10 Tips for iPhone Users at DEFCON 17

This week, MuscleNerd and a few other unnamed dev team members will be at DEFCON 17 in Las Vegas. We’ll of course be carrying our iPhones on us like last year. Bringing an iPhone to a conference packed with hackers has both benefits and risks. Here are 10 tips for iPhone users at a hacker conference (or any technical conference). Most of these tips apply to jailbroken devices, but some also apply to stock devices too.

  1. Disable all your login cookies in Safari. If you use the hotel or conference wifi, it is 100% guaranteed that your traffic will be sniffed. If you allow a web site (like twitter.com) to store your login info in a cookie, and if you connect to that site through a normal http connection, your login info will be exposed. At the very least, you’ll end up on the Wall of Sheep. But you’ll be giving up your password to anyone else sniffing too.
  2. Consider not using the hotel or conference wifi at all, especially if you’re getting 3G speeds anyway. Do not have your iPhone auto-connect to known networks. If you’re bringing a Mac to the conference and you use wifi, at least set up your firewall properly. Turn off everything in Settings?Sharing. Then in Settings?Security?Firewall, click “Set access for specific services”?“Advanced”?“Enable Stealth Mode”.
  3. Learn how to use tethering to avoid wifi on your laptop altogether (and any hotel wifi charges too). By the way, the conference wifi generally doesn’t reach up to the hotel rooms, and vice versa.
  4. If you’re avoiding wifi, consider buying 3G Unrestrictor in Cydia. It tricks applications that would otherwise insist that you be on wifi into using your cellular data network instead. Such apps include Skype, Slingplayer, iTunes, and many others.
  5. Change your root and mobile passwords. Everyone’s iPhone starts off with the root and mobile password of “alpine”. You really don’t want to be in a hotel full of hackers who know your root password. You probably don’t need ssh access to your iPhone at the conference anyway, so uninstall it or toggle it off using SBSettings.
  6. The above tips all apply at the McCarran airport, too. Don’t let your guard down on Sunday after the conference ends, since many of the people around you waiting for their flights out of Las Vegas will have just come from the conference too.
  7. The conference events last from morning through well into the night. If you have firmware 3.0 on your iPhone and both bluetooth and wifi are enabled, you’ll very likely deplete your battery before the day is done. There are power outlets in each of the conference rooms, but those are often the first spots taken (especially late in the day). Consider disabling bluetooth and wifi if only for battery consumption reasons (and maybe even rollback to 2.2.1 LOL).
  8. The “Hack the Badge” contest is a very fun event lasting the whole conference. If it’s anything like last year, the Hardware Hacking Village will be packed all weekend long with tinkerers trying to make their badge do cool and unexpected things. Kingpin has released very limited info about this year’s badge (to make the contest more exciting), but one thing he has revealed is that it will use a simple 3-wire serial interface. On the conference forums, he’s recommended that you bring your own level converter to make the serial voltages compatible with your laptop. But if you connect your badge to your iPhone’s serial interface, you won’t need a level converter. It’s already at the correct voltage. That’s why the early tethered jailbreak for the iPod Touch 2G was able to use the DEFCON 16 badge as a hardware dongle example to boot the device.
  9. The official twitter tag is #defcon. So fire up your preferred iPhone twitter client (for example, Tweetie) and add #defcon as a saved search. And don’t forget to use that tag yourself when you tweet about something at DEFCON.
  10. There are several talks that may interest iPhone and Apple owners in particular. Scanning the talk titles reveals things like “Hacking the Apple TV”, “Is your iPhone Pwned?”, “Jailbreaking and the Law of Reversing”, “Hacking with the iPod Touch”, “Attacking SMS. It’s No Longer your BFF”, and “Runtime Kernel Patching on Mac OS X”, For hardware tinkerers, any talk with Chris Tarnovsky or Kingpin is a guaranteed winner. The iPhone Dev Team gave a talk at 25C3 in December but isn’t presenting anything at DEFCON 17. We have a talk planned for HAR 2009 in a few weeks.

Reposted from http://wikee.iphwn.org/howto:iphones_at_defcon

New Theme

Just to keep things interesting I like to change the theme around from time to time. I am well aware for the one or two people that even bother to come here, it can be a bit disconcerting to see a new layout and interface each time you come. Blue is my favorite color (in more ways than one) and I like the theme name, “Barack Obama.” The theme if you haven’t realized is based on the President’s campaign web site as well as President Obama’s White House web site. It seems to me that this site breaks the Sociable plugin, so if you want to post to any of the social networking sites, you’ll have to copy and paste the URL and go to the site.

If time permits I’ll post an update on some of the stuff that happened this past week. This weekend I pack and get ready for my Vegas trip to attend Defcon. Woohoo!

Vacation In 8 days!

OK, above is a picture from my 2008 vacation to Hawaii.  The one below is I think of the Riviera in Las Vegas.  Getting ready for Defcon in Las Vegas.  I don’t know if I’ll have time to blog or post pictures (or feel safe enough to do so), but keep an eye here and on Facebook for the latest information.  More than likely Facebook will be updated more often than this thanks to Facebook mobile.  We’ll see!

Map picture

President Obama Welcomes You To YOUR White House

President Obama & the First Lady Hold LGBT Pride Reception

Tell me how this person isn’t the most thoughtful and inclusive president we’ve ever had. What *true* and PATRIOTIC American can be against equality and justice for all and the expansion of democracy for all of its citizens, especially on this 4th of July weekend.

It’s July!

It’s the first of July. This should prove to be an interesting month for me. We have the 4th of July weekend, my parent’s 50th anniversary on the 5th, HtR a day later, my midyear review (not looking forward to that) and the cherry on the top of my July sundae, my trip to Vegas for Defcon. It should be an interesting month to say the least. Oh, I posted this from my iPod Touch using the WordPress app.