Profile picture
Rene Mayrhofer @rene_mobile
, 11 tweets, 4 min read Read on Twitter
Thread: So, for my first time, I went to #BHUSA2018 (@BlackHatEvents) and #DEFCON26. I took my main phone and laptop, and on conference day 1 went completely non-anonymous with an Android platform security team T-shirt on. Let me tell you what happened. 1/n
For context, prior to the first main conference day, I did 2 days training with @colinoflynn on power analysis and clock glitching with #ChipWhisperer and learned a ton. This has shown me how easy such hardware attacks can be today. 2/n
For those 2 days, I brought an old loaner laptop to work with the provided #VirtualBox images (which is not supported on ChromeOS at this time). Yes, I did plug in @colinoflynn's USB stick into this loaner laptop (without configured accounts). 3/n
On the other days, I simply brought my main Pixel 2 and Pixelbook, both with my personal accounts as well as @Google corporate accounts configured (on Android using work profile to keep personal and work lives apart - I really like that feature!). 4/n
And yes, against common advice, I did log into all my mail and many other accounts while there, call my family, etc. Stupid, I know, but usability wins over paranoia even for security geeks while traveling.... 5/n
In the spirit of full disclosure, I did break my normal pattern on one account: on the Pixel 2, I disabled WiFi and Bluetooth (which, on most days, I simply leave on all the time). 6/n
The main reason was battery usage (I wanted to get through loooong days with high screen time), but I admit that I am not yet fully happy with the radio-side attack surface (working on more fuzzing and mitigations on that side, so stay tuned for next year's experiment ;) ). 7/n
Now, finally, after all that intro/context, the list of all the bad things that happened to my devices and accounts:
.
.
.
.
.
.
.
.
1. I got 2 spam calls (well, normal in the US).
2. I got more spam emails (well, the hotel now has my address).
8/n
3. My Twitter account took way too much time to read (thanks to #BHUSA2018 craziness).
4. So far, nothing else.

Thanks for staying with me for that long for a complete anti-climax. I will keep watching my personal servers, and Google will certainly watch my corp account. 9/n
Why wasn't I concerned going there? Because I consider the network (outside my very own LAN) untrusted anyways, use TLS or VPN for everything including server verification, 2FA where possible, and have a reasonable device lock screen (and keep an eye on my physical devices). 10/n
Doing that only during time spent at security conferences but not otherwise would be foolish. Attacks can happen anywhere, especially when you are a potentially exposed target. Just use proper IT security hygiene, and you don't have to be afraid of #BHUSA2018/#DEFCON26. 11/11
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Rene Mayrhofer
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#BHUSA2018 #DEFCON26 #ChipWhisperer #VirtualBox

Related threads

Profile picture
#Thread!

THE JOURNEY OF #AfricaTweetChat

1. ATC, @AfricaTweetChat, was launched on 1st February 2018 by @janetmachuka_ & the co-founder, @barryonyango as a platform to bring African individual brands and start-ups to one #digitalmarketing learning space.
2. The second chat was led by @Ugaman01 on 8th February on "How can #Startups leverage on #socialmedia to cost effective #marketing." The chat was successful drawing in a new audience from Uganda. #AfricaTweetChat
3. Name: @Komana_MN from Zambia. She is a charming heart and as pretty as she is, she is a Digital Marketing specialist and founder of @IdeaBizDM. She handled the topic: "Why Building a #brand needs #Content."

#AfricaCareerChat
Read 41 tweets
Profile picture
#Thread

Why I decided to oppose @MBuhari - @bukolasaraki addresses followers in Kwara State 👇

"All that you have complained about tonight is on point, I can not find anything you have said that is not on point, you complained about empowerment" @bukolasaraki
"Let us agree that the last 3 and a half years, things have not been easy at all, I agree and accept things have not been easy at all, particularly in the area of empowerment" @bukolasaraki
"Before 2015 I have always tried to empower the youth and get you involved in appointments, but this time around as a result of what I call human factor, things have not been the same, I believe it is the will of God" @bukolasaraki
Read 27 tweets
Profile picture
#Thread 👇
AS we are all focused and arguing over the choice between @atiku and @MBuhari and following needless cat and mouse game over budget for #NigeriaDecides2019 NASS finally had the brainwave to divert N242.24bn (via virement) from existing budgets to fund 2019 elections.
Guess what budgets our dear overpaid #NASS led by @bukolasaraki choose to cut? Agriculture N11bn. HEALTH N8.05bn. EDUCATION N10.2bn. Works (roads included), Power and Housing N25.5bn. Science & Tech - N7.46bn. Water Resources - N12.95bn and more. Budget trackers went DEAF n BLIND
.@bukolasaraki and his cabal in #NASS claims these cuts were agreed on with the Presidency. This is a clever by half claim for those who forget how the @inecnigeria budget became a convenient weapon and was endlessly delayed by NASS. Weponised delay. saharareporters.com/2018/08/18/n18…
Read 13 tweets
Profile picture
#THREAD

#RogerStone #Guccifer2 #Assange #Farage #Trump
1.#RogerStone and #Guccifer2 had at least 16 contacts during the 2016 Election cycle.

#RogerStone #Guccifer2 #Assange #Farage #Trump

2..#Guccifer2 is identified as a #Russian #GRU operative.

#RogerStone #Guccifer2 #Assange #Farage #Trump

thedailybeast.com/exclusive-lone…
Read 21 tweets
Profile picture
#Thread Went to Vizhinjam coast to meet the fishermen who took part in rescue mission in #KeralaFloods . We were filled with positive energy and happiness hearing their experiences (1/n)
We dedicated almost 2 pages for celebrating their mission.On Thursday 8.10 pm Fr.Justin Judin,vicar of Vizhinjam church announced the requirement for boats through public announcement system. In 20 minutes almost 50 boats and 100 fishermen were assembled. Military like formation!
Just see the Engine fan of a fishing boat which participated in the #KeralaFloods rescue mission. Most of the boats are damaged and they won't be able to go to sea for a while. I was blown away by their sacrifice (3/n)
Read 24 tweets
Profile picture
#THREAD
Response to the @OfficialAPCNg Chairman, Adams Oshiomhole by Yusuph Olaniyonu (@YusuphOlaniyonu), Special Adviser on Media & Publicity to the President of the Senate, Dr. Abubakar Bukola Saraki.
"It is rather surprising that Mr. Adams Oshiomhole is behaving like a rain-beaten chicken, crying all over the place about Dr. Abubakar Bukola Saraki, as if the Senate President is the apparition haunting his life and the sinking ship that he captains."
"Having decided not to join the pigs in rolling in the dirt; we would not like to be involved in any meaningless exchange with the demagogue that is now in charge of APC."-#ResponseToOshiomhole
Read 24 tweets

Trending hashtags

#OsamaBinLaden #Assange #multipolarism #Merkel #defcon #Texas #FISA #GM #Campo #Kuwait #graywashed #Iran #SEM #Wight #VisMaVieDeFlic #Mercer #Dieudonné #BFM #Maslow #Ivashov #WashingtonPost #Istanbul #AIPAC #BinLadenDeath #Jatras

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

>