee and McAfee Labs will certainly attend and they’ve pulled together some security tips for using computers at Black Hat and DEFCON, which take place in Las Vegas this week.

Take these tips to heart, especially because there’s a hostile situation right now in the security space with the Windows shortcut zero day threat that has been exploited to attack SCADA systems.  It will be particularly hostile for laptops and other WiFi devices at the events this year, my McAfee Labs colleagues say.

• People are able to create wireless access points that pretend to be your home network. Once a bad guy controls your access point, they are able to control your sessions.  This can lead to rewriting HTML you are browsing to target you to go to sites they control for the intent of installing malware via the recent Windows issue or other drive by downloads.  They may also do SSL downgrade attacks that would force you to go to non ssl versions of sites you normally go to.  This could result in you losing your passwords for Web sites like Hotmail.
• If you use smart phones with WiFi be especially careful. These devices often connect to “known” networks when they see them.  Attackers know this and McAfee anticipates there will be many common networks such as “Linksys” or “home” set up at the hacker events.  If you automatically connect to these networks, you are vulnerable to the whims of the network owner, who might not have your best interests in mind.
• Our best advice is to leave laptops at home, or at least in your room. 
• Turn off WiFi permanently on your phones. 
• If you can, use wired networks in your hotel, as the hotel WiFi is not necessarily safe either. 
• Make sure all of your network connected devices are as up to date as possible on patches and definition files. 
• Turn off “automatically connect to networks” for any WiFi device, and be very cautious about any you connect to, even the supplied conference network.
•  Make sure you are watchful of broken or missing SSL visual cues as downgrade attacks are very subtle. 
• DO NOT PUT ANY USB DRIVE INTO YOUR MACHINE IF YOU DID NOT BRING IT WITH YOU.  This includes if you put it into a friend’s computer, even if you “are just transferring one file”. 
• Watch out for CD’s or downloads for talks (even official ones), as they have been known to contain malware in the past.

Tags: Cybercrime, Endpoint Protection