Note the first: I started working on this article last week, but didn't post it until now because I wanted to let all of the (usually astoundingly bad) hot takes die down. While I realize that the Internet has given everyone an attention span rivalled only by the lifespan of the adult mayfly, I think it might be useful to have something laying around that can be pointed to later if need be.

Note the second: A reminder that I do not speak from an official position. I do not speak for or represent my employers, past, present, or future …

UPDATE - 20170902 - Typos, finding emergency exits.

So, after many years I've decided that it's my turn to write a first-timer's guide to Defcon.  There are many like it, so I'll try to be as frank as I can about the topic.  I'm going to try to write for people who've never been to Defcon before (but may have been to other hacker cons).  I'm not going to lie or joke around (which some of the guides tend to do) and give as much personal advice as I can.  I'm also going to try to not sound like your parents, because …

Part of every traveler's threat model today should include the following scenario:

When you're trying to fly into or out of an airport en route to someplace else, it is entirely possible that the airport's security staff will take you aside for a more thorough search and questioning while your stuff is taken someplace out of your control and analyzed. We know that there are malware packages available today that boobytrap the boot device of laptop computers to install various forms of surveillance malware which run the next time you start your machine up and compromise the OS even though …

Since almost the beginning of Iraq II, the US military has been concerned about bloggers leaking information about upcoming operations and situations in the field that hadn't been cleaned up yet. Lately, they've been commanding troops to police their weblogs and clear all posts through a superior officer before actually posting in the hopes of minimizing the amount of sensitive information that gets out, which makes sense when you think about it. Remember what Geraldo Rivera did back in 2003? URLs and names of blogs have to be registered with the chain of command so that they can keep an …