We are two weeks away from Security Summer Camp (which is BSidesLV, Blackhat and Defcon)!
So it is time for everyone to write their annual blog posts about what you must do before you head out. I want to be one of the cool kids so here is my list of 6 things to do before you pack:
Delete All The Saved SSID’s On Your Devices
A common attack that hackers like to do is spoof common SSIDs so that your device will connect automatically and start using their AP so they can capture all your information. I actually wrote a script called mana-common that spoofs the most common to demo this problem.
You should delete all the saved SSIDS on your devices to stop from falling victim to this attack.
Get A Hot Spot
Connecting to a hotel network at a Hilton in Little Rock is dangerous. Connecting to a hotel network in Las Vegas is reckless. Connecting to a hotel network in Las Vegas during Security Summer Camp is stupid. You can pick up a mobile hotspot for about $25 a month.
Get A VPN
You could easily get a commercial VPN but if you want to go to the next step build your own streisand server or an openvpn server and delete it when you are done with it. It will help protect your data from anyone who may be snooping on you.
Change All Your Passwords (Before and After)
You should run your passwords managers auto-change feature before you leave for Vegas and when you get back just incase someone gets a hold of your account. You do use a password manager right?
Turn on 2FA On All Your Accounts.
You should at a minimum enable 2FA on all your social media and financial accounts before you head out. Twofactorauth.org has great information on how to configure your accounts to use 2FA.
PCAP All Your Traffic
This is the most paranoid of my tips but when I am at a conference I always PCAP all my data incase I do get breached I can hopefully figure out how or write a good blog post about it.
I wrote a blog post on doing this with docker earlier this summer so I now can run this to save the pcaps to my dropbox:
docker run -v ~/Dropbox/pcap:/pcap --net=host -d jgamblin/tcpdump
The truth is these 6 rules should be followed all the time if you want to have a decent operational security posture. OK, you might not need to PCAP everything, I am just paranoid…follow the first and you will be ok.
Also while at Security Summer Camp drink plenty water, don’t sleep much and have fun!