1 00:00:04,160 --> 00:00:07,520 Speaker 1: Get in texts with technology with tex Stuff from stuff 2 00:00:07,520 --> 00:00:14,120 Speaker 1: works dot com. Hey there, and welcome to tex Stuff. 3 00:00:14,160 --> 00:00:17,480 Speaker 1: I'm your host, senior writer, Jonathan Strickland. I worked for 4 00:00:17,560 --> 00:00:21,120 Speaker 1: how stuff works dot com been recording text stuff since 5 00:00:21,280 --> 00:00:25,080 Speaker 1: two thousand eight, and I cannot believe that I've gone 6 00:00:25,200 --> 00:00:29,480 Speaker 1: that long without covering this next topic. I'm talking about 7 00:00:30,080 --> 00:00:33,680 Speaker 1: def Con. It's a really interesting subject. I've touched on 8 00:00:33,720 --> 00:00:35,600 Speaker 1: it once or twice in the past, and I've talked 9 00:00:35,600 --> 00:00:38,760 Speaker 1: to people who have presented at def Con or attended 10 00:00:38,840 --> 00:00:42,400 Speaker 1: def Con. I personally have never been to one, but 11 00:00:42,479 --> 00:00:44,479 Speaker 1: I felt like now was the time. It would be 12 00:00:44,520 --> 00:00:46,400 Speaker 1: really cool to take a look at a conference filled 13 00:00:46,440 --> 00:00:50,600 Speaker 1: with people who know all about bypassing security and getting 14 00:00:50,640 --> 00:00:55,400 Speaker 1: to all of your precious secrets. These are hackers and 15 00:00:55,480 --> 00:01:00,120 Speaker 1: security experts who can identify vulnerabilities and weak implementations and 16 00:01:00,160 --> 00:01:03,200 Speaker 1: then exploit them. It's a conference where if you're not careful, 17 00:01:03,560 --> 00:01:07,200 Speaker 1: you'll be publicly mocked for your poor security protocols. And 18 00:01:07,240 --> 00:01:11,000 Speaker 1: it's called def Con. Jeff Moss, who is a hacker 19 00:01:11,040 --> 00:01:14,600 Speaker 1: who used the handle the dark Tangent, founded the conference 20 00:01:14,600 --> 00:01:19,720 Speaker 1: back in Moss operates some bulletin board systems or bbs 21 00:01:19,840 --> 00:01:22,759 Speaker 1: is back in the early nineties on Phyto networks, and 22 00:01:22,800 --> 00:01:25,520 Speaker 1: you may have my brother has forgotten what these bbs 23 00:01:25,640 --> 00:01:28,360 Speaker 1: is would like. Things changing so scoring nowadays and people 24 00:01:28,440 --> 00:01:30,760 Speaker 1: quick to forget, So I thought maybe we should go 25 00:01:30,840 --> 00:01:33,040 Speaker 1: back and talk about what the heck is a bulletin 26 00:01:33,080 --> 00:01:36,840 Speaker 1: board system? What is phto net well, A bulletin board 27 00:01:36,880 --> 00:01:40,160 Speaker 1: system is a pretty simple concept. You have a host 28 00:01:40,240 --> 00:01:44,200 Speaker 1: computer running some special software, and that software sets aside 29 00:01:44,240 --> 00:01:48,320 Speaker 1: certain assets for the bulletin board system or BBS, such 30 00:01:48,320 --> 00:01:53,600 Speaker 1: as hard drive storage space and maybe uh filing system 31 00:01:53,640 --> 00:01:56,720 Speaker 1: of some sort of navigation system, a user interface, if 32 00:01:56,720 --> 00:02:00,760 Speaker 1: you will, and this would typically include this message board system. 33 00:02:00,760 --> 00:02:05,200 Speaker 1: It allows participants to communicate with each other, typically asynchronously, 34 00:02:05,920 --> 00:02:07,920 Speaker 1: which means that you could leave a message and then 35 00:02:07,960 --> 00:02:09,919 Speaker 1: the next time someone checks in they could read their 36 00:02:09,919 --> 00:02:12,880 Speaker 1: messages respond to them. The next time you check in 37 00:02:12,960 --> 00:02:16,520 Speaker 1: you could see the responses, very similar to email um 38 00:02:16,800 --> 00:02:20,320 Speaker 1: and many bbs is would only allow one person to 39 00:02:20,400 --> 00:02:23,200 Speaker 1: connect to the bbs at a time because you actually 40 00:02:23,240 --> 00:02:26,680 Speaker 1: were using dial up modems in those days. So you 41 00:02:27,000 --> 00:02:29,240 Speaker 1: hook up a dial up modem to your computer, it 42 00:02:29,280 --> 00:02:33,160 Speaker 1: would call out a number using the telephone system. The 43 00:02:33,280 --> 00:02:37,000 Speaker 1: plain old telephone system or pots, if you will, and 44 00:02:37,360 --> 00:02:41,360 Speaker 1: that would dial up the host computer's modem, which would 45 00:02:41,360 --> 00:02:45,200 Speaker 1: then allow you to connect. And some would have the 46 00:02:45,200 --> 00:02:48,400 Speaker 1: capacity for multiple connections, maybe up to three or so, 47 00:02:48,760 --> 00:02:51,000 Speaker 1: but a lot were just single connections and you would 48 00:02:51,480 --> 00:02:53,560 Speaker 1: be you would have to wait if someone was already 49 00:02:53,560 --> 00:02:54,959 Speaker 1: on there, you get a busy signal and you'd have 50 00:02:55,000 --> 00:02:59,400 Speaker 1: to try again later. Uh. Many BBSs would include simple 51 00:02:59,520 --> 00:03:03,079 Speaker 1: games or drives where you could upload or download files 52 00:03:03,120 --> 00:03:06,960 Speaker 1: at incredibly slow speeds. Imagine the Internet if it were 53 00:03:06,960 --> 00:03:09,079 Speaker 1: limited to just the stuff that was on this one 54 00:03:09,080 --> 00:03:13,920 Speaker 1: guy's computer across town. And you kind of get the idea. Now, 55 00:03:13,960 --> 00:03:15,880 Speaker 1: because we're talking about the era of dialot modems, we're 56 00:03:15,880 --> 00:03:18,799 Speaker 1: also talking about time when long distance calls were expensive 57 00:03:19,440 --> 00:03:21,720 Speaker 1: and there was no free long distance in those days 58 00:03:22,040 --> 00:03:25,040 Speaker 1: unless you were getting around the system. But we'll get 59 00:03:25,040 --> 00:03:29,280 Speaker 1: into that. So you're spending money in order to connect 60 00:03:29,280 --> 00:03:32,280 Speaker 1: to anything that's not within your area code. Typically most 61 00:03:32,280 --> 00:03:34,400 Speaker 1: people would just stick to bbs is that we're in 62 00:03:34,680 --> 00:03:37,440 Speaker 1: the area codes that were in the local dialing options 63 00:03:37,480 --> 00:03:40,080 Speaker 1: that they had, and initially that was the only way 64 00:03:40,080 --> 00:03:43,560 Speaker 1: you could check messages on other bbs is you could 65 00:03:44,000 --> 00:03:46,880 Speaker 1: you'd have to call into that BBS. So if you 66 00:03:46,920 --> 00:03:49,720 Speaker 1: have a friend who's three cities over and they're technically 67 00:03:49,720 --> 00:03:52,760 Speaker 1: in long distance range and you want to check any 68 00:03:52,760 --> 00:03:56,200 Speaker 1: messages they were leaving for you on the their local BBS, 69 00:03:56,560 --> 00:03:58,240 Speaker 1: you had to call a long distance or they had 70 00:03:58,240 --> 00:04:01,240 Speaker 1: to do the same for your low gold BBS. There 71 00:04:01,320 --> 00:04:04,880 Speaker 1: wasn't really any inner connectivity in the early days, So 72 00:04:04,960 --> 00:04:07,480 Speaker 1: if your BBS of choice was called I don't know, 73 00:04:07,560 --> 00:04:11,000 Speaker 1: let's say it's moss Eisley Cantina, So yours is moss 74 00:04:11,040 --> 00:04:15,040 Speaker 1: Eiseley Cantina, my BBS of choice is called the Raven, 75 00:04:15,680 --> 00:04:18,000 Speaker 1: we wouldn't be able to leave messages for each other 76 00:04:18,120 --> 00:04:21,680 Speaker 1: unless we were willing to visit the other person's favorite BBS, 77 00:04:21,760 --> 00:04:24,680 Speaker 1: and thus we'd be unable to share our love of 78 00:04:24,680 --> 00:04:28,200 Speaker 1: Harrison Ford, who obviously inspired the names of both of 79 00:04:28,240 --> 00:04:31,960 Speaker 1: those bbs is and bonus points if you know what 80 00:04:32,160 --> 00:04:37,040 Speaker 1: the Raven is. But either way, one of us or 81 00:04:37,120 --> 00:04:39,279 Speaker 1: both of us would have to spend money on a 82 00:04:39,320 --> 00:04:42,400 Speaker 1: long distance call if we wanted to drop a communication 83 00:04:42,480 --> 00:04:45,760 Speaker 1: to the other. But then along came Fido net, and 84 00:04:45,839 --> 00:04:48,120 Speaker 1: this was a network designed in the nineteen eighties to 85 00:04:48,200 --> 00:04:52,280 Speaker 1: allow different BBS is to have exchanges between them. So 86 00:04:52,440 --> 00:04:56,480 Speaker 1: if both the Moss Eiseley Cantina and the Raven connected 87 00:04:56,880 --> 00:05:00,479 Speaker 1: through Fido Net, you could communicate between the two. You 88 00:05:00,520 --> 00:05:03,880 Speaker 1: could leave a message for your friend over at In 89 00:05:03,920 --> 00:05:06,320 Speaker 1: my case, you would leave a message on the Raven 90 00:05:06,360 --> 00:05:09,359 Speaker 1: for me, and the message you left at Moss Eisley 91 00:05:09,440 --> 00:05:12,120 Speaker 1: Cantina would be relayed to the Raven. I could read 92 00:05:12,160 --> 00:05:14,280 Speaker 1: your message. I could then send a message to you 93 00:05:14,320 --> 00:05:16,640 Speaker 1: and it would be relayed to Moss Eisley Cantina and 94 00:05:16,680 --> 00:05:19,400 Speaker 1: you could read it there. So again, very much like email, 95 00:05:20,240 --> 00:05:23,640 Speaker 1: BBS culture allowed people who otherwise would have had problems 96 00:05:23,680 --> 00:05:27,800 Speaker 1: meeting up with folks who shared their similar interests like 97 00:05:28,480 --> 00:05:32,719 Speaker 1: I don't know, let's say hacking, for example, and I 98 00:05:32,720 --> 00:05:36,000 Speaker 1: should probably talk about what hacking actually is now. The 99 00:05:36,080 --> 00:05:40,320 Speaker 1: popular definition of hacking is very narrow and misleading. It 100 00:05:40,360 --> 00:05:44,000 Speaker 1: tends to focus on super negative stuff like breaking into 101 00:05:44,000 --> 00:05:47,440 Speaker 1: secure systems in order to steal stuff or commit sabotage 102 00:05:48,600 --> 00:05:53,400 Speaker 1: or install malware. You know, you're designing viruses and worms 103 00:05:53,400 --> 00:05:57,440 Speaker 1: in order to be some sort of online menace to society. 104 00:05:57,480 --> 00:06:00,200 Speaker 1: But the basic definition of a hacker is just someone 105 00:06:00,200 --> 00:06:02,919 Speaker 1: who wants to know how something works. They want to 106 00:06:03,040 --> 00:06:08,400 Speaker 1: understand a system or a product or software or hardware. 107 00:06:08,440 --> 00:06:09,960 Speaker 1: They just want to know how it works, and then 108 00:06:09,960 --> 00:06:12,359 Speaker 1: how to make changes to it, how to tweak it 109 00:06:12,440 --> 00:06:14,719 Speaker 1: so it does things it wasn't and just you know, 110 00:06:14,800 --> 00:06:18,000 Speaker 1: expected to do it wasn't designed to do. You increase 111 00:06:18,120 --> 00:06:21,560 Speaker 1: its utility by making it do other things, or maybe 112 00:06:21,560 --> 00:06:24,680 Speaker 1: you do things better or often worse, but in an 113 00:06:24,800 --> 00:06:29,400 Speaker 1: entertaining way. So they hack a system up and see 114 00:06:29,400 --> 00:06:31,680 Speaker 1: what makes it tick, and then they put it back together. 115 00:06:31,920 --> 00:06:34,760 Speaker 1: And sometimes they'll hack together code to accomplish something, and 116 00:06:34,760 --> 00:06:36,719 Speaker 1: there's no requirement for that code to be in any 117 00:06:36,720 --> 00:06:40,359 Speaker 1: way malicious or illegal. Hackers might make a program that 118 00:06:40,440 --> 00:06:43,760 Speaker 1: lacks elegance or efficiency, but it gets the job done, 119 00:06:44,160 --> 00:06:46,000 Speaker 1: and the same is true for hackers who work with 120 00:06:46,040 --> 00:06:49,880 Speaker 1: physical gadgets as opposed to just code. They might make 121 00:06:49,960 --> 00:06:52,960 Speaker 1: circuits that do nifty things, though it may be a 122 00:06:53,480 --> 00:06:59,000 Speaker 1: primitive or particularly inelegant approach, refinement can come later. Hacking 123 00:06:59,080 --> 00:07:02,240 Speaker 1: is just can I take this stuff and make it 124 00:07:02,279 --> 00:07:05,200 Speaker 1: do what I wanted to do? So again, it could 125 00:07:05,200 --> 00:07:08,279 Speaker 1: be hardware, it could be software, and there's also some 126 00:07:08,960 --> 00:07:13,560 Speaker 1: social hacking as well. The ability to manipulate people into 127 00:07:13,640 --> 00:07:19,480 Speaker 1: doing things, not necessarily maliciously, though frequently it is uh. 128 00:07:19,640 --> 00:07:22,280 Speaker 1: Sometimes it's just meant as a way of seeing how 129 00:07:22,320 --> 00:07:25,680 Speaker 1: people tick. That's really what hackers are interested in. So 130 00:07:25,800 --> 00:07:28,480 Speaker 1: working for a company like how Stuff Works, we appeal 131 00:07:28,640 --> 00:07:31,960 Speaker 1: to that same sort of sensibility, that sense of curiosity 132 00:07:32,000 --> 00:07:37,240 Speaker 1: that wants to be uh satisfied by learning how the 133 00:07:37,280 --> 00:07:41,160 Speaker 1: world works. Now back to Jeff Moss. He operated a 134 00:07:41,200 --> 00:07:44,400 Speaker 1: few different bulletin board systems on Fido net, and his 135 00:07:44,440 --> 00:07:47,400 Speaker 1: bulletin board systems were part of a larger network of 136 00:07:47,480 --> 00:07:51,000 Speaker 1: people interested in hacking or freaking, which is sort of 137 00:07:51,040 --> 00:07:53,800 Speaker 1: like the telephone system version of hacking. Now. I did 138 00:07:53,800 --> 00:07:56,800 Speaker 1: a full episode about freaking years ago, and you can 139 00:07:56,880 --> 00:07:58,640 Speaker 1: learn all about it, and also about some of the 140 00:07:58,680 --> 00:08:04,240 Speaker 1: famous people who were freaks, like uh Wosniak so Wasniac 141 00:08:04,360 --> 00:08:06,800 Speaker 1: being one of the co founders of Apple back in 142 00:08:06,880 --> 00:08:09,800 Speaker 1: the seventies, was one of the phone freakers. You can 143 00:08:09,840 --> 00:08:13,400 Speaker 1: also learn about Captain Crunch, who used a toy whistle 144 00:08:13,680 --> 00:08:18,080 Speaker 1: found in cereal boxes to help hack the phone systems. 145 00:08:18,600 --> 00:08:21,400 Speaker 1: These were people who were learning how those phone systems 146 00:08:21,440 --> 00:08:24,360 Speaker 1: worked and then how to manipulate them. Whether it was 147 00:08:24,440 --> 00:08:26,960 Speaker 1: to make long distance phone calls for free, or just 148 00:08:27,080 --> 00:08:30,200 Speaker 1: to really figure out how all those network switches worked 149 00:08:30,360 --> 00:08:32,920 Speaker 1: because it was interesting and not a lot of material 150 00:08:33,080 --> 00:08:38,959 Speaker 1: was available publicly for people to look into. Uh Well, 151 00:08:39,360 --> 00:08:42,320 Speaker 1: there were also people who were interested in just sharing information. 152 00:08:42,480 --> 00:08:45,360 Speaker 1: They had access to information that they thought other people 153 00:08:45,400 --> 00:08:47,880 Speaker 1: needed access to, and so they would use bolton board 154 00:08:47,880 --> 00:08:52,520 Speaker 1: systems to disseminate that information to other folks. His BBS is, 155 00:08:52,800 --> 00:08:55,559 Speaker 1: that is, Jeff Mosses BBS is connected to other systems 156 00:08:55,600 --> 00:08:59,760 Speaker 1: located around the world through this network. Now, Mosses bb 157 00:09:00,080 --> 00:09:02,360 Speaker 1: as were popular and he started to function as sort 158 00:09:02,400 --> 00:09:06,439 Speaker 1: of the centralized hub for many of these other BBS platforms, 159 00:09:06,800 --> 00:09:11,719 Speaker 1: including platforms like hacknet, freak Net, and platinum Net. There 160 00:09:11,720 --> 00:09:16,320 Speaker 1: were eleven in total that used his BBS as sort 161 00:09:16,320 --> 00:09:21,160 Speaker 1: of a connecting point, and platinum Net out of Canada 162 00:09:21,400 --> 00:09:25,680 Speaker 1: had a request for moss or more specifically, the administrator 163 00:09:25,960 --> 00:09:28,880 Speaker 1: of the BBS platinum Net, which was located in Canada, 164 00:09:29,440 --> 00:09:32,560 Speaker 1: was asking moss for a favor. The operator of that 165 00:09:32,640 --> 00:09:36,160 Speaker 1: BBS was going to go offline because quote his dad 166 00:09:36,200 --> 00:09:38,960 Speaker 1: got a better job in the quote. So this was 167 00:09:39,040 --> 00:09:42,440 Speaker 1: someone who is fairly young. One can presume living with 168 00:09:42,520 --> 00:09:46,160 Speaker 1: his dad and that he was soon going to lose 169 00:09:46,480 --> 00:09:49,720 Speaker 1: access to the computer they were using, the phone line 170 00:09:49,720 --> 00:09:53,760 Speaker 1: they were using because they were going to relocate. And 171 00:09:53,800 --> 00:09:55,640 Speaker 1: this is where we remember there were a lot of 172 00:09:55,720 --> 00:09:58,760 Speaker 1: young folks really interested in the way computers and complicated 173 00:09:58,800 --> 00:10:01,640 Speaker 1: systems worked, and the operator of Platinum Net was hoping 174 00:10:01,679 --> 00:10:05,480 Speaker 1: that Jeff Moss would be able to organize a big bash, 175 00:10:05,640 --> 00:10:09,000 Speaker 1: a big going away party for Platinum Net. Because Jeff 176 00:10:09,040 --> 00:10:12,199 Speaker 1: Moss again was operating this sort of centralized hub and 177 00:10:12,480 --> 00:10:15,560 Speaker 1: Moss was in the United States, whereas this guy was 178 00:10:15,600 --> 00:10:22,479 Speaker 1: in Canada. So most of the members of these networks 179 00:10:22,520 --> 00:10:25,040 Speaker 1: that we're using these bbs is happened to be in 180 00:10:25,120 --> 00:10:27,959 Speaker 1: the US. That's why Platinum Net really wanted Jeff Moss 181 00:10:28,000 --> 00:10:30,840 Speaker 1: to organize this, because he wanted as many of his 182 00:10:30,920 --> 00:10:32,679 Speaker 1: friends to be able to go as possible, and it 183 00:10:32,720 --> 00:10:35,560 Speaker 1: would be difficult to organize a party in the United 184 00:10:35,559 --> 00:10:40,000 Speaker 1: States while you are actually in Canada. Now, Moss had 185 00:10:40,000 --> 00:10:42,400 Speaker 1: talked to Platinum nets administrator. And by the way, the 186 00:10:42,440 --> 00:10:44,720 Speaker 1: reason why I'm not using any names here is because 187 00:10:45,040 --> 00:10:47,800 Speaker 1: Moss himself says he forgot the name of the kid 188 00:10:48,520 --> 00:10:51,880 Speaker 1: from so many years ago. He's forgot what the kid's 189 00:10:51,920 --> 00:10:54,320 Speaker 1: name was. So Moss decided that the best place to 190 00:10:54,400 --> 00:10:57,880 Speaker 1: locate the party would be Las Vegas, Nevada, for a 191 00:10:57,880 --> 00:11:00,600 Speaker 1: couple of different reasons. For one, he had never been 192 00:11:00,640 --> 00:11:03,360 Speaker 1: to Vegas, so he was kind of curious. He's like, 193 00:11:03,360 --> 00:11:05,400 Speaker 1: why don't we have the party in Vegas? And he 194 00:11:05,440 --> 00:11:08,400 Speaker 1: felt that the party if it fell apart, if it 195 00:11:08,440 --> 00:11:11,360 Speaker 1: was a bust and no one showed up, worst case scenario, 196 00:11:11,679 --> 00:11:14,559 Speaker 1: he'd be sitting by a pool drinking a Pinia Colada 197 00:11:14,640 --> 00:11:17,520 Speaker 1: in Las Vegas, Nevada. So he saw it as a 198 00:11:17,520 --> 00:11:22,000 Speaker 1: win win, and that's when things took a turn. So 199 00:11:22,280 --> 00:11:28,040 Speaker 1: platinum Net disappeared, the administrator that is of the BBS disappeared, 200 00:11:28,080 --> 00:11:32,480 Speaker 1: the BBS itself went offline. Apparently his father took the 201 00:11:32,640 --> 00:11:36,760 Speaker 1: job earlier than was expected, and Platinum Net went dark. 202 00:11:37,360 --> 00:11:40,400 Speaker 1: So Moss had already begun preparations for this great, big 203 00:11:40,440 --> 00:11:43,240 Speaker 1: party in Las Vegas, and people were already expecting a 204 00:11:43,240 --> 00:11:46,800 Speaker 1: big shin dig. So Moss was left, as he said, 205 00:11:47,559 --> 00:11:53,040 Speaker 1: holding the bag. He decided that instead of canceling it 206 00:11:53,320 --> 00:11:56,360 Speaker 1: or making excuses, he would actually turn it up a notch. 207 00:11:56,559 --> 00:12:01,079 Speaker 1: He decided to invite everyone across the eleven networks that 208 00:12:01,120 --> 00:12:04,960 Speaker 1: were connected to his BBS, and then he got on 209 00:12:05,040 --> 00:12:08,080 Speaker 1: I r C also known as Internet Relay Chat and 210 00:12:08,160 --> 00:12:12,720 Speaker 1: posted to Pound hack and Pound freak or if you prefer, 211 00:12:12,840 --> 00:12:16,280 Speaker 1: hashtag hack and hashtag freak in these days, and those 212 00:12:16,280 --> 00:12:19,480 Speaker 1: are chat rooms. IRC uses the hashtag or pound symbol 213 00:12:19,520 --> 00:12:22,360 Speaker 1: to designate different chat rooms. Back in the day, there 214 00:12:22,400 --> 00:12:25,520 Speaker 1: was only one hack chat room and only one freak 215 00:12:25,640 --> 00:12:28,720 Speaker 1: chat room, and he posted about the party there. Essentially, 216 00:12:29,240 --> 00:12:33,520 Speaker 1: he was opening it up to everybody. He also says 217 00:12:33,600 --> 00:12:36,000 Speaker 1: that he sent faxes out to tons of different people 218 00:12:36,040 --> 00:12:41,959 Speaker 1: and organizations, including law enforcement agencies, agencies like the FBI 219 00:12:42,040 --> 00:12:44,640 Speaker 1: and the Secret Service, and he said, we're gonna have 220 00:12:44,679 --> 00:12:47,480 Speaker 1: a big hacking conference in Las Vegas. Now. Later on, 221 00:12:47,520 --> 00:12:49,720 Speaker 1: he said he knew information about the gathering was gonna 222 00:12:49,720 --> 00:12:52,199 Speaker 1: get out anyway. It was going to become public, so 223 00:12:52,400 --> 00:12:54,360 Speaker 1: he might as well get in front of it and 224 00:12:54,440 --> 00:12:57,000 Speaker 1: let people know ahead of time, rather than make it 225 00:12:57,040 --> 00:12:59,440 Speaker 1: seem like he's trying to be secretive and that perhaps 226 00:12:59,520 --> 00:13:01,320 Speaker 1: these people are up to no good. He wanted to 227 00:13:01,360 --> 00:13:02,839 Speaker 1: get in front of that and say no, no, no, 228 00:13:03,559 --> 00:13:06,839 Speaker 1: we're getting together to have a party. Yes, we're all folks. 229 00:13:06,800 --> 00:13:11,480 Speaker 1: Who are interested in information security, but we're not clandestinely 230 00:13:11,559 --> 00:13:15,520 Speaker 1: trying to take down the government or something. And now 231 00:13:15,520 --> 00:13:18,640 Speaker 1: he had to call the party something, and he was 232 00:13:18,720 --> 00:13:22,360 Speaker 1: thinking about different names and ultimately decided upon def Con 233 00:13:23,200 --> 00:13:26,840 Speaker 1: D E, F C O N. Now, in military speak, 234 00:13:27,280 --> 00:13:31,439 Speaker 1: def con as an acronym stands for defense readiness condition, 235 00:13:31,520 --> 00:13:34,640 Speaker 1: and it's generally followed by a number. And here's how 236 00:13:34,640 --> 00:13:37,480 Speaker 1: the scale breaks down. If you've ever heard about def 237 00:13:37,480 --> 00:13:40,000 Speaker 1: con followed by number, this is what it means. Def 238 00:13:40,080 --> 00:13:45,000 Speaker 1: Con five is normal peacetime readiness, meaning you are not 239 00:13:45,240 --> 00:13:48,080 Speaker 1: on high alert in any way, shape or form. Def 240 00:13:48,160 --> 00:13:53,160 Speaker 1: Con four is normal increased intelligence and strengthened security measures, 241 00:13:53,720 --> 00:13:57,360 Speaker 1: so not quite as laid back as normal peacetime readiness. 242 00:13:57,640 --> 00:14:01,079 Speaker 1: Def Con three is an increase in four readiness above 243 00:14:01,280 --> 00:14:07,120 Speaker 1: normal readiness, so you've got perhaps some various military units 244 00:14:07,160 --> 00:14:12,920 Speaker 1: and equipment on standby. Def Con two is further increase 245 00:14:12,960 --> 00:14:17,120 Speaker 1: in force readiness, but less than maximum readiness, so somewhere 246 00:14:17,160 --> 00:14:20,360 Speaker 1: in between being a little more ready than usual and 247 00:14:20,440 --> 00:14:25,080 Speaker 1: being totally ready. Def Con one is maximum force readiness. 248 00:14:25,120 --> 00:14:29,640 Speaker 1: You are ready to go to war at a moment's notice. Now, 249 00:14:29,680 --> 00:14:32,200 Speaker 1: Moss like the term def con partly because it was 250 00:14:32,240 --> 00:14:36,840 Speaker 1: in a film called War Games starring Matthew Broderick. Highly 251 00:14:36,840 --> 00:14:38,440 Speaker 1: recommend that movie, by the way, It's one of my 252 00:14:38,480 --> 00:14:41,480 Speaker 1: favorites from the eighties. In that movie, Broderick plays a 253 00:14:41,560 --> 00:14:46,440 Speaker 1: young hacker who uncovers some interesting games that, unbeknownst to him, 254 00:14:46,480 --> 00:14:50,280 Speaker 1: are controlled by a supercomputer called Whopper w O p 255 00:14:50,520 --> 00:14:54,440 Speaker 1: R that stands for War Operation Planned Response, and that 256 00:14:54,480 --> 00:14:59,240 Speaker 1: particular supercomputer belonged to the North American Aerospace Defense Command 257 00:14:59,560 --> 00:15:02,720 Speaker 1: also known as NORAD, and it turns out that the 258 00:15:02,800 --> 00:15:05,400 Speaker 1: supercomputer runs on a program that was designed by an 259 00:15:05,400 --> 00:15:11,600 Speaker 1: eccentric programmer named Stephen Falcon. Now, Broderick's character, whose name 260 00:15:11,680 --> 00:15:15,120 Speaker 1: is David Lightman, has no idea that he's accessed a 261 00:15:15,160 --> 00:15:19,280 Speaker 1: defense computer. He was actually doing what he called war dialing. 262 00:15:19,360 --> 00:15:22,120 Speaker 1: In in old days, people called demon dialing, which is 263 00:15:22,160 --> 00:15:25,960 Speaker 1: where you would set up your computer's phone modem to 264 00:15:26,120 --> 00:15:29,520 Speaker 1: just automatically dial a list of phone numbers, and your 265 00:15:29,560 --> 00:15:32,280 Speaker 1: goal is to see if any of those phone numbers 266 00:15:32,680 --> 00:15:35,760 Speaker 1: match up with another computer hooked up to a modem 267 00:15:36,000 --> 00:15:39,240 Speaker 1: so that you can get access to that computer. In 268 00:15:39,320 --> 00:15:42,560 Speaker 1: the movie, what Lightman is trying to do is he's 269 00:15:42,600 --> 00:15:45,240 Speaker 1: heard about a computer game company, and he wants to 270 00:15:45,280 --> 00:15:48,280 Speaker 1: play the games that that computer game company is making 271 00:15:48,320 --> 00:15:50,480 Speaker 1: before they come out. He wants to play them and 272 00:15:50,520 --> 00:15:54,400 Speaker 1: test them and find out they're worthwhile. So he said 273 00:15:54,480 --> 00:15:57,040 Speaker 1: this list of numbers. Why he doesn't know is that 274 00:15:57,120 --> 00:16:00,280 Speaker 1: his computer is actually called into a defense computer, not 275 00:16:00,520 --> 00:16:04,840 Speaker 1: a gaming companies computer. He just thinks he's playing games. 276 00:16:04,840 --> 00:16:08,120 Speaker 1: So he launches a game called Thermonuclear War, it's really 277 00:16:08,160 --> 00:16:11,560 Speaker 1: a thermonuclear war simulator, and tries to decide where he'll 278 00:16:11,600 --> 00:16:14,160 Speaker 1: attack first, and he decides cheekily that he's going to 279 00:16:14,240 --> 00:16:17,640 Speaker 1: attack Las Vegas, Nevada. So Moss, who was living in 280 00:16:17,680 --> 00:16:20,680 Speaker 1: Seattle at the time, uh the same place that David 281 00:16:20,760 --> 00:16:24,080 Speaker 1: Lightman was supposed to be from, decides he's gonna hold 282 00:16:24,080 --> 00:16:26,440 Speaker 1: a party in Las Vegas, and inspired by war games, 283 00:16:26,440 --> 00:16:29,120 Speaker 1: he calls it def Con. He also mentioned that the 284 00:16:29,240 --> 00:16:33,000 Speaker 1: letters D E F correspond to the phone key number three. 285 00:16:33,520 --> 00:16:37,640 Speaker 1: So in the old text days, each number on a 286 00:16:37,720 --> 00:16:41,240 Speaker 1: phone was related to three letters, and the number three 287 00:16:41,640 --> 00:16:44,880 Speaker 1: was related to the letters D E n F. So 288 00:16:44,920 --> 00:16:47,120 Speaker 1: that was where the phone freakers out in the audience. 289 00:16:47,720 --> 00:16:50,760 Speaker 1: And at that first def Con Moss accepted cash only 290 00:16:50,840 --> 00:16:53,520 Speaker 1: that is true today. By the way, it is a 291 00:16:53,600 --> 00:16:57,320 Speaker 1: cash only experience, and about a hundred people showed up. 292 00:16:57,840 --> 00:17:01,120 Speaker 1: They had a few speakers talk about various programming projects 293 00:17:01,120 --> 00:17:05,000 Speaker 1: and concepts and information security. Moss says that everyone seemed 294 00:17:05,040 --> 00:17:09,200 Speaker 1: to enjoy themselves, and afterwards he was completely exhausted and 295 00:17:09,240 --> 00:17:12,000 Speaker 1: decided to go hibernate for a while. But then he 296 00:17:12,040 --> 00:17:15,480 Speaker 1: started getting messages from people about how to improve the 297 00:17:15,520 --> 00:17:19,120 Speaker 1: event for the next year, and a lot of requests about, hey, 298 00:17:19,200 --> 00:17:21,399 Speaker 1: are you going to do this next year? And according 299 00:17:21,400 --> 00:17:23,080 Speaker 1: to Moss, that was the first time he had ever 300 00:17:23,119 --> 00:17:26,280 Speaker 1: considered making it an annual event. It was originally just 301 00:17:26,359 --> 00:17:28,760 Speaker 1: gonna be this one time going away party. Remember it 302 00:17:28,760 --> 00:17:31,640 Speaker 1: was originally going to be for Platinum Net, but Platinum 303 00:17:31,640 --> 00:17:33,920 Speaker 1: Net had already gone away, and so he decided, well, 304 00:17:33,960 --> 00:17:37,040 Speaker 1: I guess, I guess we can make it an annual party. 305 00:17:38,480 --> 00:17:40,600 Speaker 1: Well they decided to hold it again the next year, 306 00:17:41,320 --> 00:17:44,480 Speaker 1: and according to Moss, it was about twice the size 307 00:17:44,720 --> 00:17:47,000 Speaker 1: of the year before, and then the third year they 308 00:17:47,080 --> 00:17:51,280 Speaker 1: held it it increased in size again. And shenanigans would 309 00:17:51,320 --> 00:17:53,760 Speaker 1: happen at these parties. For example, you might get into 310 00:17:53,800 --> 00:17:57,000 Speaker 1: a building's elevator and discover that someone had rewired all 311 00:17:57,040 --> 00:17:59,320 Speaker 1: the buttons, so they go to different floors than what 312 00:17:59,440 --> 00:18:02,280 Speaker 1: you pushed. You might push floor three and end up 313 00:18:02,280 --> 00:18:05,520 Speaker 1: on floor twelve, or you might see folks lugging around 314 00:18:05,560 --> 00:18:09,400 Speaker 1: an enormous satellite up link dish for reasons that they 315 00:18:09,560 --> 00:18:12,920 Speaker 1: wouldn't be willing to explain. But Moss says the tone 316 00:18:12,960 --> 00:18:16,359 Speaker 1: of the conference really began to change around this time too. 317 00:18:16,680 --> 00:18:19,960 Speaker 1: The Internet was starting to take off and information security 318 00:18:20,040 --> 00:18:24,199 Speaker 1: was transitioning from something that people were interested in as 319 00:18:24,240 --> 00:18:28,120 Speaker 1: a personal passion into a legitimate career, and Moss says 320 00:18:28,160 --> 00:18:30,280 Speaker 1: that the years between def Con four, which would have 321 00:18:30,320 --> 00:18:33,920 Speaker 1: been and when the bubble burst in two thousand one, 322 00:18:34,000 --> 00:18:36,120 Speaker 1: the tone of the show had turned into one centered 323 00:18:36,160 --> 00:18:40,000 Speaker 1: around money and commerce and less about the geeky technical 324 00:18:40,080 --> 00:18:42,399 Speaker 1: details of how to get around problems or to ensure 325 00:18:42,440 --> 00:18:45,520 Speaker 1: your own Internet security. We've got a lot more to 326 00:18:45,560 --> 00:18:49,239 Speaker 1: talk about with def Con, including how it works and 327 00:18:49,280 --> 00:18:52,440 Speaker 1: what goes on there, but first let's take a quick 328 00:18:52,480 --> 00:19:02,159 Speaker 1: break to thank our sponsor. So pretty soon Defcon was 329 00:19:02,200 --> 00:19:04,800 Speaker 1: just way too big for any one person to carry off, 330 00:19:04,840 --> 00:19:09,159 Speaker 1: and so Moss depended upon a growing staff of volunteers. 331 00:19:09,600 --> 00:19:14,400 Speaker 1: They're affectionately referred to as goons, their departments within the goons, 332 00:19:14,560 --> 00:19:17,240 Speaker 1: such as people who maintain the network connections for def 333 00:19:17,280 --> 00:19:21,480 Speaker 1: Con or folks who act as points of information or security. 334 00:19:21,600 --> 00:19:24,640 Speaker 1: The goons typically wear an identifiable element, like a red 335 00:19:24,680 --> 00:19:26,800 Speaker 1: shirt to let people know they are part of the 336 00:19:26,880 --> 00:19:31,520 Speaker 1: volunteer staff. Moss says that the year before the bubble bursts, 337 00:19:31,520 --> 00:19:33,800 Speaker 1: so in around two thousand, the show had swelled up 338 00:19:33,840 --> 00:19:38,040 Speaker 1: to seven thousand attendees, and according to Moss, only about 339 00:19:38,160 --> 00:19:41,879 Speaker 1: half of those folks really seemed to belong there, like 340 00:19:41,920 --> 00:19:44,160 Speaker 1: they seemed to be the actual geeky people who were 341 00:19:44,200 --> 00:19:47,439 Speaker 1: interested in learning how this stuff worked and playing with 342 00:19:47,520 --> 00:19:50,400 Speaker 1: it and exploring it and breaking it and fixing it, 343 00:19:50,680 --> 00:19:53,680 Speaker 1: and the other half didn't really seem to be those folks. 344 00:19:53,720 --> 00:19:59,400 Speaker 1: They seem to be more people interested in commodity, commodifying security, 345 00:19:59,440 --> 00:20:03,800 Speaker 1: making money, and and making deals. After the bubble bursts, 346 00:20:03,800 --> 00:20:06,959 Speaker 1: the attendants dropped closer to five thousands, So some of 347 00:20:06,960 --> 00:20:10,240 Speaker 1: those people that you might refer to as posers or 348 00:20:10,280 --> 00:20:13,199 Speaker 1: just people who didn't belong at def Con sorry to 349 00:20:13,680 --> 00:20:17,280 Speaker 1: not go anymore, because everyone was pretty much freaking out 350 00:20:17,280 --> 00:20:20,359 Speaker 1: about whether or not tech would even be profitable anymore. 351 00:20:20,440 --> 00:20:24,520 Speaker 1: Especially in the dot com space. By def Con twenty 352 00:20:24,560 --> 00:20:26,760 Speaker 1: in two thousand twelve, the numbers had increased up to 353 00:20:26,840 --> 00:20:30,960 Speaker 1: fifteen thousand, and by then it was a lot of 354 00:20:30,960 --> 00:20:33,680 Speaker 1: the legit folks who were really interested in info SEC 355 00:20:33,760 --> 00:20:37,040 Speaker 1: and not just hangers on. The venue for the conference 356 00:20:37,040 --> 00:20:39,080 Speaker 1: has changed a few times too. For several years, the 357 00:20:39,119 --> 00:20:42,679 Speaker 1: con took place at Alexis Park, which I've actually stayed 358 00:20:42,720 --> 00:20:45,680 Speaker 1: at on a trip to c e S. Alexis Park 359 00:20:45,760 --> 00:20:48,639 Speaker 1: in Las Vegas is a former apartment complex and it 360 00:20:48,680 --> 00:20:51,480 Speaker 1: doesn't have a casino. That was the reason I stayed there. 361 00:20:51,840 --> 00:20:54,359 Speaker 1: I was thinking, if there's no casino, I don't have 362 00:20:54,440 --> 00:20:57,119 Speaker 1: to walk through this enormous casino to get to an 363 00:20:57,200 --> 00:20:59,359 Speaker 1: elevator to get up to my room. I can skip 364 00:20:59,400 --> 00:21:03,679 Speaker 1: all that. Because casinos are notoriously labyrinthian and difficult to 365 00:21:03,720 --> 00:21:06,360 Speaker 1: get through. They don't want you to make they don't 366 00:21:06,359 --> 00:21:08,359 Speaker 1: want it to be easy for you to get out right. 367 00:21:09,160 --> 00:21:11,200 Speaker 1: Uh So I thought, oh, Alexis Park, it doesn't have 368 00:21:11,200 --> 00:21:13,199 Speaker 1: a casino, I'll do that. I did not realize that 369 00:21:13,200 --> 00:21:17,080 Speaker 1: it was a bunch of apartment buildings separate from each other, 370 00:21:17,119 --> 00:21:19,560 Speaker 1: and I was booked in a room that was like 371 00:21:19,600 --> 00:21:22,680 Speaker 1: five apartment buildings back from the entrance, so it meant 372 00:21:22,720 --> 00:21:25,760 Speaker 1: walking I don't know, maybe half a mile to get 373 00:21:25,760 --> 00:21:28,480 Speaker 1: to my room. Uh, so I didn't save any time 374 00:21:28,520 --> 00:21:31,320 Speaker 1: in the long run. Well, Alexis Park was where they 375 00:21:31,359 --> 00:21:35,720 Speaker 1: had several def cons in the early years, and it 376 00:21:35,840 --> 00:21:39,800 Speaker 1: was a very popular place. Uh. It has several pools 377 00:21:39,840 --> 00:21:43,199 Speaker 1: and lots of open spaces, and apparently a ton of 378 00:21:43,240 --> 00:21:46,560 Speaker 1: shenanigans happened in and around those spots during the Alexis 379 00:21:46,600 --> 00:21:49,920 Speaker 1: Park years. The pool parties, in particular, were the stuff 380 00:21:50,000 --> 00:21:54,840 Speaker 1: of legend and sometimes of law enforcement. The hotel even 381 00:21:54,880 --> 00:21:57,920 Speaker 1: printed up sheets that explained how much it would cost 382 00:21:57,960 --> 00:22:01,000 Speaker 1: to replace stuff in your room. So if you wanted 383 00:22:01,040 --> 00:22:03,800 Speaker 1: to trash your room, you could, but you'd have to 384 00:22:03,840 --> 00:22:05,840 Speaker 1: pay for it. But you would know right up front 385 00:22:05,840 --> 00:22:08,440 Speaker 1: how much you had to pay. And actually the hackers 386 00:22:08,480 --> 00:22:11,280 Speaker 1: like this. They liked the idea that, oh, well, if 387 00:22:11,320 --> 00:22:13,639 Speaker 1: we destroy this television, it's gonna be two hundred bucks. 388 00:22:13,680 --> 00:22:15,720 Speaker 1: But I got two hundred bucks, so let's go ahead 389 00:22:15,720 --> 00:22:18,680 Speaker 1: and do it. And it was funny because Alexis Park 390 00:22:18,720 --> 00:22:20,560 Speaker 1: management was totally cool with this. Is said, well, if 391 00:22:20,560 --> 00:22:22,840 Speaker 1: you pay your build and that's fine because we'll just 392 00:22:22,920 --> 00:22:26,120 Speaker 1: replace it. So it was an interesting experience and an 393 00:22:26,119 --> 00:22:29,840 Speaker 1: interesting relationship between Alexis Park and the hackers, and everyone 394 00:22:30,080 --> 00:22:35,320 Speaker 1: seemed to really dig that. But it got to the 395 00:22:35,320 --> 00:22:38,520 Speaker 1: point where Alexis Park just could not handle Defcon. It 396 00:22:38,560 --> 00:22:42,560 Speaker 1: wasn't big enough. The convention had grown so large that 397 00:22:42,640 --> 00:22:46,600 Speaker 1: they needed to have space that had better meeting facilities. 398 00:22:46,640 --> 00:22:49,119 Speaker 1: The rooms weren't large enough to hold the crowds that 399 00:22:49,160 --> 00:22:53,240 Speaker 1: were coming in, and so they eventually moved out of 400 00:22:53,240 --> 00:22:55,600 Speaker 1: Alexis Park. Now, there are a lot of people who 401 00:22:55,640 --> 00:22:58,639 Speaker 1: have nostalgia for the Alexis Park days, even though everyone 402 00:22:58,720 --> 00:23:01,679 Speaker 1: knows that logistically it and and't work anymore. And so 403 00:23:01,760 --> 00:23:06,040 Speaker 1: that is why often to this day, someone at some 404 00:23:06,080 --> 00:23:09,760 Speaker 1: point during def Con, we'll go to Alexis Park and 405 00:23:09,800 --> 00:23:13,520 Speaker 1: they will go into the lobby of the area and 406 00:23:13,560 --> 00:23:18,160 Speaker 1: they will steal the Alexis Park welcome Matt and smuggle 407 00:23:18,240 --> 00:23:21,520 Speaker 1: it out and bring it over to the actual def 408 00:23:21,640 --> 00:23:25,640 Speaker 1: Con meeting area and people will pose with the Alexis 409 00:23:25,720 --> 00:23:29,040 Speaker 1: Park welcome Matt that has been stolen from their lobby 410 00:23:29,240 --> 00:23:31,960 Speaker 1: and they'll return it, typically at the end of the conference. 411 00:23:32,680 --> 00:23:36,600 Speaker 1: But yeah, while they are no longer located in Alexis Park, 412 00:23:36,720 --> 00:23:40,119 Speaker 1: the hackers will still, you know, bring it along as 413 00:23:40,280 --> 00:23:44,080 Speaker 1: as a reminder of the good old days. Parties are 414 00:23:44,080 --> 00:23:47,320 Speaker 1: a huge thing at def Con, and there are tons 415 00:23:47,359 --> 00:23:52,840 Speaker 1: of parties, dances, DJ sets, lots of plausible deniability. Def 416 00:23:52,920 --> 00:23:56,400 Speaker 1: Con frequently attracts musicians who work in digital media and 417 00:23:56,960 --> 00:23:59,680 Speaker 1: use technology like chip tunes and other forms of musical 418 00:23:59,720 --> 00:24:03,800 Speaker 1: exprestion that rely heavily on technology. I've actually seen some 419 00:24:03,880 --> 00:24:06,080 Speaker 1: of the sets, of course I've never attended to def Con, 420 00:24:06,200 --> 00:24:10,639 Speaker 1: but watching some videos of the various DJ performances, it's incredible. 421 00:24:11,440 --> 00:24:14,280 Speaker 1: You've got high tech light shows, You've got really cutting 422 00:24:14,359 --> 00:24:18,800 Speaker 1: edge technology which is being used to make music. You've 423 00:24:18,800 --> 00:24:22,560 Speaker 1: got people hacking each other the whole time, like technologically speaking, 424 00:24:22,600 --> 00:24:26,080 Speaker 1: not physically hacking one another. Although bio hacking is one 425 00:24:26,119 --> 00:24:29,000 Speaker 1: of the areas of interest at def Con, the scheduled 426 00:24:29,040 --> 00:24:32,000 Speaker 1: talks at def Con often revolve around important or even 427 00:24:32,040 --> 00:24:35,840 Speaker 1: critical computer and network security issues, and sometimes the presentations 428 00:24:35,960 --> 00:24:39,240 Speaker 1: are humorous. There's a great one that you can find online. 429 00:24:39,240 --> 00:24:41,439 Speaker 1: You can actually watch it on YouTube, in which a 430 00:24:41,440 --> 00:24:43,800 Speaker 1: programmer described how he was able to track down his 431 00:24:43,920 --> 00:24:47,120 Speaker 1: stolen computer and lead police to the thief who took 432 00:24:47,160 --> 00:24:51,119 Speaker 1: it by monitoring when it came online. And this was 433 00:24:51,160 --> 00:24:54,040 Speaker 1: a process that took a lot of creative thinking because 434 00:24:54,040 --> 00:24:57,760 Speaker 1: he had already taken several steps to protect his computer, 435 00:24:57,840 --> 00:25:00,919 Speaker 1: and once it was physically stolen, meant that some of 436 00:25:00,920 --> 00:25:03,960 Speaker 1: those options were no longer available, Like he couldn't find 437 00:25:04,000 --> 00:25:07,160 Speaker 1: it in certain ways because he had already removed that 438 00:25:07,280 --> 00:25:10,439 Speaker 1: as a capability. But eventually he was able to discover 439 00:25:10,480 --> 00:25:14,119 Speaker 1: his computer and even retrieve much of, although not all, 440 00:25:14,160 --> 00:25:16,439 Speaker 1: of the data that was on his computer when it 441 00:25:16,480 --> 00:25:21,120 Speaker 1: was stolen. Other talks are a little more sobering. For example, 442 00:25:21,280 --> 00:25:25,520 Speaker 1: take the talk titled go beyond tabletop Scenarios by building 443 00:25:25,520 --> 00:25:29,359 Speaker 1: an Incident Response Simulation Platform. So this is a talk 444 00:25:29,359 --> 00:25:31,959 Speaker 1: where a security expert with the Texas Department of Safety 445 00:25:32,080 --> 00:25:37,000 Speaker 1: named Eric Capuano explained how organizations need to prepare themselves 446 00:25:37,040 --> 00:25:41,040 Speaker 1: to respond to serious security threats by building out simulations 447 00:25:41,040 --> 00:25:43,879 Speaker 1: that allow I T. Professionals the chance to train and 448 00:25:43,960 --> 00:25:46,399 Speaker 1: hone their skills. So he's saying, it doesn't do you 449 00:25:46,440 --> 00:25:49,200 Speaker 1: any good to learn how to deal with an emergency 450 00:25:49,240 --> 00:25:52,840 Speaker 1: when the emergency is happening. You want to train yourself 451 00:25:52,880 --> 00:25:56,280 Speaker 1: in all of those strategies early on so that when 452 00:25:56,480 --> 00:26:00,280 Speaker 1: something like that does happen, you can respond appropriately. There's 453 00:26:00,320 --> 00:26:04,040 Speaker 1: another talk that was titled Fooling the Hound Deceiving Domain 454 00:26:04,200 --> 00:26:08,240 Speaker 1: Admin Hunter hunters uh. This focused on ways to trick 455 00:26:08,280 --> 00:26:12,479 Speaker 1: attackers into following a false pathway while they are seeking 456 00:26:12,520 --> 00:26:16,600 Speaker 1: out admin login credentials to a network system. So hacker 457 00:26:16,680 --> 00:26:19,959 Speaker 1: gets access to perhaps a machine on a network and 458 00:26:20,000 --> 00:26:22,320 Speaker 1: wants to see if they can find the admin level 459 00:26:22,359 --> 00:26:25,440 Speaker 1: access to the whole network. Well, this was a talk 460 00:26:25,520 --> 00:26:28,360 Speaker 1: saying that might happen. So here's some ways to lay 461 00:26:28,400 --> 00:26:32,360 Speaker 1: down a trap where the hacker thinks they're getting access 462 00:26:32,400 --> 00:26:35,600 Speaker 1: to the admin credentials, but in fact what they're really 463 00:26:35,600 --> 00:26:40,360 Speaker 1: doing is revealing their presence to the network administrator, who 464 00:26:40,359 --> 00:26:44,720 Speaker 1: can then perhaps pursue that or handover information to law enforcement. 465 00:26:45,560 --> 00:26:50,639 Speaker 1: So very interesting talks about not just circumventing security, but 466 00:26:50,680 --> 00:26:53,680 Speaker 1: how to improve security. In fact, almost all the discussions 467 00:26:53,760 --> 00:26:59,120 Speaker 1: ultimately revolve around the fact that vulnerabilities aren't necessarily there 468 00:26:59,119 --> 00:27:01,560 Speaker 1: for you to explore, eight they are there for you 469 00:27:01,640 --> 00:27:05,800 Speaker 1: to examine, to learn from, and then to patch. So 470 00:27:06,840 --> 00:27:10,480 Speaker 1: a lot of interesting approaches. Although the people who attend 471 00:27:10,760 --> 00:27:13,880 Speaker 1: def con can sometimes seem like they're on the other 472 00:27:13,960 --> 00:27:16,560 Speaker 1: side of the law, and often they are people who 473 00:27:16,560 --> 00:27:20,119 Speaker 1: want to protect their identities and their security, and so 474 00:27:20,160 --> 00:27:22,840 Speaker 1: they'll go to great pains to do that. And to 475 00:27:23,000 --> 00:27:25,639 Speaker 1: some people that might seem like it's an admission of guilt, 476 00:27:25,680 --> 00:27:30,119 Speaker 1: but in fact that's not necessarily the case. Other recent 477 00:27:30,160 --> 00:27:33,600 Speaker 1: talks have looked at security vulnerabilities and shortcomings and autonomous 478 00:27:33,640 --> 00:27:38,080 Speaker 1: and connected cars. Chris Valisek and Charlie Miller showed that 479 00:27:38,119 --> 00:27:40,920 Speaker 1: they could compromise a jeep and connect to its systems 480 00:27:41,040 --> 00:27:44,080 Speaker 1: from miles away using a laptop computer connected to the internet. 481 00:27:44,600 --> 00:27:48,200 Speaker 1: They could even cut the brakes or the transmission from 482 00:27:48,240 --> 00:27:53,439 Speaker 1: their laptop pretty easily. Another presenter did a talk about 483 00:27:53,440 --> 00:27:56,520 Speaker 1: how air traffic control systems work and pointed out some 484 00:27:56,560 --> 00:28:00,199 Speaker 1: serious concerns and security vulnerabilities, and he did this be us. 485 00:28:00,359 --> 00:28:03,880 Speaker 1: There was no easy way to communicate to anyone appropriate 486 00:28:03,960 --> 00:28:06,120 Speaker 1: about the concerns. It's not like he could just pick 487 00:28:06,200 --> 00:28:09,000 Speaker 1: up the phone and talk to air traffic control and say, hey, 488 00:28:09,080 --> 00:28:11,600 Speaker 1: I noticed that this is how you are using your systems. 489 00:28:11,800 --> 00:28:14,800 Speaker 1: Did you know that it could be manipulated in a 490 00:28:14,840 --> 00:28:19,840 Speaker 1: way that could cause catastrophic results if you aren't able 491 00:28:19,880 --> 00:28:22,560 Speaker 1: to address this issue. So he had to talk about it, 492 00:28:22,880 --> 00:28:25,399 Speaker 1: which got a lot of attention and got people talking 493 00:28:25,440 --> 00:28:27,440 Speaker 1: to him, and he said, well, that was my whole purpose. 494 00:28:27,480 --> 00:28:32,160 Speaker 1: It wasn't too give people the keys to the air 495 00:28:32,200 --> 00:28:35,159 Speaker 1: traffic control system. It was to alert the world to 496 00:28:35,200 --> 00:28:38,120 Speaker 1: the presence of these vulnerabilities so that those vulnerabilities could 497 00:28:38,120 --> 00:28:43,400 Speaker 1: be patched. There's um they're They're not meant to be 498 00:28:44,800 --> 00:28:47,680 Speaker 1: something to inspire terror in people. They're not meant to 499 00:28:47,720 --> 00:28:51,200 Speaker 1: make people scared to use technology, but just raise awareness 500 00:28:51,280 --> 00:28:54,080 Speaker 1: of those gaps in security so that experts can close 501 00:28:54,120 --> 00:28:57,640 Speaker 1: those gaps and we create better systems further down the 502 00:28:57,720 --> 00:29:00,800 Speaker 1: road as a pun, because we were just talking about 503 00:29:00,840 --> 00:29:05,200 Speaker 1: cars and planes and travel, so down the road anyway. 504 00:29:05,240 --> 00:29:08,560 Speaker 1: There's also tracks of programming for kids. People have been 505 00:29:08,560 --> 00:29:10,920 Speaker 1: bringing their kids to def Con over the past several years, 506 00:29:10,920 --> 00:29:14,320 Speaker 1: and now the kids themselves have actual programming tracks they 507 00:29:14,320 --> 00:29:17,480 Speaker 1: can follow. Uh. A lot of the same speakers who 508 00:29:17,480 --> 00:29:19,840 Speaker 1: will talk to the adults will come and do presentations 509 00:29:19,880 --> 00:29:23,040 Speaker 1: for the kids. And according to all the videos I saw, 510 00:29:23,080 --> 00:29:25,920 Speaker 1: the speakers love it because kids pay attention and they 511 00:29:25,960 --> 00:29:29,400 Speaker 1: want to know how things work. They have interesting questions, 512 00:29:29,440 --> 00:29:33,000 Speaker 1: sometimes ones that people don't anticipate that lead to amazing 513 00:29:33,000 --> 00:29:35,400 Speaker 1: discoveries down the line, and the kids get to learn 514 00:29:35,480 --> 00:29:39,560 Speaker 1: how to do cool skills like soldering, or some scary 515 00:29:39,600 --> 00:29:44,560 Speaker 1: skills like luck picking or programming, and lots of other stuff. 516 00:29:45,440 --> 00:29:48,280 Speaker 1: Def Con celebrates hacking in its many forms, so you'll 517 00:29:48,480 --> 00:29:52,880 Speaker 1: find lots of talks about coding, security, security vulnerabilities, how 518 00:29:52,920 --> 00:29:54,959 Speaker 1: to make sure you don't end up a victim of 519 00:29:55,000 --> 00:29:59,640 Speaker 1: security vulnerabilities, including which software packages you probably want to avoid, 520 00:30:00,200 --> 00:30:03,640 Speaker 1: ways you can improve your Internet browsing behaviors to minimize 521 00:30:03,640 --> 00:30:06,120 Speaker 1: the risk of someone sniffing out what you are doing 522 00:30:06,280 --> 00:30:08,720 Speaker 1: or trying to take advantage of you in some way. 523 00:30:08,880 --> 00:30:12,000 Speaker 1: There are also tons of contests and games that take 524 00:30:12,040 --> 00:30:14,680 Speaker 1: place over the weekend. Some of them are getting really, really, 525 00:30:14,680 --> 00:30:18,680 Speaker 1: really clever. For example, at Defcon twenty, the convention held 526 00:30:18,720 --> 00:30:22,800 Speaker 1: an intrusion challenge, so teams of three could compete, and 527 00:30:22,800 --> 00:30:25,840 Speaker 1: the challenge simulated a physical break in of a locked 528 00:30:25,880 --> 00:30:29,160 Speaker 1: office space and required teams to document evidence and try 529 00:30:29,200 --> 00:30:32,240 Speaker 1: to return everything to its original place so that their 530 00:30:32,280 --> 00:30:35,200 Speaker 1: presence wouldn't be detected. You also had to unlock a 531 00:30:35,240 --> 00:30:38,440 Speaker 1: smartphone and get information off hit And then there was 532 00:30:38,600 --> 00:30:42,320 Speaker 1: the computer. The computer had some forms of protection on 533 00:30:42,320 --> 00:30:45,000 Speaker 1: it like password protection, but more than that, it had 534 00:30:45,040 --> 00:30:48,040 Speaker 1: information stored on it that would disappear if the computer 535 00:30:48,120 --> 00:30:52,000 Speaker 1: were to lose power. So there was a bonus element 536 00:30:52,200 --> 00:30:55,760 Speaker 1: of stealing the computer without having the power cut to 537 00:30:55,760 --> 00:30:59,880 Speaker 1: the machine, which would require using government level spy a 538 00:31:00,000 --> 00:31:04,200 Speaker 1: agency stuff where you could cut a power chord, splice 539 00:31:04,200 --> 00:31:06,800 Speaker 1: it to another power source in such a way that 540 00:31:06,880 --> 00:31:10,320 Speaker 1: the power supply is never interrupted, and then you could 541 00:31:10,360 --> 00:31:12,800 Speaker 1: put the computer on a cart and cart it out. 542 00:31:13,400 --> 00:31:15,960 Speaker 1: But it requires you to actually physically cut the power 543 00:31:16,080 --> 00:31:18,120 Speaker 1: chord that goes to the computer and do it in 544 00:31:18,160 --> 00:31:21,400 Speaker 1: such a way that you never break the connection entirely, 545 00:31:21,760 --> 00:31:25,000 Speaker 1: so that you can actually move the computer with its 546 00:31:25,000 --> 00:31:27,640 Speaker 1: still powered on, and that way you could retrieve the 547 00:31:27,680 --> 00:31:30,720 Speaker 1: information that's on that computer, but otherwise we'd be lost 548 00:31:30,760 --> 00:31:34,080 Speaker 1: if the power went out. It's really cool and it's 549 00:31:34,120 --> 00:31:36,760 Speaker 1: fun to watch those sort of things. Uh, and again 550 00:31:36,800 --> 00:31:39,400 Speaker 1: it gets you thinking into the different types of security 551 00:31:39,440 --> 00:31:41,800 Speaker 1: you need to put in place if you want your 552 00:31:41,840 --> 00:31:44,920 Speaker 1: information to be secure, not just the computer systems, but 553 00:31:45,000 --> 00:31:48,040 Speaker 1: the physical locks that you use things like that. It's 554 00:31:48,080 --> 00:31:50,440 Speaker 1: important to know how it all works so that you 555 00:31:50,440 --> 00:31:53,400 Speaker 1: can make sure you create the most secure system to 556 00:31:53,480 --> 00:31:58,440 Speaker 1: protect your data and other equipment. So all told, this 557 00:31:58,480 --> 00:32:01,240 Speaker 1: competition required you to pick a lock, get access to 558 00:32:01,240 --> 00:32:04,600 Speaker 1: an office, photograph some documents, access a phone, and steal 559 00:32:04,680 --> 00:32:07,040 Speaker 1: a power down computer without turning its power off, which 560 00:32:07,080 --> 00:32:10,800 Speaker 1: was pretty intense. Another popular game at Defcon, In fact, 561 00:32:10,840 --> 00:32:14,080 Speaker 1: one of the most defining experiences at def Con is 562 00:32:14,280 --> 00:32:17,240 Speaker 1: ct F, which stands for Capture the Flag. Now, in 563 00:32:17,280 --> 00:32:20,040 Speaker 1: a traditional capture the Flag game, teams compete to try 564 00:32:20,080 --> 00:32:22,560 Speaker 1: and steal a competing team's flag and return it to 565 00:32:22,600 --> 00:32:26,600 Speaker 1: their own home base, while simultaneously protecting their own flags 566 00:32:26,640 --> 00:32:29,880 Speaker 1: from being stolen by the other team. But DevCon changes 567 00:32:29,920 --> 00:32:33,280 Speaker 1: things up a bit. You have multiple teams playing, and 568 00:32:34,120 --> 00:32:36,880 Speaker 1: your team has a computer on a network, and all 569 00:32:36,920 --> 00:32:39,920 Speaker 1: the other competing teams have their computers on a network. 570 00:32:40,560 --> 00:32:43,920 Speaker 1: On each computer is some piece of data that represents 571 00:32:43,960 --> 00:32:47,680 Speaker 1: a flag, So this is the information on your computer 572 00:32:47,800 --> 00:32:50,400 Speaker 1: that other people are trying to steal. Your opposing teams 573 00:32:50,880 --> 00:32:54,000 Speaker 1: have those same sort of flags on their computers on 574 00:32:54,080 --> 00:32:59,680 Speaker 1: that network, So everyone's trying to secure other teams flags 575 00:32:59,680 --> 00:33:03,400 Speaker 1: while protecting their own flag from being taken by other teams, 576 00:33:03,760 --> 00:33:05,880 Speaker 1: and the administrators have had to come up with rules 577 00:33:05,880 --> 00:33:09,120 Speaker 1: to help prevent teams from circumventing criteria for play, such 578 00:33:09,120 --> 00:33:12,880 Speaker 1: as taking a computer completely offline the network. I mean 579 00:33:12,920 --> 00:33:15,840 Speaker 1: that kind of is unfair because you have to be 580 00:33:15,920 --> 00:33:19,320 Speaker 1: on the network in order to participate. So people have 581 00:33:19,360 --> 00:33:23,160 Speaker 1: come up with creative ways to meet these criteria, and 582 00:33:23,240 --> 00:33:25,680 Speaker 1: every year the administrators have to kind of tweak the 583 00:33:25,760 --> 00:33:28,480 Speaker 1: rules a little bit so that people don't just find 584 00:33:28,520 --> 00:33:31,680 Speaker 1: creative workarounds and they are actually actively trying to play 585 00:33:31,720 --> 00:33:34,920 Speaker 1: the game as it was intended to be played. However, 586 00:33:35,200 --> 00:33:38,560 Speaker 1: that being said, finding workarounds is really what hacking is 587 00:33:38,560 --> 00:33:42,120 Speaker 1: all about. So it can it can. It might work 588 00:33:42,200 --> 00:33:44,520 Speaker 1: once and you get rewarded, and then later on it 589 00:33:44,520 --> 00:33:48,640 Speaker 1: gets written out of the options that you have. Uh, 590 00:33:48,760 --> 00:33:51,920 Speaker 1: the next time they do a CTF. At the twenty 591 00:33:52,040 --> 00:33:55,080 Speaker 1: six team def Con and AI played in the CTF 592 00:33:55,080 --> 00:33:59,960 Speaker 1: for the first time ever, so and un chaperoned art 593 00:34:00,000 --> 00:34:05,360 Speaker 1: actual intelligent program participated in the CTF and for a 594 00:34:05,400 --> 00:34:07,920 Speaker 1: while it would pull ahead of some of the human teams, 595 00:34:08,360 --> 00:34:10,400 Speaker 1: but by the end of the game it actually placed 596 00:34:10,640 --> 00:34:13,279 Speaker 1: last in the competition, So we don't have to worry 597 00:34:13,320 --> 00:34:17,399 Speaker 1: about the computer hackers actual like computer hackers just yet. 598 00:34:18,160 --> 00:34:21,600 Speaker 1: Then there's the crash and Compile drinking game competition in 599 00:34:21,600 --> 00:34:24,640 Speaker 1: which competitors are given a task. Typically it's to create 600 00:34:24,680 --> 00:34:27,359 Speaker 1: a program that will take certain types of input and 601 00:34:27,400 --> 00:34:30,520 Speaker 1: produce certain types of output, which is only normal. That's 602 00:34:30,520 --> 00:34:34,239 Speaker 1: a normal programming you know, assignment. You might have a 603 00:34:34,239 --> 00:34:36,840 Speaker 1: programming course and it says you need to build a 604 00:34:36,880 --> 00:34:39,239 Speaker 1: program that's gonna take this input. You run it through 605 00:34:39,280 --> 00:34:41,799 Speaker 1: the program, you get that output. Build a program that 606 00:34:41,840 --> 00:34:45,280 Speaker 1: does that. But in Crashing compile, it's a drinking game, 607 00:34:45,640 --> 00:34:48,000 Speaker 1: so there are all these rules that come into play. 608 00:34:48,040 --> 00:34:50,919 Speaker 1: If you try to compile your code and that doesn't work, 609 00:34:50,960 --> 00:34:54,200 Speaker 1: you have to take a drink. If the code works 610 00:34:54,239 --> 00:34:56,200 Speaker 1: but it's unstable and it crashes, you've got to take 611 00:34:56,200 --> 00:34:59,160 Speaker 1: a drink. If it's stable but it's not producing the 612 00:34:59,239 --> 00:35:01,760 Speaker 1: right output, you how to take a drink. And obviously 613 00:35:01,800 --> 00:35:04,120 Speaker 1: the less careful you are, the more mistakes you make. 614 00:35:04,200 --> 00:35:06,000 Speaker 1: The more you have to drink, and the more likely 615 00:35:06,040 --> 00:35:09,680 Speaker 1: you'll make even more mistakes due to that influence of drink. 616 00:35:11,040 --> 00:35:13,560 Speaker 1: Perhaps my favorite of all the challenges is a different 617 00:35:13,640 --> 00:35:17,320 Speaker 1: kind of drinking game. It's the Beverage Cooling Contraption Contest 618 00:35:17,520 --> 00:35:20,520 Speaker 1: or b C c C. This is a competition that 619 00:35:20,560 --> 00:35:23,120 Speaker 1: took its inspiration from an episode of MythBusters in which 620 00:35:23,160 --> 00:35:25,400 Speaker 1: the team on MythBusters were trying to come up with 621 00:35:25,440 --> 00:35:28,160 Speaker 1: ways to quickly cool cans of beer to what was 622 00:35:28,200 --> 00:35:30,680 Speaker 1: determined to be the ideal temperature for drinking, which on 623 00:35:30,680 --> 00:35:33,160 Speaker 1: the show was thirty eight degrees fahrenheit or three point 624 00:35:33,160 --> 00:35:36,640 Speaker 1: three three degrees celsius. Teams of up to three people 625 00:35:36,760 --> 00:35:40,440 Speaker 1: can compete in this competition to create an air temperature 626 00:35:40,480 --> 00:35:44,440 Speaker 1: beverage in the quickest and most creative way possible. They 627 00:35:44,440 --> 00:35:47,840 Speaker 1: are not allowed to use any commercial appliances in their efforts, 628 00:35:47,880 --> 00:35:50,480 Speaker 1: and the contraptions have to be designed and built by 629 00:35:50,520 --> 00:35:52,799 Speaker 1: the team, so they can't just buy something and use that. 630 00:35:53,480 --> 00:35:56,320 Speaker 1: The team with the fastest time to cool their beverage 631 00:35:56,360 --> 00:36:01,040 Speaker 1: to the proper temperature wins. Points are deducted for fouls. 632 00:36:01,560 --> 00:36:06,120 Speaker 1: So if your methodology creates a beer or other drink, 633 00:36:06,160 --> 00:36:08,400 Speaker 1: whatever drink they're using at that time, that has a 634 00:36:08,400 --> 00:36:10,960 Speaker 1: metallic taste to it, like, if it alters the taste 635 00:36:11,040 --> 00:36:14,319 Speaker 1: of the drink, you get points taken off. If it 636 00:36:14,360 --> 00:36:16,719 Speaker 1: makes the drink go flat, you get points taken off. 637 00:36:16,760 --> 00:36:19,640 Speaker 1: If you spill drink, you get points taken off. That 638 00:36:19,760 --> 00:36:23,600 Speaker 1: sort of thing. Other contests are equally cheeky. There's a 639 00:36:23,640 --> 00:36:28,719 Speaker 1: counterfeit badge contest. In recent years, the badges have been electronic. 640 00:36:28,840 --> 00:36:31,680 Speaker 1: They've been circuit boards that actually do something, and they 641 00:36:31,719 --> 00:36:34,680 Speaker 1: have USB ports and you can connect them to computers 642 00:36:34,680 --> 00:36:36,919 Speaker 1: and you can actually hack the badges if you want, 643 00:36:36,960 --> 00:36:41,080 Speaker 1: and do interesting things with them. So one thing that 644 00:36:41,080 --> 00:36:43,360 Speaker 1: people try to do is they'll try and spoof a badge. 645 00:36:43,360 --> 00:36:45,719 Speaker 1: They'll try and create a copy of the badge and 646 00:36:45,719 --> 00:36:48,600 Speaker 1: create a counterfeit one. Jeff Moss has actually said that 647 00:36:48,640 --> 00:36:51,600 Speaker 1: if you're good enough to hack a badge and fool security, 648 00:36:51,880 --> 00:36:54,319 Speaker 1: you probably belong at deaf Con and you should be 649 00:36:54,360 --> 00:36:57,719 Speaker 1: able to attend without forking over the participation fee. Of course, 650 00:36:57,760 --> 00:37:00,720 Speaker 1: you're probably spending more time and effort building your version 651 00:37:00,719 --> 00:37:03,480 Speaker 1: of the badge then they did designing the badge in 652 00:37:03,520 --> 00:37:05,680 Speaker 1: the first place, and in a way that kind of 653 00:37:05,719 --> 00:37:09,479 Speaker 1: shows your own level of dedication. Other contests include things 654 00:37:09,480 --> 00:37:13,920 Speaker 1: like forensics puzzles as in computer forensics and network forensics puzzles, 655 00:37:13,960 --> 00:37:18,040 Speaker 1: and scavenger hunts, which can get absolutely insane, and nearly 656 00:37:18,080 --> 00:37:22,120 Speaker 1: all the contests test attendees knowledge and skill encoding or 657 00:37:22,200 --> 00:37:25,960 Speaker 1: hacking in some way While winning a contest will get 658 00:37:26,000 --> 00:37:29,040 Speaker 1: you a claim, landing on the Wall of Sheep will 659 00:37:29,080 --> 00:37:32,400 Speaker 1: mean you're an example of someone practicing poor security behaviors. 660 00:37:32,719 --> 00:37:35,719 Speaker 1: The Wall of Sheep is a display that lists logins 661 00:37:35,960 --> 00:37:39,359 Speaker 1: and the first part of passwords that have been harvested 662 00:37:39,400 --> 00:37:43,120 Speaker 1: off of the Defcon network, and it illustrates how many 663 00:37:43,160 --> 00:37:47,399 Speaker 1: authentication technologies on the web use clear text authentication rather 664 00:37:47,440 --> 00:37:51,240 Speaker 1: than a more secure method. Clear text authentication is terrible. 665 00:37:51,760 --> 00:37:54,680 Speaker 1: You don't want passwords stored in clear text, you want 666 00:37:54,680 --> 00:37:59,640 Speaker 1: that encrypted. So if you're using services that have unencrypted 667 00:37:59,719 --> 00:38:03,040 Speaker 1: clear text passwords stored in them, then your password is 668 00:38:03,040 --> 00:38:05,680 Speaker 1: gonna get posted up on the Wall of Sheep. Typically, 669 00:38:05,680 --> 00:38:08,200 Speaker 1: they only post the very beginning of the password. The 670 00:38:08,239 --> 00:38:11,279 Speaker 1: rest of it will be asterisks out. But if your 671 00:38:11,320 --> 00:38:14,040 Speaker 1: word is a plain English word, people might be able 672 00:38:14,040 --> 00:38:16,240 Speaker 1: to guess it just from the letters that are showing. 673 00:38:16,800 --> 00:38:19,839 Speaker 1: So this is a way of demonstrating, hey, you're using 674 00:38:19,880 --> 00:38:23,440 Speaker 1: some bad stuff and you should probably change that. Speaking 675 00:38:23,440 --> 00:38:26,759 Speaker 1: of secure methods, the only way you can attend def 676 00:38:26,800 --> 00:38:29,600 Speaker 1: Con is to show up at the door with your 677 00:38:29,640 --> 00:38:32,160 Speaker 1: cash in hand in order to purchase the badge, or 678 00:38:32,239 --> 00:38:36,080 Speaker 1: you have to create a spoofed badge that can fool security. Now, 679 00:38:36,320 --> 00:38:38,920 Speaker 1: Defcon does not accept any form of payment other than 680 00:38:39,040 --> 00:38:42,000 Speaker 1: cash at the door, and this helps keep those transactions 681 00:38:42,000 --> 00:38:45,120 Speaker 1: away from prying eyes, such as any agencies that might 682 00:38:45,120 --> 00:38:48,000 Speaker 1: have an interest in identifying people who are particularly least 683 00:38:48,040 --> 00:38:52,640 Speaker 1: skilled at let's say, intrusion attacks against secure systems, and 684 00:38:52,719 --> 00:38:56,839 Speaker 1: everyone apart from official convention staff and guest speakers, will 685 00:38:56,880 --> 00:39:00,200 Speaker 1: pay full price to get in, including the media. So 686 00:39:00,280 --> 00:39:02,400 Speaker 1: Jeff Moss has actually said that one of the purposes 687 00:39:02,440 --> 00:39:05,239 Speaker 1: of this is that if def Con has ever hit 688 00:39:05,280 --> 00:39:09,480 Speaker 1: with a lawsuit to hand over the list of attendees, 689 00:39:09,560 --> 00:39:13,560 Speaker 1: they can't because there's no record apart from just cash 690 00:39:13,600 --> 00:39:16,839 Speaker 1: transactions which don't have any paper trail to them other 691 00:39:16,880 --> 00:39:19,400 Speaker 1: than there's a badge and there was cash given for it. 692 00:39:19,719 --> 00:39:23,000 Speaker 1: There's no name associated with that, no credit card, no location. 693 00:39:23,719 --> 00:39:26,640 Speaker 1: So that's one of the reasons Jeff Moss insists on 694 00:39:26,719 --> 00:39:30,239 Speaker 1: doing cash only. And while the cost might be a 695 00:39:30,239 --> 00:39:32,399 Speaker 1: couple hundred dollars to get in, you're really getting into 696 00:39:32,440 --> 00:39:36,279 Speaker 1: a bunch of different conferences, all related to information security 697 00:39:36,719 --> 00:39:40,040 Speaker 1: and hacking and programming. There are tons of different projects 698 00:39:40,080 --> 00:39:42,560 Speaker 1: and tracks that you can follow, and lots of different 699 00:39:42,560 --> 00:39:45,200 Speaker 1: activities you can participate in. For example, if you ever 700 00:39:45,239 --> 00:39:47,279 Speaker 1: wanted to learn how to pick locks, you can head 701 00:39:47,320 --> 00:39:49,560 Speaker 1: over to lock pick Village at def Con and get 702 00:39:49,560 --> 00:39:52,360 Speaker 1: a lesson. Within five to ten minutes, you might be 703 00:39:52,400 --> 00:39:55,160 Speaker 1: picking locks. You can practice your skills on various types 704 00:39:55,200 --> 00:39:57,560 Speaker 1: of locks. You can learn how they work and how 705 00:39:57,600 --> 00:40:00,000 Speaker 1: they're vulnerable. And again this isn't so that you can 706 00:40:00,080 --> 00:40:04,160 Speaker 1: become a cat burglar extraordinaire, but rather understand how secure 707 00:40:04,200 --> 00:40:07,360 Speaker 1: these locks actually are. So if a lock is fiendishly 708 00:40:07,440 --> 00:40:09,839 Speaker 1: difficult to pick, that's a darn fine lock and one 709 00:40:09,920 --> 00:40:12,200 Speaker 1: you might want to use for yourself. You might want 710 00:40:12,200 --> 00:40:14,520 Speaker 1: to use that to secure your belongings. But if you 711 00:40:14,600 --> 00:40:16,200 Speaker 1: find a lock that you're able to get in in 712 00:40:16,280 --> 00:40:19,440 Speaker 1: less than five minutes with bare minimum training, that's probably 713 00:40:19,440 --> 00:40:22,000 Speaker 1: not the best lock to use. So in a way, 714 00:40:22,040 --> 00:40:25,200 Speaker 1: it's kind of a consumer service learning which locks are 715 00:40:25,239 --> 00:40:29,279 Speaker 1: really the most reliable, because you can bet the bad 716 00:40:29,320 --> 00:40:33,879 Speaker 1: guys already know this, that's what they look for, So 717 00:40:34,080 --> 00:40:36,640 Speaker 1: learning it and then putting that information to use is 718 00:40:36,680 --> 00:40:39,040 Speaker 1: actually a good thing because it means that you're keeping 719 00:40:39,040 --> 00:40:44,520 Speaker 1: stuff safe. The conference and its attendees haven't been connected 720 00:40:44,520 --> 00:40:47,400 Speaker 1: to some stuff that goes beyond pranks and mischief, maybe 721 00:40:47,440 --> 00:40:53,080 Speaker 1: some stuff that crosses over into illegal territory. Mostly the attendees, 722 00:40:53,200 --> 00:40:56,160 Speaker 1: not really the conference. The conference does try very hard 723 00:40:56,200 --> 00:40:59,759 Speaker 1: to distance itself from anything that is outright illegal. Most 724 00:40:59,760 --> 00:41:02,719 Speaker 1: of the stuff that they encourage is more on the 725 00:41:02,760 --> 00:41:06,279 Speaker 1: mischief side of things. But some people have decided that 726 00:41:06,320 --> 00:41:08,279 Speaker 1: while they're attending def Con they want to try and 727 00:41:08,360 --> 00:41:11,800 Speaker 1: show off and shut down maybe a computer system belonging 728 00:41:11,840 --> 00:41:15,640 Speaker 1: to a particularly powerful company or organization. And some of 729 00:41:15,640 --> 00:41:18,120 Speaker 1: that is for bragging rights. Uh. Some of that is 730 00:41:18,160 --> 00:41:20,319 Speaker 1: because a lot of the attendees have kind of an 731 00:41:20,360 --> 00:41:24,359 Speaker 1: anarchist ethos that they subscribe to, but not everybody does. 732 00:41:24,560 --> 00:41:27,880 Speaker 1: It's not like it's just a convention filled with people 733 00:41:27,920 --> 00:41:32,160 Speaker 1: trying to watch the world burn. There are some interesting stuff, 734 00:41:32,239 --> 00:41:35,680 Speaker 1: like I love that there's a competition to take a 735 00:41:35,840 --> 00:41:39,800 Speaker 1: box that has a lot of tamper proof materials inside 736 00:41:39,800 --> 00:41:42,160 Speaker 1: of it, and your job is to access all of 737 00:41:42,200 --> 00:41:45,720 Speaker 1: those materials in that tamper proof system and then return 738 00:41:45,840 --> 00:41:48,400 Speaker 1: them so that it looks like you haven't tampered with 739 00:41:48,440 --> 00:41:51,800 Speaker 1: it at all. It requires a lot of creative thinking 740 00:41:52,160 --> 00:41:55,960 Speaker 1: and using different skills if you want to actually be 741 00:41:56,080 --> 00:42:02,120 Speaker 1: able to get into that stuff without being found out. Now, 742 00:42:02,160 --> 00:42:05,799 Speaker 1: there's a ton of other things that go on over 743 00:42:05,840 --> 00:42:09,000 Speaker 1: at def Con and interesting stories that come out of it, 744 00:42:09,280 --> 00:42:11,359 Speaker 1: but I think the best way to learn about it 745 00:42:11,400 --> 00:42:13,960 Speaker 1: is to talk to someone who has been there. So 746 00:42:14,000 --> 00:42:16,520 Speaker 1: when we come back, I'm gonna have a little conversation 747 00:42:16,680 --> 00:42:20,280 Speaker 1: with my friend Shannon Morris. We'll talk about her experiences 748 00:42:20,320 --> 00:42:22,640 Speaker 1: of attending def Con. But we'll talk about that in 749 00:42:22,680 --> 00:42:25,080 Speaker 1: just a second after we take this quick break to 750 00:42:25,239 --> 00:42:35,799 Speaker 1: thank our sponsor guys. I am so pleased we are 751 00:42:35,960 --> 00:42:39,359 Speaker 1: joined by Shannon Morris, a good friend of mine. She's 752 00:42:39,400 --> 00:42:41,319 Speaker 1: been on the show a few times and she has 753 00:42:41,440 --> 00:42:45,560 Speaker 1: generously agreed to dedicate some of her precious time to 754 00:42:45,680 --> 00:42:48,360 Speaker 1: talking with us about def Con. Shannon, Welcome back to 755 00:42:48,400 --> 00:42:52,200 Speaker 1: Tech Stuff. Hi, how are you doing, Jonathan? I'm great. 756 00:42:52,920 --> 00:42:55,920 Speaker 1: I'm so happy that you are here. So to catch 757 00:42:56,000 --> 00:43:00,520 Speaker 1: you up, Shannon. What has happened previously? On text I 758 00:43:00,600 --> 00:43:03,960 Speaker 1: recorded an episode about the history of def Con. But 759 00:43:04,480 --> 00:43:07,920 Speaker 1: I told all my listeners I have not ever actually 760 00:43:07,960 --> 00:43:10,520 Speaker 1: been to a deaf Con. However, you have been to 761 00:43:10,840 --> 00:43:14,399 Speaker 1: a couple. How many deaf cons have you attended? Almost ten? 762 00:43:14,719 --> 00:43:17,000 Speaker 1: The first year I went, I believe was in two 763 00:43:17,000 --> 00:43:21,680 Speaker 1: thousand eight and I never stopped going, So come next year, 764 00:43:21,719 --> 00:43:25,840 Speaker 1: it'll be a decade awesome. So, as someone who has 765 00:43:25,840 --> 00:43:28,719 Speaker 1: actually attended def con, can you can you tell me 766 00:43:28,800 --> 00:43:32,440 Speaker 1: in your own words, how would you describe the convention 767 00:43:32,480 --> 00:43:35,319 Speaker 1: to someone who has only heard the name but has 768 00:43:35,360 --> 00:43:38,719 Speaker 1: no real idea of what it's all about. So I 769 00:43:38,760 --> 00:43:43,719 Speaker 1: would say def Con is it's the largest hacker con 770 00:43:44,080 --> 00:43:47,600 Speaker 1: in the United States. But it's not only hackers that go. 771 00:43:48,360 --> 00:43:53,280 Speaker 1: Sometimes it's government people, sometimes it's hackers uh, and sometimes 772 00:43:53,360 --> 00:43:57,319 Speaker 1: it's the kids that the hackers have had that will 773 00:43:57,360 --> 00:44:00,320 Speaker 1: also go to the convention. So a lot of people 774 00:44:00,360 --> 00:44:03,319 Speaker 1: go to this convention in Las Vegas every single year, 775 00:44:03,800 --> 00:44:07,640 Speaker 1: uh in the summertime, and we lovingly refer to it 776 00:44:07,719 --> 00:44:12,080 Speaker 1: as hashtag hacker summer camp because it is always it 777 00:44:12,080 --> 00:44:15,040 Speaker 1: always feels like it's a big family get together. There's 778 00:44:15,080 --> 00:44:18,680 Speaker 1: lots of hugs, there's a lot of get togethers after 779 00:44:18,760 --> 00:44:22,080 Speaker 1: the convention hours, like at restaurants and stuff like that 780 00:44:22,160 --> 00:44:24,720 Speaker 1: just to hang out. UH. And it's also a big party. 781 00:44:24,920 --> 00:44:27,240 Speaker 1: There's a lot of partying. There's a lot of booze 782 00:44:27,280 --> 00:44:30,360 Speaker 1: for the people that can legally drink UH and there's 783 00:44:30,400 --> 00:44:33,360 Speaker 1: a lot of really good time. So it's it's become 784 00:44:33,840 --> 00:44:35,800 Speaker 1: a really big part of my life in the fact 785 00:44:35,840 --> 00:44:39,080 Speaker 1: that a lot of my very close friends, some of 786 00:44:39,120 --> 00:44:41,719 Speaker 1: which that went to my wedding, even I met at 787 00:44:41,760 --> 00:44:44,160 Speaker 1: def Con. So it's it's a big part of my life. 788 00:44:44,800 --> 00:44:48,160 Speaker 1: So what would it be like like walk people through? 789 00:44:48,680 --> 00:44:51,799 Speaker 1: I know that there's not really a typical def Con experience, 790 00:44:51,840 --> 00:44:55,200 Speaker 1: as most conventions tend to change quite a bit from 791 00:44:55,320 --> 00:44:58,439 Speaker 1: year to year. They do this because they don't want 792 00:44:58,480 --> 00:45:01,839 Speaker 1: to remain static and just be known for the same thing. 793 00:45:02,280 --> 00:45:05,360 Speaker 1: But if you were attending def Con, what are the 794 00:45:05,400 --> 00:45:07,880 Speaker 1: sort of things you would be going to? Like do 795 00:45:07,920 --> 00:45:10,360 Speaker 1: you get do you go to any of the presentations 796 00:45:10,400 --> 00:45:14,000 Speaker 1: for example? So for me, Um, I'm not your normal 797 00:45:14,080 --> 00:45:17,680 Speaker 1: convention goer. I always go as either either press or 798 00:45:17,840 --> 00:45:21,120 Speaker 1: as a vendor. Uh so I usually get my badge 799 00:45:21,160 --> 00:45:23,359 Speaker 1: ahead of time. I pay for my badge ahead of time. 800 00:45:23,680 --> 00:45:26,360 Speaker 1: But for an attendee, what you have to do is 801 00:45:26,520 --> 00:45:28,680 Speaker 1: show up on the first day, stand in a really 802 00:45:28,719 --> 00:45:31,439 Speaker 1: really long line, and pay in cash because they don't 803 00:45:31,440 --> 00:45:35,239 Speaker 1: accept any credit cards and that's for the hacker anonymity. 804 00:45:35,880 --> 00:45:38,520 Speaker 1: But once you get there, you just stand in line 805 00:45:38,560 --> 00:45:41,080 Speaker 1: you pay. I think this year was like two hundred 806 00:45:41,120 --> 00:45:43,040 Speaker 1: dollars in cash or something like that, and then you 807 00:45:43,080 --> 00:45:45,839 Speaker 1: get your badge and you're good to go. Um. There 808 00:45:45,880 --> 00:45:50,040 Speaker 1: are talks, there are the vendor the vendor hall, of course, 809 00:45:50,120 --> 00:45:52,800 Speaker 1: and then there's also a whole bunch of different rooms 810 00:45:52,840 --> 00:45:55,919 Speaker 1: that you can hang out and called villages. Um. Each 811 00:45:55,960 --> 00:45:59,560 Speaker 1: of these villages kind of focuses on a hacker specialty, 812 00:46:00,040 --> 00:46:04,480 Speaker 1: whether that is WiFi hacking or car hacking. There's a 813 00:46:04,520 --> 00:46:07,440 Speaker 1: lock picking village. There's even a village that is just 814 00:46:07,560 --> 00:46:10,279 Speaker 1: for kids. So you can pretty much find whatever you 815 00:46:10,320 --> 00:46:12,480 Speaker 1: are interested in, as long as it has to do 816 00:46:12,560 --> 00:46:16,080 Speaker 1: with breaking things and then making them work again, which 817 00:46:16,120 --> 00:46:19,439 Speaker 1: is kind of the epitome of being a hacker, right, 818 00:46:19,480 --> 00:46:21,680 Speaker 1: And I'm glad you brought that up, because, as I 819 00:46:21,760 --> 00:46:25,880 Speaker 1: mentioned in the podcast section where I was chatting about 820 00:46:26,000 --> 00:46:32,480 Speaker 1: this whole concept, the term hacker has been misused dramatically 821 00:46:32,680 --> 00:46:36,680 Speaker 1: over the past twenty thirty years, and it's been the 822 00:46:36,760 --> 00:46:41,080 Speaker 1: definition has been too narrow for the common definition, because 823 00:46:41,120 --> 00:46:44,919 Speaker 1: of course, hacker originally meant people who, as you say, 824 00:46:44,960 --> 00:46:47,080 Speaker 1: like to take things apart, see how they work, put 825 00:46:47,080 --> 00:46:49,799 Speaker 1: them back together, maybe tweak them so they do something 826 00:46:49,840 --> 00:46:52,759 Speaker 1: they weren't intended to do in the first place, or 827 00:46:52,840 --> 00:46:55,640 Speaker 1: maybe do it differently, or perhaps even do it better 828 00:46:55,680 --> 00:46:59,400 Speaker 1: than it had been doing before. But it didn't necessarily 829 00:46:59,520 --> 00:47:02,600 Speaker 1: have this connotation that it tends to have in popular media, 830 00:47:02,680 --> 00:47:07,279 Speaker 1: which is a person who specializes in uh, penetrating a 831 00:47:07,400 --> 00:47:11,440 Speaker 1: secure system and then exploiting it in some way. Yeah. Absolutely, 832 00:47:11,480 --> 00:47:13,239 Speaker 1: I think a lot of and I know we've talked 833 00:47:13,239 --> 00:47:16,080 Speaker 1: about this before, but I think a lot of the 834 00:47:16,160 --> 00:47:19,920 Speaker 1: hacker name in the biased against it comes from Hollywood, 835 00:47:19,960 --> 00:47:23,279 Speaker 1: like the Hollywood core movies and TV shows that we 836 00:47:23,320 --> 00:47:26,000 Speaker 1: have seen in the eighties and nineties that have made 837 00:47:26,080 --> 00:47:28,480 Speaker 1: us think like, oh, hackers are really bad people, like 838 00:47:28,520 --> 00:47:30,320 Speaker 1: there is no way you could be a good hacker. 839 00:47:30,600 --> 00:47:33,640 Speaker 1: But that's actually not true of all of the hackers 840 00:47:33,680 --> 00:47:36,759 Speaker 1: I know. I don't know anybody that does something illegal. 841 00:47:37,080 --> 00:47:39,759 Speaker 1: All of them work as a penetration tester, as a 842 00:47:39,800 --> 00:47:42,920 Speaker 1: professional who goes in with a contract to a company 843 00:47:42,960 --> 00:47:46,480 Speaker 1: and then breaks into their network under that contract to 844 00:47:46,560 --> 00:47:49,040 Speaker 1: make sure that it is safe. Because if you don't 845 00:47:49,080 --> 00:47:52,239 Speaker 1: take the time to find the vulnerabilities, you won't know 846 00:47:52,280 --> 00:47:55,480 Speaker 1: how to secure yourself in the future. So hackers for 847 00:47:55,520 --> 00:47:58,120 Speaker 1: me are the good guys. And I think um a 848 00:47:58,160 --> 00:48:01,560 Speaker 1: lot of our community and lot of the people out 849 00:48:01,560 --> 00:48:04,520 Speaker 1: in the world who don't really understand hackers. What they 850 00:48:04,560 --> 00:48:07,480 Speaker 1: need to relate to is the fact that hackers are 851 00:48:07,520 --> 00:48:10,120 Speaker 1: good people who come in and make sure your stuff 852 00:48:10,160 --> 00:48:12,920 Speaker 1: is safe. Because there are bad guys out there, but 853 00:48:12,960 --> 00:48:15,400 Speaker 1: I don't refer to them as hackers. I refer to 854 00:48:15,440 --> 00:48:19,960 Speaker 1: them as criminals, right right. And I'm glad you mentioned 855 00:48:20,000 --> 00:48:22,120 Speaker 1: that too, because we've seen in the past a lot 856 00:48:22,200 --> 00:48:28,080 Speaker 1: of different def Con presentations, for example, have focused on vulnerabilities, 857 00:48:28,400 --> 00:48:31,360 Speaker 1: and it becomes clear that the presenter has said, you know, 858 00:48:31,400 --> 00:48:34,640 Speaker 1: in multiple instances of this that I tried to reach 859 00:48:34,640 --> 00:48:37,440 Speaker 1: out there was either no one to reach out to 860 00:48:38,080 --> 00:48:41,160 Speaker 1: or no one would listen to me about this vulnerability. 861 00:48:41,239 --> 00:48:43,520 Speaker 1: And so in order to force the issue, I am 862 00:48:43,520 --> 00:48:47,279 Speaker 1: going to bring this forward to everybody because because trust me, 863 00:48:47,520 --> 00:48:49,600 Speaker 1: if I don't talk about it, it just means the 864 00:48:49,640 --> 00:48:52,200 Speaker 1: people who are aware of it are going to exploit it. 865 00:48:52,239 --> 00:48:54,800 Speaker 1: If I talk about it, then it forces the hand 866 00:48:55,520 --> 00:48:59,520 Speaker 1: of whatever entity to patch that vulnerability or address it 867 00:48:59,600 --> 00:49:04,480 Speaker 1: in some way, because secrecy only helps the criminals, it 868 00:49:04,520 --> 00:49:08,120 Speaker 1: doesn't help like the The The assumption is that if 869 00:49:08,200 --> 00:49:11,040 Speaker 1: I talk about this thing, I've opened up the floodgates 870 00:49:11,040 --> 00:49:14,560 Speaker 1: and everyone can exploit it. Trust me, the criminals know already, 871 00:49:14,719 --> 00:49:17,400 Speaker 1: they're just not talking about it. Yeah, exactly a lot 872 00:49:17,440 --> 00:49:19,920 Speaker 1: of times you'll see these hawks that are exactly just that. 873 00:49:20,440 --> 00:49:24,040 Speaker 1: Um At Defcon, somebody will bring up a presentation and 874 00:49:24,200 --> 00:49:26,600 Speaker 1: turn in a call for paper paper to the def 875 00:49:26,680 --> 00:49:29,759 Speaker 1: Con committee, and they'll either accept it or deny it. 876 00:49:29,800 --> 00:49:32,279 Speaker 1: And when they show up at the convention and give 877 00:49:32,320 --> 00:49:36,760 Speaker 1: their talk, that's generally a very important disclaimer to say is, hey, 878 00:49:36,880 --> 00:49:39,719 Speaker 1: I reached out to this company two or three times, 879 00:49:39,840 --> 00:49:42,279 Speaker 1: I gave them six months to fix it. It has 880 00:49:42,320 --> 00:49:45,120 Speaker 1: not been fixed. Or maybe on the other hand, they 881 00:49:45,120 --> 00:49:47,239 Speaker 1: could say I reached out to the company, this has 882 00:49:47,280 --> 00:49:49,840 Speaker 1: already been fixed, but this is what I found and 883 00:49:49,920 --> 00:49:52,520 Speaker 1: this is why you need to update. For example, if 884 00:49:52,640 --> 00:49:56,239 Speaker 1: there is a smartphone vulnerability, they might say this has 885 00:49:56,280 --> 00:50:00,879 Speaker 1: already been released by the operating systems smartphone manufacture. Uh, 886 00:50:01,080 --> 00:50:03,520 Speaker 1: so this is very important for you to make sure 887 00:50:03,560 --> 00:50:06,440 Speaker 1: that you are updating on your own personal devices or 888 00:50:06,520 --> 00:50:09,520 Speaker 1: something around that. But basically they'll go in, they'll give 889 00:50:09,520 --> 00:50:13,719 Speaker 1: this disclaimer and then hopefully the company won't go after them. 890 00:50:14,320 --> 00:50:17,719 Speaker 1: After that fact, because since they can prove that they've 891 00:50:17,760 --> 00:50:20,880 Speaker 1: already reached out to this company, they have that that 892 00:50:20,960 --> 00:50:25,239 Speaker 1: they can fall back on. So there's unfortunately, there's a 893 00:50:25,239 --> 00:50:28,799 Speaker 1: lot of uh legal issues when it comes to what 894 00:50:28,880 --> 00:50:31,399 Speaker 1: information you can release, and a lot of it comes 895 00:50:31,440 --> 00:50:34,120 Speaker 1: down to you, how is the company actually dealing with 896 00:50:34,160 --> 00:50:36,839 Speaker 1: these things behind the scenes, Like what do what kind 897 00:50:36,880 --> 00:50:43,040 Speaker 1: of policies do they have in place for their own devices? Wow? Yeah, 898 00:50:43,120 --> 00:50:47,279 Speaker 1: I mean it's to me, it's fascinating to take that 899 00:50:47,360 --> 00:50:52,520 Speaker 1: into consideration, the idea that uh, this this this group 900 00:50:52,640 --> 00:50:55,600 Speaker 1: that has this reputation. Mostly I think because a lot 901 00:50:55,600 --> 00:50:57,400 Speaker 1: of the people over at Defcon also have kind of 902 00:50:57,400 --> 00:51:00,640 Speaker 1: a mischievous streak. So there's a lot of Yeah, there's 903 00:51:00,640 --> 00:51:02,319 Speaker 1: a lot of mischief making. I'm gonna ask you about 904 00:51:02,360 --> 00:51:05,120 Speaker 1: that in a minute. Uh, but there's a lot of 905 00:51:05,200 --> 00:51:07,600 Speaker 1: mischief making that goes on at the convention. It's largely 906 00:51:07,640 --> 00:51:10,160 Speaker 1: because you know, once you know how something works, it's 907 00:51:10,160 --> 00:51:11,919 Speaker 1: a lot of fun to show that off to other 908 00:51:12,000 --> 00:51:15,680 Speaker 1: people and sometimes show how it could potentially be misused. 909 00:51:15,760 --> 00:51:19,800 Speaker 1: Not in a way of like maliciously trying to promote 910 00:51:19,840 --> 00:51:22,680 Speaker 1: that misuse, but rather say, like, look at this crazy 911 00:51:22,760 --> 00:51:26,680 Speaker 1: thing I found and uh, this should not exist or 912 00:51:26,800 --> 00:51:29,880 Speaker 1: or the fact that this exists delights me, but however 913 00:51:29,920 --> 00:51:33,000 Speaker 1: we should probably address it. But it is interesting to 914 00:51:33,120 --> 00:51:36,720 Speaker 1: also know that, you know, there's this very cognizant approach 915 00:51:37,680 --> 00:51:40,640 Speaker 1: to what can and cannot be said. So that's so, 916 00:51:40,680 --> 00:51:42,560 Speaker 1: that's so that it's all done in it and as 917 00:51:42,760 --> 00:51:46,200 Speaker 1: as responsible away as possible. I mean, there is definitely 918 00:51:46,280 --> 00:51:48,520 Speaker 1: a tongue in cheek kind of approach. I mean the 919 00:51:48,560 --> 00:51:50,840 Speaker 1: thing that the convention is called def Con, and it 920 00:51:50,960 --> 00:51:54,520 Speaker 1: largely is because of the movie War Games, which is 921 00:51:54,560 --> 00:51:57,760 Speaker 1: one of those Hollywood films that has created this image 922 00:51:57,760 --> 00:52:00,399 Speaker 1: of the hacker that although I would you the War 923 00:52:00,480 --> 00:52:03,759 Speaker 1: Games hacker was more mischievous than anything else. Uh that uh, 924 00:52:04,040 --> 00:52:08,839 Speaker 1: that has continued to be perpetuated in media. Uh So 925 00:52:09,000 --> 00:52:12,080 Speaker 1: let me ask you this, like, as a vendor, I 926 00:52:12,160 --> 00:52:16,520 Speaker 1: understand that it's a pretty small number of vendors in 927 00:52:16,560 --> 00:52:18,719 Speaker 1: the grand scheme of things that tend to be invited 928 00:52:18,719 --> 00:52:21,399 Speaker 1: to def Con. Isn't it one of those things where 929 00:52:21,400 --> 00:52:24,680 Speaker 1: every single vendor must be approved before they can actually 930 00:52:25,120 --> 00:52:28,080 Speaker 1: uh show up and set up a table. That's correct, Yeah, 931 00:52:28,200 --> 00:52:30,799 Speaker 1: you have to be approved as a vendor. You ask 932 00:52:31,080 --> 00:52:33,200 Speaker 1: you also have to pay a fee for that table, 933 00:52:33,840 --> 00:52:36,880 Speaker 1: which is why you know, we we generally choose to 934 00:52:36,880 --> 00:52:39,280 Speaker 1: go to def Con and not the smaller cons because 935 00:52:39,440 --> 00:52:42,919 Speaker 1: since uh, yes, we do have to pay a rather 936 00:52:43,000 --> 00:52:46,520 Speaker 1: expensive fee, but we also have a very large audience 937 00:52:46,560 --> 00:52:49,919 Speaker 1: that is coming to purchased equipment from us, it ends 938 00:52:49,960 --> 00:52:52,319 Speaker 1: up offsetting the cost, so it ends up working out 939 00:52:52,360 --> 00:52:56,280 Speaker 1: pretty well. Um, but as a vendor, each and everyone 940 00:52:56,320 --> 00:52:59,080 Speaker 1: has to apply. You don't get invited every year anything 941 00:52:59,120 --> 00:53:01,239 Speaker 1: like that. So even the Hack five has been going 942 00:53:01,280 --> 00:53:03,160 Speaker 1: for ten years, Hack five is the company that I 943 00:53:03,200 --> 00:53:07,560 Speaker 1: work with, We've never been invited. We've always had to apply. 944 00:53:08,120 --> 00:53:11,040 Speaker 1: And with that application, you know, you go through all 945 00:53:11,040 --> 00:53:13,720 Speaker 1: the business e jargon, but you also have to say like, hey, 946 00:53:13,760 --> 00:53:15,960 Speaker 1: this is why I think we should go to the convention, 947 00:53:15,960 --> 00:53:18,120 Speaker 1: and this is what we think that we can bring 948 00:53:18,160 --> 00:53:21,000 Speaker 1: to it. In Hack five's case, we are filling this 949 00:53:21,120 --> 00:53:25,840 Speaker 1: void of giving giving the hacker community something that is 950 00:53:25,920 --> 00:53:30,000 Speaker 1: very introductory. A lot of the community basis on very 951 00:53:30,120 --> 00:53:36,200 Speaker 1: expertise related information that may already assume that you already 952 00:53:36,239 --> 00:53:39,840 Speaker 1: know the foundational information that you need to use equipment. 953 00:53:40,160 --> 00:53:41,880 Speaker 1: So we came in and we were like, hey, we 954 00:53:41,920 --> 00:53:45,560 Speaker 1: need to introduce something that gives beginners a way to 955 00:53:46,080 --> 00:53:48,759 Speaker 1: understand how to use not only to the devices that 956 00:53:48,800 --> 00:53:52,120 Speaker 1: we use, but also understand the fundamentals of why these 957 00:53:52,160 --> 00:53:54,880 Speaker 1: devices were built. Uh so, and that's one of the 958 00:53:54,880 --> 00:53:58,319 Speaker 1: reasons why we also do podcasts. But the vendors come in, 959 00:53:58,400 --> 00:54:00,879 Speaker 1: we all build our own boot so nobody builds them 960 00:54:00,920 --> 00:54:03,240 Speaker 1: for us. Of course, if you want to hang anything, 961 00:54:03,360 --> 00:54:07,040 Speaker 1: there's the the unions in Las Vegas that will do 962 00:54:07,080 --> 00:54:10,040 Speaker 1: that for you. But we set up our own boots 963 00:54:10,040 --> 00:54:14,000 Speaker 1: and we sell our equipment throughout the weekend. One big 964 00:54:14,040 --> 00:54:17,480 Speaker 1: thing that vendors have noticed in recent years is even 965 00:54:17,560 --> 00:54:21,400 Speaker 1: though the convention itself only accepts cash at the door, 966 00:54:21,760 --> 00:54:25,279 Speaker 1: a lot more people that are coming as guests or 967 00:54:25,320 --> 00:54:29,000 Speaker 1: attendees are paying with credit card, which is the strangest 968 00:54:29,040 --> 00:54:32,920 Speaker 1: thing given that it's a hacker con and the general 969 00:54:32,960 --> 00:54:35,400 Speaker 1: consensus is you do not want to use your credit 970 00:54:35,400 --> 00:54:38,480 Speaker 1: card whenever you are at the convention, but people still do. 971 00:54:38,560 --> 00:54:41,680 Speaker 1: And I think it's because since we as vendors are 972 00:54:41,800 --> 00:54:44,000 Speaker 1: part of the community, they trust us not to take 973 00:54:44,040 --> 00:54:46,640 Speaker 1: advantage of that. And we are using third parties, you know, 974 00:54:46,680 --> 00:54:50,400 Speaker 1: we're using Square, we're using Shopify or whatever. The company 975 00:54:50,520 --> 00:54:52,680 Speaker 1: might be that you choose to use at the convention, 976 00:54:53,040 --> 00:54:56,560 Speaker 1: so they know that their information is um encrypted and 977 00:54:56,600 --> 00:54:59,200 Speaker 1: it's safe with that third party, and we don't actually 978 00:54:59,239 --> 00:55:02,440 Speaker 1: even see anything except for the physical card, right, So 979 00:55:02,480 --> 00:55:05,560 Speaker 1: you can't if you were for some reason, let's say, 980 00:55:05,680 --> 00:55:09,560 Speaker 1: a shadowy government agency or command commanding you to hand 981 00:55:09,640 --> 00:55:13,360 Speaker 1: over those customer transactions. All you would have is just 982 00:55:13,440 --> 00:55:16,279 Speaker 1: the fact that well, we've got I can't give you 983 00:55:16,320 --> 00:55:19,319 Speaker 1: any more data than this. This is not I know that. 984 00:55:19,320 --> 00:55:21,680 Speaker 1: That's like the purpose behind cash only at the door 985 00:55:21,760 --> 00:55:24,239 Speaker 1: for the conventions that we aren't. We can't hand hand 986 00:55:24,320 --> 00:55:27,600 Speaker 1: over the people who are here because it's all a 987 00:55:27,680 --> 00:55:31,160 Speaker 1: cash based transaction. So you've either paid cash or you've 988 00:55:31,200 --> 00:55:36,800 Speaker 1: somehow managed to perfectly spoof the badge for that year, which, 989 00:55:36,800 --> 00:55:39,120 Speaker 1: as the founder of Deacon has said, like if you 990 00:55:39,160 --> 00:55:41,600 Speaker 1: can do it, then you probably deserve to be here. 991 00:55:42,360 --> 00:55:44,960 Speaker 1: Oh yeah, there's a whole bunch of contests that happened 992 00:55:44,960 --> 00:55:47,240 Speaker 1: at def Conto, and that's one of them where people 993 00:55:47,360 --> 00:55:49,680 Speaker 1: make their own badges to see who can make the 994 00:55:49,719 --> 00:55:52,759 Speaker 1: best one, and generally they'll either win something that's not 995 00:55:52,880 --> 00:55:59,120 Speaker 1: necessarily like a totally recorded contest, but you know, they 996 00:55:59,160 --> 00:56:01,200 Speaker 1: might go up to one of the goons that work 997 00:56:01,239 --> 00:56:03,480 Speaker 1: at Defcon and be like, hey, check out my badge, 998 00:56:03,480 --> 00:56:05,720 Speaker 1: and they might you know, end up giving them a prize. 999 00:56:06,040 --> 00:56:07,960 Speaker 1: There's a lot of really cool contests. There's a lot 1000 00:56:07,960 --> 00:56:11,360 Speaker 1: of cool villages. There's the vendors, the talks um, There's 1001 00:56:11,440 --> 00:56:14,080 Speaker 1: a lot of really interesting things that happen at Defcon. 1002 00:56:14,440 --> 00:56:18,040 Speaker 1: There's also conventions that happen during dev Con in Vegas, 1003 00:56:18,120 --> 00:56:19,640 Speaker 1: which is part of the reason why we call it 1004 00:56:19,680 --> 00:56:24,000 Speaker 1: Hackers Summer Camp, because the whole community is getting a 1005 00:56:24,080 --> 00:56:27,799 Speaker 1: lot more aware of being inclusive to minorities, to women too, 1006 00:56:27,840 --> 00:56:31,000 Speaker 1: people that aren't necessarily you know, the norm that you 1007 00:56:31,000 --> 00:56:34,160 Speaker 1: would see at Defcon. So for example, we're starting to 1008 00:56:34,200 --> 00:56:37,920 Speaker 1: see um last I think in the last several years, 1009 00:56:37,960 --> 00:56:40,719 Speaker 1: there's been Queer Con, which is for the l g 1010 00:56:40,840 --> 00:56:44,160 Speaker 1: B t Q community. It's a big suite, it's a convention. 1011 00:56:44,200 --> 00:56:46,359 Speaker 1: They also have their own pool party that people can 1012 00:56:46,400 --> 00:56:49,920 Speaker 1: go to and everybody's invited. Of course. Uh, there's a 1013 00:56:49,960 --> 00:56:54,000 Speaker 1: bunch of women's sweet setup that are very that generally 1014 00:56:54,040 --> 00:56:57,480 Speaker 1: talked about inclusiveness for women. And there's you know, the 1015 00:56:57,560 --> 00:57:01,600 Speaker 1: kids convention to the kids villages, so kids are invited. 1016 00:57:01,640 --> 00:57:04,480 Speaker 1: It's not necessarily just like the twenty one upcrowd that 1017 00:57:04,520 --> 00:57:07,600 Speaker 1: we've seen in the past. So it's becoming a much 1018 00:57:07,680 --> 00:57:10,400 Speaker 1: larger convention. It's becoming a lot more friendly to people 1019 00:57:10,400 --> 00:57:13,640 Speaker 1: that didn't necessarily uh know that they could go or 1020 00:57:13,760 --> 00:57:16,040 Speaker 1: feel safe at the convention. And I think that's a 1021 00:57:16,080 --> 00:57:19,080 Speaker 1: really positive effort that def con and the other conventions 1022 00:57:19,080 --> 00:57:21,760 Speaker 1: that happen in Vegas are trying to do. Yeah, I 1023 00:57:21,840 --> 00:57:24,400 Speaker 1: like that a lot. I like I like the fact that, 1024 00:57:24,760 --> 00:57:28,760 Speaker 1: you know, because the general perception, more frequently than not, 1025 00:57:28,920 --> 00:57:31,920 Speaker 1: I think of of what the stereotypical hacker is is 1026 00:57:31,960 --> 00:57:35,600 Speaker 1: they tend to be twenty something to maybe early thirty something. 1027 00:57:35,960 --> 00:57:38,640 Speaker 1: More frequently than not, they're portrayed as white, and they're 1028 00:57:38,680 --> 00:57:44,240 Speaker 1: almost always male. And so to see that this convention 1029 00:57:44,440 --> 00:57:49,919 Speaker 1: is actively or even just encouraging the participation of other 1030 00:57:50,000 --> 00:57:53,440 Speaker 1: groups that don't fall into those categories and is acknowledging, Hey, 1031 00:57:53,520 --> 00:57:56,880 Speaker 1: you know, there are people who are not falling into 1032 00:57:56,920 --> 00:57:59,760 Speaker 1: the stereotypical view of what a hacker is supposed to be, 1033 00:58:00,040 --> 00:58:04,000 Speaker 1: who have valid opinions, They have contributions to make to 1034 00:58:04,040 --> 00:58:07,760 Speaker 1: the community, They have great ideas that we should listen to. 1035 00:58:08,200 --> 00:58:10,720 Speaker 1: Is really encouraging, because you know, we we want to. 1036 00:58:11,080 --> 00:58:13,200 Speaker 1: I've always been one of those people who championed the 1037 00:58:13,280 --> 00:58:17,120 Speaker 1: idea of more inclusiveness with any sort of stem kind 1038 00:58:17,120 --> 00:58:20,840 Speaker 1: of approach, and that includes hacking, and I'm pleased to 1039 00:58:20,880 --> 00:58:23,480 Speaker 1: see that there are people who have taken up that 1040 00:58:23,520 --> 00:58:26,600 Speaker 1: banner and they have really pushed it, especially over the 1041 00:58:26,680 --> 00:58:28,760 Speaker 1: last few years. I was looking into some of the 1042 00:58:28,760 --> 00:58:33,080 Speaker 1: stuff about the children's village, like you pointed out, and 1043 00:58:33,120 --> 00:58:36,640 Speaker 1: I think it's fantastic that they book some of the 1044 00:58:36,680 --> 00:58:40,400 Speaker 1: same speakers who give the big presentations to the entire con. 1045 00:58:40,520 --> 00:58:42,640 Speaker 1: They'll come in and they'll do a session with the kids, 1046 00:58:42,640 --> 00:58:45,200 Speaker 1: and I think that's amazing. You know that you're getting 1047 00:58:45,200 --> 00:58:48,480 Speaker 1: these people, some of whom have national reputations in the 1048 00:58:48,520 --> 00:58:51,920 Speaker 1: form of information security, coming in and talking to kids 1049 00:58:52,000 --> 00:58:54,280 Speaker 1: on their level, like not talking down to them, because 1050 00:58:54,360 --> 00:58:56,640 Speaker 1: kids are way smarter than we give them credit for, 1051 00:58:57,240 --> 00:58:59,240 Speaker 1: and they pick up on this stuff way faster than 1052 00:58:59,280 --> 00:59:02,840 Speaker 1: old fogies. Me um, it's great to see that. So 1053 00:59:02,880 --> 00:59:06,680 Speaker 1: I find that really interesting. I am somewhat sad Shannon 1054 00:59:07,320 --> 00:59:10,280 Speaker 1: that that your first your first def con was two 1055 00:59:10,280 --> 00:59:13,360 Speaker 1: thousand eight, because it means I cannot ask you about 1056 00:59:13,400 --> 00:59:20,080 Speaker 1: the legendary by gone days of the Alexis Park. I've 1057 00:59:20,120 --> 00:59:24,760 Speaker 1: heard stories the last Alexis Park def Con took place 1058 00:59:24,800 --> 00:59:27,280 Speaker 1: in two thousand five, so those days were over by 1059 00:59:27,280 --> 00:59:30,040 Speaker 1: the time you came in. However, you have been there since. 1060 00:59:30,080 --> 00:59:32,760 Speaker 1: They've changed locations a few times. It started off at 1061 00:59:32,760 --> 00:59:35,400 Speaker 1: the Riviera Hotel, and then it was at the Rio, 1062 00:59:35,640 --> 00:59:38,640 Speaker 1: and then at Paris and Valleys, and now I think 1063 00:59:38,680 --> 00:59:42,120 Speaker 1: the most recent one was at Caesar's Palace, and it 1064 00:59:42,160 --> 00:59:44,560 Speaker 1: will be at Caesar's Palace again next year as well. 1065 00:59:45,440 --> 00:59:48,360 Speaker 1: So with those changes in location, have you noticed any 1066 00:59:48,400 --> 00:59:51,880 Speaker 1: other like subsequent changes in the con itself or is 1067 00:59:51,920 --> 00:59:53,800 Speaker 1: it just one of those things where it's just gotten 1068 00:59:53,840 --> 00:59:58,360 Speaker 1: bigger with each change in venue. Um, it's mostly just 1069 00:59:58,480 --> 01:00:01,200 Speaker 1: been getting bigger and bigger with the changes of venue, 1070 01:00:01,280 --> 01:00:05,520 Speaker 1: and I think that's the main reason. Although given some 1071 01:00:05,640 --> 01:00:08,480 Speaker 1: of the strange things that happened at the hotels, they 1072 01:00:08,520 --> 01:00:12,840 Speaker 1: could change those hotels because of something else, Tangent Assigne. 1073 01:00:12,880 --> 01:00:15,640 Speaker 1: More on that later, but yeah, it's It's one of 1074 01:00:15,640 --> 01:00:17,920 Speaker 1: the really strange things about Defcon is the fact that 1075 01:00:17,960 --> 01:00:22,880 Speaker 1: they do change hotels every two to three to four years. Uh, 1076 01:00:22,880 --> 01:00:25,600 Speaker 1: And I don't know why that is necessarily because I'm 1077 01:00:25,600 --> 01:00:27,840 Speaker 1: not on the board, but I can make my own 1078 01:00:28,000 --> 01:00:31,440 Speaker 1: personal assumptions based on what I've seen. You know, first 1079 01:00:31,480 --> 01:00:33,640 Speaker 1: of all, there's always i mean one, when you're ever, 1080 01:00:33,720 --> 01:00:36,400 Speaker 1: you're doing events, planning for a big event, there's always 1081 01:00:36,600 --> 01:00:38,960 Speaker 1: long term contract type stuff that you have to look at. 1082 01:00:39,040 --> 01:00:41,240 Speaker 1: So there's that. So some of it could very well 1083 01:00:41,280 --> 01:00:43,280 Speaker 1: be that it's just oh, we were only able to 1084 01:00:43,320 --> 01:00:45,400 Speaker 1: secure that location for two years and we knew it 1085 01:00:45,440 --> 01:00:48,480 Speaker 1: was going to be a transition. Sometimes it might be oh, 1086 01:00:48,560 --> 01:00:51,520 Speaker 1: this hotel wasn't so pleased when it found out all 1087 01:00:51,560 --> 01:00:56,320 Speaker 1: the elevator buttons were rewired to the wrong floor. Yeah, 1088 01:00:56,520 --> 01:01:01,880 Speaker 1: So on that fact um, there have been many different 1089 01:01:01,960 --> 01:01:05,200 Speaker 1: things that happen at dev Con, and it doesn't matter 1090 01:01:05,240 --> 01:01:08,160 Speaker 1: which hotel is at there are always these funny little 1091 01:01:08,160 --> 01:01:11,720 Speaker 1: pranks that get pulled all around the hotel. It could 1092 01:01:11,760 --> 01:01:17,200 Speaker 1: be anything from the hotel elevators getting switched up like that. 1093 01:01:17,480 --> 01:01:19,960 Speaker 1: It could be them getting stopped in the middle of 1094 01:01:20,040 --> 01:01:24,040 Speaker 1: two floors. Uh. It could be a great example as 1095 01:01:24,040 --> 01:01:26,680 Speaker 1: Caesar's Palace this year is they have a food court, 1096 01:01:27,120 --> 01:01:29,760 Speaker 1: and the food court all of the different restaurants give 1097 01:01:29,800 --> 01:01:34,840 Speaker 1: out those little wireless handset things. Uh, those little square 1098 01:01:34,880 --> 01:01:38,320 Speaker 1: boxes that vibrate whenever your food is ready. They all 1099 01:01:38,400 --> 01:01:41,400 Speaker 1: run on the same frequency. And of course, since you 1100 01:01:41,480 --> 01:01:44,520 Speaker 1: have a bunch of hackers at Caesar's Palace, if they 1101 01:01:44,520 --> 01:01:47,160 Speaker 1: find out everything runs on the same frequency and they 1102 01:01:47,200 --> 01:01:51,120 Speaker 1: can recreate that pattern to make all of the devices 1103 01:01:51,200 --> 01:01:53,560 Speaker 1: vibrate and go off at the same time, they will 1104 01:01:53,600 --> 01:01:56,200 Speaker 1: do it, and then everybody's sitting in that food court 1105 01:01:56,200 --> 01:01:58,640 Speaker 1: will stand up all at the same time expecting their 1106 01:01:58,640 --> 01:02:03,200 Speaker 1: food to be ready. Wow. Um, I've seen another example 1107 01:02:03,240 --> 01:02:07,080 Speaker 1: here in Caesar's Palace this year was Uh, there are 1108 01:02:07,120 --> 01:02:09,680 Speaker 1: a whole bunch of statues that are supposed to be 1109 01:02:09,720 --> 01:02:13,640 Speaker 1: like Roman, you know, the Roman gods, Roman, all the 1110 01:02:13,680 --> 01:02:18,880 Speaker 1: different beings from histories past. And they're like animatronic, aren't they. Um. 1111 01:02:18,920 --> 01:02:22,200 Speaker 1: There are some animatronic ones in one of the shopping centers, 1112 01:02:23,040 --> 01:02:24,800 Speaker 1: and then a lot of the other ones are just 1113 01:02:24,840 --> 01:02:26,840 Speaker 1: like made out of really nice stone and they're in 1114 01:02:26,880 --> 01:02:29,520 Speaker 1: the middle of walking areas. They're very easy to get 1115 01:02:29,600 --> 01:02:32,720 Speaker 1: up to. And Google eyes are a really big thing 1116 01:02:32,920 --> 01:02:35,040 Speaker 1: at def Con, so you will find all of these 1117 01:02:35,040 --> 01:02:39,320 Speaker 1: statues by the end of the convention weekend. With Google's 1118 01:02:39,600 --> 01:02:43,440 Speaker 1: Google eyes on them, and it is the funniest thing. Luckily, 1119 01:02:43,600 --> 01:02:46,919 Speaker 1: I think Caesar's Palace was really dealing with it kind 1120 01:02:46,920 --> 01:02:49,680 Speaker 1: of humorously because they left a lot of those things 1121 01:02:49,720 --> 01:02:52,240 Speaker 1: on even after the janitorial staff went through in the 1122 01:02:52,240 --> 01:02:54,480 Speaker 1: middle of the night, So I think that they were 1123 01:02:54,480 --> 01:02:57,919 Speaker 1: taking it with like a good positive appeal, like, hey, 1124 01:02:57,960 --> 01:03:00,320 Speaker 1: this is a part of the hacker community, this is 1125 01:03:00,400 --> 01:03:02,880 Speaker 1: def con, Like, this is what we were expecting. So 1126 01:03:02,920 --> 01:03:04,440 Speaker 1: we're just going to leave those up for the weekend 1127 01:03:04,440 --> 01:03:06,720 Speaker 1: and let y'all have your fun as long as you 1128 01:03:06,760 --> 01:03:10,720 Speaker 1: do follow follow the rule of MPD no permanent damage. Yes, 1129 01:03:10,760 --> 01:03:15,280 Speaker 1: no permanent damage. So luckily Google eyes don't cause permanent damage. Um. 1130 01:03:15,320 --> 01:03:17,480 Speaker 1: I don't like it when the elevators get messed with 1131 01:03:17,560 --> 01:03:19,800 Speaker 1: because I'm an old lady and I like to go 1132 01:03:19,840 --> 01:03:22,040 Speaker 1: to sleep at night and not get stuck in an elevator, 1133 01:03:22,040 --> 01:03:26,400 Speaker 1: which has happened before. But it also comes with the territory, 1134 01:03:26,520 --> 01:03:28,600 Speaker 1: so I understand that if I'm going to def con, 1135 01:03:28,800 --> 01:03:33,440 Speaker 1: those things will happen. Well, if you were if you 1136 01:03:33,560 --> 01:03:38,200 Speaker 1: were talking to someone who was possibly thinking about going 1137 01:03:38,240 --> 01:03:41,960 Speaker 1: to def con, what is what is your pitch and 1138 01:03:42,120 --> 01:03:45,160 Speaker 1: convincing that person to say, like you know what, Yeah, 1139 01:03:45,200 --> 01:03:47,560 Speaker 1: this is something that you should try. If you're interested 1140 01:03:47,600 --> 01:03:49,320 Speaker 1: in it, you should give it a go. What would 1141 01:03:49,320 --> 01:03:52,479 Speaker 1: you tell that person? So, I would say that def 1142 01:03:52,520 --> 01:03:55,640 Speaker 1: Con is unlike any of the other hacker cons that 1143 01:03:55,680 --> 01:03:58,880 Speaker 1: I've been to. All of the local conventions are much smaller, 1144 01:03:58,880 --> 01:04:02,720 Speaker 1: which also have a huge deal of appeal. But if 1145 01:04:02,760 --> 01:04:07,919 Speaker 1: you really want to see the uh the prankster def Con, 1146 01:04:08,120 --> 01:04:11,160 Speaker 1: if you want to see the family get together, the 1147 01:04:11,240 --> 01:04:14,640 Speaker 1: Hacker summer camp, if you want to get that huge 1148 01:04:14,920 --> 01:04:17,520 Speaker 1: deal of inspiration throughout the weekend from all of the 1149 01:04:17,560 --> 01:04:20,600 Speaker 1: different villages uh, and if you want to feel included. 1150 01:04:20,960 --> 01:04:23,280 Speaker 1: Defcon has a code of Contact, which means that they 1151 01:04:23,280 --> 01:04:26,400 Speaker 1: are very very inclusive, and if anything happens there, you 1152 01:04:26,400 --> 01:04:29,040 Speaker 1: can report it and know that you'll be okay. UM. 1153 01:04:29,280 --> 01:04:31,240 Speaker 1: Def Con is the one place that I go every year, 1154 01:04:31,320 --> 01:04:34,520 Speaker 1: and I just love going, even though at the end 1155 01:04:34,560 --> 01:04:37,320 Speaker 1: of the week my voice is shot, even though I 1156 01:04:37,360 --> 01:04:39,880 Speaker 1: am tired, and sometimes I come home with the con 1157 01:04:39,920 --> 01:04:42,600 Speaker 1: flu which will generally happen if you go to Vegas 1158 01:04:42,640 --> 01:04:46,040 Speaker 1: and you don't drink enough water because it's a desert. Um. 1159 01:04:46,080 --> 01:04:48,000 Speaker 1: It's it's the one place that I can go and 1160 01:04:48,040 --> 01:04:51,480 Speaker 1: feel like I'm not only included, even as a woman 1161 01:04:51,920 --> 01:04:55,240 Speaker 1: in a very even though I'm considered a minority in 1162 01:04:55,280 --> 01:04:57,360 Speaker 1: the hacker genre, even as a woman, I can go 1163 01:04:57,360 --> 01:05:01,200 Speaker 1: there and I feel included and I feel real embraced 1164 01:05:01,280 --> 01:05:05,520 Speaker 1: in that community. But it's it's friendly, it's fun, and 1165 01:05:06,200 --> 01:05:09,360 Speaker 1: it's big. It's huge. So if you're looking for a party, 1166 01:05:09,400 --> 01:05:11,440 Speaker 1: it's also a very good time. If you're looking for 1167 01:05:11,480 --> 01:05:13,360 Speaker 1: a job, it's a great place to go as well. 1168 01:05:13,840 --> 01:05:18,080 Speaker 1: Oh yeah, fantastic uh networking opportunity in more ways than one. 1169 01:05:18,880 --> 01:05:23,280 Speaker 1: Now I also have to ask, but this will kind 1170 01:05:23,280 --> 01:05:26,600 Speaker 1: of be our sign off because I talked about in 1171 01:05:26,680 --> 01:05:30,200 Speaker 1: the actual podcast, But I want to hear what your 1172 01:05:30,280 --> 01:05:32,960 Speaker 1: thoughts are and perhaps just the sort of the general 1173 01:05:33,640 --> 01:05:39,240 Speaker 1: uh conception of the Wall of Sheep. Um. Yes, so 1174 01:05:39,320 --> 01:05:42,360 Speaker 1: the Wall of Sheep is hilarious. I think it is 1175 01:05:42,400 --> 01:05:45,200 Speaker 1: a great way to spread awareness of the fact that 1176 01:05:45,320 --> 01:05:50,200 Speaker 1: wireless is not necessarily safe. It is very vulnerable, especially 1177 01:05:50,240 --> 01:05:52,600 Speaker 1: to people that go to the convention and forget to 1178 01:05:52,640 --> 01:05:57,360 Speaker 1: turn wireless off on their devices. Um. I've never been 1179 01:05:57,440 --> 01:05:59,240 Speaker 1: on the Wall of Sheep, so I can't tell you 1180 01:05:59,280 --> 01:06:01,280 Speaker 1: from experience it is how it feels to be on 1181 01:06:01,320 --> 01:06:04,400 Speaker 1: the wall of sheep, but I would probably be embarrassed 1182 01:06:04,400 --> 01:06:06,360 Speaker 1: if I showed up on there, but I would take 1183 01:06:06,400 --> 01:06:09,120 Speaker 1: it as a learning experience. If if I was to 1184 01:06:09,160 --> 01:06:11,040 Speaker 1: show up on there, I would be like, Okay, how 1185 01:06:11,080 --> 01:06:13,600 Speaker 1: did this happen? And I would want to learn so 1186 01:06:13,640 --> 01:06:15,920 Speaker 1: that that would never happen to me again in the future, 1187 01:06:16,200 --> 01:06:18,360 Speaker 1: and I could take that into the real world and 1188 01:06:18,880 --> 01:06:23,240 Speaker 1: know that I am safe with my own devices. Right again. More, 1189 01:06:23,680 --> 01:06:26,360 Speaker 1: while you might have suffer a little bit of embarrassment 1190 01:06:26,400 --> 01:06:29,200 Speaker 1: in the short term as you appear on a wall, 1191 01:06:29,680 --> 01:06:32,760 Speaker 1: the lesson you learn is more valuable because again, the 1192 01:06:32,800 --> 01:06:35,960 Speaker 1: criminals aren't going to alert you that you are sharing 1193 01:06:35,960 --> 01:06:39,080 Speaker 1: any information. They're going to be using that. So it's 1194 01:06:39,120 --> 01:06:41,360 Speaker 1: better for you to be aware of it and be 1195 01:06:41,480 --> 01:06:44,760 Speaker 1: able to prevent that from happening than to be unaware 1196 01:06:44,760 --> 01:06:47,880 Speaker 1: of it and then just be taken advantage of perpetually. 1197 01:06:48,560 --> 01:06:51,160 Speaker 1: So absolutely I see it. I see it as a 1198 01:06:51,200 --> 01:06:53,280 Speaker 1: valuable service, even though I know that I would be 1199 01:06:53,320 --> 01:06:55,640 Speaker 1: paranoid the entire time that was going to show up. 1200 01:06:55,760 --> 01:06:57,880 Speaker 1: Do you take do you take a burner phone with you? 1201 01:06:58,640 --> 01:07:01,880 Speaker 1: I used to um I I stopped doing the burner 1202 01:07:01,920 --> 01:07:05,000 Speaker 1: phone just out of pure laziness the past few years, 1203 01:07:05,440 --> 01:07:08,160 Speaker 1: which is very bad. You should take a burner phone 1204 01:07:08,240 --> 01:07:12,200 Speaker 1: with you. I am not the norm, but there are 1205 01:07:12,200 --> 01:07:14,160 Speaker 1: a few things that I would recommend to people that 1206 01:07:14,200 --> 01:07:16,960 Speaker 1: are going just for their own security and privacy because 1207 01:07:17,040 --> 01:07:21,520 Speaker 1: it is a very target rich environment. I would say, 1208 01:07:21,560 --> 01:07:24,560 Speaker 1: if you can take a burner phone, UH, if you 1209 01:07:24,600 --> 01:07:27,120 Speaker 1: can erase all the data off that burner phone, any 1210 01:07:27,160 --> 01:07:30,280 Speaker 1: personal data, and don't log into like your bank, for example, 1211 01:07:30,400 --> 01:07:33,480 Speaker 1: while you are at the convention on that phone. UM. 1212 01:07:33,560 --> 01:07:37,560 Speaker 1: I would also recommend keeping NFC, Bluetooth, and wireless turned 1213 01:07:37,600 --> 01:07:40,160 Speaker 1: off the entire time, because there are hacks for all 1214 01:07:40,200 --> 01:07:44,240 Speaker 1: of those uh. And if you want to on sites 1215 01:07:44,280 --> 01:07:47,800 Speaker 1: like Amazon, there's these really cool things called Faraday bags, 1216 01:07:48,000 --> 01:07:51,200 Speaker 1: and I bought one myself and it works great. I've 1217 01:07:51,240 --> 01:07:54,800 Speaker 1: tested it, and Faraday bags will If you put your 1218 01:07:54,800 --> 01:07:57,680 Speaker 1: smartphone inside of a Faraday bag, the Faraday bag will 1219 01:07:57,760 --> 01:08:01,960 Speaker 1: stop any kind of UH wireless frequencies from coming into 1220 01:08:02,000 --> 01:08:05,000 Speaker 1: the bag and coming onto your device, so it'll protect 1221 01:08:05,080 --> 01:08:07,880 Speaker 1: your device from anything out there that might be trying 1222 01:08:07,920 --> 01:08:11,000 Speaker 1: to attack the devices in the wild. I would also 1223 01:08:11,040 --> 01:08:15,120 Speaker 1: recommend water because it is Vegas, really good tennis shoes 1224 01:08:15,160 --> 01:08:18,000 Speaker 1: because any hotel you go to that def Con is 1225 01:08:18,040 --> 01:08:21,280 Speaker 1: in Ore, You'll you will be walking very very far 1226 01:08:21,960 --> 01:08:24,519 Speaker 1: uh and get lots of sleep and make sure to 1227 01:08:24,560 --> 01:08:28,400 Speaker 1: take a shower, just like any other convention. Yep. Personal 1228 01:08:28,479 --> 01:08:31,200 Speaker 1: hygiene does not stop just because the convention has started. No, 1229 01:08:31,320 --> 01:08:34,600 Speaker 1: it does not. Hand sanitizer not a bad idea, or 1230 01:08:34,600 --> 01:08:37,120 Speaker 1: at least washing your hands frequently, not a bad idea 1231 01:08:37,160 --> 01:08:40,400 Speaker 1: at any of these sort of conventions. I've been the 1232 01:08:40,479 --> 01:08:43,360 Speaker 1: champion of that at c e S so many years running, 1233 01:08:43,479 --> 01:08:45,799 Speaker 1: especially at a place like CES, because you're just handling 1234 01:08:45,880 --> 01:08:49,040 Speaker 1: your handling stuff that so many other people have handled, Yes, exactly, 1235 01:08:49,040 --> 01:08:53,080 Speaker 1: but valuable tips and take advantage of the learning experience 1236 01:08:53,080 --> 01:08:54,800 Speaker 1: to make sure that you get out there and you 1237 01:08:54,880 --> 01:08:57,280 Speaker 1: ask questions. Because the people that go to def Con 1238 01:08:57,400 --> 01:09:00,840 Speaker 1: and have vendor booze have villages that they running there 1239 01:09:00,880 --> 01:09:04,160 Speaker 1: there to answer your questions. I believe that no question 1240 01:09:04,240 --> 01:09:07,000 Speaker 1: is a stupid question. If you are a beginner, you 1241 01:09:07,080 --> 01:09:08,800 Speaker 1: come up to me and you ask a question. If 1242 01:09:08,840 --> 01:09:11,400 Speaker 1: I don't think that my product that I'm selling at 1243 01:09:11,400 --> 01:09:13,880 Speaker 1: my vendor booth is correct for you, I've I've done 1244 01:09:13,880 --> 01:09:15,960 Speaker 1: this in the past. I will lead you out of 1245 01:09:16,000 --> 01:09:18,280 Speaker 1: my booth and take you to the bookstore where you 1246 01:09:18,320 --> 01:09:20,040 Speaker 1: can pick up a book that teaches you all the 1247 01:09:20,080 --> 01:09:22,599 Speaker 1: fundamentals and the theory behind the products that we sell. 1248 01:09:22,840 --> 01:09:25,879 Speaker 1: So I I highly recommend that if you're a beginner, 1249 01:09:26,200 --> 01:09:29,080 Speaker 1: to go to these conventions, especially def COM, because the 1250 01:09:29,240 --> 01:09:31,640 Speaker 1: learning experience that you'll you will get there and the 1251 01:09:31,680 --> 01:09:34,960 Speaker 1: networking that you'll get is like no other You can't 1252 01:09:35,000 --> 01:09:38,439 Speaker 1: get that same kind of experience online. Yeah. And and 1253 01:09:38,439 --> 01:09:40,600 Speaker 1: in my now I've not been to death count, but 1254 01:09:40,600 --> 01:09:43,920 Speaker 1: in my experience talking with people who do this sort 1255 01:09:43,960 --> 01:09:47,559 Speaker 1: of stuff, they get they get a thrill out of 1256 01:09:47,560 --> 01:09:50,360 Speaker 1: being able to talk about and explain it to other people. 1257 01:09:50,520 --> 01:09:54,080 Speaker 1: They they enjoy sharing that knowledge. It's not like they're 1258 01:09:54,120 --> 01:09:57,000 Speaker 1: hoarding knowledge and they don't want other people to have it. 1259 01:09:57,560 --> 01:10:00,840 Speaker 1: So in fact, I often see it as the act opposite, 1260 01:10:00,880 --> 01:10:03,200 Speaker 1: Like people learn something cool and they immediately want to 1261 01:10:03,200 --> 01:10:05,160 Speaker 1: share it with other folks so that they also know 1262 01:10:05,240 --> 01:10:08,280 Speaker 1: how to do it. So yeah, So that to me 1263 01:10:08,400 --> 01:10:13,759 Speaker 1: is something that is really a valuable thing to take away, 1264 01:10:13,880 --> 01:10:18,320 Speaker 1: is that these are folks who really want to share 1265 01:10:18,400 --> 01:10:21,920 Speaker 1: that experience and to explain and to teach and to 1266 01:10:22,280 --> 01:10:27,720 Speaker 1: have that knowledge expand beyond just their own circle, So definitely. 1267 01:10:27,880 --> 01:10:30,160 Speaker 1: You know, Defcon is not like a participant not not 1268 01:10:30,240 --> 01:10:34,519 Speaker 1: like a spectator sport. You know, it's fully participatory. And 1269 01:10:34,560 --> 01:10:37,000 Speaker 1: the more I heard this more and more every time 1270 01:10:37,040 --> 01:10:40,320 Speaker 1: I was watching any video about it or anything, everyone 1271 01:10:40,360 --> 01:10:42,880 Speaker 1: was saying the more you participate, the more you get 1272 01:10:42,920 --> 01:10:45,920 Speaker 1: out of it, and that it's it's an environment that 1273 01:10:46,080 --> 01:10:52,120 Speaker 1: encourages participation. And you know, I'm sure that you've you've 1274 01:10:52,120 --> 01:10:55,960 Speaker 1: had a chance to practice all sorts of skills that 1275 01:10:56,040 --> 01:11:00,320 Speaker 1: you didn't necessarily go into, you know, with any uh 1276 01:11:00,400 --> 01:11:03,439 Speaker 1: real affinity for at the beginning. Like I mean, it 1277 01:11:03,439 --> 01:11:06,000 Speaker 1: wouldn't surprise me at all to learn that you have 1278 01:11:06,360 --> 01:11:10,240 Speaker 1: started to really get good at picking locks. Yeah, that's 1279 01:11:10,240 --> 01:11:12,760 Speaker 1: actually a thing that I was going to mention. I 1280 01:11:12,840 --> 01:11:16,120 Speaker 1: started picking locks at def Con, and I didn't know 1281 01:11:16,200 --> 01:11:19,320 Speaker 1: that I was that it was a skill that I 1282 01:11:19,400 --> 01:11:23,320 Speaker 1: had naturally until I started doing it, And I wouldn't 1283 01:11:23,360 --> 01:11:25,840 Speaker 1: have done it if I hadn't gone to Defcon. But 1284 01:11:25,920 --> 01:11:28,800 Speaker 1: now I have that skill that I could use for 1285 01:11:29,040 --> 01:11:32,080 Speaker 1: more security awareness, like even on my own house, I 1286 01:11:32,080 --> 01:11:35,360 Speaker 1: can make sure that my house isn't you know, luck pickable, 1287 01:11:35,880 --> 01:11:38,479 Speaker 1: for example. But you you do learn skills there, you 1288 01:11:38,520 --> 01:11:41,240 Speaker 1: get to. You get to meet a lot of really 1289 01:11:41,280 --> 01:11:45,920 Speaker 1: amazing people and it's a great experience all around. Um, 1290 01:11:45,960 --> 01:11:47,960 Speaker 1: even if you go on your own there's some really 1291 01:11:48,000 --> 01:11:51,759 Speaker 1: awesome people that you can meet there. Shannon Morrise, thank 1292 01:11:51,800 --> 01:11:54,880 Speaker 1: you so much for joining our show. Please tell people 1293 01:11:54,880 --> 01:11:57,320 Speaker 1: where they can find all the stuff what you do. 1294 01:11:57,960 --> 01:12:00,759 Speaker 1: Uh So, you can follow me on Twitter, I'm snubs 1295 01:12:00,960 --> 01:12:03,320 Speaker 1: S and U b S. That is where I post 1296 01:12:03,400 --> 01:12:06,120 Speaker 1: most frequently, and I can also answer any questions that 1297 01:12:06,200 --> 01:12:09,280 Speaker 1: you have about def Con as well over there. If 1298 01:12:09,280 --> 01:12:11,800 Speaker 1: you are interested in the podcast that I do, you 1299 01:12:11,840 --> 01:12:13,840 Speaker 1: can check out all of those over at h K 1300 01:12:14,040 --> 01:12:18,120 Speaker 1: five dot org o r G and hack five is 1301 01:12:18,160 --> 01:12:20,560 Speaker 1: also the place where I do all of my own teachings. 1302 01:12:20,800 --> 01:12:23,560 Speaker 1: So if you have questions about the hacker community, or 1303 01:12:23,600 --> 01:12:26,759 Speaker 1: if you're interested in pent testing as a profession, definitely 1304 01:12:26,840 --> 01:12:29,559 Speaker 1: check out our podcast there because we go through not 1305 01:12:29,640 --> 01:12:32,519 Speaker 1: only the fundamentals, but also the theory and sometimes some 1306 01:12:32,600 --> 01:12:36,599 Speaker 1: expert advice as well. Awesome, it was a pleasure having 1307 01:12:36,640 --> 01:12:38,559 Speaker 1: you back on the show. I'll make sure to have 1308 01:12:38,640 --> 01:12:42,240 Speaker 1: you on again before too long. Thank you guys. That 1309 01:12:42,520 --> 01:12:45,360 Speaker 1: is the history of def Con. This was a really 1310 01:12:45,400 --> 01:12:48,560 Speaker 1: interesting subject for me to look into. I was completely 1311 01:12:48,640 --> 01:12:52,200 Speaker 1: in the dark ha ha about this convention. I had 1312 01:12:52,240 --> 01:12:54,720 Speaker 1: only had some idea of what was going on, and 1313 01:12:54,760 --> 01:12:56,360 Speaker 1: the more I looked into it, the more I realized 1314 01:12:56,400 --> 01:12:59,680 Speaker 1: that a lot of those notions were based on misinformation. 1315 01:13:00,240 --> 01:13:03,320 Speaker 1: And again, big thanks to Shannon Morris for jumping on 1316 01:13:03,400 --> 01:13:06,640 Speaker 1: here and giving me the first person perspective of what 1317 01:13:06,840 --> 01:13:09,280 Speaker 1: it's like to go to one of these conventions. It 1318 01:13:09,360 --> 01:13:11,920 Speaker 1: sounds like it would be really fascinating. I know I 1319 01:13:11,960 --> 01:13:14,559 Speaker 1: would be completely out of my element where I to attend, 1320 01:13:14,560 --> 01:13:17,280 Speaker 1: and yet I feel like I gotta make an effort 1321 01:13:17,320 --> 01:13:20,200 Speaker 1: to go at least one year and experience this just 1322 01:13:20,320 --> 01:13:25,160 Speaker 1: as an attendee and to learn and to to see 1323 01:13:25,200 --> 01:13:29,200 Speaker 1: that community and to experience this for myself. If you 1324 01:13:29,240 --> 01:13:32,759 Speaker 1: guys have suggestions for future topics of tech stuff, please 1325 01:13:33,000 --> 01:13:34,800 Speaker 1: let me know. You can send me an email that 1326 01:13:34,840 --> 01:13:38,600 Speaker 1: addresses tech stuff at how stuff works dot com, or 1327 01:13:38,680 --> 01:13:41,320 Speaker 1: you can always drop me a line on Facebook or Twitter. 1328 01:13:41,400 --> 01:13:44,600 Speaker 1: The handle for both of those is text stuff hs W. 1329 01:13:45,160 --> 01:13:49,120 Speaker 1: Remember you can watch me record episodes live on twitch 1330 01:13:49,240 --> 01:13:52,960 Speaker 1: dot tv slash text Stuff. I record on Wednesdays and Friday's. 1331 01:13:53,360 --> 01:13:55,400 Speaker 1: Just pop over to that U r L and you'll 1332 01:13:55,400 --> 01:13:57,559 Speaker 1: be able to see the schedule there, and I'll talk 1333 01:13:57,600 --> 01:14:06,559 Speaker 1: to you again really soon for more on this and 1334 01:14:06,640 --> 01:14:09,200 Speaker 1: thousands of other topics. Is it how stuff Works? Dot 1335 01:14:09,200 --> 01:14:19,320 Speaker 1: com