Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Sneak In To a Security Conference

Posted by Soulskill on from the equip-yourself-with-a-fake-beard dept.

jfruh writes "You'd think that, of all events, security conferences would have tight security. But one anonymous human pen tester managed to sneak into the RSA conference without credentials, using tried and true techniques like waving a badge from another conference at security guards and slipping in through exits."

6 of 189 comments (clear)

  1. Re:Body language is an effective tool by vinehair · · Score: 5, Insightful

    It's easy to avoid notice if you act like you know what you're doing, where you're going and that you belong where you are. Never stand still or look around.

    Bingo. Simple tactics and social engineering are usually all you need if you really want to get at something.

    The weakest link in any security chain is always the people, and people are easy to deceive.

  2. Security is about what you're securing. by Anonymous Coward · · Score: 5, Insightful


    You'd think that, of all events, security conferences would have tight security.

    No, I wouldn't think that. I'd think that a bank, or an event involving a US President would have tight security. Security is about what you're protecting, not who's involved in it. For the most part "stealing" admission to a conference is harmless, as long as a few people do it. The security only has to be good enough to make it so only a few people sneak in.

    Security conferences aren't exactly a high profile event like, that appeals to millions (like say a Rock Concert), so people sneaking in is really not a big problem. If you didn't think you could sneak in to a conference before, you obviously haven't been paying attention.

    1. Re:Security is about what you're securing. by Ruke · · Score: 5, Insightful

      Absolutely. There's no reason to have a conference be that secure. Spending an extra five-to-ten seconds per attendee checking badges would be a major disruption in crowd flow. The primary benefit of security at this event was to make the attendees feel special, and the secondary benefit was preventing overwhelming crowds. There's basically no reason to keep out any one person who's not supposed to be there; the panels are advertisements, and the information is as good as public. Security is in place to keep out crowds of people who aren't supposed to be there, and they seemed to do well enough at that.

  3. Why? by hipp5 · · Score: 5, Insightful

    You'd think that, of all events, security conferences would have tight security.

    Why?

    I suspect the cost/hassle of doing more than basic security outweighs the benefit of catching a few people who didn't want to pay the $100 conference fee. I doubt the information being presented is secret and needs protecting. And I imagine of all conference organizers, the organizers of a security conference would have best grasp on this security cost/benefit.

  4. "sneak" into a sales presentation? by mindcandy · · Score: 5, Insightful

    RSA 2012 is basically a big sales presentation.
    To suggest sneaking in is a big achievement is like saying you got into BestBuy a few minutes early one day to shop for TVs.

  5. Re:Body language is an effective tool by krept · · Score: 5, Insightful

    Find a pack of people smoking. They always know the easiest way to get out and back in quickly.

    --
    None of us know everything. Therefore we're all naïve.