DEFCON 28 Wrap Up

DEFCON, the world’s largest hacking convention and always one of the highlights of my year, was last weekend and, of course, remote. I missed being in Vegas with tens of thousands of hackers, but there were still some fantastic talks and conversations over Discord.

A quick “Top Five” highlights:

5. If your password is eight characters or less, you essentially don’t have a password. With a small amount of money and a few hours, eight character passwords can be broken with a fair amount of ease. Your password should be at least 12 characters.

6. That wifi security camera you bought off Amazon for $40 is completely insecure and shares your video, credentials, and even location, with other cameras unencrypted.

7. Two-factor authentication is an important security measure for every account you have, but it can be beaten with a good phishing attempt. You can’t sleep on phishing just because of 2FA!

8. The disinformation campaign to instill doubt in mail-in voting is real and huge. Researchers have seen preparations for “time and place” digital attacks since 2017 that can shut off internet or power to voting locations on election day…but then COVID-19 hit and those kinds of attacks don’t work if everyone voted by mail! Since the pandemic has started various nation states launched campaigns to poison the public’s belief in mail-in voting so they can get people back to the polls on election day and back in the target radius of their attacks.

9. I passed my FCC radio Technician exam!