DefCon 15 Review

I’m at McCarren airport now, ready to fly out from DefCon 15 where a good time was had by all. I learned a few things, met a lot of interesting people, and had a great time geeking out with everyone and look forward to going again next year. The organizers have a lot of experience and the con went very smoothly as a result.

I haven’t been to DefCon in five years and a lot of things changed.

First, of course, is the change of venue to the Riviera. The Riv has a lot more space that allowed the convention to run five tracks, plus have breakout spaces for Q&A to continue after each panel – a very nice touch. It is spread out more, which made it seem like a smaller crowd at times, but the crowd at the closing ceremony was huge and I think Dark Tangent’s estimate of 7,500 people is probably about right.

While larger, the crowd has really changed. DefCon, overall, was much more subdued than in years past. To some degree, this was a necessity for DefCon to continue as some aspects were a out of control. I remember talking to Priest and DT before DC10 and the general opinion was that if were anything like DC9 that it would be the conference’s last year. There are some other reasons as well. For sure, money came and went from the scene, but it was still striking how the cDc’s presentation went from being nearly a rock concert to “hi, I’m with Cult of the Dead Cow. Here’s our presentation.”

The average age of a DefCon attendee has gone up. I don’t know if they are all the same people, but I think the average age is now around 33-35 and a good number of people have 2.5 kids, etc. so people are a little more responsible, I think. Someone said that Jinx sold out of all the kid/baby sized shirts in just a few hours.

There were also more women. Some of this is attributed us guys getting older and bringing significant others, but there were also quite a few women attending the show on their own. More power to you all. Bring your friends.

The Black and White Ball really shrunk, although it was still worthwhile and I had a great time. I enjoyed seeing Karen again and I hope some of the other DJs post mp3s.

No fire marshal problems this year. The goons were mostly well behaved. Even Priest has calmed down a little – complete with a running joke about being to “sensitivity training.”

Number of contests has really increased. The awards took almost 2 hours. The badges were cool (although a little large) and had a small LED sign that was programmable/hackable. Sadly, they ran out of the mod kits for them which included wireless and a 3 axis accelerometer!

Lock picking, while ever present at DefCon, was really big this year. DefCon provided permanent space for several “villages” including one for hacker spaces, wireless, and lock-picking.

My biggest complaint is that many of the panels ran out of time – largely because panelists didn’t appear to have tested or practiced their presentation. Sometimes this was due to loading or seating issues, and that isn’t the panelist’s fault. But, hey, I understand that it’s a little nerve-racking to stand up in front of a few thousand people – so if they get a little off track, that’s life. I just think that a few more of the presentations should have been two hour blocks – especially for a certain Shmoo who has great rants but always runs into overtime. Same goes for the Meet the Fed panel, which only had about 20 minutes of actual Q&A (is that a conspiracy?)


  • Toxic BBQ looked really cool (or hot, depending on your point of view) and I wished I could have made it.

  • Beer cooling contest (the winner only cooled at 2 degrees/second… surely I can do better? Nice excuse for a liquid nitrogen pump!)
  • High security lock review – The Mul-T-Lock picking tool was just fantastic. I enjoyed showing my key ring to several people seated near me as many people have never even seen the keys for the locks talked about in the presentation.
  • Update on radio scanning technologies.
  • Several presentations on Tor issues., confirming all of my suspicions of various propellerhead vulnerabilities – and some cool ones I had not thought of.
  • Review of quasi-multi-factor authentication for banks. Since I’m a security-application web developer, I didn’t learn anything new that I can apply to my own practice (i.e., I didn’t leave screaming “oh, shit, I need to login to my servers and fix this!), but I had no idea just how crappy some of these new systems were. I screamed at my bank a little and told them how stupid I thought it was, but quickly realized that this was the direction the industry was going and getting them to change would be like abolishing ATM fees. I really need to just start my own bank.
  • I learned a lot in the Reanimating Hard Drives panel.
  • The legal panels confirmed that I have a pretty good grasp on the areas that affect me.
  • Black and White Balls were lots of fun. It was a small crowd, but the DJs were pretty good and there was a lot of cool people to dance with. Mad props to the two people who were contact juggling while dancing. Just, WOW! I would think you pretty much have to be able to do it with your eyes closed in order to not be distracted by strobes, etc. Very impressive.

Comments are closed.


Copyright © 2012 -1354585409