Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

I went to the Pentesters Toolkit and the Intro to Web Application Hacking. Honestly I didn't have high hopes for the Web App one as I figured that it was going to be really intro. I was kind of excited about the Pentesters Toolkit, but after around 20 minutes when he started to talk about the benefits of a water bottle and staying hydrated I had to leave.
Once again I wasn't sure whether I should say anything or not. I knew that they were 101 talks, and I shouldn't have attended them. I've been going to Defcon off and on for almost 15 years, although I do remember a DC101 that was awesome. I think it was DC15 or DC16 where the lawyer gave a presentation of all the reasons we would go to jail at the con. It was hilarious and informative.
I'll probably avoid the DC101 stuff next year. Also I forgot to mention, I think it was awesome that that contest area was open on Thursday. I don't remember that being the case in prior years.

As for the vendors, I understand, and I think that you guys did a great job. Just passing some feedback. As I said it wasn't a huge deal, it just meant that I drank slightly more than what I had planned on.

Yeah, hence my apprehension on making a comment. I kind of disagree with a full 101 track throughout the whole con. To me at least, I think there is a certain level of person that goes to Defcon. I believe Defcon to be a higher class, or a more intelligent audience. I think that you should have some skill / drive before showing up. Seomeone who is going to Defcon that plans on learning something should already have the drive to do the preliminary research before the con. They don't need to be an expert, but know a little bit of the basics. I think people that go to Defcon with the assumption that they are going to absorb ninja hacking skills through osmosis are canon fodder in the industry. To me we are still a community of RTFM and then ask questions. If you haven't first put forth the effort to try and do it yourself, then you're a waste of my time. But if you tried something and it didn't work, then I would be more than willing to give guidence and help. Show me the initiative and I will help with the rest.

I apologize, re-reading this post I feel as I come across as a giant ass. But I am too tired / lazy to try and fix it.

@ tecknicaltom
I know what you're saying about the tables in the contest area. Although, last year we had a crap ton of tables in the contest area, and most of the time they were fairly emtpy, or at least when I was there doing Project2. I think we have gone from one extreme to the other.

@TheCotMan
You bring up excellent points. I haven't had enough time to think about them, but I think a general weighting system would be key. Also you may have to arrange the talks into building blocks.
If we take wireless cracking for example:
You would have to ask yourself what your level of knowledge is.
1. Do you know what wireless networking is?
2. Do you know what WEP, WPA, WPA2, EAP/TLS, PEAP are?
3. Do you know airmon, airodump, aircrack, or aireplay?
4. Do you know what WPS is?
5. Do you know what JTR or Hashcat are?
In this example, if you don't know what 1 and 2 are then you would have a beginner talk around wireless technology and the different types of security.
If you know 1 and 2 but you haven't dealt with 3, 4, 5 then you would be an intermediate, and you would learn about different cracking methods.
Advanced would probably be getting better at injecting traffic. Wireless antenna's, tracking, and finding weird frequencies. Maybe even cracking open Wireshark and looking at dumps to pull out information, or plowing through bluetooth, RFID, or NFC.

I think with going with the weighting system those talks would be more based on teaching. I think this is how the Village talks go now. But I also think you would have another classification, and that would be zero day or releasing of code. Those I don't think would be classified the same as a track around teaching something. So you would have at least two main classifications, how to and theory / cracks.
Hackajar gave an awesome talk a few years ago on the ineffectiveness of passwords. While he had hard numbers it wasn't really a how to, and it wasn't really a release of code. It was more theory (proven theory) than anything. Bitweasil the next year gave a talk on Hashcat and how it works and how to use it with EC2 to speed up password cracking. Bitweasil's talk was more of an intermediate talk that gave some how to examples.

I think the first step would be to identify the different types of talks and classify them. If they are going to be more oriented on how to do something, then you could then apply skill levels to help delineate the types of people that will attend them.

One last point, if you are offended because you are a noob then you have some other issues to over come. This year I learned how to hand solder SMD's. I had only done SMD's with a hot plate in the past, but this year I learned how to do it with a soldering iron. I was a complete noob at it and it took me a couple of hours to get the hang of it. But after I figured out how to do it, and I became semi-proficient with the size of components that we were using I was able to start to show others how to do it, and also fix mistakes that people were making. My buddy this year is a skilled developer, but he had never picked a lock before. I don't think he would be offended by being called a noob at lock picking, but he probably would be offended if I called him a noob at programming. We all start somewhere and that somewhere is noob. If you don't want to be called a noob then hone your skills and develop the knowledge to elevate yourself, rather than bitching about it.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Crash and compile is usually pretty adult. Team distraction is usually scantily clad and there is a bare breast or two during the competition .This year someone suggested that I button up my lab coat when I got there (i was wearing a corset and bra and was planning on going down to pasties) because there were kids in there and I ended up wearing said lab coat all contest.

Scavenger hunt can also get a little adult.

Just to be clear

I never said I didn't want kids at DEFCON. I was speaking of one particular place that was censored because of the children in the room and that bothered me. I am not comfortable parading around in my underwear or whipping my tits out in front of a little kid . call me a prude but that's not really how I roll and that is not a situation that I nor the contestants nor the rest of team distraction should have been put in to start with. This is the 4th DEFCON that i have been to and this is the first one where I had to be conscious of my behaviour and dress because of children by putting me in that situation I am forced to make that decision.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?


Hmmmm, I hear what you're saying, I respect your opinion, but I have no f-n clue how to assist or "fix it". I'm sorry your fun was dampened, that sucks. I feel where you are coming from, and in your shoes I might've done the same thing.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Done. Planning on it :-)
Some good suggestions were to list the talk abstracts under Day, and I'm going to do that for dc22.

It was a new thing they tried this year. Next year it will be in the program and better coordinated.

CTF still got their props at closing, so did everyone else, Pyr0 read results of contests. CTF got their black badge, and all the black badge stuff was on main stage.

Done. Already planning on it :-) Also planning on having icons on there again that list demo/tool/exploit.

Also, it was brought up that Pre-req's might be useful for people so that you can determine if a talk is above or below your level, so we're going to do that too. That will give people a better judge if the content is too Noob for them, or over their heads so much they will be lost.


hmmmm, QR Codes...funny you mention it. We have some super sekrit plans to help people get info that will be useful to them while they are on the go. Just look for them next year in the program :-)

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

Re: booze

Open bars don't have to be funded by defcon, right now NO ONE can have an open bar without getting in trouble (in the con area).

I went to both the documentary and the forum meet and I didn't see any free booze. Do people know about it? Do they have to know someone to get to it? Is it in the program? Was there a sign anywhere?

What we want is the freedom to run parties the way we want to, and for parties I'm involved in planning that means free booze.

Kallahar

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

I'm sure Nikita will give a more definitive answer...but it's not going to happen without paying.

You can absolutely throw a party with an open bar. You just have to pay a corkage fee. Most people that have thrown the bigger parties have decided the corkage fee is too much and have either chosen to go off site (Ninjas) or have cash bars (303).

I wasn't able to go to the documentary so I can't speak to that.
I was at the forum meet and Nikita was handing drink tickets out to pretty much everyone she saw and said to ask her if you needed more. That's not exactly open bar. DT pre-paid for those tickets so that we didn't have to.

That is my understanding of things anyway. Like I said, Nikita has better info on it than I do and will correct me if I misspoke or misrepresented anything...but I believe that I am right.

Re: Welcome to DEF CON 21! How would you make SeriousDEF CON 22 even better?

And you ARE right, fancy that. :-P


Pro Tip:
Corkage fee sucks.
Drink Tickets are a pretty bad ass deal.

If you want to have a free bar, all you have to do is arrange it ahead of time with the bartender. They charge a flat rate per ticket/token. If you have more questions I suggest working with Grifter to start, between Charel and Him they can get you into the best solution for your $.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

For the record - we brought our 4 yr old this year - so that's for context.

Agreed wholeheartedly. I brought my daughter to Defcon, having gone for 4 years, and knowing full well what goes on at Defcon. I did a parental gutcheck and decided that she, my wife and I were up to the challenges, and that the benefits to her (outlined a few below) were worth the speech we gave her about adult themes and language.

My wife and I are not in the "Think of the children" crowd. We look at risks to our kid and make informed decisions after looking at all the evidence.

Things my kid got from Defcon/Rootz:

1) Self confidence. She picked her first lock. The folks at TOOOL were great and showed her how to get the positioning right and did NOT look astonished when she was successful
2) Seeing that there are other smart kids out there other then herself and that a good chunk of those are girls too (take THAT corporate marketing with your pink legos!)
3) Learning new things (snap circuits, scratch programming, lock picking) without mom and dad doing any of it for her.

This are things that far outweigh the "If you hear a word and you think it might be something you could get in trouble for repeating, ask us and we'll let you know. And if you see something you need explained, ask us, we'll explain" speech we had to give to our 4 year old. Heck she's been in grade school for a year now, it was time for that talk anyways.

Let us parents decide how to raise the kids. Some of us have our heads screwed on straight. Honest.

Tynius

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

It's hard to change that gut reaction of wanting to avoid doing things that feel non-kid-friendly when kids are around. I guess the only thing I would say here is that the parents who take their kids to DefCon sound like they know what they are doing (from other posts I have read from them here). My take on it would be to encourage you to feel free to do what you were normally going to do, and let the kids and parents moderate themselves as they feel necessary. As a parent myself, I would only bring my kid to e.g. Crash and Compile if I though she was ready for it. I'm much more leery of my kids seeing violence than nudity or innuendo, and so I am much more comfortable at C & C than I would be in front of a lot of TV shows. FWIW.

Again, I know I can't say, "Well, just change the way you feel." But hopefully hearing the thoughts of an informed parent will make you feel like you can be free to be yourself at future DefCons, even those with kids present.

0a

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Rereading my post above I realize I may have unintentionally included that thought as a subcontext by not explicitly stating this. Not intended. I completely understand the OP's feelings, and my post was by way of saying "if it was me and my kid and we'd walked in on C&C at that moment, I would have seen it as my issue, and not yours." Heck the Rio offered me lots of those moments without any help from C&C! She's been to Pride Day in Toronto, and trust me, nothing I've seen at Defcon comes close to the parental gut check THAT one took! She loved the beads tho!

Ty.

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?


Tell her about Ada Lovelace. Keep the fire stoked!

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Yep, also worked with her in scratch this morning, and she's getting snap circuits for her birthday next month :).

Ty

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Alright, just to kick a dead horse one more time.

I don't necessarily want to ban children from Defcon, but I am concerned about their presence.

For the sake of argument. If I went streaking through Defcon under NRS201Sec220 I would be guilty of indecent exposure, first offence is a misdemeanor and the second offence is a class D felony (NRS193Sec130)

Class D felony is mandatory 1 year in a state prison (max of 4 years).

But if a child is present to witness me streaking through Defcon, it no longer falls under NRS201Sec220, it now falls under NRS201Sec230 which is a class A felony.

Class A felony is a mandatory life sentence with the possibility of parole after 10 years in a state prison (max of life without parole).

I found this article which stated that with a minor present a 220 gets upgraded to a 230:
http://www.lasvegascrimelawyer.com/C...-Exposure.aspx
Sorry I did not take the time to hunt down any court cases that show the precedence of a 220 being upgraded to a 230.

In either case, except possibly the misdemeanor, I would be classified as a sex offender for life.

This is my concern with kids at Defcon. I don't have a solution for it, and I don't have any ideas. I'm just trying to shed some light on my concerns.
I will also do my best not to go streaking through Defcon any time soon ;)

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Pointing out something that some may not know...

Going back to DEF CON 5 (maybe earlier) we had people under 18 attending DEF CON. There were not MANY, and most were 16 or older, but we did have minors present. The first admin on the DEF CON forums attended his first DEF CON as a minor with his Mom, and was one of the youngest people to attend DEF CON.

I understand there is a maturity difference between someone 15-18 and "kids" that are 8-14, but we have had minors at DEF CON even when there was more nudity and streaking such as when we were at the Alexis Park. Truth is, both groups are "minors." (I'm not saying minors were present when streaking or nudity was happening -- I have ZERO evidence of that, only that there have been minors attending DEF CON, not that they were in line-of-sight of these activities.)

Also, before DEF CON kids, there was information on the DEF CON website that said DEF CON was open to adults of all ages, and anyone under the age of 18 should be accompanied by a parent or guardian. (I'm not sure if that text is still present, but have not looked for it recently.)

Re: Welcome to DEF CON 21! How would you make DEF CON 22 even better?

Whoa. I'm not even REMOTELY suggesting that we should ban kids from DEF CON. I'm suggesting that we get rid of DEF CON kids.

I understand your point and totally agree with what you are saying regarding the escalation of charges when minors are present but banning a group of people isn't the answer.

I'm saying that by having DC Kids we are "inviting" kids (for lack of a better word) and inadvertently conveying that it's kid friendly.

I'm less worried about the criminal side of things than the civil side when some parent loses their shit about what little Johnny was exposed to.