just checking and i know this might end up getting me banned but i was wondering if anybody had any ideas about setting up a laptop just for takeing to dc?im thinking along the lines of what firewalls and other preventitive messures that you have used in the past. personally just to be safe im probably just going to disable my wifi and bluetooth before i get to the con.

im thinking partitioning a 100-80 gig hardrive in 10-20 gig sections for trying new os's. or maybe bringing along a backup drive or two. still portable yet higher capacity. as for security over the nework probably a simple firewall or something scince i dont really plan on connecting. but a fast optical drive with good burn speeds will be a must so ill take along an outboard drive if i have to. oh and plenty of media. id say 5-10 dvds and maybe 25 cds.

now i have read almost all of the posts regarding bringing a laptop to the con and i just belive that ill endup useing it for more than i plan on right now. wether recording talks over the tv or hooking up a camera and mic at the talk or just takeing notes in general.

anything i left out that you think might be essential would be great.
anything i could do other than just dissableing the wireless features would be apreaciated

late

ps if anyone thinks this is in the wrong forum please post or move it. thank you.

Rats, and I ran here thinking you wanted to set up a laptop for a domain controller. That is a fun project I'll tell ya.

What laptop for Defcon? Something you know. Preferably with a wireless network card.

Plan on it getting wiped while you are there by a script kiddie. If it survives, plan on wiping it yourself when you get home.

With that in mind, save your install CDs.

any ideas about setting up a laptop just for takeing to dc?
When dctv was broadcasting, and we had presentations fed through hotel cable/cctv, bringing along a Video Capture Device was another popular reason to bring a computer.

Other ideas are covered in older threads, where you are asked if you really have need for a laptop. HighWiz even included a summary of these ideas from several people in an unofficial faq/survival guide:
Citation1 (http://defcon.stotan.org/faq/survival.htm#ques83).

im thinking along the lines of what firewalls and other preventitive messures that you have used in the past. personally just to be safe im probably just going to disable my wifi and bluetooth before i get to the con.
The forum search might reveal a few good threads. Here is an example.

Read the whole thread, beginning to end since about 1/3rd of it seems to be about laptops and accessories as well as good information from Thorn, and many ideas from other veterans of DefCon.

Search may provide other good threads.

im thinking partitioning a 100-80 gig hardrive in 10-20 gig sections for trying new os's. or maybe bringing along a backup drive or two. still portable yet higher capacity. as for security over the nework probably a simple firewall or something scince i dont really plan on connecting. but a fast optical drive with good burn speeds will be a must so ill take along an outboard drive if i have to. oh and plenty of media. id say 5-10 dvds and maybe 25 cds.
Without hotel room video of presentations, the only reason to bring media and drive space is if you plan to copy software/data. If you don't know people before you go, you probably won't be copying much software, and your risks for getting "bad data" are higher.

Multiple OS? If you are a master/"expert" of multiple OS, and can use them equally well, AND will use them at the con, then bring them, but from my view, "simplicity," is the word of the day.

You can add a (thin) layer of security by using a host/client "virtualization" system like vmware to run another OS on top of a primary OS. This does not make the host OS secure from attack, but often allows you to recover from simple problems in the virtualized OS by allowing you to not commit changes to virtualized OS "disks" and have several available as needed.

CTF players, people presenting, people "working", press/reporters, members in contests requiring laptops, "demonstrators", organizers, and gamers seem to use their computers at the con.

now i have read almost all of the posts regarding bringing a laptop to the con and i just belive that ill endup useing it for more than i plan on right now. wether recording talks over the tv or hooking up a camera and mic at the talk or just takeing notes in general.
According to the latest news, I think talks won't be broadcast over the CCTV in the hotel rooms. If you are going to bring your own camera and parabolic mic, that is one thing, but even that has risks.

anything i left out that you think might be essential would be great.
anything i could do other than just dissableing the wireless features would be apreaciated
See some of Thorn's ideas on wireless in that thread I mentioned above.

ps if anyone thinks this is in the wrong forum please post or move it. thank you.
Yeah. This looks more like a DefCon discussion thread.

umm let see i did mention disabeling the wireless, seting up with a webcam and a mic, and being prepared to install new os's. i did say i read the faqs and most of the posts in the forums and some outside articles. i dont plan on connecting to the network and just want to bring it so i can capture a few of the talks and to try out whatever software that i can find. so i think that i had already covered your posts. i also plan on shareing my music with a few ppl i already know are going to the con so thats another thing.

umm let see i did mention disabeling the wireless
If not using the network and you're shutting down the physical network interfaces while at the con, what need do you have for a firewall while at the con?

, seting up with a webcam and a mic,
Actually, you mentioned recording from the broadcast OR using a camera.
Your comment on the use of the in-room brodcast caused me to respond to that and address that choice.
Your comment on the use of a camera and mic was also addressed. There are other risks when bringing a camera and mic to record presentations at the con. Since you read the FAQs and threads on laptops, you know about the risks of bringing a camera and mic connected to a laptop to record presentations.

and being prepared to install new os's.
This is more likely to be an issue if you plan to run untrusted foreign code, or let other people touch or use your computer. Of course, people have lost data when their devices encountered high energy EM fields, or were stolen, damaged, dropped, or made wet with alcohol or water from the pool or elsewhere.

I've used several networks while at DefCon, and other than DoS to network access, I've not had many problems.

i did say i read the faqs and most of the posts in the forums and some outside articles. i dont plan on connecting to the network and just want to bring it so i can capture a few of the talks
Ok.

and to try out whatever software that i can find.
Here is a potential risk.

so i think that i had already covered your posts.
You were asking for comments, and you did get comments.

i also plan on shareing my music with a few ppl i already know are going to the con so thats another thing.
No comment, unless this is a comment.

If not using the network and you're shutting down the physical network interfaces while at the con, what need do you have for a firewall while at the con?


Actually, you mentioned recording from the broadcast OR using a camera.
Your comment on the use of the in-room brodcast caused me to respond to that and address that choice.
Your comment on the use of a camera and mic was also addressed. There are other risks when bringing a camera and mic to record presentations at the con. Since you read the FAQs and threads on laptops, you know about the risks of bringing a camera and mic connected to a laptop to record presentations.

This is more likely to be an issue if you plan to run untrusted foreign code, or let other people touch or use your computer. Of course, people have lost data when their devices encountered high energy EM fields, or were stolen, damaged, dropped, or made wet with alcohol or water from the pool or elsewhere.



smartass
one questiong though, just how may high energy em fields have thier been or likely to be at this con? or can we bring our own sources? i do have a few of my own that would be kind of interesting. few coil launchers and a mini rail gun. fun fun

Edit: well i do admit that the rail gun wouldnt be considered as a good em field

smartass
]:->

one questiong though, just how may high energy em fields have thier been or likely to be at this con?
There was a case where a con member brought a device designed to generate high energy radio/em frequencies and demonstrated the use of it on people's equipment.
AFAIK, he did *ask* before he used it, and did get permission but eventually LEO were involved, though I don't remember it going anywhere legally for the guy.
Witnesses claimed that devices "shot" by this device would sometimes freeze and require reboot, though someone said something about a device not working anymore.

[Hey! I thought you said, just one question though? I see another question in the next quote. Yeah. I am still being a smartass. (heh-heh)]
or can we bring our own sources? i do have a few of my own that would be kind of interesting.
First, you don't want to bring explosives, so any kind of EMP that use shaped materials and explosives to increase field strength by compressing delivery over a shorter time are probably bad ideas.

Some history on such devices at the con:

There was a guy who did a presentation on EMP bombs and HERF devices that did a presentation his efforts in the desert, but I don't think he trucked in the many, many car batteries that he used to demonstrate his projects in the desert. This may have been the guy who was planning on setting something off in the desert, during DefCon, but I am not certain where that went.

A few years before him, there was a guy who did a presentation on specialized EMP bombs designed to increase intensity with limits to a range of frequencies, directed effect to a target, and compression of time of emission-- lots of pictures were included, but no physical examples were brought in for us.

Then I seem to recall there was someone who said they were going to make a device (perhaps "rail-gun-style" weapon) for the con and do a presentation, but he did not finish it. I seem to recall he said he underestimated the energy requirements, or did not have aenough time-- my memory is hazy on this. I remember a guy standing up with some sort of tube who was appologizing about not having it ready, but explaining how it would have worked.

few coil launchers and a mini rail gun. fun fun
I am sure there would be many people at DefCon who would want to see such devices, and if any demonstration could be made out in the desert, you would also have a bunch of people wanting invitations.

If you plan to bring EM-generating weapons, you'll probably want to:
Find out if any devices are illegal in Las Vegas and take, appropriate actions,
Discuss this with goons to find out if a demonstration would be a good idea and ask for a best location and maybe get a table, or request to offer a presentation,
Avoid use of words like "Gun" and "bomb" when describing this device to people, for fear that someone will overreact, and claim you are threatening people with a gun or bomb in the hotel.

(Ever play "telephone" where a line of kids relay whispered messages to each other in a line, and see how the final message is corrupted? Yeah. That happens at DefCon.
"Hey! This is cool! This guy just demonstrated how this HERF Gun worked on running electronic devices!"
"Hey! This guy shot a guy's laptop with a HERF Gun!"
"Hey This guy is going to shoot someone's laptop with a gun!"
"Hey! This guy threatened to shoot someone's laptop with his gun!"
"Hey! This guy is threatening to shoot people with his gun!"
"Hey! That guy is a terrorist!"
Yes. It sucks how this works.)

Spending DefCon in the custody of LEO talking about your stuff instead of being at the con would really suck-- even if what you have is legal, they can hold you for questioning and ruin your con. (This has happened to someone at DefCon.)

I think it has been a while since someone spoke on HERF/EMP style weapons. When you see the CFP, submit a paper for a presentation-- maybe you can be a speaker.

Edit: well i do admit that the rail gun wouldnt be considered as a good em field
If you have never been to DefCon, it might be a better idea to attend at least once as a "human" to see how things work, make contact with people and dicuss these ideas with people in-person.

If the DC Shoot ever returns, you might be able to discuss bringing a rail-gun-style weapon out into the desert with the event coordinator.

well technically their all very low power and the small projectiles really only travel about 30yds at best. the rail gun doesnt really do any damage at a very short range so technically i could shoot you at a range of about 10yards and youd barely feel it. one of the coil guns fires a washer prity far but it tends to glide slightly more than a slug of carbon lead.

on the distruction of electronices on of the coil launchers would have to be practicaly sitting on top of said equipment to really have any effect so it was more along the lines of a joke but if anybody wants a demo of one of them in use i may have a site up soon and if not i could simple bring them to con for a in room show as soon as i get them all into casesand am sure thier safe for repeated use.

Defcon is a lot more fun without a laptop

i did have another idea on what kind of laptop to bring. im thinking about going with a tablet pc becuase of thier ability to take notes quickly. id just have to makesure to protect the screen or get one of the notebooks with the rotating screen.

How about a legal pad and a pen? Cheap to acquire, cheap to replace, and easy to protect.

I lugged my laptop around with me last year and found that it did an excellent job of making my back sweat while I drank beer by the pool. You're not going to have a lot of power outlets where talks are being held either.

I ignored the "dont take a laptop" advice last year and won't ignore it again.

How about a legal pad and a pen? Cheap to acquire, cheap to replace, and easy to protect.

I lugged my laptop around with me last year and found that it did an excellent job of making my back sweat while I drank beer by the pool. You're not going to have a lot of power outlets where talks are being held either.

I ignored the "dont take a laptop" advice last year and won't ignore it again.

All good advice, not to mention the underlying fear that if you're not lugging your four to seven pound laptop all over Las Vegas in 105F heat, there is a chance your laptop might get stolen, disappear after a night of drinking, or find itself on a Freemont Street pawn shoppe trying to raise cash for a night with that 'really hot escort' that you later learn pees standing up. :shock:

The ideal configuration for a laptop at Defcon is for it to be unplugged and in your suitcase. :) Walk around and take everything in.

I wouldn't say that you should leave it at home though. You might find it useful at some point. Run Knoppix, or your favorite live distro of choice, and remove your harddrive if you're worried about it getting hax-hax-haxed.

The ideal configuration for a laptop at Defcon is for it to be unplugged and in your suitcase. :) Walk around and take everything in.i am definitely in this boat now. while i've left the laptop in the room for the past few cons, it was this year -- at shmoocon -- when i realized how totally ignoring a laptop can lead to more time. some of you may know that i had my laptop stole a month or so ago, and thus i brought an outdated older one with me for my presentation. since it didn't have CD-burning or DVD-playing capability, it was left virtually untouched while in the room. i didn't miss it once. i didn't check email or go online and was occupied with more than enough activities to notice.

heh, and when i got home i had 172 new emails. of those, 145 were immediately filtered by mozilla as spam. i manually marked 14 additional ones as spam. only 13 were real, and fewer than half of those really mattered in life's big picture. heh, kind of puts this whole interweb thing into perspective.

Yeah... I have a mixed opinion about this one... I think a lot of it depends on what you plan to do at the con.

I've brought my laptop for the last three years. As I've wanted and needed it sometimes, I also would enjoy not lugging it around or worring about its safety.
But, I think i'll continue to bring it, and just pull it out if I need it. Its nice if you get an idea for some code or trick or something...

A legal pad and paper is great for notes, even though it might be slower than typing... its easier to draw arrows, underline, circle, etc....

If you are bringing a laptop...

1. Use a strong tunnel / crypto of some kind (be prepared to verify your ssh keys if somehow you think they could've changed and use proto v2 always) OpenVPN or SSH work well for me. You also could use tor and/or SSLv3 whenever possible. Oh and PGP of course...(but your ALREADY doing all of that... right ;-) )

2. Try not to use wireless, if you need to... be sure to follow step one.

3. Keep it in a safe place, even if its in your room (this seems like common sense, but thats not all so common)

4. Keep it away from drinks/pools/liquid/etc... (water splashes, people get thrown in the pool w/ eletronics sometimes)

Keep an eye on this thread... and keep in mind the other things people have said so far as they are vaild points as well.

I've brought my laptop to many Def / cons.
Always have your OS install discs and drivers. (I've had to reload before while at con, this was covered above, but I think it can be said again.)

Windows machines, if your machine isnt patched for exploits or viruses because its normally behind a firewall or router, you most deffinately will be exploited or infected before you leave.

I picked up a 0-Day virus at one con.

I prefer dual booting OS's just because I never know whats going to be demo'd. Some talks demo windows apps, others linux apps.

Bring it in case you need it, don't use it unless you have to.

Year after year, I see people sitting in the same spot in the hallway all weekend long with their laptops and wonder why they bothered even coming. They're surrounded by 5000 people hanging out, partying, having a good time, and they sit there doing exactly the same damn thing they do the other 362 days of the year at home.

Recommendations:

- Patch and harden the OS per relevant guidelines.

- Bring a USB key (1GB is a good size, since that'll hold a full ISO CD image plus other bits & bobs) for transferring anything interesting that someone wants to give you. This is a lot safer than doing it over the network (though still risky).

- Have plenty of storage space, because...

- If you don't have a VM environment on your laptop that you can run stuff you've been given in, you're going to want to wait until you can get to one - or at least a fully-isolated (i.e., NO network connection whatsoever) sacrificial box.

But, again: don't go to Defcon to use a computer.

i really dont plan too but i do thank you for the suggestions. i already have a lot of things i want to do while at dc14 so i may not need it after all. but in any case ill have it incase thiers someone who wants to give me a few gigs of music.

ever have about 150+cds in a case in a secure location? well obviosely my secure location wasnt very secure. only cd they missed was a linkin park cd that fell under the chair in my house.

I'm going to bring my laptop, but I plan to leave it at the hotel. I might bring it out to demonstrate something or trade files but otherwise it's like a ball and chain. If you do plan to bring yours, you might want to consider running a secure OS i.e. Anonym.OS (http://theory.kaos.to/projects.html) .

Hello.

I take a libretto with me, small enough to carry but close enough to a full laptop to be useful.
On the EMP toy.
A briefcase with a coil running around the inside edge, a few hundred turns will do, and a bank of capacitors, the kind used to "stiff" the power of car audio work well, can do wonders.
What you do is charge the caps and discharge into the coil, simple enough?
You are talking several hundred amps for a split second, so the switch and everything connected to it must be rugged or it may explode.
A briefcase works well, as it does not seem odd as you put it next to the object you want to attack.

Rats, and I ran here thinking you wanted to set up a laptop for a domain controller. That is a fun project I'll tell ya.

What laptop for Defcon? Something you know. Preferably with a wireless network card.

Plan on it getting wiped while you are there by a script kiddie. If it survives, plan on wiping it yourself when you get home.

With that in mind, save your install CDs.

Harhar, I too was thinking domain controller, great advice btw, right on the spot :biggrin:

If you want to add another layer of protection the free (or commercial) version of Wehntrust is cool. Makes life a bit more difficult for all the overflow writers.

From their web site: http://www.wehnus.com/
WehnTrust implements Address Space Layout Randomization (ASLR) for Windows. While ASLR is a common security measure for UNIX-based operating systems thanks to the PaX Team, it has not been widely implemented for, or deployed on, Windows. When implemented properly, ASLR mitigates nearly all exploitation techniques. The commercial version of WehnTrust also provides other security mechanisms that help to augment ASLR.

See I had the idea of just running a live eval of linux of a cd and a 2 gb hard drive for date if any

what you all think about that?

See I had the idea of just running a live eval of linux of a cd and a 2 gb hard drive for date if any

what you all think about that?

a good idea. at dc13 i had one friend remove his hard drive from the laptop and boot knoppix from cd. a different friend used his XP SP1 on hdd.*

knoppix user lasted whole con without exploit or crash. (once booted it ran fine until shutdown)

win user lasted aprox 60 seconds before rootkit'ed and running trojan zoo...

moral: ephemeral instances of linux (auditor/knoppix/etc) and patching/securing your windows/$os is a good idea.

and if you absolutely have to connect persistant services over wireless use IPsec or a VPN strongly keyed.

* i didn't have a live disc ready for him in time so he decided to risk it. i'm sorry Z!

</$0.02>

win user lasted aprox 60 seconds before rootkit'ed and running trojan zoothat person, sir, was an idiot. i'm not saying windows is some security beast that you can harden against everything under the sun, but anyone who gets 0wned that fast is not only running an unpatched system, but they're also more than likely not running any kind of personal firewall. that's just foolishness, in my opinion, if your system is out in the wild. if you're behind a private network's firewall maybe you don't need ZoneAlarm or TPF up and running... but still. gah, that's just silly to me.

... but still. gah, that's just silly to me.

there were three of us at the table when he started to boot his laptop. one of us asked what he was doing.

"using the wireless"

'... in windows, without a firewall or services disabled?'

"i need to wipe it when i get back anyway, i'll be fine."

'you're fucking crazy!'

[ ... 20 seconds ... ]

"hmm, i got hacked."


(moral of this story: learn from the mistakes of others :)

WOW, I didn't think it would be that ruthless. It seems like a lot of script kid's and crackers go to Defcon. What ever happend to Hacker ethics. I can understand a hacker hacking into a system just to say he did it. But leave something behind to help that person learn. I thought the whole thing behind defcon was to learn.

Thanks for all the good info, I was going to bring my laptop as-is dual boot gentoo/xp full updated. But I think I should blast my windows and reinstall then make a image of the install. That way if my windows get's hacked I can be back up and running in 30min instead of an hour+.

I never been to one of these before. Does anyone ever setup honeypots?

I know I was wardriving one day and hit a honeypot and mess up my computer BAD. I connected to what I thought was a cool network (open network) and in seconds (to this day I have no idea how) My laptop shutdown and when I booted up I was missing the system files.
(note: the place I was at, was a linux/super computer factory. My friend worked there for a little while I guess they setup 3,000+ node super computers and ship them off.)

So I guess online banking is not a good idea. :)

Sometimes a laptop (or other device with a *DB9* port) can be useful~
*cough* *cough* (http://forum.defcon.org/showthread.php?t=6997)*cough*

Not that that is a hint or anything.


LosT

I say bring your laptop but don't drag it around with you everywere. I pretty much just used it when I went back to the room and wanted to relax abit.