Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How To Sneak In To a Security Conference

Soulskill posted more than 2 years ago | from the equip-yourself-with-a-fake-beard dept.

Security 189

jfruh writes "You'd think that, of all events, security conferences would have tight security. But one anonymous human pen tester managed to sneak into the RSA conference without credentials, using tried and true techniques like waving a badge from another conference at security guards and slipping in through exits."

Sorry! There are no comments related to the filter you selected.

Body language is an effective tool (5, Interesting)

Anonymous Coward | more than 2 years ago | (#39190831)

It's easy to avoid notice if you act like you know what you're doing, where you're going and that you belong where you are. Never stand still or look around.

Re:Body language is an effective tool (5, Funny)

SJHillman (1966756) | more than 2 years ago | (#39190849)

This is why I keep my lab coat from college. A lab coat says you know what you're doing. Throw in a clipboard and you're gold.

Re:Body language is an effective tool (4, Funny)

oakgrove (845019) | more than 2 years ago | (#39190879)

And should you find yourself at a construction site just put a 2x4 over your shoulder and walk purposefully with a stern look on your face. Works every time.

Re:Body language is an effective tool (2)

geekoid (135745) | more than 2 years ago | (#39190933)

Cause without the 2x4 those busy, tired, and afraid of losing their jobs construction people will call you out?

Re:Body language is an effective tool (1)

oakgrove (845019) | more than 2 years ago | (#39190967)

Not necessarily. It just helps you look busy.

Re:Body language is an effective tool (4, Funny)

FatdogHaiku (978357) | more than 2 years ago | (#39191445)

If you look purposeful and/or busy at a construction site you run the risk of getting promoted...
The whole sub-contractor structure avoids "Peter - Principling" everyone useful right off of the job site.
Also, "a" 2x4 is a stone bust. At least 4 pre-cut studs or approximately 30 lin Ft of 2x4 is a load that will not single you out... at least until you toss it into your truck ;^)

Re:Body language is an effective tool (0, Informative)

Anonymous Coward | more than 2 years ago | (#39190999)

The important part is the union button.

I've been called out on job sites when I'm there legitimately.

Re:Body language is an effective tool (2)

FatdogHaiku (978357) | more than 2 years ago | (#39191479)

The important part is the union button.

I've been called out on job sites when I'm there legitimately.

True Data

Re:Body language is an effective tool (5, Funny)

PatPending (953482) | more than 2 years ago | (#39190965)

A construction site... or when you're trying to go backstage at a Village People concert.

Re:Body language is an effective tool (5, Funny)

Anonymous Coward | more than 2 years ago | (#39191191)

Getting backstage at a Village People tribute doesn't necessitate stealth, just willingness.

Re:Body language is an effective tool (4, Funny)

philip.paradis (2580427) | more than 2 years ago | (#39191941)

That can be taken two ways.

Wait, the previous sentence can be taken two ways. Crap, I think I just put this comment into an endless loop.

Re:Body language is an effective tool (2)

maxwells_deamon (221474) | more than 2 years ago | (#39192049)

I have helped at conferences where I had a right to be there but the registration system missed me for one reason or another.

Carrying something in which covers the bottom of the lanyard while they are setting up works like a charm. A couple of lightweight boxes works best.

Re:Body language is an effective tool (2)

murder_face (2574275) | more than 2 years ago | (#39192361)

And should you find yourself at a construction site just put a 2x4 over your shoulder and walk purposefully with a stern look on your face. Works every time.

All it really takes is a hard hat. The cleaner that you look and the less you are doing, the more important it makes you seem

Re:Body language is an effective tool (5, Informative)

Anonymous Coward | more than 2 years ago | (#39191299)

You said this as a joke but that you're actually right makes it even funnier. Sometimes I wouldn't bother taking off my lab coat on my way home from work, and you wouldn't believe how much authority that granted me to those I passed into on my way home. People always think the most ridiculous things when they see a lab coat. Was I a rocket scientist, a doctor? A nuclear physicist? Or was I just just a guy who had to wear a lab coat and didn't really do anything that important? Except no one except those that realize how normal lab coats are thinks the last one.

Re:Body language is an effective tool (2)

gatkinso (15975) | more than 2 years ago | (#39191931)

Most techies who work with electronics don't wear lab coats they wear ESD smocks.

All you need is a clipboard (4, Funny)

MrEricSir (398214) | more than 2 years ago | (#39191579)

I used to carry my shopping list on a clipboard, but I had to stop because people kept asking me questions about various products or where to find things. It was funny the first few times, but after a while it started to get old.

Re:Body language is an effective tool (1)

Barbara, not Barbie (721478) | more than 2 years ago | (#39191695)

Or walk in through the loading dock of most companies with a clipboard and a white hardhat with the municipal logo on it - nothing says "surprise inspection" better.

WARNING: Don't try doing the white hardhat thing on a construction site - you'll scare all the illegal/cash workers away.

Re:Body language is an effective tool (5, Funny)

Anne_Nonymous (313852) | more than 2 years ago | (#39191961)

If you wear Wellington boots, a jock strap, and a huge sombrero, people generally don't mess with you.

Re:Body language is an effective tool (4, Funny)

msauve (701917) | more than 2 years ago | (#39192165)

"If you wear Wellington boots, a jock strap, and a huge sombrero, people generally don't mess with you."

Especially if that's all you wear. Except in NYC, where you may get mistaken for the nekkid cowboy.

Re:Body language is an effective tool (3, Insightful)

minkie (814488) | more than 2 years ago | (#39192893)

Tell me about it. I used to work in a hospital (not as a member of the medical staff). I had a labcoat that I kept mostly to keep warm when the air conditioning got too cold. If I put it on and wandered the halls, there was pretty much nowhere I couldn't go. I'll bet if I hung a stethoscope around my neck, I could have walked into the OR and nobody would have said "boo".

Adjust the costume to fit the venue. Hardhat at a construction site. Trial case in a courthouse. If you saw a guy with a pitchfork and covered in manure walking through a stable, would you stop him and demand to see his ID?

Re:Body language is an effective tool (5, Insightful)

vinehair (1937606) | more than 2 years ago | (#39190863)

It's easy to avoid notice if you act like you know what you're doing, where you're going and that you belong where you are. Never stand still or look around.

Bingo. Simple tactics and social engineering are usually all you need if you really want to get at something.

The weakest link in any security chain is always the people, and people are easy to deceive.

Re:Body language is an effective tool (2, Funny)

Anonymous Coward | more than 2 years ago | (#39190891)

Sometimes the weakest link is the default password.

Re:Body language is an effective tool (4, Insightful)

The Mister Purple (2525152) | more than 2 years ago | (#39191601)

Default passwords remaining at default is caused by people.

Re:Body language is an effective tool (2)

X0563511 (793323) | more than 2 years ago | (#39190917)

I certainly don't intend to, but it seems whenever I go out shopping for something I end up being asked "do you work here" - if someone doesn't outright assume I do and ask for help.

It happens even when I'm wearing something completely different than the store's uniform. ... am I unintentionally giving that kind of impression, do you think? I wonder if I could put that into something useful :P

Re:Body language is an effective tool (5, Funny)

Anonymous Coward | more than 2 years ago | (#39190983)

whenever I go out shopping for something I end up being asked "do you work here"

Do you always look bored and slightly retarded?

Re:Body language is an effective tool (4, Funny)

Delarth799 (1839672) | more than 2 years ago | (#39191295)

If you shop at Wal-Mart everybody thinks everybody else works there.

Re:Body language is an effective tool (1)

Zlotnick (74376) | more than 2 years ago | (#39192141)

A safe bet, this.

Re:Body language is an effective tool (1)

reason (39714) | more than 2 years ago | (#39191175)

If you move about about fairly slowly, but without seeming to be focused on something in particular that you are about to buy, that'd do it. Especially if you are about the expected age of an employee and wear clothes that look like retail work clothes: e.g. cheap button-up shirts coupled with slacks or a skirt.

Re:Body language is an effective tool (0)

Anonymous Coward | more than 2 years ago | (#39191185)

You joke, but I often get the same thing. ESPECIALLY at electronics stores, where the employees are BSing to the customers why something is better, rather than going 'What do you need to use this for? Did your last computer do what you needed? Is there anything else it should be able to do.' Then you glance at the inventory, point them at a couple choices, plus a recommendation, and there leaves a happy customer.

It's not rocket science, and it's really sad more salespeople don't spend an hour a day improving their sales literacy.

Re:Body language is an effective tool (2)

Imrik (148191) | more than 2 years ago | (#39191777)

Sales people aren't there to help the customer, they're there to make sales, preferably of items with good profit margins.

Re:Body language is an effective tool (2)

Terrasque (796014) | more than 2 years ago | (#39191199)

I wonder if I could put that into something useful :P

Like this? http://web.archive.org/web/20050412233112/http://lineman.net/node/270 [archive.org]

or ... more general stuff.. http://fr.thehackademy.net/madchat/esprit/textes/The_Art_of_Deception.pdf [thehackademy.net]

Re:Body language is an effective tool (2)

Beardo the Bearded (321478) | more than 2 years ago | (#39191209)

I get that a lot as well.

The problem is I like to be helpful, so I'll answer questions if I can. Last couple of times I went shopping I was offered a job! I mean, seriously, can't a guy just go about his day without people begging him to take a job?

I have also thought about moving from "helpful" to "grand theft" but then I realize that I could just buy the stuff for a lot cheaper than whatever my lawyer would charge.

Re:Body language is an effective tool (1)

crafty.munchkin (1220528) | more than 2 years ago | (#39191227)

I often have the same issue. My standard answer is "No, but for $100 I'll answer your questions like I do!". Haven't had any takers... yet :)

Re:Body language is an effective tool (1)

BobZee1 (1065450) | more than 2 years ago | (#39191467)

that is awesome!!! i thought i was the only one. i get this ALL the time. i read the few replies to your comment and maybe i am retarded and look dull.

Re:Body language is an effective tool (0)

Anonymous Coward | more than 2 years ago | (#39192975)

Maybe they don't think that you work there. Maybe they just think you might be able to help? I mean there are still such things as friendly people, right?

Re:Body language is an effective tool (1)

Anonymous Coward | more than 2 years ago | (#39191389)

A dazzling smile, a stack of pizzas and a liter of coke, plus a tight, low cut tank top gets me through just about every secure check point.

Re:Body language is an effective tool (3, Funny)

element-o.p. (939033) | more than 2 years ago | (#39191987)

I rather suspect a tight, low cut tank top -- with or without pizzas and coke -- would get me thrown OUT of most places (at least those that I'd have any interest in going to, anyway)

Then again, I'm a dude :)

Re:Body language is an effective tool (1)

hot soldering iron (800102) | more than 2 years ago | (#39192113)

I *really* hope you're a girl. I need a pizza about now...

Re:Body language is an effective tool (4, Interesting)

Johann Lau (1040920) | more than 2 years ago | (#39191039)

Exactly! As a hobby photographer it often amazed me how a decent camera and lens, plus the attitude you described, makes other people react sometimes or what it lets one get away with. Like stumbling into and through an area full of cops and only later finding out that civilians aren't allowed in there. Just act like you're on the way to something important, don't be a tourist, be light-hearted and content and focused. That is, even if you're just checking everything out, act like you're focusing on a task (it can even be just getting from A to B while checking your equipment (which in the case of this topic would be your mobile devices I guess :P)). Maybe even give a professional nod here and there haha. If nothing else, it's hilarious!

Re:Body language is an effective tool (1)

AK Marc (707885) | more than 2 years ago | (#39191213)

And when you ask firmly, people rarely refuse. "hold this" "smile" When you act like you belong, others act like you belong as well.

Re:Body language is an effective tool (1)

OhSoLaMeow (2536022) | more than 2 years ago | (#39191669)

I got away with this at a concert back in '76. I happened to be dressed just like the security people (jeans, denim shirt - whoda thunk it) and a camera with a long zoom lens. I parked down in front of the stage and while the security people were booting other people out left and right, they left me alone.

Re:Body language is an effective tool (1)

Macman408 (1308925) | more than 2 years ago | (#39193083)

Add a big lens hood and it works even better.

Re:Body language is an effective tool (5, Interesting)

CanHasDIY (1672858) | more than 2 years ago | (#39191145)

This.

When I was doing gig work, I learned the easiest way to get backstage at a show is to appear on the loading dock a few hours before the event, wearing all black, and start helping the crew do their load-in (industry term for "take the shit off the trucks and set it up on stage"). Once load in is complete just hang around the backstage area until the show.

The downside is, since you're dressed like a stagehand, you'll probably be treated like one, so don't expect to spend the whole show standing around with your thumb up your ass.

Re:Body language is an effective tool (3, Funny)

Tyrannosaur (2485772) | more than 2 years ago | (#39191907)

spend the whole show standing around with your thumb up your ass.

What kind of shows do you go to??

Re:Body language is an effective tool (5, Funny)

cptdondo (59460) | more than 2 years ago | (#39191283)

Long ago I learned that the best way to be invisible is to walk in dressed in overalls with a toolbelt, and announce "Plumber!" to everyone in earshot. You can walk into a women's bathroom, yell "Plumber!" and none of the women will even notice as you walk around....

Re:Body language is an effective tool (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39191329)

Carrying things is also good.

I worked at a vending company, and let me say, if you're carrying a box of sodas with both hands while standing helplessly by the door, all you need to say is "I'm here for the vending machines" and someone will let you in for most places.

Now, federal sites that doesn't work so well. At a delivery company I worked with, if you're going to a federal site (post office, airport, etc) if you're not wearing the right clothes, have the right badge, and come in the right vehicle, you're not getting in.

Re:Body language is an effective tool (4, Insightful)

Anonymous Coward | more than 2 years ago | (#39192011)

Never stand still or look around.

I find this, in general, to be a good guideline in life. If you stop to look around at the beauty and wonder of life people think there is something wrong with you.

Yes! I've been asked if I'm alright, and know where I'm at. To the latter, I respond: "Yes. I'm right here!"

Quis custodiet ipsos custodes? (1)

sehlat (180760) | more than 2 years ago | (#39190873)

Like everything else, security is no better than the people implementing it.

Security is about what you're securing. (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39190887)


You'd think that, of all events, security conferences would have tight security.

No, I wouldn't think that. I'd think that a bank, or an event involving a US President would have tight security. Security is about what you're protecting, not who's involved in it. For the most part "stealing" admission to a conference is harmless, as long as a few people do it. The security only has to be good enough to make it so only a few people sneak in.

Security conferences aren't exactly a high profile event like, that appeals to millions (like say a Rock Concert), so people sneaking in is really not a big problem. If you didn't think you could sneak in to a conference before, you obviously haven't been paying attention.

Re:Security is about what you're securing. (5, Insightful)

Ruke (857276) | more than 2 years ago | (#39191033)

Absolutely. There's no reason to have a conference be that secure. Spending an extra five-to-ten seconds per attendee checking badges would be a major disruption in crowd flow. The primary benefit of security at this event was to make the attendees feel special, and the secondary benefit was preventing overwhelming crowds. There's basically no reason to keep out any one person who's not supposed to be there; the panels are advertisements, and the information is as good as public. Security is in place to keep out crowds of people who aren't supposed to be there, and they seemed to do well enough at that.

even the subway may not check that close with big (1)

Joe_Dragon (2206452) | more than 2 years ago | (#39191523)

even the subway may not check that close with a big group moving though.

A stadium just let out the station was packed and I like could of flashed a out of date / used ticket and they would likely not seen it or would of not tried to stop you if you did have a bad ticket.

Some times even on trains where you pay / check tickets on the train they can get so packed they don't even get to all the people.

When you have a big crowd moving in a small space some times fully checking cards / badges takes to much time.

Re:even the subway may not check that close with b (5, Interesting)

maxwells_deamon (221474) | more than 2 years ago | (#39192131)

I was on the commuter train in San Diego. It was run mostly on the honor system but you can get a ticket if you can't show you have paid. It was packed and there was bairly room to stand

Two police officers jumped on and about 1/2 of the people (most looked like students) suddenly remembered it was their stop. Suddenly you could even sit down,

Re:Security is about what you're securing. (1)

ShakaUVM (157947) | more than 2 years ago | (#39191239)

I've been to enough conferences and simply walked into wrong rooms where other conferences were going on by accident, to be completely unimpressed by people "sneaking into" a conference that isn't the San Diego Comicon.

Re:Security is about what you're securing. (2)

uncledrax (112438) | more than 2 years ago | (#39191323)

This.

Plus the articles "guards" are near-min-wage employees hired by the conf organizer or the conf.center to just stand around and try and gate access some. They largely have no vested interest in the nature of the content or attendees.

As for ComicCon, I think you'd have a harder time sneaking into a room at DragonCon since it's fan-run, not an industry show... those volunteers are putting in a lot of time for their badge, and if nothing else, they don't want to see someone getting what they have for free. (and yes, I've been one of those people)

Re:Security is about what you're securing. (0)

ShakaUVM (157947) | more than 2 years ago | (#39191443)

Comicon is hardly impossible to sneak into, but they've stepped up security a lot in recent years. They check ID, put holograms on the badges, and the guards will most of the time demand you flip your badge over when you walk through the doors. And security really is all over the place. The con is a nonprofit and makes so much money, they can blow it on a thousand rent-a-cops.

(The easiest way to get in is to buy one from a professional forger of badges on ebay, really.)

Re:Security is about what you're securing. (2)

todd_is_not (1898120) | more than 2 years ago | (#39192307)

Last year, my son (16 at the time) went to San Diego to see his mom. He went to Comicon every day for free. His mom, her BF, and my son's younger half brother all went at one time or another.

They just asked people exiting for their badges. He thought it was pretty funny getting in with a girl's badge.

Re:Security is about what you're securing. (3, Insightful)

Mr. Freeman (933986) | more than 2 years ago | (#39192069)

Exactly, the entire point of a conference is to make things public, not exactly a security issue.

And the author mentions something about "I could have installed keylogging software on a demo computer". Who cares? I guess he could have stolen the generic "admin/admin" and "tester/tester" accounts from all the machines. Unless someone is stupid enough to hook their demo computer into a real set of confidential data, this isn't a problem. And if that is, in fact, the case then it's the company's issue, not the conference's.

Why? (5, Insightful)

hipp5 (1635263) | more than 2 years ago | (#39190901)

You'd think that, of all events, security conferences would have tight security.

Why?

I suspect the cost/hassle of doing more than basic security outweighs the benefit of catching a few people who didn't want to pay the $100 conference fee. I doubt the information being presented is secret and needs protecting. And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.

Re:Why? (4, Informative)

slew (2918) | more than 2 years ago | (#39191165)

You'd think that, of all events, security conferences would have tight security.

Why?

I suspect the cost/hassle of doing more than basic security outweighs the benefit of catching a few people who didn't want to pay the $100 conference fee. I doubt the information being presented is secret and needs protecting. And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.

Of course in many conference venues (like the moscone center where the RSA conference is held), you must use the approved contractors that use local union labor to handle things like setup, teardown, electrical, network installation, theatrical services, and security. You don't really get to customize stuff like this too much, so security is probably exactly the same as any other conference at the same venue.

Re:Why? (2)

TubeSteak (669689) | more than 2 years ago | (#39191319)

I doubt the information being presented is secret and needs protecting.

He got onto the expo floor while it was still being set up.
If he had walked off with laptops unattended booths, that could represent a major security threat to whatever company he was targeting.
If he had walked off with the laptop of a presenter, that could easily represent unpublished exploits ripe for immediate use.

And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.

The organizers have very little to lose from thefts, because they don't have much that can be stolen.
Their risk profile is very different from that of any particular presenter, booth owner, or attendee.

Re:Why? (1)

Kagato (116051) | more than 2 years ago | (#39191859)

Spot on. Conferences have notoriously bad security. The guys manning the door are usually temp workers or low wage security guards. They have very little incentive to go the extra mile. If anything, they are there to challenge entrance by anyone who doesn't look like they belong. (i.e. Homeless vagrant, teenagers who keep walking on the lawn, etc.) Your average rock concert will have much better security.

Large Concerts (5, Interesting)

war4peace (1628283) | more than 2 years ago | (#39190921)

You can easily sneak into large concerts, gigs, expos, whatever if you have a cap with a TV station logo, dress shabby and carry a large video camera. If you don't have a camera, a set of cables or a tripod would do just fine. Badges? No need.

I used to work for a local branch of a known TV station, I had access to an old training video camera at all times. Every time there was a gig I wanted to attend to, I went to my workplace, grabbed that camera, went to the gig, got in, left the camera in one of the the tech rooms, achievement unlocked. Sometimes I brought my girlfriend in by letting her carry a microphone. We even interviewed a security dude just for the kicks.

So yeah, it's easier than expected.

Re:Large Concerts (1)

Hentes (2461350) | more than 2 years ago | (#39191057)

But why bother when a ticket is much cheaper than a camera?

Re:Large Concerts (2)

camperdave (969942) | more than 2 years ago | (#39191147)

But why bother when a ticket is much cheaper than a camera?

Who says its cheaper? I bought an old over the shoulder video camera for a couple of bucks at an auction. Tickets to some venues can cost ten times what I paid for the camera.

Re:Large Concerts (1)

CanHasDIY (1672858) | more than 2 years ago | (#39191163)

But why bother when a ticket is much cheaper than a camera?

Or even better, a clipboard and a black t-shirt that says STAFF on the back.

Re:Large Concerts (0)

Anonymous Coward | more than 2 years ago | (#39191211)

Because a (valid) ticket only works once.

Re:Large Concerts (1)

AK Marc (707885) | more than 2 years ago | (#39191269)

They look at the tickets. The "Pink" ticket doesn't work for "Lady Gaga" but the camera works for both.

Re:Large Concerts (1)

war4peace (1628283) | more than 2 years ago | (#39192853)

Um, you buy ONE camera for 300 USD and can go to say 50 concerts with it. That's a shitload of saved money on tickets, my friend.

Re:Large Concerts (1)

oodaloop (1229816) | more than 2 years ago | (#39191083)

Badges?

We don't need no stinkin' badges!

Re:Large Concerts (1)

k6mfw (1182893) | more than 2 years ago | (#39191989)

, I had access to an old training video camera at all times. Every time there was a gig I wanted to attend to, I went to my workplace, grabbed that camera, went to the gig, got in,

This may work for another five years or so. I can access events with my over the shoulder ENG camera, or attend choice spots at parades. However, cameras even for news stations are getting smaller. More of them are packing the "Fisher Price" cams and getting same size as consumer cams. Old school of large camera = expensive-ENG-must-be-a-real-newsguy, new school large camera = old technology. Yes, pack a $60K Panasonic with P2 cards and the techies will say "old technology!" It may become packing a shoulder cam would be interpreted as archaic as packing a CB radio.

I recently saw an anchor and his ENG person, anchor was a large old guy and ENG person was a young small lady. Opposite of what you would find from a news station. I asked her about trends of cameras getting smaller, she said small cameras don't have the stability. Let's see what five years will bring. But bring a tripod, ***required*** for good shots with small HD cameras.

Re:Large Concerts (1)

LurkerXXX (667952) | more than 2 years ago | (#39192527)

But bring a tripod, ***required*** for good shots with small HD cameras.

You should try one of those mini-steadycam rigs.

Re:Large Concerts (1)

evil_aaronm (671521) | more than 2 years ago | (#39192699)

Not all events are the same. I've experienced "camera man rock star" treatment for a number of events, but some, like NYS wrestling finals, have a list of approved camera men, photographers, etc, and you have to beg for credentials to get on the list because they do check. Even if you're on the list, some places hassle you, anyway.

Security (1)

geekoid (135745) | more than 2 years ago | (#39190925)

is about risk.
There is no black and white demarcation.
An important lesson many people in the modern security business seem to forget.

The security you're talking about... (0)

Anonymous Coward | more than 2 years ago | (#39190927)

The security you're talking about it's not the type you think.

Now, if it were a bodyguard conference, maybe. But it's network security not building security or police security. It's also a conference, not a classified meeting. So I don't understand why they should have very tight policies, then it's an event open to public.

Just saying.

Re:The security you're talking about... (1)

Sulphur (1548251) | more than 2 years ago | (#39191795)

The security you're talking about it's not the type you think.

Now, if it were a bodyguard conference, maybe. But it's network security not building security or police security. It's also a conference, not a classified meeting. So I don't understand why they should have very tight policies, then it's an event open to public.

Just saying.

This is not the security you are seeking. Nothing to see here. Move along.

Snuck into Defcon once (0)

Anonymous Coward | more than 2 years ago | (#39190945)

My first Defcon I didn't know what I was getting into, so I thought before paying the conference fee I would check it out. Checking it out turned into three days when I realized that anybody worth their social engineering salt was not paying :)

Re:Snuck into Defcon once (1)

titanium93 (839011) | more than 2 years ago | (#39191259)

You should have just worn a tuxedo and said your Enrico Pallazzo.

Re:Snuck into Defcon once (1)

tnk1 (899206) | more than 2 years ago | (#39191557)

That or they got their company to pay for it and didn't care. In that case, it's actually better to pay, otherwise your finance department thinks you're just trying to get a free trip to Las Vegas.

OpSec (0)

Anonymous Coward | more than 2 years ago | (#39190957)

This is called "Operational Security" I am sure all the vendors were all about crypto and wireline/wireless security so it's not that embarrassing. A real achievement would be to access customer lists from one of the machines in the expo floor via the wi-fi network.

Like I once heard "SSL is like hobos sending letters via armored cars."

Re:OpSec (2, Funny)

Anonymous Coward | more than 2 years ago | (#39192195)

PantSec- That's what I call my belt

not surprising at all (0)

Anonymous Coward | more than 2 years ago | (#39190981)

Really? this isn't surprising at all. the point of the conference is to share information, sell product, network with like minded and make a buck or two at the same time. what would you have them do, issue prox cards, setup access readers, post armed guards and install turnstiles? security measures are supposed to be commensurate with the risk based on the vulnerability to the value of the asset. value is low, vulnerability is moot, therefore risk is low. and this kind of press is actually free marketing, pure gold, you're a tool.

The RSA Conference isn't protecting secrets (3, Informative)

DragonWriter (970822) | more than 2 years ago | (#39190985)

The RSA conference, like most industry conferences, is in very large part a sales conference for industry products. There's no reason for it to be particularly secure (obviously, they want to maintain some security to maintain ticket prices and the marketing value of the information gathered along with those sales), a few extra people coming in without paying isn't a huge deal (whereas intrusive security measures that inconvenience legitimate ticketed attendees would be.)

Its not like the conference presents eyes-only sensitive material that only ticketed attendees are cleared for and that there is some danger to the conference sponsors if anyone outside gets wind of it. Just because its a conference about security practices and products doesn't mean that it somehow has any particular high-security needs.

Re:The RSA Conference isn't protecting secrets (0)

Anonymous Coward | more than 2 years ago | (#39191167)

However, in this case they are selling something *else*.... security. If someone can sneak in like that what does it say about your product that you are selling?

Re:The RSA Conference isn't protecting secrets (1)

Anonymous Coward | more than 2 years ago | (#39191293)

That's like saying that if I'm in the business of selling guns, and I don't shoot my customers, I'm demonstrating my guns are low quality.

Re:The RSA Conference isn't protecting secrets (3, Funny)

ThatsMyNick (2004126) | more than 2 years ago | (#39191673)

Says guy who has never tried shooting a customer! Try it next time and I can guarantee people will swarm for your guns.

Re:The RSA Conference isn't protecting secrets (2)

colinrichardday (768814) | more than 2 years ago | (#39191677)

Are the people who organize the conference the same as the people who sell the products?

"sneak" into a sales presentation? (5, Insightful)

mindcandy (1252124) | more than 2 years ago | (#39191123)

RSA 2012 is basically a big sales presentation.
To suggest sneaking in is a big achievement is like saying you got into BestBuy a few minutes early one day to shop for TVs.

Journalist tricks (1)

jjp9999 (2180664) | more than 2 years ago | (#39191129)

Journalists do this all the time (good ones at least). My favorite is holding a walkie talkie to your ear and waving in acknowledgment to the guards (with a slight nod) while walking in. It's better to wear dark glasses for this one.

Researchers != Security Folks (1)

systemeng (998953) | more than 2 years ago | (#39191131)

The security researchers inside the conference are no doubt very aware of security. The security hacks that implement the security for such conferences: not so much. Same problem with security everywhere.

Duh. (0)

Anonymous Coward | more than 2 years ago | (#39191177)

The "security" at the RSA conference is the same "security" at CES. They aren't RSA people..they are event location employees. I go by them all the time for reasons..just say you are a speaker or something like that. They'll wave you right by...

It's a marketing event (1)

Anonymous Coward | more than 2 years ago | (#39191277)

We're not talking the internals of a bank here. It's just a big marketing event. The whole idea is to get more people in to see what's for sale.

"Breaking in" to a marketing event isn't something to get excited about.

pt barnum? (1)

dirty_ghost (1673990) | more than 2 years ago | (#39191281)

fooling some of the people all of the time.

lost and confused some times can get you past peop (1)

Joe_Dragon (2206452) | more than 2 years ago | (#39191373)

lost and confused some times can get you past people or if you get caught just act like you have the wrong building, wrong date, wrong conference.

Security responsibility (1)

eyenot (102141) | more than 2 years ago | (#39191409)

I think security guards should be ready to be assertive and aggressive in securing a portal. If you're one of two guards and you've been given a post at two propped-open double doors, or any other very wide entryway, you should tell the boss to gather you up some form of corraling and queueing the incomers or else a way to partially block the entry, with a nice covered table perhaps.

Also, security guards should sign to responsibility for losses or threats incurred due to someone slipping past.

Umm.. no security conferences should not be (0)

Anonymous Coward | more than 2 years ago | (#39191437)

Security is everyone's responsibility. It's a common misunderstanding that techniques, methods etc should be kept a secret. /oldbie Infosec manager with a lawn to protect

The homeless often get into RSA too. (2)

xxxJonBoyxxx (565205) | more than 2 years ago | (#39192007)

I've been going to RSA now for many years, both as an attendee and as an exhibitor. By Thursday you'll see the occasional homeless woman (almost always female) going up and down the aisles grabbing all the candy, clothing and electronic widgets she can find.

Furthermore, I've never had to pay to get in. Simply mention an IT job title to a sponsoring vendor or sign up on a sponsoring vendor's web site and you can get a free pass months in advance.

Color me unimpressed by this article.

Re:The homeless often get into RSA too. (0)

Anonymous Coward | more than 2 years ago | (#39193163)

occasional homeless woman (almost always female) p>

I'd think the male homeless women would be worthy of their *own* conference.

He pen tests what? (2)

nitehawk214 (222219) | more than 2 years ago | (#39192197)

he is in the business of "pen-testing humans"

Is that not called "rape"? :)

Easy if you know what to do (2)

autocracy (192714) | more than 2 years ago | (#39192199)

Hell, I joined the Ops team at Shmoocon this year without any credentials or signup. I tell you that isn't part of their plan. http://storyinmemo.com/?p=48 [storyinmemo.com]

I spent a day at my first DEFCON missing my badge and managed to keep going all over the conference. Every year at DEFCON I make it a point to get into a guest-listed party that I didn't have access to. Why would RSA be different? I guarantee the DEFCON goons care more and the RSA ticket funds aren't going to making the conference more secure.

Their cost / benefit for tightening things down would be basically nothing.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?