Security at conferences – a semi-humorous view

Next week, I’ll be attending and speaking at Red Hat Summit in San Francisco.   I’ve written before about how annoying I find it when people don’t stay on topic at conferences, so rest assured that I won’t be making any product pitches: in fact, I plan to hold a vote during the session to determine some of what I talk about, so if you’re attending, too, please come along and help choose.

In anticipation of the event and associated travel, I thought I’d compile a semi-humorous list of tangentially-security-related advice for anyone planning on attending a conference or associated exhibition/expo in the near future.  I’ve been to way too many in my *cough* 20+ years in the industry: here are some tips for conferences.

Oh, and before we start, if you’re at DEFCON, be more paranoid even than this, or even more paranoid than you think you need to be.  At most conferences, you don’t need to worry too much that someone might be spoofing the cell towers, for instance.  At DEFCON, well…

  • wifi – if you’re going to use wifi, use official hotel / conferences access points, rather than random ones which have names like “useme” or “theNSA” or “notRussianSpies” or “dataCollectionforFB”.  And even when you’re using the official ones, don’t trust them: use HTTPS and/or a VPN.  You know this: don’t forget it just because you’re at a conference.
  • what happens in Vegas makes it back to your boss – maybe not your family members, but definitely your boss.  I’ve been to conferences in Vegas.  I’ve seen … things.
  • bluetooth – your safest option?  Turn off bluetooth, particularly on your phone.  If you must leave it on (so that you can use your watch/headphones/other cool accessories), then never accept unsolicited pairing requests.
  • conversations – do you want to be talked to by random strangers?  Some people prefer to be left alone, and a growing number of conferences allow you to put a sticker onto your badge which will tell other attendees whether or not you’re happy to be addressed.   These are typically:
    • green: I’m so gregarious I’m probably not in a technical job, and am more likely to be in marketing
    • red: please, please don’t talk to me, or even glance in my direction
    • yellow: I’m in two minds about it.  If you’re going to offer me a job, make a pass at me or we’ve already met, then it’s probably OK.
    • (I have a serious question about this, by the way: what if you’re red/green colourblind and either very shy or very gregarious?  This approach seems seriously flawed.)
  • don’t leave your phone on the booth table – unless you want it to be stolen.  I’m always astonished by this, but see it all the time.
  • decide whether you’re going to give out your email address – for most shows, you give your email address out whenever you have your badge scanned.  So you need to decide whether you want to be scanned.  There are lots of other ways of giving out your email address, of course, and one is to drop your business card into those little glass bowls in the hopes of winning a prize.  That you never win[1].
  • getting pwned by booth staff – how do you get enough information about a company to decide whether actually to visit the booth and maybe talk to the staff?  Well, you’re going to need to approach it, and you may have to slow down in order to read the marketing messages.  There’s a set of rules that you need to be aware of around this behaviour, and it’s that staff on the booth can engage you in conversation if they catch you doing any of the following:
    • stepping on the coloured carpet tiles around the booth;
    • making eye contact[2];
    • dawdling[3].
  • languages – if you’re attending a conference in a foreign environment, you may wish to include a sticker on your badge to let people know in which languages you’re conversant.  US English is standard, but other favourites include Java, Python, UML and, in some circles, COBOL[4].
  • beware too much swag – I’ve only had to do it once, but I did once buy an extra case to take swag back in.  This was foolish.  There really is such a thing as too much swag, and as we all know, once you have more than three vaguely humorous techie t-shirts, you can rotate them through the washing[6] until you get the chance to visit another conference and pick up some new ones.
  • useful phrases – not even vaguely security-related, and this really relates to the languages point, but I was told a long time ago by a wise person[7] that you only need five phrases in the language of any foreign country[8] that you’re visiting:
    • yes;
    • no;
    • please;
    • thank you;
    • I’ll have five beers, and my colleague’s paying.

1 – except once, when I won a large drone which was really, really difficult to get home from the US and then turned out to be almost impossible to control in the windy part of the UK in which I live.

2 – do you know nothing?

3 – this is the tricky one: I reckon anything over half a second is fair game, but exact timing is culturally-specific, based on my observations.

4 – if you find yourself at a conference where lots of people are going around with stickers saying “COBOL” on them, or, more dangerous still, wearing t-shirts with “I know COBOL, and I’m not ashamed”, you have two options: a) run, fast; b) stick around, learn to converse with the natives and end up with a job for life making shockingly large amounts of money maintaining legacy banking code[5].

5 – but getting invited to a vanishingly small number of dinner parties or other social engagements.

6 – if you don’t wash your t-shirts, you’re not going to need to worry to much about [5] becoming a problem for you.

7 – I can’t remember when, exactly, or by whom, in fact, but they must have been pretty wise: it’s good advice.

8 – I include the North of England in the “foreign countries” category.

Author: Mike Bursell

Long-time Open Source and Linux bod, distributed systems security, etc.. Now employed by Red Hat.

One thought on “Security at conferences – a semi-humorous view”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s