Writing about information security, I tend to be very paranoid. This is a good thing as it means I am creating complicated passwords, regularly clearing out my browser history and cookies, and never click on links in my e-mail, even when it’s my company’s HR department demanding I fill out a survey about my benefits.
It also means that heading to the annual Black Hat conference in Las Vegas, I am scared to death. With hackers or all stripes and colored hats converging on the town for Black Hat, Defcon and Security BSides, hacking will be rampant. It’s almost de rigueur.
Here are some tips and suggestions for staying safe at Black Hat, compiled from experienced journalists attending and experts from McAfee.
Don’t take a laptop, period. If you have to, use one that doesn’t contain any valuable information. Make sure all the software, including the operating system, Web browser, firewall software, antivirus, VPN clients, Java, and anything else, is patched and up-to-date.
Don’t use Wi-Fi networks. Disable the feature to auto-connect to nearby Wi-Fi networks so that you aren’t accidentally connecting to a malicious access point. Turning off auto-connect also means the computer won’t automatically connect to an access point with the same name as one at home (there are many access points named ‘linksys’ in the world). Use the wired network in the room or use a 3G wireless card.
It’s not just laptops; turn off wireless on the smartphone and tablets, too. Data over 3G may be more expensive, but it will be safer. Disable Bluetooth while you are at it.
Beware USB sticks. Don’t use any sticks you find or receive, and don’t stick yours into someone else’s computer. Beware conference downloads and CDs. They may be infected.
Configure your firewall to block all incoming ports and require outgoing apps to receive manual approval to access the network. Watch out for broken or missing SSL visual cues as downgrade attacks are very subtle.
Clear browser history and cookies.