Opsec and on sex
It used to be the case that going to Black Hat required visitors to practice extreme operational security with their systems for fear of hacking, but that's not really the case anymore.
Sure, you take basic measures for security – disabling Wi-Fi and Bluetooth on laptops and phones, always keeping an eye on your kit, cancelling autorun on USB ports if it isn't already. But it doesn't seem like anyone's trying to get in any more.
Part of this is down to a harder line against hackers. The last case I can remember in seven years of attendance was a couple of journalists hacking fellow hacks' systems for a laugh. They were stripped of their badges and sent home for that offense.
The same is certainly not true for DEF CON. There, hacking other people's systems is a matter of pride and fun, and the stolen credentials are displayed on the wall of sheep. And to the hacker who briefly associated my Gmail account to another email address – I will find you, if I'm lucky.
Black Hat this year was also noticeable for the increasing number of women in evidence at the show. Computer conferences are always a bit of a sausagefest, and Black Hat used to be worse than most. But the gender imbalance, although still stupidly high, isn't as bad as it was, at least in the venue as a whole.
While you'll see slightly fewer women at DEF CON, that's in part down to job roles. At Black Hat, companies bring their PR people, exhibition staff, and assistants with them and while there are a fair few women in the training tracks themselves, not as many as you'd expect given the sex mix on the floor.
DEF CON doesn't really like having non-coders in the venue, and what women you do see are hardcore geeks here to learn and produce. It was also noticeable that DEF CON has a much higher number of ethnic groupings than the usually whiter-than-white Black Hat.
DEF CON – where diversity is de rigeur
As Black Hat winds down so DEF CON begins, usually at a cheaper hotel that reflects individual budgets. Last year it was the Rio, but a Star Trek convention had bagged that spot this year, so we all trooped down to Bally's and Paris.
Frankly, the extra space was needed as this week's show was utterly rammed. Even then, the long lines to get into popular sessions showed yet more space is needed – getting into the smaller sessions in Track Four of the conference was impossible unless you lined up 30 minutes early.
The three full days of briefings had five main tracks doing hourly (and sometime half-hour) demonstrations, with the occasional two hour group discussion sessions. But there are also lots of other talks and events going on in other zones – be it hardware hacking (where the sultry smell of solder is thick in the air), social engineering schools, or confabs devoted to the more esoteric ideas like bioengineering.
This is both a good and a bad thing. It's good in the sheer range of stuff on offer to learn from, but it's also frustrating because you're acutely aware that you're missing out on other talks every single minute of the day.
That diversity of learning opportunities is also reflected in the attendees. There are representatives from all of the hacking subgroups in large numbers, and the venue is full of people who some in corporate computing might find scary – both in dress, haircuts, and attitude.
But there's also an openness at DEF CON that Black Hat can't match. Everyone mixes and, with a few annoying exceptions, it doesn't really matter what you look like or are so long as you bring intelligence, keenness, and geek cred to the event.
As a case in point, I was crouched in a hallway juicing up from an open power socket, surrounded by fellow searchers for current. The chap next to me asked if I happened to have the latest iteration of Ubuntu on a USB stick. You've got to love a conference where someone can ask that with a reasonable expectation that the answer is yes – even though some would have shamed him for using such a mainstream build and for accepting a foreign memory device.
It's not perfect at DEF CON by any means. Last year's diversity panel broke down into insult trading and recrimination after a genuine attempt at an adult conversation, so much so that the organizers rather shamefully turned down an offer for another try at it this year. Technology might unite us, but it doesn't mean sexism, racism, and other forms of prejudice can't still tear us apart.
Another big difference with Black Hat is that DEF CON accepts – nay welcomes – children to the event. There were even sessions that you couldn't get into unless you were a child, or accompanying one.
Based on the number of really skilled youngsters around this year, the future of hacking is in good hands. There were teenage coders playing capture the flag with flying fingers and cunning plans, youngsters barely past toddler age whipping their elders in the network gaming sessions with huge grins on their faces, and both the hardware hacking village and lock picking center had a goodly smattering of youngsters showing off their stuff.