Canonical List Of Things To Do At A Security Conference During A Boring Presentation

You’re sitting there, bored out of you skull. The speakers are just repeating over and over again how important security is, but are presenting no technical content that would help you in any way. Hey, you showed up at a security conference, you already believe security is important. Other wise you would not be there, so they are preaching to the choir. To quote someone else:

“Sounds boring as hell to me. A bunch of managerial types wafting hot air on various pithy, high level statements that are brutally obvious to anyone with half a clue. I would rather subject myself to the tender mercies of the North Korean Police. They should have technical content of which there is none.” ~Alt.don from

During those special times what do you do to keep yourself occupied? Here’s my list, tell me what you would add. No, not all of the activities are ethical, but I’ve seen some them done and they do help to amuse a bored listener.

1. Categorize the attendees. Kind of like spot the Fed at Defcon. Sorry, but many times stereotypes hold a lot of truth. Here are a few categories:
a. Manager types who are just there to look like they care about security.
b. Bored techies that are there because their boss wants them to be.
c. Hackers who want to learn more about the subjects and are hoping for some technical content.
d. Play spot the Fed/Whitehat/Blackhat/Greyhat.

2. Play sniffer games. Lots of conferences provide free Wi-Fi for attendees.
a. See what traffic is out on the LAN using Ethereal.
b. Snarf HTTP traffic and see what web pages other attendees are looking at.
c. Sniff other folks passwords with Ettercap/Dsniff/Cain, not to do anything with them, but just for the hell of it. It’s amusing to see all these folks at a security conference using unsecured protocols.

3. Spot others playing “Sniffer Games”. You will see quite a few.
4. Ask them if they found anything cool.
5. Scan the network with Nmap to see what’s out there.
6. Try to “own” the presentation machine.
7. Net message the presenters computer.
8. Death match video games with other attendees.
9. Try not to get kicked out for doing any of the above.

What would you add?