How to stay safe at Black Hat and DefCon

Security takes center stage in Las Vegas for the annual Black Hat and DefCon shows. Here are 12 tips on how to stay as safe and secure as possible before, during, and after the cons.

LAS VEGAS -- From journalists hacking the press room Ethernet to RFID skimmers swiping your ID without even touching your credit card, the war stories you've heard about Black Hat and DefCon are true more often than not.

The best way to avoid getting hacked at the annual security conferences is to not show up. Go somewhere disconnected, like a nice mountain retreat, instead of hitting the paranoia pills with several thousand other security professionals and obsessives in Vegas' urban playground.

But if you must go to Sin City, there are some actions you can take to protect your data and identity from falling into the hands of those who are, shall we say, less than angelic. Here's our 12-step program to keep you safer and more secure at Black Hat and DefCon.

Before you go
Back up your entire computer, and be prepared to do a wipe and restore when you return. For Windows, a tool like Easeus Todo Backup will let you create a disk image of your current computer. While it's true that Windows 7 comes with its own backup utility, CNET found it acceptable but nowhere near as good as Easeus' freeware.

For Mac, the free utility Carbon Copy Cloner can accomplish the same task.

You can also prepare a Linux USB key and boot directly to that every day. These instructions will show you how to create a bootable USB key with Ubuntu Live. Once in use, back up or create your documents in a cloud-based service like Google Drive, and start with a fresh operating system every day.

Check your cash flow before you arrive. Avoid any kind of online financial transactions if you can while you're in Vegas. Pull out enough cash to get you through the week, and do not under any circumstances use credit cards or ATM cards at the DefCon hotel. The ATMs there are known for having card skimmers surreptitiously attached.

At the Black Hat hotel, you're slightly safer and can charge items directly with the hotel -- such as your room -- but stay away from things like the casino floor's free-standing ATM machines.

Update your security suite. No security solution is 100 percent effective, and that's frustratingly true for security suites. Nevertheless, make sure you've got one installed and up to date. Running a firewall is key, too. CNET has security suite recommendations for both Windows PCs and Macs.

It's a very good idea to also install one on your smartphone if you haven't yet. Two of the better free choices for Android are Lookout and Avast. Also for Android, be sure you've disabled the phone's ability to install apps from unknown sources, at Settings/Applications.

At the con
There are a number of technological and common sense precautions you can take while you're at Black Hat and DefCon. Most importantly, connect to the Internet only when you must. Get a mobile wireless card, and connect that way. A 4G Wi-Fi hot spot is still Wi-Fi and therefore more hackable, so a dongle that connects via USB is preferable. Disable your devices' Wi-Fi radio and Bluetooth.

Avoid the free Wi-Fi at the events and the airport because there's a good chance it's been hacked. Some security suites promise that they'll prevent an "adversary" from compromising your system over free Wi-Fi. If you know that connecting to a particular Wi-Fi greatly increases your risks, though, it's better to figure out another way to get online than to take a chance. For the same reasons, avoid Ethernet jacks.

Use a Virtual Private Network (VPN) at all times. Seriously. The VPN will create a secure tunnel from which you can conduct whatever business you've got on the Net. There are a few free VPNs out there, and one good one is HotSpot Shield for Windows and Mac. Despite the name, it will encrypt all your Internet traffic. The paid upgrade, which gets rid of the free version's ads, can be bought on a per-day basis for about 50 cents. Longer duration licenses are available too.

Exercise caution when you're not online. Use a disposable camera or a prepaid cell phone. Lock up your gear in your room safe when you're out. Strongly consider taking your hard drives with you when you leave the laptop in your room. Ask the hotel to list you as a nonregistered guest so strangers can't figure out where you're staying.

When you get back
If you haven't created any new mission-critical files, wipe your computer and restore it using the disc image that you created before you left, with the same utility you used to make it.

If you didn't create a disc image to restore from, do a full scan from your security program, including a rootkit scan. This will take at least several hours, if not longer. This is true for your smartphone, too.

Keep an eye on your bucks. It's entirely possible that your credit card or bank card number was stolen, so check in on your accounts regularly during your first week home to make sure that nothing is amiss. If you notice anything out of sorts, call your bank immediately.

Watch out for phishing attempts. Though Jeff Moss warned everybody at the Wednesday morning keynote presentation that there would be an official survey coming to attendees that was a legitimate, nonphishing survey, there's no small kernel of truth to the fact that hackers love to "pwn" other hackers. Be careful what you click through to.

Change your passwords. If you don't use a cross-platform utility like RoboForm, 1Password (Mac and iOS only), or LastPass, now's a good time to start. These utilities will automatically add your old passwords, help you change them to new ones, and help you manage them going forward.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments