X

Touring Black Hat and DefCon 2011 (photos)

From a veteran researcher who brings "session cookies" courtesy grandma to a mohawk cut-and-color station, the annual Las Vegas computer security conferences Black Hat and DefCon might be nerdy, but they're never dull.

Seth Rosenblatt
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
2011_Black_Hat_black_hat_logo_shot.jpg
1 of 30 Seth Rosenblatt/CNET

Attendance

Black Hat 2011 reportedly had more attendees this year than ever before, topping the charts with more than 6,000 people.
2011_Black_Hat_square_credit_card_hack.jpg
2 of 30 Seth Rosenblatt/CNET

Stealing credit card data

Zac Franken, director at Aperture Labs, holds up the Square device for processing credit cards with an iPad. His company has just discovered two ways to steal credit card data using Square.
2011_Black_Hat_square_credit_card_hack_laptop.jpg
3 of 30 Seth Rosenblatt/CNET

Credit card

"Less than 100 lines of code" was all it took to write the program that can be used to steal credit card information from Square, said Zac Franken of Aperture Labs.
2011_Black_Hat_Kaminsky_grandmother.jpg
4 of 30 Seth Rosenblatt/CNET

Kaminsky's grandmother

Security researchers Dan Kaminsky introduces his grandmother to Black Hat reporters. Kaminsky's grandmother, Raia Maurer, is in her late 80s, and has attended eight of the last 11 Black Hat conferences. Kaminsky noted that this makes her a veteran of more Black Hat's than most people in the room. She's also known for bringing "session cookies," home-baked cookies to share with session attendees.
2011_Black_Hat_Siemens_Thomas_Brandstetter_Dillon_Beresford_610x502.jp
5 of 30 Seth Rosenblatt/CNET

Siemens industrial control system vulnerabilities

Thomas Brandstetter, a CERT program manager for Siemens, and Dillon Beresford, of NSS Labs, during Beresford's presentation on Siemens industrial control system vulnerabilities.
2011_Black_Hat_SCADA_Fuzzing_Tom_Parker.jpg
6 of 30 Seth Rosenblatt/CNET

Tom Parker

Tom Parker, chief technology officer at FusionX, explaining in detail how SCADA systems are controlled.
2011_Black_Hat_mobile_security_panel.jpg
7 of 30 Seth Rosenblatt/CNET

Mobile security

At Black Hat 2011 in Las Vegas, a mobile security panel focused on owning your phone at every level. The experts included, from left to right, Chris Wysopal, Tyler Shields, Dai Zovi, Charlie Miller, Ralf-Phillipp Weinmann, Nick Depetrillo, and Don Bailey.
Black_Hat_Chris_Paget.jpg
8 of 30 Seth Rosenblatt/CNET

Chris Paget

Chris Paget talks about her experiences with Windows Vista at Black Hat 2011.
2011_Black_Hat_Chrome_hack_Matt_Johansen_Kyle_Osborn.jpg
9 of 30 Seth Rosenblatt/CNET

Chrome OS vulnerabilities

Chrome OS vulnerabilities were revealed at Black Hat 2011 in Las Vegas by Matt Johansen, WhiteHat Security Team Lead, on the left, and Kyle Osborn, application security specialist focusing on offensive security for WhiteHat Security.
2011_Black_Hat_Chrome_hack_screenshot.jpg
10 of 30 Seth Rosenblatt/CNET

Malicious extension

WhiteHat Security created this malicious extension to test Chrome OS vulnerabilities.
2011_Black_Hat_booths_RSA.jpg
11 of 30 Seth Rosenblatt/CNET

RSA

RSA suffered a major attack earlier this year, but that didn't stop them from organizing a large, brightly lit booth in the Black Hat vendor's room.
2011_Black_Hat_booths_amazon.jpg
12 of 30 Seth Rosenblatt/CNET

Amazon

Like many companies in the Black Hat vendor's room, Amazon.com was heavily recruiting security professionals.
2011_DefCon_19_johnny_long.jpg
13 of 30 Seth Rosenblatt/CNET

Johnny Long

Longtime hacker activist Johnny Long announced a new initiative at DefCon 19 to get hackers involved in charitable organizations.
2011_DefCon_19_CyFy_10_year_old_hacker.jpg
14 of 30 Seth Rosenblatt/CNET

10-year-old hacker

10-year-old hacker CyFy discovered her first zero-day exploit earlier this year and presented her findings at the first DefCon Kids at DefCon 19.
2011_DefCon_19_defcon_kids_equipment.jpg
15 of 30 Seth Rosenblatt/CNET

Hardware Hacking Session

Joe Grand of San Francisco (not pictured) ran the Hardware Hacking Session of the first DefCon Kids, a series of hands-on panels for children at DefCon. Here, he gave them G-shaped circuit boards and taught them how to solder a resistor in place. That created a connection that turned the circuit board into a basic "Simon"-style memory game.
2011_DefCon_19_Sean_Shulte_Nicholas_Percoco_SpiderLabs_Trustwave.jpg
16 of 30 Seth Rosenblatt/CNET

Android design flaw

A new Android design flaw was revealed at DefCon 19 by Sean Schulte, SSL Developer at Trustwave, and Nicholas Percoco, the Senior Vice President and Head of SpiderLabs at Trustwave.
2011_DefCon_19_Mikko_Hyponnen_Brain_disk.jpg
17 of 30 Seth Rosenblatt/CNET

Floppy

At DefCon 19, F-Secure Chief Technical Officer Mikko Hyponnen shows off a 5-1/4 inch floppy that has on it the first personal computer virus.
2011_DefCon_19_ransomware_code.jpg
18 of 30 Seth Rosenblatt/CNET

Ransomware

F-Secure's Mikko Hypponen showed off ransomware at his morning seminar the first day of DefCon. The talk proved a bridge between the more corporate Black Hat and the more hackery DefCon.
2011_DefCon_19_badge_game.jpg
19 of 30 Seth Rosenblatt/CNET

Nintendo light guns

These members of the Capture the Flag team are using old Nintendo light guns to point to clues on the DefCon logo.
2011_DefCon_19_floor_schematics.jpg
20 of 30 Seth Rosenblatt/CNET

Circuit map

This circuit map on the ground at DefCon was a clue for one of the many interactive games played at the hacker's conference.
2011_DefCon_19_capture_the_flag_hackers.jpg
21 of 30 Seth Rosenblatt/CNET

Capture the Flag

Three members of the DefCon team running the annual Capture the Flag game, who preferred to remain unidentified.
2011_DefCon_19_dark_tangent_drive_wreck_1.jpg
22 of 30 Seth Rosenblatt/CNET

Drill defense

Jeff Moss, also known as "Dark Tangent," founder of DefCon, holds up a hard drive that he has rendered inoperable and un-rescuable with a drill press. Only a few pounds of pressure were required to prevent the potential data theft.
2011_DefCon_19_lockpicking_1.jpg
23 of 30 Seth Rosenblatt/CNET

Lock picking

Lock picking gets an entire room at DefCon, supported by TOOOL, the open organization of lockpickers. Here, Wisconsinite Louis Holz explained how to create a key for a lock without a master key. "You take the blank key, stick it in the lock, and wiggle it around. That leaves an impression, which you then file down to make a copy."
2011_DefCon_19_pick_kit_in_glass.jpg
24 of 30 Seth Rosenblatt/CNET

Lock pick kits

Lock picking is big enough at DefCon to support a brisk trade in lock pick kits sold in commemorative drinking glasses. Available were an 11-piece kit, and a 17-piece kit.
2011_DefCon_19_mohawk.jpg
25 of 30 Seth Rosenblatt/CNET

MohawkCon

MohawkCon started off as a late-night way to spread the love of spikey hair. Two years ago, it became a daily fundraiser for the Electronic Frontier Foundation. Last year, the MohawkCon booth raised more than $3000 for the legal defense foundation in three days. Here, Sara of Denver puts the finishing touches on Justin Colbertson's mohawk and spike.
2011_DefCon_19_Michael_Ossman_guitar.jpg
26 of 30 Seth Rosenblatt/CNET

Tuned

Michael Ossmann, founder of Great Scott Gadgets, created this guitar tricked out with electronics that, when finished, will help players tune their strings. The purple light indicates that particular string is in-tune, while other colors indicate it's not.
2011_DefCon_19_arduino_network_sniffing.jpg
27 of 30 Seth Rosenblatt/CNET

Arduino board

Steve Ocepek shows off how to monitor network traffic with an Arduino board. The board, when lit by traffic, glowed bright green.
2011_DefCon_19_swag_booth.jpg
28 of 30 Seth Rosenblatt/CNET

Swag

The swag booth at DefCon gets a lot of foot traffic. Over the three days of the convention, there was barely a time when there wasn't a line at least 10 people long waiting to buy their DefCon-emblazoned gear.
2011_DefCon_19_computer_junk.jpg
29 of 30 Seth Rosenblatt/CNET

Used gear

The vendor room at DefCon also has a number of used gear resellers. You never know when you're going to want a KVM switch.
2011_DefCon_19_charging_station.jpg
30 of 30 Seth Rosenblatt/CNET

No charge

This device charging station remained unused whenever I walked by it, possibly because it was a fake. Most people at DefCon use their own chargers and a spare wall socket, rather than risk data theft or device damage.

More Galleries

My Favorite Shots From the Galaxy S24 Ultra's Camera
A houseplant

My Favorite Shots From the Galaxy S24 Ultra's Camera

20 Photos
Honor's Magic V2 Foldable Is Lighter Than Samsung's Galaxy S24 Ultra
magic-v2-2024-foldable-1383

Honor's Magic V2 Foldable Is Lighter Than Samsung's Galaxy S24 Ultra

10 Photos
The Samsung Galaxy S24 and S24 Plus Looks Sweet in Aluminum
Samsung Galaxy S24

The Samsung Galaxy S24 and S24 Plus Looks Sweet in Aluminum

23 Photos
Samsung's Galaxy S24 Ultra Now Has a Titanium Design
The Galaxy S24 Ultra in multiple colors

Samsung's Galaxy S24 Ultra Now Has a Titanium Design

23 Photos
I Took 600+ Photos With the iPhone 15 Pro and Pro Max. Look at My Favorites
img-0368.jpg

I Took 600+ Photos With the iPhone 15 Pro and Pro Max. Look at My Favorites

34 Photos
17 Hidden iOS 17 Features You Should Definitely Know About
Invitation for the Apple September iPhone 15 event

17 Hidden iOS 17 Features You Should Definitely Know About

18 Photos
AI or Not AI: Can You Spot the Real Photos?
img-1599-2.jpg

AI or Not AI: Can You Spot the Real Photos?

17 Photos