• United States



by Managing Editor

The Black Hat, BSidesLV and Defcon post-mortem

Aug 08, 20126 mins
Application SecurityCybercrimeHacking

CSO takes a long, last look at highlights from the most recent Black Hat, BSidesLV and Defcon gatherings in Las Vegas.

It’s been two weeks since infosec practitioners were in Las Vegas for three big conferences, but people continue to discuss what they saw and heard there. To wrap up this year’s coverage and keep those conversations going, we offer this library of stories and blog posts. Security con harassment cuts both ways

There’s a lot of discussion on Twitter about harassment at security conferences lately, sparked by a newly-announced harassment policy at Brucon. But is the debate too one-sided?

Phishing attacks illustrate failure of security awareness training

The results of a survey conducted at Black Hat suggest that security awareness training is indeed falling short, as are anti-spam tools. So says security vendor PhishMe.

Observations from Black Hat: More defense, please

A breakdown of observations from Forrester Research analyst Rick Holland.

Can hackers and photographers possibly get along?

By most accounts, Defcon 20 was a glorious affair full of all the content and camaraderi we’ve come to expect. But no matter how good the event, someone always finds something to grouse about. In this case, some had a problem with photographers. Being one of those photographers, I offer some thoughts.

Security Wisdom Watch: Black Hat-Defcon edition

The recent Black Hat and Defcon security conferences in Las Vegas illustrated plenty of fresh security challenges — and the ridiculous ways in which some practitioners choose to conduct themselves.

#BlackHat: Confessions of an #infosec fanboy

I got home from Las Vegas and reached into my suitcase, eagerly pulling out a collection of T-shirts I acquired at Black Hat and BSidesLV. I immediately put on my favorite — an Akamai shirt with a honey badger large and in charge across the chest. I looked in the mirror and admired it before a cold, sinking feeling came on.

#BlackHat2012: Schneier warns of major loss of IT control, but some see silver lining

At Black Hat yesterday I sat down with security luminary Bruce Schneier to discuss the current state of things, and he had a lot to say about cloud computing and the BYOD trend. For IT professionals and security executives, his message was clear: Your days of having control over the company network is over. Done. Dead.

Welcome to RSA … I mean #BlackHat

Yesterday I walked into the room where all the vendor exhibits are and a strange feeling came over me, like I had been transported five months back in time to a place in San Francisco where the people were loud and the eye candy excessive. “Welcome to RSA,” I thought to myself.

#BSidesLV: ‘How I broke into the InfoSec world with only a tweet and an email’

Sometimes, all you have to do to land an infosec job is display your communication skills on Twitter and WordPress. That and a follow-up email did the trick for Providence Health and Services security analyst Michael Fornal, who gave a talk on it this morning at BSidesLV.

#BlackHat2012: Global hacking increases in Q2, according to report

Like the RSA conference, Black Hat is a time when security vendors like to release news on their products and research. NCC Group is using the occasion to release its Origin of Hacks report for Q2 of 2012. Let’s have a look.

#DefCon 2012: FUD over Twitter Psycho talk — 5 observations

It happens every year before DefCon: All the big media outlets latch on to one of the upcoming talks with headlines that read like the preview to a blow-’em-up summer movie. In one such case this year, the presenters delivering the talk are calling out the media — Fox News, especially — for making FUD of their findings.

#BlackHat2012: Trey Ford says email was a prank, not a phishing attack

A controversy erupted over the weekend regarding an initially-reported phishing attack against Black Hat delegates. It started with a report in Sophos’ Naked Security blog and was quickly followed up by word that it was a volunteer’s prank — not an attack.

#BlackHat #DefCon preview: Jericho reflects on 13 years of Errata

One of the more popular websites in the security community is — particularly the Errata section, in which so-called charlatans of the industry are exposed. At Black Hat, well hear from Brian Martin — a.k.a. Jericho on the history of Errata and how the project has evolved over 13 years. In a phone interview and some email exchanges, Jericho gave me a preview.

#BSidesLV preview: Jack Daniel on the future of B-Sides

At 10 a.m. Wednesday, Las Vegas time, #BSidesLV will begin with a talk from Jack Daniel — one of the chief organizers — about where the movement is at and where it’s going. I chatted with Jack this morning and got a preview. This is a good time for a status update, because B-Sides has gone through some growing pains in the last year.

#BlackHat #BSidesLV #Defcon preview: Trustwave, all over the place

I try not to give too much attention to any one vendor when writing conference previews, but sometimes it’s justified. In this case, I see some interesting talks on the agenda by people from Trustwave, so I’m listing some of them below and inviting others — vendors and non-vendors alike — to flag talks they feel people should consider attending. I’ll take what comes in and make a bigger list early next week.

#BlackHat preview: Mobile threats take center stage

With everyone and their grandparents in possession of smartphones these days, mobile threats are of great interest to Black Hat USA attendees. Vincenzo Iozzo, director of vulnerability intelligence at Trail of Bits and a member of Black Hat’s content review board, spoke with me this afternoon about what to expect in this year’s mobile track.

#BlackHat preview: Owning bad guys with JavaScript botnets

One of the talks scheduled for Black Hat USA next week is by researcher Chema Alonso, who will demonstrate the ease with which he created JavaScript botnets and used them to turn the table on the bad guys. In a phone conversation this afternoon, Alonso offered a preview.

Black Hat, DefCon and B-Sides survival guide, 2012

In two weeks a lot of us will head to Las Vegas for Black Hat, DefCon or BSidesLV. Having been to many Black Hat and B-Sides events, along with countless other events in the last eight years, I’ve learned plenty about how to get the most from the experience. And so, for the first-time attendee, I offer the following survival tips.

Trey Ford on the taming of Black Hat

In more recent years, however, Black Hat has grown into a far more predictable affair. And that’s not a bad thing, new Black Hat General Manager Trey Ford told me in a phone conversation yesterday.

Black Hat targets the C-level

In an interview with CSO, Black Hat General Manager Trey Ford explains how the annual summer pilgrimage to Las Vegas is no longer for hackers alone.