I recently returned from my seventh security conference this year. As always I had a great time and found the experience to be worth the effort of attending. While ours is a friendly community, I did observe my share of bad behavior from a small minority in our community. As my students will tell you, my number one rule in life is: Don't be a (insert favorite strong term for a jerk). My second rule is to refer to rule number one.
So here is my short list of ways you can avoid being a (jerk term) at a con:
1. Don't trash talk other cons. This is by far the most common example of bad behavior I have observed this year. It is OK to like a set of cons, and you don't need to run down cons that you haven't even been to in order to (in your mind only) make your favorite con look better. Without naming the cons I will say that while I was at a very large con there were several trash talking a second con which occurred at about the same time as a third this year. Since these two cons are both in their second year I find it highly unlikely that these individuals attended both cons last year. This behavior is just outright unacceptable. Want to tell people about a con you like, go right ahead. If someone asks you about a con that have attended that you don't like feel free to share your opinion. If you haven't attended a con then shut your mouth. Don't pull that I knew someone that went to con X and it sucked crap either. Chances are that person didn't really go.
2. If you are a speaker don't be tweeting, blogging, etc. about your next con while saying nothing about the con you are currently at. This is beyond rude. I can think of a couple examples of this I have observed over the last year. Want to tweet about the con you will be at tomorrow or next week, that's great provided you were doing the same before the conference you are currently attending. Also, don't tweet things like "Con X really didn't suck like I thought it would when they invited me". We all have egos, but all of us should view it as an honor to be invited to present at a con. By the way, if you are reading this and we follow each other on Twitter I'm probably not talking about you, so rest easy my frequently speaking friends.
3. Don't play into the media image of hackers. In other words, don't spent your time at a con trying to hack other attendees. I've heard people say that you should stay off the wifi at cons because you will get severely hacked and violated. Should you be vigilant and careful about using wifi at a con? Absolutely! In fact you should always be careful. I have heard several people blame their victims for not being smart enough to avoid being hacked or falling for their tricks. People go to cons to learn. I brought about 30 students with me to various cons this year. Some of these students had only been in college for 3 weeks so had not yet had the benefit of even an intro informaton security class. Firing up your wifi pineapple and attempting a little man-in-the-middle action on someone who has come to learn is unacceptable. A little tip for detecting these jerks. Set up your tablet or other device to connect to a non-existant open network. When the non-existant network suddenly appears you know what is going on.
4. Don't encourage illegal and/or unethical behavior. This is especially true for speakers. I have heard more than one speaker bragging about hacking unsuspecting people and then blaming their victims for being stupid enough to get hacked. I have heard claims of hacking into control systems for various vehicles and disabling engines and other things that could easily harm others. One speaker even encouraged people to hack into control networks for airplanes they were currently flying in. Really, does this sound like a good idea to anyone? Do we really think it is OK to wink and say don't try this at home and point to the standard I'm not responsible for what you do with this information disclaimer? I would liken some of what I have heard to saying it was the homeowner's fault he got burgled because he wasn't smart enough to buy a gun to discourage would-be robbers from selecting his house as a target.
I could add more rules, but I won't. I think if we all were to follow even these 4 simple rules the infosec world would be a better place. As I said earlier, it is a small minority that are giving us all a bad name. As a community the majority can speak up when we see our fellow hackers misbehaving. Perhaps with a little effort we can replace these 4 rules with my 2 normal life rules: 1. Don't be a (jerk term) & 2. Refer to #1.