

How to survive Black Hat and Defcon without getting hacked -- maybe - alphadoggs
http://www.networkworld.com/news/2011/072911-blackhat-defcon-survival-guide.html

======
bonzoesc
Some more DEF CON tips:

* Don't bring your computer everywhere; it's heavy, somebody can steal it, and you'll be worrying about your computer instead of having fun, drinking, and meeting people.

* Go to the hardware hacking & lock picking villages. Everyone there is cool!

* Drink lots of water, especially if you go outside or drink booze.

* Have a QR reader/generator on your phone so you can share phone numbers. I use "QR Flip Flop" on iPhone and "Barcode Scanner" on Android.

Above all, party! You can compute in the comfort of your home the other 51
weekends each year.

------
rkalla
Well this makes sense[1], but will be really inconvenient:

\- Don't use cellphones within 1,000 feet of the conferences to avoid phony
cell stations.

For anyone going this year you know the conference is at the Rio as well as
most of the guests attending.

The one thing I will say is that in his talk, Paget did say that GSM's
security is broken, but 3G security is still (hypothetically) intact and much
stronger.

So forcing your phone onto the WCDMA network only is probably the way to go
while at the conference. (Settings > Wireless > Mobile Networks > Network Mode
on Android)

[1] [http://www.wired.com/threatlevel/2010/07/intercepting-
cell-p...](http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-
calls/)

~~~
ZoFreX
My phone is 3G only, if there isn't a 3G signal available then I can't make
calls or texts. Does this mean my phone is more secure?

~~~
mctavjb9
It depends how you define "secure." There are numerous weaknesses of 2G (GSM)
security that were addressed in the 3G (UMTS) standards. The major ones: 1)
GSM supports one-way authentication only (handset to network), so man-in-the-
middle attacks are possible; 2) encryption is optional, and when turned on by
the carrier, only covers the air interface between the phone and the
basestation, leaving base transceiver station (BTS) to base station controller
(BSC) connections, often a microwave links, effectively unprotected; 3) GSM
encryption keys are not long enough to make brute force attacks impractical
(A5/1, the strongest version of GSM encryption, has a 64-bit key); 4) GSM does
not support data integrity protection, making false BTS attacks like Paget's
DEFCON demo possible; and 5) encryption keys and authentication data are
transmitted in the clear within a network and between networks when the phone
is roaming. (Ref.: 3GPP TS 33.120, 3GPP TS 21.133).

A 3G-only phone isn't susceptible to attacks that attempt to coerce a handset
into 2G operation and exploit the weaknesses of GSM security. However, UMTS
networks, because they're packet-based, still have to contend with DoS attacks
and other Internet headaches.

