CyberEye

Blog archive
People standing in line in Las Vegas using insecure WiFi

Secure-travel advice for Black Hat... and your local Starbucks

The annual Black Hat USA conference being held in Las Vegas July 27-Aug. 1 is not exactly a hostile environment, but if you go, you will be with a lot of people eager to demonstrate their hacking skills on the less witting among them. The opening ceremonies typically include a reminder that although Wi-Fi connections are provided, attendees are responsible for their own security when connecting.

So if you are representing your agency at the conference, don’t neglect the basics for secure use of your laptop, tablet or any other Internet-enabled device you take with you.

Black Hat is not as rough a neighborhood as its older sibling, DEF CON, where “Spot the Fed” has been a popular game for 20 years. This year feds have been advised to sit out DEF CON (Aug. 1-4) in the wake of the Edward Snowden revelations that have increased some anti-government feelings. But government is always a juicy target for people interested in establishing their hacker creds.

Not that attacks at Black Hat single out government. “What I’ve found is that it’s more of a passive scanning,” said Jeff Debrosse, director of advanced research projects for Websense Security Labs. “It’s not targeted, it’s targets of opportunity.”

The crowd attending Black Hat is varied, Debrosse said. “I don’t run into really dangerous people there; I run into serious people with varying degrees of expertise and skill,” from script kiddies to those who set up their own femtocells to capture cellular traffic. That means you can’t assume that any connection is secure. Even when plugging in in your hotel room, it’s probable that the hotel is using a wireless bridge at some point that could expose you.

“Leverage VPNs,” Debrosse advised those working at the conference. “I’m always about encryption, encryption, encryption.”

Debrosse offered some common-sense tips for protecting yourself at Black Hat. And even if you’re not going, they also apply to just about any out-of-office experience you might have. They include:

  • Make sure your devices are fully patched and antivirus software is updated.
  • Delete cookies and clear your browser history and cache to limit residual information about your habits.
  • Encrypt sensitive files or — better yet — go with full-disk encryption.
  • Do as little on the road as possible. Back up your devices before leaving and while on site, save work to the cloud or a removable drive, then revert to the back-up state when you return.
  • Turn off Bluetooth and Wi-Fi and any applications that use them whenever you can.
  • Don’t charge devices at public ports, which can give outsiders access to them.
  • Don’t take candy (or USB drives) from strangers.
  • Leave any Radio Frequency ID devices such as badges, passports or cards in your room.
  • Use wired connections when available and be careful when connecting wirelessly. Wi-Fi pineapples — rogue hotspots that indiscriminately identify themselves as any network your device is looking for — can deliver you into the enemy’s hands.
  • Avoid sending sensitive data while on site, use your VPN at all times and when roaming use a high-speed cellular connection if possible. It’s not perfect, but can be safer than Wi-Fi.

In general, be careful about anything you do online, and do as little of it as possible. If you stay safe at Black Hat, you probably will be in good shape almost anywhere you go.

Personally, I favor a ballpoint pen and a notebook (paper) when traveling. They are easy to get through airport security, difficult to hack, and my handwriting is a match for any encryption.

Posted by William Jackson on Jul 26, 2013 at 1:28 PM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.