Tweet
Anyone who paid for their AP room with a credit card should double check for fraudulent charges. Someone during con tried to SE my CC # by saying they were from the front desk. Fortunately (hopefully) most of us won't fall for that, but just in case you should probably check your CC bill closely...
-
--- The fuck? Have you ever BEEN to Defcon? -
I would like to know if anyone else got a call like this: perhaps it is a isolated incident from someone you know. It was interestingthat the caller had the full name of the room holder. If name could be obtained, other information given to the AP is probably not that much harder to obtain. -
Hotel security sucks, and I think a bunch of us could get to gether and create a panel to speak on it next year. I know at the hotel I stayed at when you get off the elevator you could see the screens of the hotel check in with a set of good eyes, if not I stood just behind the desk of course on the outside acting as if I was on a phone call and had plain veiw of all transactions, and no questions were ever asked why I was there. So yeah Hotel security does suck, big time.If there is a Church of WiFi, then this is it's !Comment
-
I agree, and would want to be a part of said panel (I'm the credit card guy from this year)Originally posted by kree
It could also be "dumb luck" with this situation you have seen with someone trying to get your card number. They also give you check-in recipts, if you lost/drop/missplaced your recipt, it's on you NOT the hotel regardless of where your staying."Never Underestimate the Power of Stupid People in Large Groups"Comment
-
One thing that'll need to be done is to differentiate between physical and operational security. This is an operational issue with a bit of phishing (the, "Hi, this is Joe at the front desk..." call) mixed in for good measure. Granted, it is definitely an issue, but this also affects most other hotels in the known world. Singling the AP out is unfair to them.Originally posted by hackajarComment
-
not to mention with a house phone availible almost anywhere in any said hotel makes it just that much easier to fuck with anybody.If there is a Church of WiFi, then this is it's !Comment
-
How does this change the threat? If it were a shoe convention and it'd been targeted by someone pulling exactly the same sort of scam, the end result would be the same. There's no difference between the two. Yeah, you've probably got more people at Defcon who would be aware of this sort of thing, but not necessarily more people who would attempt to actually exploit it.Originally posted by 0versight
Um, okay. But I'm not seeing what this has to do with someone attempting to social-engineer credit card info either at the front desk or over the phone.I got 2 threats and one promise of physical harm toward myself at the Con, was I scared? No, did I keep an eye out? yes.
Fair enough, but wouldn't it be better for them to make that change permanent? Also, WRT the phone phishing expedition: if you're dumb enough to start giving out your CC and personal info to someone over the phone - be it at home or away - you pretty much deserve what you get, but short of unplugging the phone in your room for the weekend there's not a lot that can really be done about it.Im just saying there should be *slightly* more security just for those 3 days at the Alexis Park, Security as in a slightly more secure pipeline in all its transactions of business.Comment
-
Then that's a personal problem, not the AP's. If you piss someone off to the point that they're trying to pull your info, then you probably shouldn't've done whatever it was that pissed them off to that degree in the first place. Besides, if someone really wanted to pull someone else's info that badly, there are a lot of other ways that are a lot more effective than either hanging around the front desk or making truly lame attempts at social engineering over the phone.Originally posted by 0versight
How do we know they won't? Has anyone asked, and asked in a manner that makes them want to actually do something about the issue?Of course it would be better for them to change that permanently but we all know they wouldn't, so we can at least have concern for our personal privacy and compromise them to do it for just 3 days.Comment
-
Think of going to DC (or any "hacker" convention) as raising your personal threat level from Orange to Red. You're always at orange, aren't you??? Especially when it comes to SE threats.
If you get a nebulous call like "Hey Mr. YourLastName, this is Joe from the front desk. We have a problem with your credit card. Maybe a number got dropped, can you read it off to me?"
Well, duh.. that's an obvious one for someone who is even at PTL Fucia. If the front desk calls and wants any info you don't feel comfortable giving out over the phone, head down there yourself. I'm more worried that somebody (like Hackajar!) would be sniffing on their terminal network and capturing the #s as they go across the network.
As it goes, I felt pretty calm during the con having a room at the AP.. but then again, i'm relatively safe in being an unknown person... although some people did look at me funny... maybe it's just my paranoia.We own everything so you don't have to!Comment
-
i know that due to a strange check-in issue with renderman, panthera, and myself we faced a problem of certain room keys not working...
the three of us went to the front desk and basically just said "hi, we're staying here at the Alexis Park but we checked in separately... now only the key of the last guy to check in works. can you fix this? we're in room blah blah."
without asking for ID or any other real info, the guy beind the counter took our three room keys and just re-coded them. "there, they all should now work for your room, number blah blah, sirs."
kinda spooky, i thought."I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
- Trent ReznorComment
-
This is turning into a bitch-fest, but I had a similar issue.Originally posted by Deviant Ollam
I was locked out of my room last year since my friends had all the keys. Wearing only my swimsuit (i.e., no ID), I walked up the counter and asked if security would let me in. They asked if it was my name on the room (it was) and if I could prove who I was (I couldn't). Security let me in anyway.
The lesson isn't really that stunning: don't trust your security to others; they have little to no stake in your personal well-being.Comment
-
Of course, you'd doubtless have been annoyed if you were left to stand dripping in the lobby, and locked out of your room! There is always a trade-off between security and convenience. Overall, I think the AP does at least an equally good job to other hotels; e.g. a poor job, but one that is appropriate for the type of business they run.
Remember, you're at a hacker con--it's a high-crime neighborhood. Take appropriate precautions, and you'll be fine. I've survived every Defcon so far, and my only major mishap was at Defcon 1 (and solely related to me being a dick to hotel security). The next-worse mishap was last year, when Broker put Bacardi 151 in the blender without telling me, and I woke up drunk the next day. :)
*TPMy Web site is .Comment
-
Locksmiths have this problem when opening someone's car or house when they say that their ID is inside. Generally we will open it and then wait for the id. If they can't produce it then we ask them to leave and we have to relock it, or call the police. AP security should at least do the same, escort you to your room and wait for valid ID, if you can't produce it then they kick you out.--- The fuck? Have you ever BEEN to Defcon?Comment
Comment