Salted Hash: Live from DEF CON 23


It's Friday, and DEF CON 23 is the final stretch for thousands of hackers who have come to Las Vegas to mingle, teach, and learn. For today's post, we'll recap a few rules for DEF CON attendees, and discuss a news items that got our attention recently here on Salted Hash.

Relax and have fun:

Last year, I wrote a practical survival guide of sorts for those heading to Las Vegas. This year, I'll link to it, but remind you of three points.

  1. Eventually you'll hear talk about how dangerous the network is at DEF CON. If the network scares you, don't use it. If you do login, then use a VPN and do not do anything on the laptop you wouldn't want to share with a few thousand people and their friends.
  2. Remember the 3-2-1 rule. Live by it. Each day, get at least three hours of sleep, eat two meals, and take one shower.
  3. If the choice is between a talk and hanging out with friends, skip the talk. They're recorded, and you can always email the presenter after the con and talk.

Painting targets:

Last week, and interesting profile piece ran on Fortune. The story focused on CrowdStrike and their CEO George Kurtz. It's a solid profile piece, pure promotion, but the title and the article's contents are a bit concerning:

"Hackers give up when they go up against this cybersecurity company"

An archive of the story is here:

The story reads like a pitched profile piece, complete with a case study that outlines how when attackers come up against CrowdStrike in the field, they give up and go home. The company is just that good. Now, I'm sure the company has talented engineers and in many cases their products are worth using – I'm not going to argue for or against them.

My concern is the fact the headline and the story's opening sentence has placed a giant target on the company's back – and it was intentional. The last time a company taunted hackers in print, they folded and the CEO of their federal business faced public humiliation and scorn.

I'm talking about HBGary Federal, a topic I covered extensively in 2011.

The HBGary hack was already in the works long before Aaron Barr went to the Financial Times and claimed he could identify key people supporting Anonymous. However, that story prompted those responsible to move forward and disclose the breach, releasing 4.71 GB of data taken form the company. This was later followed by the release of more than 50,000 emails taken form the company's mail spools.

With the CrowdStrike story, they're taunting known actors with time and resources.

"Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled."

Perhaps CrowdStrike has nothing to fear, and they want to be targeted. Maybe they are able to stop every attack that comes on their radar and defend each customer fully.

Covering InfoSec for the last decade has made me a cynic and skeptic. While I recognize this is a promotional article, one geared towards sales, I can't help but wonder how much time is on the clock and when the breach will happen.

Worse, if the attackers target CrowdStrike's Falcon product, customers currently using it would be placed at risk. In this case, I think the best bet for security companies would be to remember, someone is always going to be faster, more clever, and smarter.

Draco Dormiens Nunquam Titillandus

(If you do, it might not be laughter you hear, but the sound of printers running notification letters...)

Finally, here is a quick recap of some other interesting news from Las Vegas:


Seculert released some new research on DGA.Changer this week. The malware family has been updated to detect when it is running within a sandbox, and if that happens it generates a set of fake domains instead of a list of actual C&Cs.

Hacker takes #3 spot on ISIS kill list

Junaid Hussain, 21, believed to be the person behind the persona Cyber Caliphate, fled to Syria in 2013. Blamed for compromising the personal information of Tony Blair, and attacking the Twitter account for CENTCOM, the U.S. has expressed “strong interest” in assassinating him for his role in the terrorist organization.

Insider: These ransomware situations can result in colossal outcomes
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies