Hauling In Your PC

Beyond that - becareful of what you hook up to. If you don't want someone hacking it or at least trying to hack it, don't log into it. Last year I SSL'd into a webmail system from the floor. An hour later I SSL'd in over a phone line and found my password had mysteriously changed. Could'a been a glitch in their system. Could'a been a trojan on my system (didn't find anything, but others did on their systems.....lock them down hard before you connect to the local net). Could'a been UE. Could'a been someone found a way to break the SSL stream.........

I have demo'ed the breaking of the SSL and SSH1 streams. Man in the middle attacks and such. The only secure way I have seen is ssh2. Just my $.02

security

...so if I am at the con with a SOHO firewall and I VPN to my office firewall then surf and do e-mail from there, will you still be able to hack me?

As long as there are no follow-up questions.. yes ;)

what would be the suggested setup for securing a connection to the outside? I had heard ssh1 was out now, but I didn't know it had been made that simple to break it

what are others planning on doing?

You could use OpenSSH ver 3.1, that hasn't been cracked as of yet. You could tunnel over that..

In addition, should it be of concern that the endpoint system be a target? :)

Let's try and make this simple. IF you connect to the DC net there is a POSSIBILITY that your CONNECTION will be compromised. IF you use those connections to send/utilize PASSWORDS, then ANY system you are connecting to COULD be COMPROMISED.

security

Sounds like a good time to sign up for AOL, they're secure, right? ;)

Secure computing

Actually, if I want to do "real" work, I use my cell modem. I never check my mail, SSH or do anything of any real importance on the Defcon network (although will often throw a number of red herrings and interesting shit peoples' way if they're looking).

My AT&T cell phone does a blistering 9600 bps in Vegas (which is, thankfully, quite digital). It's not sexy, it's not fast, but it sure as fuck works when I need it to.

And, to "me too" everyone else's posts, nail your shit down if you're going to leave it. Not only do I have a laptop, but I have an ultralight that I don't let out of my sight for a second... it's light enough that it doesn't bother me to carry it everywhere. In fact, my radios are often way more cumbersome (my radios consisting of a VX5-R with a 26" antenna on it, a scanner, extra FRS, etc...)

Now, this isn't to say that Defcon folks aren't nice... most are quite friendly and will watch your back. But I don't trust anyone and I sure as heck wouldn't trust my tower anywhere unless I wanted it to get legs and walk away... and for the love of God, if you are going to lock anything down, don't use a Master lock (they can be cracked in about 10 minutes or less by someone wit the knowledge, which is easy to get) and don't use a lock that can be easily picked.

Although, going off into an even bigger tangent, it's a moot point anyway for most folks as a dremel or a pair of decent bolt cutters will cut through most of that shit anyway. I must say I would be quite suspicious, though, of a pair of guys walking back to pool three... one with a 3 foot set of cutters and the other with a tower full of drivers and shit.

I'll shut up now.

And if you are gonna lock stuff down, do it away from the lock picking area. People might take that as a challenge. I don't know if it would get stolen, but I can guarantee that if I picked it, there would be a message chained to your item with your padlock.
Master locks BAD. Easy to crack the combination ones, easy to pick the keyed ones. I had real trouble my first year picking the Master lock, because it's the perfect learning lock. You don't have to be as light handed with the pick or the wrench to open it. If I had just given the bastard a good scrubbing in the first place, it would have opened right up.

Is it safe for attendees to assume that rooms are respected and considered a safe haven if locked with the provided hotel security? or is the entire lot up for grabs?

Well, for the most part, yes. I keep a lot of gear in my room (should I really be saying this in public?) and I think it's relatively safe. However, I do know that someone (who I *may* have known. *cough*) in the past did have a mag card reader/writer that they bring with them. If I remember correctly he had a little trouble figuring the tracking on the keycard... of course, he was quite the neophyte at the time.

In short, don't piss anyone off and you should be safe. Don't store mounds of cash in your room and then brag about it and you should be safe. Having a number of folks at the con that you know and trust is always helpful, though, to keep an eye on your room and stuff. I wouldn't be too worried, though.

Assume nothing, deny everything... the laws of the land.

I have yet to have a problem with things missing... but I have heard horror stories. I remember through the years DT has had to come up and beg people to stop stealing from one another... but most of the time those were mainly references to what was out on the floor and not in the hotel rooms... Personally, I wouldn't bring something that I wasn't prepared to replace.

Hardware is easy to replace it is the data that the hardware contains that is dangerous when stolen, either most difficult to replace, or most difficult because now someone knows what you know... and that always isn't a good thing. If you plan on bringing data along, make sure you encrypt it and don't store the private key along with the data.. that is always lame.

Hotel security tries to do their best, but securing your room comes down to you. Keep your room key secure at all times. When you check in ask the hotel staff to make a note on your account that they have to verify YOUR photo ID in order to re-issue room keys (The first couple of years breaking into someones room as as easy as going to the hotel front desk and saying 'Hey, I'm staying with my buddy in 1402 and he took off and I need my asthma inhaler, can I get a new room key'. They've wised up to that one, but shit still happens, so make sure they have a note in the system to ask for ID and not issue keys to anyone other than you. Also, watch who you share rooms with. Lots of folks hook up every year and share rooms, a lot of times with folks they only have ever met online. As with any crowd, the bulk of us are good people who dont rob and steal, but there are also theives in our midst. The bulk of in-room thefts I've seen in the last few years came from people letting folks crash in their room that they didnt know that well. Either the person they dont know that well rips em off, or that guys friends end up in the room. Remember when you are sharing a room, its not just your buddies that are in there, your friends may bring folks back as well. This is why I stay with Evil in our own room and dont share.