I'm Attending Defcon this August, advice?

Phil Waclawski phil.waclawski at mesacc.edu
Sat Apr 20 02:21:17 MST 2013


I'll skip that honor.   I am aware of things like SSH brute force attacks
(I do have a iptables throttle on that that limits attempts to a couple of
tries), but I make no claim to really know the ins and outs of SSH. So, you
are basically saying there is NO secure way to ever connect to a machine
remotely? That's rather depressing. So it's more of a hope that someone who
knows what they are doing will never target you specifically.

Phil W.


On Sat, Apr 20, 2013 at 1:32 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:

> Your key is as sècure as the version of SSL/SSH.  Îf you lèave password
> SSH login via. Pam.d ènabled, you will be targeted by more than DefCon's
> hackers!  The mere fact that you have SSH turned ôn indicàtes you do not
> understand the risks.  Your passwords most probably fail to be adequately
> complex?  What's your router IP; we will make you a flag at the next
> hackfest?
> On Apr 19, 2013 11:52 PM, "Phil Waclawski" <phil.waclawski at mesacc.edu>
> wrote:
>
>> Well, I'm attending it in the hopes of learning about how some of these
>> attacks work, and how to defend against them. Helps me teach my students
>> better practices (and myself as well).
>>
>> To be honest, I had planned on having an old laptop with a brand new
>> kubuntu install on it (no data I care about) and just doing some blender
>> work and note taking offline, and never connecting it to a network while at
>> the convention.
>>
>> However, I'm curious, if I set up an ssh tunnel to a server I've already
>> established a Key system with, wouldn't ssh throw up a huge warning from a
>> man in the middle attack not having the right "handshake"? At that point
>> I'd only be hosed if I was dumb enough to say "connect anyway"?.
>>
>> Phil W.
>>
>>
>> On Fri, Apr 19, 2013 at 10:30 PM, der.hans <PLUGd at lufthans.com> wrote:
>>
>>> Am 19. Apr, 2013 schwätzte Alan Dayley so:
>>>
>>> moin moin Alan,
>>>
>>>
>>>  Why in the world would anyone actually attend a conference where you
>>>> KNOW
>>>> people are going to attack your electronics and data? Erasing everyone's
>>>>
>>>
>>> It's in the city where people pay to let someone steal from them, so it
>>> fits the theme.
>>>
>>> http://www.newyorker.com/**online/blogs/culture/2013/01/**
>>> video-the-art-of-**pickpocketing.html<http://www.newyorker.com/online/blogs/culture/2013/01/video-the-art-of-pickpocketing.html>
>>>
>>>
>>>  credit cards? For the lulz, I guess. It sounds like a bunch of very
>>>> smart
>>>> trolls getting together to see who can out-troll who. I would just
>>>> be collateral damage in such a group. I guess it's an effective way to
>>>> keep
>>>> the non-trolls and newbies out of the "defcon club." Or maybe it is a
>>>> from
>>>> of hazing.
>>>>
>>>> And, if I HAD to go, cash, pen and paper is all I would bring.
>>>>
>>>
>>> Make sure to keep them somewhere safe ;-).
>>>
>>> ciao,
>>>
>>> der.hans
>>> --
>>> #  http://www.LuftHans.com/        http://www.LuftHans.com/**Classes/<http://www.LuftHans.com/Classes/>
>>> #  Like the maid, I don't do (M$)Windows. - der.hans
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20130420/8965d95c/attachment.html>


More information about the PLUG-discuss mailing list