I used burners at DEFCON 2016. Eventually moved back to my actual phones. But, I talked with other people and according to them there were cell sites that were suspect. Never found out if it was true or not. But, as others have stated I turned off my WiFi.
I was at this past DEFCON, we had cell sites named "Arnold's Biggest Scam" and "AT&T Totally 1337 Tower".
There are others, but those two were prominent because I could access them in my room lol.
From what I’ve read, all you really need to do is turn off wi-fi, which is already fairly paranoid given that no one is realistically going to burn a serious chipset zero-day on random people at a conference. Fake cell towers do occasionally happen but rapidly lead to arrests.
Why wouldn’t they burn a chipset 0-day? It’s unlikely that only one exploit has been and will ever be uncovered. Imagine the shitstorm if you phoned all of DEFCON with a recording to attend your talk, on their radio “off” devices, because you powered them back on at the right time. Imagine the respect. That would be worth a 0-day.
"random people" who with high probability may have undisclosed 0day exploits stockpiled on other devices.... yeah if I'm an APT author DEFCON attendees are (the hardest to exploit and most paranoid [read: likely to get caught by]) the ideal target for any nation-state. not to mention that the conference is often attended by multiple state agencies which makes the target even juicer. yes it's an extremely hard and dangerous group of people to attempt to exploit, but that doesn't detract from the potential value and payoff of a successful APT exploit on said group of people
That's not how Nation State actors work. One of the things that makes Nation State actors dangerous is they have the patience and resources to attack a high value target at the most likely to succeed point. Backing that up, they generally have the intelligence to know when that best time is. And they for sure know that it's not at defcon when everyone is, as you say, paranoid and on the alert. They're going to get you at home, at happy hour with your non-security friends, in that bar with the great but insecure wifi and no 4g.
There are no arrests listed for cellular activities at Wikipedia’s “Notable Incidents” list for DEFCON, so if you have direct confirmation of any such arrests, you should add them to the page at https://en.m.wikipedia.org/wiki/DEF_CON
> all you really need to do is turn off wi-fi, which is already fairly paranoid given that no one is realistically going to burn a serious chipset zero-day on random people at a conferenc
I know very little about security or defcon, but I was under the illusion that stuff like running Wifi Pineapple to trick people to connect to their hotspots was common and doesn't require any 0-days.
On the useless tautological sense. If you can't measure CO to within 20%, can hardly measure CI to within that range - then for all practical purposes, the equation does not work.
You may want to read about (lack of) precision in Atwater factors, to the tune of 50%, if you believe CI is easy to compute.
"The graves of investors have been dug with political shovels." awesome quote! hadn't heard that one before. reminds me of the old 'the market can stay irrational longer than you can stay solvent' line.
