As the Blackhat Briefings were ending on Thursday, people were already gathering a few miles away for DEFCON, the older sibling in this family of security conferences. Not only are both shows put on by the same people, some of the speakers and many of the attendees do both shows as well. DEFCON is the larger of the two, probably twice the size of the Blackhat Briefings. There are other differences: It's less formal, less organized, and it has a lot more 'tude.
Legions of black t-shirted hackers, wannabes, and security folk were turned away at the door at DEFCON's opening presentations Friday afternoon. A new "arrangement" with the fire marshal was cited as the reason. The good news is the presentation rooms are not packed like sardines this year. The bad news is that more people than ever -- who have paid good money for the privilege of attending -- are being turned away from sessions they've been waiting to see. They say that if you have a room at the hotel, you can watch the sessions on TV. But rooms for DEFCON at the Alexis Park have been sold out since March. DEFCON has outgrown its host.
While the largest single segment of attendees at Blackhat appeared to be those involved in network security for various federal agencies -- whether employees or contractors -- the percentage of overt Feds at DEFCON is much smaller. Those I've seen are holdovers from Blackhat. Almost everyone at DEFCON wears black. There are a lot more body piercings at DEFCON than at Blackhat. Ditto for brightly colored and/or extreme hairdos.
Members of the press are given a full page of instructions on what can and cannot be done. No photographs of the crowds, no pictures or recordings of anyone without their explicit permission, be they presenters or attendees. Those who do not abide by the rules will be thrown out by one or more of the volunteer staff members known as "goons."
And speaking of the press, if you were like me and unsuccessful in getting into an opening day session, the press room was the next best place to be. That is if you ignored the whining about everyone having to share a single ethernet connection since the press room hub had been commandeered for the speakers room, no television with which to watch the presentations, and the fact that there was only a single phone line and phone.
It was in the press room that I met an interesting young man named John Hering. John and his crew were at DEFCON to do a presentation on Bluesnarfing, showing off their top secret "Bluetooth Snarfer Gun" which may be capable of snarfing Bluetooth sessions from as far as a mile away. John is also heavily involved in a project called "Wire Iraq." The goal is to provide a secure wireless infrastructure in Iraq so that American servicemen can chat and have video conferences with their loved ones back home, without having to wait in line at select locations for the privilege. More on this story later.
It was also in the press room that a young lawyer popped his head in. He was looking for a reporter who had told him he might be able to help with research on cases similar to the one he is currently doing. It seems he is representing a woman in Florida who has been charged with installing spyware on her ex-husband's and his girlfriend's PCs and then publishing information about them on the Internet.
You might recognize the lawyer's name: Dario D. Diaz. He gave a presentation at DEFCON in 2001 -- the year the FBI's top priority was to act as Adobe's private IP police instead of looking for terrorists -- and arrested an innocent Russian programmer named Dmitry Sklyarov. Diaz offered to represent Sklarov pro bono immediately after the arrest, but even acting as his lawyer the FBI refused to tell him where Dmitry was being held. Diaz said he believes Attorney General Ashcroft was eager to play with his new law (the DMCA) the same way a geek would want to play with a shiny new piece of hardware.
More to come.