Endpoint/Device Security

Top 10 Things I Learned at Blackhat 2011, Defcon 19 and Vegas

Blackhat 2011

  1. Pill bottle caps can have wireless connections – This is a really neat usage of technology, people who may forget to take their meds can be reminded with visual indications, and doctors can be notified everytime you take a pill. However, this obviously brings up grave privacy concerns.
  2. IMG_2323.png
    We Love Adobe.
  3. I have too many t-shirts – But that doesn’t stop me from aquiring more.
  4. FOTA (Firmware Over The Air) allows you to update firmware over wireless, so you know, that wireless chip in the cows in the field gets updates. Why don’t Linksys routers have this!
  5. If you think putting a GPS with a gsm chip in it in your kids backpack is a good idea, think again. (Zoomback)
  6. The Core party rules – Until someone throws sushi at you, I won’t name any names (Shack), but thats a waste of good sushi man! (Good thing I had a towel on me to clean it off)
  7. Femtocell hacking is neat, allows you to “middle” calls and make people’s phone call 1-900 numbers in one neat small package.
  8. Vendors will to to great lengths to get attention – I saw zombies, cigar rollers, motorcycles, and very scantaly clad ladies.
  9. There are good uses for aerial UAV’s, like incident response. However, they can be used for evil, but you need some flying skills.
  10. IMG_2327.png
  11. The topless pool’s privacy is invaded often.
  12. Battery firmware is fun to play around with, and its creepy when your battery dies in a talk about battery firmware hacking.
Casa Fuente has great cigars. Pictured left is a Forbidden X Lancero, and on right is a Fuente Hemmingway Masterpiece Maduro.

Defcon 19

  1. Don’t use the hotel network, ATM machine, elevators, credit card network, fire suppression, kiosks, or basically anything else with a chip in it, they will all be hacked. I might consider a pre-paid credit card next year for Defcon (no my credit card was not stolen, but got me thinking).
  2. When joining the I-Hacked guys to every Defcon party in one night, wear comfortable shoes and have your “drinking big boy pants” on.
  3. Bring a sweatshirt to wear at the vendor area.
  4. No one likes pink hats, not even women.
  5. You an never pack too many socks, however wearing funky socks is really fun.
  6. IMG_2333.pngIMG_2345.png
  7. Trustwave Spiderlabs and IOActive throw awesome parties and the bathroom can be the place to be!
  8. Twitchy lives.
  9. IMG_2330.png
    Images have been obscured to protect the innocent (and the guilty).
  10. Simple Nomad looks great in pink.
  11. IMG_2334.png
  12. We love listeners that give us gifts and return the favor.
  13. IMG_2348.png
  14. Larry loves getting his yearly mowhawk, and only when we are together are we “1337”.
  15. IMG_2339.png

Top Ten Reasons You Know You’ve Been In Vegas Too Long

  1. Nosebleeds.
  2. You don’t even hear the “slot machine noise” anymore (ding, ling, la ling, ding ding)
  3. Vegas Throat – Its a scratchy, irritating, dry, “I’ve been breathing too much vegas” kind of feeling that is often accompanied by pain and loss of voice.
  4. When you get home and pay $20 for lunch, you think, “Wow, thats such a bargain!”
  5. Walking 5 miles to the store when you get home is a short trip
  6. You walk outside when its 107F and say, “Its not that hot”
  7. You start to wonder if the older nice lady serving you breakfast was once the gogo dancer at the club 30 years ago
  8. The big topic of conversation over dinner is whether or not the dancers at the shadow bar are really naked
  9. You are worried that your wife will notice that $300 withdrawal from the ATM at 1AM, and the other for $200 at 3AM
  10. You think its totally normal for women to be dressed in gstrings
Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.