Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/20/2010
05:10 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hackers Unite!

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.It's a good time to be me: This weekend I'll head to Florida to see friends and spend some time in South Beach. In three weeks I'll go to Seattle to catch up with the start ups of Puget Sound. After that, a few work trips to Asia and Europe.

But what I'm really excited about is that my annual pilgrimage to Las Vegas is only a week away. First, there's Black Hat, which will be filled with sponsored parties and great talks. Plenty of industry deals get closed here. The lineup of speakers and topics looks good this year, definitely worth attending.

As Black Hat begins to wind down, the city will be filled with a different crowd as the Defcon hacker conference kicks off at the end of the week. Defcon is an eclectic mix of who's who from the corporate and underground scenes. Good guys and bad all intertangled for the same purpose: to learn and spread ideas. This year, Defcon is running a bit longer than usual and has added talks all the way through the weekend, so if you're in town, swing by and check it out.

Less well-known is the Security BSides conference, or just BSides for short. The founders of BSides formed it with the intention of creating a more informal gathering where presenters and attendees have plenty of time to mingle and discuss topics in depth. Gone are the VIP suites reserved only for the elite few who speak. Instead, presenters, attendees, and yes even press are treated the same. We all talk, discuss ideas, and help one another learn and solve problems. BSides is beginning to draw traction as it expands to different parts of the country. Each BSides event is organized by people who live in the city where the event is being held; this gives a local feel and makes attendees feel much more at home.

The casual, collaborative environment fosters sharing of ideas. At a recent Boston event, some attendees were huddled in a corner writing code to prove a theory, while others were discussing problems they face day to day and how to solve them. At the end of the day, this is what it's all about.

I have always said my favorite time at conferences is not the talks, though there are some good ones. At RSA each year you can find me in the lobby of the W catching up and discussing the finer points of Russian cybercrime. At Black Hat ... well, it's Vegas, so you probably can't find me unless you have me on foursquare. At BSides I'll be watching quietly to see if this little scrappy conference that could is ready for prime time.

Just a few of the talks I recommend attending

Black Hat Jackpotting Automated Teller Machines by Barnaby Jack. Extending Data Visualization Tools for Faster Pwnage by Chris Sumner Ushering in the Post-GRC World: Applied Threat Modeling by Alex Hutton and Allison Miller App Attack: Surviving the Mobile Application Explosion by John Hering Hadoop Security Design by Andrew Becherner

Defcon How to Get Your FBI File (and other information you want from the federal government) by Marcia Hoffman/EFF Our Instrumented Lives: Senors, Sensors, Everywhere by Greg Conti Open Public Sensors and Trend Monitoring by Daniel Burroughs Web Application Fingerprinting with Static Files by Patrick Thomas Practical Cellphone Spying by Chris Paget The Chinese Cyber Army by Wayne Huang and Jack Yu

Security BSides Mobilizing the PCI Resistance: Lessons From Fighting Prior Wars by Gene Kim A Mechanics View of SQL Injection by Ray Kelly InfoSec Communities Career Success by Grecs Top Ten Things IT is Doing to Enable Cyber-Crime by Daniel Molina Drivespolit: Circumventing Both Automated and Manual Drive-By-Download Detection by Wayne Huang Multi-Player Metasploit by Ryan Linn (Special appearance by HD Moore?)

The clock is ticking down and I am ready to head to the desert. Find me during the week and let's catch up, or meet for the first time. As always, follow me on Twitter, @adamely, to get my up-to-the-minute thoughts during the conference. If you are sleuthy enough to find me on foursquare you might even locate the infamous RaffCon meeting and other parties during the week. See you in Sin City.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3931
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.