Opinion
FUD Watch | Black Hat and the Hype Machine
Next month the hacking community will descend upon Las Vegas for the Black Hat and Defcon events. But are these events anything more than theater?
By Bill Brenner, Senior Editor
In 2005, a lot of presentations were overshadowed by a big stink Cisco made over researcher Michael Lynn's plans to unveil a vulnerability in Cisco's routers that, if exploited, could have theoretically done serious harm to the Internet. That one controversy was practically all the tech media would focus on, and, nearly three years later, the digital underground has yet to bring down the Internet with that particular flaw.
At last year's Defcon event, which takes place in a different Vegas venue after Black Hat, all else was overshadowed by the public outing of a Dateline NBC reporter who was undercover at the hacker gathering with a hidden video-camera to see if she could out an undercover federal agent at Defcon and make a story out of the perceived sinister deeds that transpire there.
There is always a lot of coverage leading up to the events, especially the buzz about one big flaw or another that will be revealed there. Sometimes, the buzz is justified.
This time, for example, a lot of the focus is on a Domain Name System (DNS) flaw researcher Dan Kaminsky will present on in technical detail. The flaw, one of the genuine big ones that prompted a variety of vendors to collectively release software updates to patch it this week, is worth the hype because it affects one of the Internet's underlying protocols.
Has all the hype diminished the relevance of these events? I don't think so. It will always be human nature to stop and glare at high drama, but those who pay attention to the rest of the agenda are bound to come out of it with some wisdom they can take back to their jobs.
The trick is for security pros to go there with eyes and ears at attention, taking note of the dramatic moments but not being consumed by them. It's up to the professional to see through the hoopla and focus on presentations that just might have an impact on their individual security program.
Other stories by Bill Brenner
Black Hat
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
