Black Hat 2011 reportedly had more attendees this year than ever before, topping the charts with more than 6,000 people.
Stealing credit card data
Zac Franken, director at Aperture Labs, holds up the Square device for processing credit cards with an iPad. His company has just discovered two ways to steal credit card data using Square.
"Less than 100 lines of code" was all it took to write the program that can be used to steal credit card information from Square, said Zac Franken of Aperture Labs.
Security researchers Dan Kaminsky introduces his grandmother to Black Hat reporters. Kaminsky's grandmother, Raia Maurer, is in her late 80s, and has attended eight of the last 11 Black Hat conferences. Kaminsky noted that this makes her a veteran of more Black Hat's than most people in the room. She's also known for bringing "session cookies," home-baked cookies to share with session attendees.
Siemens industrial control system vulnerabilities
Thomas Brandstetter, a CERT program manager for Siemens, and Dillon Beresford, of NSS Labs, during Beresford's presentation on Siemens industrial control system vulnerabilities.
Tom Parker, chief technology officer at FusionX, explaining in detail how SCADA systems are controlled.
At Black Hat 2011 in Las Vegas, a mobile security panel focused on owning your phone at every level. The experts included, from left to right, Chris Wysopal, Tyler Shields, Dai Zovi, Charlie Miller, Ralf-Phillipp Weinmann, Nick Depetrillo, and Don Bailey.
Chris Paget talks about her experiences with Windows Vista at Black Hat 2011.
Chrome OS vulnerabilities
Chrome OS vulnerabilities were revealed at Black Hat 2011 in Las Vegas by Matt Johansen, WhiteHat Security Team Lead, on the left, and Kyle Osborn, application security specialist focusing on offensive security for WhiteHat Security.
WhiteHat Security created this malicious extension to test Chrome OS vulnerabilities.
RSA suffered a major attack earlier this year, but that didn't stop them from organizing a large, brightly lit booth in the Black Hat vendor's room.
Like many companies in the Black Hat vendor's room, Amazon.com was heavily recruiting security professionals.
Longtime hacker activist Johnny Long announced a new initiative at DefCon 19 to get hackers involved in charitable organizations.
10-year-old hacker CyFy discovered her first zero-day exploit earlier this year and presented her findings at the first DefCon Kids at DefCon 19.
Hardware Hacking Session
Joe Grand of San Francisco (not pictured) ran the Hardware Hacking Session of the first DefCon Kids, a series of hands-on panels for children at DefCon. Here, he gave them G-shaped circuit boards and taught them how to solder a resistor in place. That created a connection that turned the circuit board into a basic "Simon"-style memory game.
Android design flaw
A new Android design flaw was revealed at DefCon 19 by Sean Schulte, SSL Developer at Trustwave, and Nicholas Percoco, the Senior Vice President and Head of SpiderLabs at Trustwave.
At DefCon 19, F-Secure Chief Technical Officer Mikko Hyponnen shows off a 5-1/4 inch floppy that has on it the first personal computer virus.
F-Secure's Mikko Hypponen showed off ransomware at his morning seminar the first day of DefCon. The talk proved a bridge between the more corporate Black Hat and the more hackery DefCon.
Nintendo light guns
These members of the Capture the Flag team are using old Nintendo light guns to point to clues on the DefCon logo.
This circuit map on the ground at DefCon was a clue for one of the many interactive games played at the hacker's conference.
Capture the Flag
Three members of the DefCon team running the annual Capture the Flag game, who preferred to remain unidentified.
Jeff Moss, also known as "Dark Tangent," founder of DefCon, holds up a hard drive that he has rendered inoperable and un-rescuable with a drill press. Only a few pounds of pressure were required to prevent the potential data theft.
Lock picking gets an entire room at DefCon, supported by TOOOL, the open organization of lockpickers. Here, Wisconsinite Louis Holz explained how to create a key for a lock without a master key. "You take the blank key, stick it in the lock, and wiggle it around. That leaves an impression, which you then file down to make a copy."
Lock pick kits
Lock picking is big enough at DefCon to support a brisk trade in lock pick kits sold in commemorative drinking glasses. Available were an 11-piece kit, and a 17-piece kit.
MohawkCon started off as a late-night way to spread the love of spikey hair. Two years ago, it became a daily fundraiser for the Electronic Frontier Foundation. Last year, the MohawkCon booth raised more than $3000 for the legal defense foundation in three days. Here, Sara of Denver puts the finishing touches on Justin Colbertson's mohawk and spike.
Michael Ossmann, founder of Great Scott Gadgets, created this guitar tricked out with electronics that, when finished, will help players tune their strings. The purple light indicates that particular string is in-tune, while other colors indicate it's not.
Steve Ocepek shows off how to monitor network traffic with an Arduino board. The board, when lit by traffic, glowed bright green.
The swag booth at DefCon gets a lot of foot traffic. Over the three days of the convention, there was barely a time when there wasn't a line at least 10 people long waiting to buy their DefCon-emblazoned gear.
The vendor room at DefCon also has a number of used gear resellers. You never know when you're going to want a KVM switch.
This device charging station remained unused whenever I walked by it, possibly because it was a fake. Most people at DefCon use their own chargers and a spare wall socket, rather than risk data theft or device damage.