It’s almost that time again! Johnny Xmas, Beltface, and myself will be returning next week to Gen Con 2015 in Indianapolis (under the Circle City Con flag) to begin the yearly rotation of our panel on the state of hacking in fiction.

Something I hear repeatedly mourned by infosec professionals is that there’s not enough outreach outside our relatively small community. We tend to speak at security conferences to people who mostly understand the issues at hand. Our group of speakers has been countering this by traveling to non-infosec geekdom cons to speak on basic hacking concepts. We educate by showing fictional movie, TV, book, and game segments from the past year that include hacking, and then discuss what worked and didn’t work (and why). We’ve had good luck with this – reaching students and hobbyists who aren’t familiar with the community, as well as writers and game designers who were slightly off track technically.

Hacking is a hot subject in fiction, but unfortunately, a lot of it is portrayed in absurd ways with some common fallacies repeated constantly. We usually break these misconceptions up into:

• Magical Malware – It has no limits! It’s untraceable and unstoppable!
• The ‘Many Windows Hack’ – Black and green windows everywhere, still.
• Misappropriation of Terms – Using legit technical terms, totally wrong.
• Logical vs. Physical Distance – The bad/good guys just have to be at THE server.
• Magical Forensics – Done in seconds! With many blue lights!
• Terrible Illustrations – Those horrible renderings of ‘cyberspace’ (these are getting less common)

We then demonstrate how those fallacies are seen in clips, rating their plausibility and technical accuracy from good, to bad, to ugly. I don’t want to spoil our talk for this year for those attending, but some examples at the top of our ‘good’ list for 2014-2015 are Mr. Robot, Halt and Catch Fire, and the game Hacknet. At the bottom of our ‘ugly’ list are shows like Scorpion and Arrow.

We’re looking for more non-infosec cons to give this talk at! Travel is a consideration, but please let us know if you know of a good venue. Also, if you work in infosec and would like to participate in one of our future panels, please contact me!