LAS VEGAS - You might not think that a hacker conference in Sin City in the summer is the best place to take the kids. But if you want them to learn some skills, know their digital rights and have some fun, I can't think of any place better. Oh, and there's some stuff for us big kids too.
Defcon, which turns 20 this year, runs Friday through Sunday, following the more corporate Black Hat conference, the newsy parts of which are tomorrow and Thursday.
Black Hat organizers had a rocky start to their week with a security issue of their own. One of their volunteers sent 7,500 attendees a suspicious e-mail that appeared to be a phishing scam. The message asked recipients to confirm a new password that supposedly had been requested and directed them to a dicey-looking URL. "We have reviewed the server logs, we know the user, host, and have spoken with the volunteer who has emailed each of you this morning," Trey Ford, general manager of Black Hat, wrote in a blog post, without saying exactly why it happened. "The email this morning wasn an abuse of functionality by a volunteer who has been spoken to."
And in a first, iPad and iPhone maker offered developers a way to protect themselves from a high-profile exploit that targeted Apple's in-app purchase system.to discuss security for its iOS mobile operating system. It's a timely appearance: just last week, the
Defcon, meanwhile, will no doubt have plenty of hair-raising sessions about scary security holes in software and hardware we use every day and the tools released to help exploit them. But there also will be Defcon Kids, at which security researchers of the future will hone their chops on protecting data in a digital age.
The Defcon Kids program, which runs concurrently with Defcon and is now in its second year, looks seriously interesting. There will be sessions on how to break crypto code and how to work with electronics and circuit boards. There's a panel on location data tracking in cell phones, a zero-day contest for finding previously unknown vulnerabilities, a lockpicking race, a Q&A session on drones and 3D printing, and a session on "The Art of the Con" with a live con game.
Attendees of Defcon Kids also will learn about liability and other issues related to design problems that allow locks and safes to be opened in seconds, and there's a session called "Hacking your School's Network" in which sci-fi author and Internet thinkerwill tell the kids that "the best way to hack the network is to study it, document the ways in which it interferes with your schooling, use Freedom of Information requests to find out what your school is paying for this junk, and publish and present that material." The ACLU is holding a session on the NSA and the Constitution, and in the Department of Defense Crime Scene Investigation session, kids will confront a simulated crime that they have to solve in 15 minutes. Heady stuff for minors.
And there's plenty of fun for the over-21 crowd too, including sessions on all manner of security topics like backdoors in hardware and industrial control software, hacking aircraft tracking systems, "human augmentation" using medicine and technology and how to hack a nation's transportation networks. There are also plenty of privacy-related sessions and deep dives into the security architectures of iOS, Android, and Win 8.
For people who want a more hands-on experience, there's an exploit-coding contest, a tamper-proof packaging contest, a Defcon art contest, capture the packet, lockpicking, social engineering contest and a beverage cooling contraption contest. For pure pleasure and good deeds you have the beard championship, along with bone marrow and blood drives. The winners of the Defcon short story contest will be announced, and people will be sharing anecdotes for the Defcon documentary that's in the making. And if you just want to get out of town, there's a two-hour bike ride in the desert being organized.
Things kick into another gear at night. After hours there will be the usual shmoozing over drinks, goth dance parties, and DJs from nerdcore rappers Duo Core and Dale Chase to MC Frontalot and local boys gone big, The Crystal Method.
There is also a separate event, B-Sides, that runs tomorrow and Thursday and features some interesting sessions like "How I Managed to Break into the InfoSec World with Only a Tweet and an Email" and "Dropping an Intelligent F-BOMB."