Security Wisdom Watch: Black Hat-Defcon edition

The recent Black Hat and Defcon security conferences in Las Vegas illustrated plenty of fresh security challenges -- and the ridiculous ways in which some practitioners choose to conduct themselves.

Thumbs down: RSA -- After the big attack it suffered last year, you'd think RSA would use an event like Black Hat to double down on restoring its reputation for rock-solid security products. Instead, they staffed their exhibit with booth babes in the trashiest attire (or lack thereof) money can buy. Instead of talking about the technology, attendees spoke of nothing but the "trashy booth babes." Stay classy, RSA.

Thumbs up:  National Security Agency Director General Keith B. Alexander -- The General went to Defcon and asked a room full of hackers to be his foot soldiers in the battle to secure cyberspace. Given the NSA's penchant for secrecy and mistrust in the past, Alexander's approach -- traveling to events around the country and inviting attendees to be part of his fight -- is refreshing.

Thumbs up: Dave Aitel, CEO of Immunity Inc. -- Agree or not with his position that security awareness training is a waste of time, but give the man credit for having the fortitude to challenge the conventional wisdom in a public setting like CSOonline. His guest column was the talk of the Black Hat conference, and his advice has certainly given infosec professionals something to think about.

Thumbs down: Traditional media -- The mainstream press may have decided cybersecurity is a high-priority story topic, but it has trouble getting it right in the storytelling. Exhibit A: A hyperbolic headline -- “Can Twitter really help expose Psychopath killers’ traits?” -- that played up a Defcon talk as being far more dramatic than it really was (even one of the presenters said so, in a public dinging of Fox News). Exhibit B: WBUR's groaner of a teaser in its Black Hat-Defcon report, which started with, "No, this is not the plot for a summer blockbuster..."

Thumbs both ways: Attrition.org -- One of the more popular websites in the security community is attrition.org -- particularly the Errata section, in which so-called charlatans of the industry are exposed. At Black Hat, we heard from Brian Martin -- a.k.a. Jericho – on the history of Errata and how the project has evolved over 13 years. It's a project that's gained a lot of respect in the industry, but there's a danger: Everyone makes mistakes, and yours can look a lot worse than they really are if you're in the business of exposing everyone else's faults. We're pretty certain Jericho understands that, but thought it worth saying anyway.

Copyright © 2012 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline