CSO takes a long, last look at highlights from the most recent Black Hat, BSidesLV and Defcon gatherings in Las Vegas. It’s been two weeks since infosec practitioners were in Las Vegas for three big conferences, but people continue to discuss what they saw and heard there. To wrap up this year’s coverage and keep those conversations going, we offer this library of stories and blog posts. Security con harassment cuts both waysThere’s a lot of discussion on Twitter about harassment at security conferences lately, sparked by a newly-announced harassment policy at Brucon. But is the debate too one-sided?Phishing attacks illustrate failure of security awareness trainingThe results of a survey conducted at Black Hat suggest that security awareness training is indeed falling short, as are anti-spam tools. So says security vendor PhishMe. Observations from Black Hat: More defense, pleaseA breakdown of observations from Forrester Research analyst Rick Holland. Can hackers and photographers possibly get along?By most accounts, Defcon 20 was a glorious affair full of all the content and camaraderi we’ve come to expect. But no matter how good the event, someone always finds something to grouse about. In this case, some had a problem with photographers. Being one of those photographers, I offer some thoughts.Security Wisdom Watch: Black Hat-Defcon editionThe recent Black Hat and Defcon security conferences in Las Vegas illustrated plenty of fresh security challenges — and the ridiculous ways in which some practitioners choose to conduct themselves.#BlackHat: Confessions of an #infosec fanboyI got home from Las Vegas and reached into my suitcase, eagerly pulling out a collection of T-shirts I acquired at Black Hat and BSidesLV. I immediately put on my favorite — an Akamai shirt with a honey badger large and in charge across the chest. I looked in the mirror and admired it before a cold, sinking feeling came on. #BlackHat2012: Schneier warns of major loss of IT control, but some see silver liningAt Black Hat yesterday I sat down with security luminary Bruce Schneier to discuss the current state of things, and he had a lot to say about cloud computing and the BYOD trend. For IT professionals and security executives, his message was clear: Your days of having control over the company network is over. Done. Dead.Welcome to RSA … I mean #BlackHatYesterday I walked into the room where all the vendor exhibits are and a strange feeling came over me, like I had been transported five months back in time to a place in San Francisco where the people were loud and the eye candy excessive. “Welcome to RSA,” I thought to myself. #BSidesLV: ‘How I broke into the InfoSec world with only a tweet and an email’Sometimes, all you have to do to land an infosec job is display your communication skills on Twitter and WordPress. That and a follow-up email did the trick for Providence Health and Services security analyst Michael Fornal, who gave a talk on it this morning at BSidesLV.#BlackHat2012: Global hacking increases in Q2, according to reportLike the RSA conference, Black Hat is a time when security vendors like to release news on their products and research. NCC Group is using the occasion to release its Origin of Hacks report for Q2 of 2012. Let’s have a look.#DefCon 2012: FUD over Twitter Psycho talk — 5 observationsIt happens every year before DefCon: All the big media outlets latch on to one of the upcoming talks with headlines that read like the preview to a blow-’em-up summer movie. In one such case this year, the presenters delivering the talk are calling out the media — Fox News, especially — for making FUD of their findings.#BlackHat2012: Trey Ford says email was a prank, not a phishing attackA controversy erupted over the weekend regarding an initially-reported phishing attack against Black Hat delegates. It started with a report in Sophos’ Naked Security blog and was quickly followed up by word that it was a volunteer’s prank — not an attack.#BlackHat #DefCon preview: Jericho reflects on 13 years of ErrataOne of the more popular websites in the security community is attrition.org — particularly the Errata section, in which so-called charlatans of the industry are exposed. At Black Hat, well hear from Brian Martin — a.k.a. Jericho on the history of Errata and how the project has evolved over 13 years. In a phone interview and some email exchanges, Jericho gave me a preview.#BSidesLV preview: Jack Daniel on the future of B-SidesAt 10 a.m. Wednesday, Las Vegas time, #BSidesLV will begin with a talk from Jack Daniel — one of the chief organizers — about where the movement is at and where it’s going. I chatted with Jack this morning and got a preview. This is a good time for a status update, because B-Sides has gone through some growing pains in the last year.#BlackHat #BSidesLV #Defcon preview: Trustwave, all over the placeI try not to give too much attention to any one vendor when writing conference previews, but sometimes it’s justified. In this case, I see some interesting talks on the agenda by people from Trustwave, so I’m listing some of them below and inviting others — vendors and non-vendors alike — to flag talks they feel people should consider attending. I’ll take what comes in and make a bigger list early next week.#BlackHat preview: Mobile threats take center stageWith everyone and their grandparents in possession of smartphones these days, mobile threats are of great interest to Black Hat USA attendees. Vincenzo Iozzo, director of vulnerability intelligence at Trail of Bits and a member of Black Hat’s content review board, spoke with me this afternoon about what to expect in this year’s mobile track.#BlackHat preview: Owning bad guys with JavaScript botnetsOne of the talks scheduled for Black Hat USA next week is by researcher Chema Alonso, who will demonstrate the ease with which he created JavaScript botnets and used them to turn the table on the bad guys. In a phone conversation this afternoon, Alonso offered a preview.Black Hat, DefCon and B-Sides survival guide, 2012In two weeks a lot of us will head to Las Vegas for Black Hat, DefCon or BSidesLV. Having been to many Black Hat and B-Sides events, along with countless other events in the last eight years, I’ve learned plenty about how to get the most from the experience. And so, for the first-time attendee, I offer the following survival tips.Trey Ford on the taming of Black HatIn more recent years, however, Black Hat has grown into a far more predictable affair. And that’s not a bad thing, new Black Hat General Manager Trey Ford told me in a phone conversation yesterday.Black Hat targets the C-levelIn an interview with CSO, Black Hat General Manager Trey Ford explains how the annual summer pilgrimage to Las Vegas is no longer for hackers alone. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Regulation Regulation news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe