[a2tech]

He should have gone to BlackHat if he wanted to see anything really interesting. Def Con is mostly a big party with life style talks and people talking about old stuff.

Thats not to say there isn't neat stuff to do at Def Con (I've seen plenty of neat talks) but its mostly a big party. There's nothing really scary going on there.

[tacostakohashi]

I went to HOPE a few weeks ago, after having been to such things before, but not for a few years.

I had exactly the same impression - mostly a lifestyle / social / political thing, pretty light on in the way of talks with actual technical detail. Kind of like TED talks - well presented, entertaining, but not really actionable.

In years gone by, I went to some excellent events, with talks on really specific, useful things (kernel internals, gdb use, ELF dynamic loading, ltrace / strace use, that kind of thing). Can't help but wonder if those sorts of conferences still exist, or the whole scene has changed into something less practical and more lifestyle.

[stephancoral]

What talks did you attend at HOPE? There were tons of hard technical presentations. The two guys who cracked the Iridium satellite network in particular were amazing, going into deep detail on the techniques and methods used to decode the frequencies. The talk on medical device hacking was also awesome - I mean they showed you how to get on a radiology machine and other exploits. And after I saw the talk on hacking your cars internal computer I was able to go home and start futsing around with that stuff on my garage (after buying some hardware).

Maybe they don't do a lot of talks on the intricacies of C anymore (which is a bummer) but there is still a lot of technical knowledge going down at these events. I had s great time and learned so much

[tacostakohashi]

Saw the Iridium guys, agree they were great. Also, this guy's talk was superb:

https://xi.hope.net/schedule.html#-coding-by-voice-with-open...

There was definitely some good stuff, just seemed to me that overall, the mix of practical/technical vs cultural/lifestyle/political at events like this has changed a lot over the years. Either that, or my perception has changed, it's hard to tell.

[icpmacdo]

Iridium satellite network Video: https://www.youtube.com/watch?v=cvKaC4pNvck

[wcummings]

Get-drunk-in-shitty-hotel-con isn't really about the talks, it's about goofing off in NYC w/ friends from IRC.

[nxzero]

Events are just mainstream now; unless there's a chance the FBI is going do a raid, likely nothing you're not going to hear about a day later on the net.

[tronje]

It sounds weird that they're selling key-logging sticks for $50 and spoofing routers for $100 at a convention where you'd think everyone can build that stuff by themselves for a much lower price.

Just to add to your point, I suppose.

[busterarm]

At a convention you can pay cash (semi-)anonymously where if you had to build that stuff you'd leave a paper trail.

Many I know in this group of people (DefCon/HOPE attendees) do things like trade around craigslist-cash-purchased laptops.

[dublinben]

It would also be a good place to anonymously buy Bitcoin for cash.

[mseebach]

> everyone can build that stuff by themselves for a much lower price

At volume. But if you only need one (or ten), assuming your time has some non-trivial value, it's much cheaper to just buy off the shelf.

[pmorici]

Even if you value your time as worthless then maybe you could build a hardware key logger for less than $50 in parts but I really doubt it.

[riskable]

There's no need to "build" anything for this purpose. Just buy a general-purpose microcontroller like this:

http://www.freetronics.com.au/products/leostick

...and stick it inside a generic keyboard (which has plenty of room).

I always thought that the fact that big corporations hand out the same keyboard to everyone enables these sorts of attacks. Any would-be spy could just make a handful of hardware key-logging generic HP and Dell keyboards and easily swap out any given keyboard at any given big company without having to even think.

I never use my employer's provided mouse/keyboard combo. Mostly because they're always absolute crap but also because I want to give any potential attackers a hard time. I can only imagine the look on some attacker's face when they show up at my desk and see custom hardware everywhere =)

[Vexs]

You can buy them from china really cheaply for a couple bucks.

[marcosdumay]

I'm sure a lot of people there has better projects to spend their time on than rebuilding commodity hardware.

[raesene6]

hmm not sure I'd say that Blackhat would in any way be a better option for "something interesting", it's a very expensive corp. focused conference these days.

Last time I went most of the interesting Blackhat talks were getting re-run at Defcon, so really not a lot of point in paying out for the Blackhat option, just go to Defcon and see them there.

[baby]

rather the inverse, I'm not scared of getting pwned when I go to blackhat, in Defcon people are just acting crazy.