Lawrence (who I hope is feeling better) pinged me over the weekend about missing DEFCON 30 coverage. (At least, that’s what I think he was pinging me about: his email was kind of cryptic.)
There are some things going on here.
One is that, as I said last week, I was in a mood. It takes a lot of time and effort to pull together the preliminary list of DEFCON panels, the day to day coverage, and the post-DEFCON writeups. That effort is even harder now, because Twitter has pretty much removed the ability to view more than a couple of a person’s tweets without being signed in. I just didn’t have it in me last week.
Which kind of leads to the second reason: it just doesn’t seem that my DEFCON coverage gets the level of engagement that justifies the effort. As far as I can tell, people just aren’t all that interested in it. That may be (probably is) a flaw on my part as a writer, it may be that my audience just isn’t interested in computer security subjects, or it may be that I’m completely misreading what people are interested in.
It also feels like DEFCON has moved beyond me in the post-Wuhan Flu world. It used to feel like a gathering of one of my tribes. Now, it costs $360 (“with a processing fee of $9.66 added to online orders”). Masks are required. And supposedly, you may run into trouble with the hotel if you want to bring a legal firearm. (Hattip: McThag.) They’re also still doing that weird “semi-hybrid” model again, and I’m just not willing to spend a bunch of time hanging out on Discord.
(I’m pretty sure I stayed at that “s–tball” Travelodge on my last DEFCON trip. “they just want their $56 per night and prefer you to not leave used heroin works in the potted plants outside” seems pretty accurate.)
The last thing is: I’ve seen almost no other coverage or discussion of DEFCON 30 this year. At least not in the places I’d expect to see it: Wired, ArsTechnica, or HackerNews. ThreatGrid did a round-up post this morning if you want a different take than mine, but other than that, I’ve seen nothing.
I went and checked the schedule (which you can find here: I haven’t found the media server yet.) One thing that is really nice is that they’ve added much more information to the schedule entries, including links and references where available.
And…there just are not a lot of presentations this year that I find interesting. I can see why people would be interested in “Computer Hacks in the Russia-Ukraine War“, but at only 20 minutes, I have questions.
Maybe “Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)” because Bluetooth, but that’s not so much breaking Bluetooth as it is pretending to be a legit Bluetooth device.
“The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks” and “Process injection: breaking all macOS security layers with a single vulnerability” probably have some relevance to Apple folks. So does “The hitchhacker’s guide to iPhone Lightning & JTAG hacking“. And I can see the interest in “Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal“, but I don’t have a Starlink terminal to play with.
“You’re Muted Rooted” has the Zoom thing going for it. I’ll confess to a small amount of interest in “HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!” and no interest at all in this year’s “Hippy, please.” one.
“Defeating Moving Elements in High Security Keys” does sort of get my attention. And that’s the last thing that does.
It just feels smaller and less interesting. Perhaps DEFCON is still finding their footing again after the last two years. I don’t know. I also don’t know if I’m going to do anything next year.