stuff to bring - the "shit... wish i'd thought of that!" list

Yeah, you missed a few things. Namely, you missed Thorn's signature. You do realise that he wrote *THE BOOK* on this, right? I don't mean that figuratively. I mean, quite literally, he and Chris wrote the book. I suggest you check your attitude at the door, junior.

Something more would likely need to happen. Making unsubstantiated claims has not historically been enough to get banned, but there could always be a first case. ]:>

On a related point that may help bring us back to topic...

Something that I wish people new to DefCon would bring to DefCon is a good attitude and they should leave at home their ego, arrogance, and self-importance.

I call this type of computer person a "Super-Man Complex" hacker.

SM: I'm here to save the day!!!
user: How did you fix that?
SM: I can't tell you that!!! I'm Super Man!!!!
user: But I don't want to have to call you every time
SM: Then Super Man!!!! would not have a job!!!! To the next computer! *Swooosh*

Gah! That gives Superman a bad name. ;-)
If Superman came to DefCon, I think he would be smart enough to leave his cape and tights at home and attend as Clark Kent, but he would probably have a press badge.

haha!!! That's comedy right there!!!

Maybe he could save us from the scene whores!!!

Man, now I feel bad for having a press badge for the last two years. I think we ought to introduce him to Roamer for the next book. It should be a comedy or errors.

This brings up an interesting HighWiz quote from Shmoocon... "Thorn - Complete Writer of Wardriving - Drive, Detect, Defend... Mr. Hurley... a meer footnote."

Someone had to point that out...<sigh>

Al

Uh, "not hardly" as the Duke used to say.

It's definately Chris' book. I'm merely one of the co-authors.

Blah Blah Blah, we all know you carried him the whole way.

<continued hijack>
I heard a rumor that Chris doesn't really even exist. He is a construct created by Syngress Publishing to consolidate all of their publishing losses, a la Enron.
</hijack>

Back on topic, however, I would like to contribute gum, mints, mouthwash, etc to the list. Even if you have zero interest in making a positive impression on any possible mates, please do the rest of us a favor and pop one of these before you lean in close and tell us how leet you really are.

On "stuff to bring" remember that you have two ears and one mouth. Therefore if you listen twice as much as you talk, you will go far.

I like that one... and my addidtion to it is "Proof that light travels faster then sound is found in the fact that some people appear intelligent.... until you hear them speak"

Laptop?

Keep in mind, this will be my first DefCon...
I would like to bring my laptop to dump pictures and connect to work for email etc..
Afterall, my work is sending me there for 7 days to visit Blackhat as well as DefCon.
I did hear a comment by Patrick Norton on TWIT Podcast # 4, stating something like, " I won't go on a netwok anywhere in Vegas, much less at DefCon during that 3 day period".
I am not a WiFi expert so I may need the assistance of THORN.
Will I be reasonably safe if all of my traffic is through a VPN tunnel with 3-Des, Ipsec transport, and 3 factor authentication?

He's a good resource to tap, and he has been quite helpful on these forums.

That question is really an implementation-specific question as well as a question of use.

I've used OpenSSH and the -D flag to create a SOCKS proxy on the localhost and store hostname/IP pairs in a local host file for critical hosts (not relying on DNS for these) and performed the initial ssh host key exchange from a secure network before going to DefCon, but if I had used an old ssh server and client with known vulnerabilities, or did not obtain ssh keys from servers before I left, and relied upon DNS at the con.... (examples of implementation and use issues.)

There are other issues beyond browsing though.
* What services are available from your computer when you are on a network?
* How reliable is the network? (it is trivial to DoS any TCP session which can be sniffed passively by others- reguardless of encryption.)
* Any cameras recording your keystrokes?
* Anyone shoulder surfing?
* Can someone steal your laptop and access any cached credentials?
* What actions are performed by your OS when it detects a network? (Connect IM clients? Search for a Master Browser? Look to Authenticate against a Domain or AD?, etc.)
* (more than these items listed)