Sync Dev: DEF CON 22 – A Top 10 List

Developing on the BitTorrent Sync API? Our developer evangelist is here to work with you.

DEF CON is a big deal for me and I have every intent to describe this year’s experience in greater detail, but alas, I am completely buried in Sync Alpha work this week, so a quick Top 10 list will have to suffice.  A longer writeup on how to avoid showing up on the infamous “Wall of Sheep,” what cool toys were for sale in the vendor area, which talks were awesome, etc will follow soon!

14852494904_ab9571a308_k

Here’s my Top 10 list for DEF CON 22

10. The Vendor Area – Admittedly, there wasn’t as much “interesting” stuff this year – no mag stripe readers, Beaglebones, etc.  There was the usual assortment of WiFi devices/antennas, T-Shirts, a Tesla booth (no, they weren’t selling cars), lockpicks, the Blackphone, and my favourite purchase: the RFidler – a software-defined RFID reader.  I also got to meet and chat with Kevin Mitnick as he signed books at the No Starch Press booth, which was awesome.  Also of note is that the vendor area wasn’t completely packed with lines – more on this later.

9. “Alice in Hackerland”DEF CON has an art contest every year and I really love this year’s winning submission.  I braved a very long line to score one of these sold-out T-Shirts.

8. The Villages – I had a chance to make it to the Social Engineering, Lock Picking and Tamper-Evident village (couldn’t find time for the Hardware Hacking village this year sadly).  For those who haven’t been to DEF CON, these “Villages” are basically breakout rooms where you can work on everything from a table full of random padlocks to hacking the DEF CON badges to bypassing “tamper-evident” tape seals.  It’s tons of fun.

7. The Badge Every other year, we get a cool PCB badge that has hardware on board that attendees can work on hacking.  The badge challenge is usually very elaborate and involves crypto, hardware hacking (the badge has a USB port on it), and much more.  I am embarrassed to say that I made extremely limited progress hacking the badge this year.  Hackaday has a great writeup on the badge and its intricacies that is totally worth a read.  Here be spoilers if you want yet another badge writeup: Potatohat Security.

6. @ihuntpineapples – Good, old-fashioned hacker fun.  Look it up if you’re curious.

5. BitTorrent Sync T-Shirts – Sure, this is a shameless plug for the contests I ran on Twitter (I’m @aaronliao) for Sync T-Shirts, but I was blown away by how well this went – I would tweet out roughly where I’d be and how to identify me (BitTorrent “Internet Better” T-Shirt) and invite people to spot me to win – I have less than 100 Twitter followers, but the DEF CON hashtag seemed to work – the fastest spotting happened just 9 minutes after I said I’d be heading downstairs to a talk!

4. The Talks – Dan Kaminsky’s talk was excellent. My main takeaway from this talk was the importance of quality randomness – /dev/random blocks and is slow, /dev/urandom/ doesn’t block and isn’t as slow, but is still slow compared to an LSFR, but LSFRs aren’t actually good for actual randomness – “fake entropy,” basically.  Fascinating.  There was also a really fantastic talk on Extreme Privilege Escalation on  Windows 8/UEFI Systems – this is the type of thing I go to DEF CON for and love to learn about.

3. CTF/OpenCTF Gets Big – The number of contestants who signed up for qualifiers and just the general interest in Capture The Flag was significantly greater this year vs last year and Legitimate Business Syndicate did a great job with the event – this is really exciting to me because it clearly illustrates an increased awareness, interest and skill-level with regard to security.  My brother competed in OpenCTF (hosted by v&) and the throwback theme – 56k modems and instructions printed out on an old-school dot matrix printer – was awesome.

2. The People – I meet some of the most interesting folks at DEF CON from all walks of life – everyone from white hat hackers, undercover feds, not-so-undercover feds, developers, network administrators, and all sorts of techies.  The conversations that ensue are so insanely geeky and technical that I leave filled with hopes and dreams of what awesome things I can work on or build next.  It’s inspiring.

1. Lines, Lines, Lines – Who likes lines?  Not me.  The lines started as soon as we got to DEF CON – the wait to buy a badge was nearly 4 hours.  Yes, 4 hours.  Hotel registration was a bit quicker, but only because we decided to ignore the sign that said, “Check-in is at 4pm – a fee may apply for early check-in.”  The lines for the talks were similarly…long.  I got in line for a 2pm talk at 1pm and still wound up in the back of the room standing since there were no seats left.  So why is this #1 on my Top 10 list, you ask?  DEF CON 22 had 14k+ attendees – this is exciting and is great news because to me, it means that more and more people are taking privacy and security seriously – as they should – and this is very much in line with what I love about working at BitTorrent – we are all about making the internet better and increasing privacy and security.  So despite being really annoyed with the unreasonably long lines, I see this as a great sign of things to come.