Backup Buddies – BSidesLV | BlackHat | DefCon 2015

July 20, 2015

We are back for the 3rd year!!!!

Backup Buddies started in 2013 due to the great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact or talking about it, this is our call to action to address any potential issues and offering at least somewhat of a solution. This year, much like last, I’m SO THRILLED to say that many amazing members of the Black Hat / DEF CON community have jumped onboard to help as well to be the ‘eyes’ and ‘ears’ for anyone who needed a hand.

I truly love this community and the amazing experience that the conferences can be, and we all want to do our part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can. For the 2015 week of Security BSides + BlackHat + DEFCON, a bunch of us are offering up our time and efforts to help. If you or someone you know, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:

+1-650-4-BACKUP

This has been setup to contact me via voice and text during the conference so if I’m not close by, I can pass it on to one of our trusted ‘Buddies’ that is close to the area to help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for someone to speak on their behalf.

This number is not:

A party-info line. I can’t get you into parties.
A general conference information line. Google and conference staffs are there for you for general info.
A phishing expedition.
1-900-CHATROOM.
“I just wanted to see what’s up”

This number is for situations such as:

I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

This line has been a positive experience, let’s keep the option open for those who may need it. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at Bally’s instead 😉 .

If you are trusting, friendly, and want to help others, send an email to backups at secbarbie.com.

**PHONE NUMBER WILL GO LIVE MONDAY AFTERNOON AUGUST 3rd AND STAY ON-LINE UNTIL THE AUGUST 9TH

Conferences

Change the behavior, the environment doesn’t matter #RSAC

April 21, 2015

While volunteering at the HacKid Conference booth in the Cyber Security Safety Village yesterday I was approached by a #RSAC attendee from a major automotive company. Apparently he waited to talk to the other booth volunteer (which was male) first, but the other volunteer was discussing things with other people, so he had to come interact with me. He started out by asking me budget questions about HacKid and when I stated that he could email to get more information about those types of questions he abruptly stated that he needs to talk to somebody that actually knows something and walked off.

This type of behavior happens all of the time. So when we are discussing things like how vendors staff their exhibition booths or the types of outfits that people wear, or themes used, perhaps we should talk about the behavior of the attendees first. They need to treat people like people.

UPDATE:
To ensure my point is clear:

Yes, there will always be people who do not treat others with respect, even the minimum amount of respect.
I don’t believe that RSAC needed to take the actions they did, but I don’t disagree with them either if it makes people feel less alienated.
The ‘Booth Babe’s’ were always professional from what I witnessed, and they were subjected to a great deal of poor behavior from some attendees that was almost always embarrassing to even overhear.
I was personally treated in a rude and disrespectful fashion, but it didn’t overly offend me, I have posted this more as a statement about how we can all improve our behavior towards others especially when we have no idea who the person is that is the subject to such behavior.

Conferences, Foodie Stuff

Secgria – The SecBarbie Sangria

September 1, 2014

For those of you that wanted my Sangria Recipe from SecSocial/Urbane Affair this year in Vegas, here is the info… Ingredients are VERY important, don’t skimp on the wine or Pear Brandy, the rest you can substitute for generic if needed.

The Hardware:
1 Pitcher (or large vessel for containing the end-product)
Saucepan (for the Simple Syrup)
Cutting Board and knife (or however you plan to slice your fruit)
Glassware for the final product

The Software:
2 bottles Tempranillo or Roja
1 cup Pear Brandy (William’s Pear Brandy)
1/2 cup Triple Sec
1 cup Orange Juice
1 cup Pomegranate Juice
1/2 cup Simple Syrup (equal parts sugar and water, heated until sugar dissolves, cooled)
1 Orange Sliced up*
1 Apple Sliced up*
1 container of Blackberries*
1 container of Raspberries*

* You will want to grab extra fruit to put in the glasses!

Build Instructions:
DO THIS FIRST:
Simple Syrup:
Make your own Simple Syrup, it’s easy and it always tastes better than the store-bought stuff. Use qual parts sugar and water, heated until sugar dissolves, cooled. This takes about 5 minutes, so don’t walk away from it, bring it to a boil, stir often, and once it’s dissolved, put it aside and cool. For this recipe, make 1 cup of Simple Syrup and store the rest for delicious things such as Old-Fashions (I’ll post Zack’s Templeton Old Fashion recipe somewhere later).
Main:
Mix all ingredients together and let stand in a tightly sealed container or pitcher for at least 24 hours in the refrigerator before serving. I’ve let it sit for less time, but definitely not less than 4 hours, we tried that and it just didn’t taste as good.

I made this is large bulk, so if you need scaling information, just reach out (math is hard)!

Conferences, Gender Issues

DEFCON unLocked !

August 19, 2014

To start by saying that I’m more than flattered to be involved with so many of the people that I grew up in this industry respecting and looking up to is not even the words.

Tomorrow, Wednesday, August 20th at 3:30PM Pacific

I will be participating in a Google hangout to help all people (especially people identifying as women) navigate the intimidating process of submitting a speaking proposal for Defcon 2015 among other hacker cons.

Check out how to participate as well as the ridiculous line up of people participating at @Tarah’s blog post:
#DefconUnlocked

Conferences

BlackHat | DefCon 2014 – The SecBarbie Backup Buddies are BACK!

July 25, 2014

We started this last year due to the great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact or talking about it, this was my attempted answer to speaking to potential issues and offering at least somewhat of a solution, and I’m SO THRILLED to say that many of my friends jumped onboard to help as well to be the ‘eyes’ and ‘ears’ for anyone who needed a hand.

I truly love this community and the amazing experience that the conferences can be, and we all want to do our part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can. For the 2014 week of BlackHat + DEFCON, a bunch of us are offering up our time and efforts to help. If you or someone you know, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:

+1-650-4-BACKUP

This number is not:

A party-info line. I can’t get you into parties.
A general conference information line. Google and conference staffs are there for you for general info.
A phishing expedition.
1-900-CHATROOM.
“I just wanted to see what’s up”

This number is for situations such as:

I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

This line was a positive experience last year, let’s keep the option open for those who may need it. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at the Rio instead 😉 .

If you are trusting, friendly, and want to help others, send an email to backups at secbarbie.com.

**PHONE NUMBER WILL GO LIVE SUNDAY AFTERNOON AND STAY ON-LINE UNTIL THE AUGUST 10TH

Conferences, Gender Issues

“Fake Geek Girls”

July 25, 2014

I’m in the process of getting the blog back alive, but I couldn’t wait to share this with everyone, so please be patient when it comes to my other content getting back online soon.

I came across this video this morning and it’s alarmingly amazing! They are talking about ‘Fake Geek Girls’, but as our major ‘Security Summer Camp’ is approaching, it’s so appropriate that you can actually see the overlap to how some perceive females that attend InfoSec/Hacker conferences as well.

Some notable moments:

2:12 – Their take on Booth Babes (This one is really good, especially since it looks at the perspective of the actual ‘booth babes’ while poking fun)

5:40 – Credibility – Females vs Males <– THIS… SO THIS…

6:50 NICOLE SCHWARTZ!!! (HELL YEAH! They used a picture of @amazonv )

7:46 – SHOWER! (We all know this should be advised for all the guys and some of the stinky girls)

The link to YouTube: SWIW #3: “Fake Geek Girls” – Fact? Or Fiction?

Conferences, InfoSec Issues

DefCon Sunday – The Buddy Line Update

August 4, 2013

SecBarbieVegas2013 As I sit and enjoy the Vegas morning, I am happy to report that the Buddy line has not been used to report an incident this entire week. Well, perhaps I’m not so happy, I’m hoping that things are going well for all and that incidents are not occurring and just not getting reported. One of the types of issues that I am personally trying to avoid by having the buddy line is having people feel they can’t report incidents due to repercussions, this is also intended to give victims a safer avenue for reporting.

I personally had my two negative experiences at DefCon this year I wanted to let others know that it happens to everyone. Luckily for me, they were not ‘attacks’ or anything of such. One incident was at the Friday night pub crawl, and was a drunken guy who nearly put me to the ground running straight through me for no apparent reason, I was left with bruises as well as drenched with my drink (for context as to time: it was only 11pm or so). This can be chalked up to party-foul, but was still not pleasant. The other incident was Saturday night and a lot closer to the heart. I’m not ready to really address it in pubic yet, but the TL;DR is that I was publicly minimized by a person associated with a group of people that I consider good friends.

I would not normally air those incidents, or even think that much about them until this year and trying to imagine what it is like for someone who is attending for the first or second time. Luckily I have a great support system here in Vegas and I was able to vent a bit about this already, but for those that don’t have the system… the buddy line is still up!

I love you all InfoSec community, even the jackasses. I have faith we can do better.

Conferences

BlackHat | DefCon 2013 – The SecBarbie Backup Buddies

July 26, 2013

In the past years there has been a great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact, this is my attempted answer to speaking to potential issues and offering at least somewhat of a solution.

I truly love this community and the amazing experience that the conferences can be, and I want to do my part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can.

For the 2013 week of BlackHat + DEFCON, I am offering up my time and efforts to help. If you are or you know someone, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:

+1-650-4-BACKUP

I have setup this to contact me via voice and text during the conference so I can help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for me to speak on their behalf.

If for some reason I can’t get to you personally, I will respond with a trusted helping hand to help you as much as possible.

This number is not:

A party-info line. I can’t get you into parties.
A general conference information line. Google and conference staffs are there for you for general info.
A phishing expedition.
1-900-CHATROOM.
“I just wanted to see what’s up”

This number is for situations such as:

I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

We’ll see how this experience goes this year, and I may expand this to other conferences if positive. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at the Rio instead .

If you are trusting, friendly, and want to help others, send an email to backups at secbarbie.com.

**PHONE NUMBER WILL GO LIVE SUNDAY AFTERNOON AND STAY ON-LINE UNTIL THE AUGUST 9TH

Conferences

SecBarbie’s 5 Simple Rules for Black Hat / Defcon 2012

July 23, 2012

1. Don’t be a disrespectful! (this is a place for all of us to converge and share ideas/thoughts/research/make the world a little bit better!

2. It’s Vegas, know where you are traveling to! (It’s called SinCity for a reason… these conferences are not being held at Disney World! Be prepared for scantily clad women, and guys being ‘guys’ so-to-speak …. Even when the women are attendees of the con. *more about this below).

3. Remember that there is always a support system, if things are out of hand, look for a conference staff (Blackhat shirts, Goons, whomever). (People who work the conference know how to get you in touch with the right people to help!)

4. Don’t leave your drink anywhere! (This is common-sense for nightlife, but just needs to be said!)

5. ALWAYS be in control of yourself! (You ARE in control of your consumption, remember to know your limits… hydrate, and have fun!)

*In regards to ” guys being ‘guys’ so-to-speak …. Even when the women are attendees of the con” – I am not condoning disrespectful behavior, but some people in the community are just downright making it hard for others!

Disagree at-will, but here are my beefs:

Looking sexy isn’t a crime, nor is it an invitation for unwanted (UNWANTED DEFINED: advances in which people have already told you to chill out and/or grab-ass with people you do not have that type of relationship with!) advances.
One person’s opinion of inappropriate or appropriate is not the others!
There are some women who make it hard for all women (re: Sales women without scruples/class, scene wh*R3s, etc)!
Everyone in the hacker/security community are vastly different in tolerance levels/social graces/etc…. We cannot judge them all the same!

NOTE ABOUT RED-CARD ISSUE: I have done a few gender panels, and I agree that there needs to be change, but I fear that that this will make it into a game, and it is not going to solve anything. I submitted (with the help of a lot of females in the industry) Gender talks to quite a few major conferences and the conferences are not ready to discuss this yet. In my opinion, that is where it needs to start. It doesn’t need to be me, but it needs to be a voice of a cross-section of women in the space to start the bigger conversation! Special thanks goes out to everyone on the #FAIL panel at Defcon, as they always try to help!

Conferences

Security Summer-Camp – Part 1: The Talks

July 23, 2010

SecBarbie’s talk picks of the week:

Black Hat

Wednesday 1:45pm – 3pm

Augustus 1 & 2

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Wednesday 3:15pm – 4:30pm

Roman

Dan Kaminsky – Black Ops Of Fundamental Defense: Web Edition

Wednesday 4:45pm – 6pm

Augustus 5 & 6

Fyodor – Mastering the Nmap Scripting Engine

Milano 5 – 8

Alex Hutton / Allison Miller – Ushering in the Post-GRC World: Applied Threat Modeling

Thursday 10am – 11am

Augustus 3 & 4

Chris Hoff – Cloudinomicon: Idepotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity

Thursday 11:15am – 12:30pm

Roman

Cesar Cerrudo – Token Kidnapping’s Revenge

Forum 25

Lee Kushner, Mike Murray – Your Career = Your Business

Milano 5 – 8

Tiffany Rad – The DMCA & ACTA vs. Academic & Professional Research: How Misuse of this Intellectual Property Legislation Chills Research, Disclosure and Innovation

Thursday 3:15pm – 4:30pm

Milano 1 – 4

Samy Kamkar – How I met your girlfriend

Wednesday also has the Cloud Security Alliance Summit with some pretty amazing, insightful, and wicked cool folks such as:

Chris Hoff – Cloudersize Keynote

Josh Pennell – Hacking the Hypervisor 2010

Steve Riley – Security and compliance in the Amazon cloud

Security BSides – Las Vegas 2010

I can’t even begin to pick the Security BSides talks (special mention to the InfoSec Mentor Panel that I’ll be on Wednesday at 6pm) as I would whole-heartedly endorse all of them. Bravo to the talk selection guys! So, here is the BSides Schedule:

	TRACK 1 On The Keys		TRACK 2 AFK
7/28/2010
10:00 AM	David Rook	Injecting Simplicity not SQL	Daniel Molina	Top 10 Things IT is Doing to Enable CyberCrime
11:00 AM	Ryan Linn	Multi-Player MetaSploit	Will Gragido	Through the rabbit hole: An Expose of Darknets and the Onion Routed Underground
12:00 PM	Christopher E. Pogue	Sniper Forensics	Gene Kim	Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)
01:00 PM	Chris Lytle, Leigh Hollowell	CCDC	Andrew Hay, Chris Nickerson	Building Bridges – Forcing Hackers and Business to Hug it Out
02:00 PM	Sean-Paul Correll, Luis Corrons	Catch That Butterfly: Stopping Mariposa in its Tracks and Revealing a Growing Underground Network of Amateur Hackers	Vik Phatak	ExploitHub: Arming the Pen Testers to Plug the Holes
03:00 PM	Dave Kennedy (Rel1K)	SET 0.6 release with special PHUKD Key	Paul Judge, David Maynor	The Dark side of Twitter, Measuring and Analyzing Malicious Activity on Twitter
04:00 PM	frank^2	Fuck Tools, Do It yourself Jerk	Grecs	Infosec Communities for Career Success: Understanding, Participating, and Cooking One Up
05:00 PM	Jabra		Joseph Sokoly	Infosec Young and Restless
06:00 PM	Jim MacLeod	Stupid IP Tables Tricks	INFOSEC Mentoring, Mentee-ing Panel
7/29/2010
10:00 AM	Jimmy Shah	Mobile Hackery	Josh Corman, Dennis Fisher, HD Moore, Jack Daniel	InfoSec Speed Debates
11:00 AM	Egyp7	Beyond r57	Chris Sumner	Social Network Special Ops
12:00 PM	HDM	Fun with VxWorks	Frank Breedijk, Ian Southam	The road to hell is paved with best practices
01:00 PM	Davi Ottenheimer	Keypad Bypass Hacks	Bruce Potter	How to Make Network Diagrams that Don’t Suck
02:00 PM	Zach Lanier	It Melts In Your Hand: An Overview of Security (Failures) In Mobile Applications	Eric Smith	Roman Profiles : The 6 Mistakes of
03:00 PM	Ray Kelly	A mechanics view of SQL injection	ValSmith	Social Engineering the CFP Process
04:00 PM	Moxie Marlinspike	How technology killed my heroes, and why they will never be born again	Chris Roberts	Planes, Trains and Automobiles: (OK, Cars and Buses)
05:00 PM	Jason Ross	Who Owns the Internet? AKA: Where did all that cyberspace go?	Andre Gironda	App Assessments Reloaded

DefCon 18

Friday 1pm – 2pm

Track 4

Dennis Brown – How Hackers Won the Zombie Apocalypse

Friday 2pm – 3pm

Track 3

Jim Rennie, Eric Rachner – Search & Seizure & Golfballs

Friday 3pm – 3:30pm

Track 5

Righter Kunkel – Air Traffic Control Insecurity 2.0

Friday 4pm – 5pm

Track 4

Tottenkoph – An Introduction to Virtual Graffiti

Friday 5pm – 6pm

Track 2

Sumit Siddharth – Hacking Oracle from Web Apps

Friday 6pm – 6:20pm

Track 5

Marisa Fagan – Be A MENTOR!

Friday 9pm – ???pm

Track 1

Hacker Jeopardy!!!!!!! – Bring Booze!

Saturday 10am – 11am

Track 2

Jeremy Brown – Exploiting SCADA Systems

Saturday 10am – 11am

Track 4

Chris Paget – Extreme-range RFID Tracking

Saturday 11am – 12pm

Track 4

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Saturday 12pm – 1pm

Track 1

Nicholas Percoco, Christian Papathanasiou – “This is not the Droid you’re looking for..”

Saturday 1pm – 2pm

Track 1

frank^2 – Trolling Reverse-Engineers with Math: Ness…. It Hurts…

Saturday 3pm – 4pm

Track 2

James Arlen – SCADA and ICS for Security Experts: How to avoid Cyberduchery

Saturday 3pm – 4pm

Track 5

Garry Pejski – My Life as a Spyware Developer

Saturday 4pm – 5pm

Track 4

Jayson Street – Deceiving the Heavens to Cross the Sea: Using the 26 stratagems for Social Engineering

Saturday 5pm – 6pm

Track 4

Leigh Honeywell, follower – Physical Computing, Virtual Security: Adding the Arduino Microcontroller Development Environment to your security toolbox

Saturday 7pm – 9pm

Track 5

DefCon Security Jam III: Now in 3D?

Saturday 10pm – ??pm

Track 4

10,000 Cent Pyramid

Sunday 10am – 11am

Track 4

Mike Bailey – Web Services we just don’t need

Sunday 11am – 12pm

Track 2

Valsmith, Colin Ames, Anthony Lai – Balancing the Pwn Trade Deficit

Sunday 1pm – 2pm

Track 5

mc.fly, rvd, vyrus, no maam – ChaosVPN for Playing CTFs

Sunday 2pm – 3pm

Track 3

David Smith, Samuel Petreski – A new approach to forensic methodology – !!BUSTED!! Case Studies

Sunday 4pm – 5pm

Track 1

The Suggmeister – Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage

Sunday 5pm – 6pm

Track 1

Justin Morehouse, Tony Flick – Getting Social with the Smart Grid

Sunday 6pm

CLOSING CEREMONIES!!!!!

Please reclaim all lost livers here!

If you are NOT going to be in the melt-your-face-off land of Las Vegas next week, you can follow all of the action and some of the parties via my live-conference feed on twitter.