DEF CON/BlackHat Thoughts

[This was originally published on the OSVDB blog.]

I keep telling myself, “keep it short!” since writing about a week in Las Vegas tends to be wordy. No promises!

Some 3000 people apparently showed for BlackHat briefings and it showed. Despite that much money coming in and the amount of warning Caesars/BH had before the con, it was extremely frustrating attending (or giving) talks/panels where the speakers didn’t even have chairs. Like previous years, having to decide between six different tracks makes it difficult to see everything you want. Given that the videos are not always released in a timely manner, some slides don’t do the talks justice, and the professional/official videos of talks cost money, you really end up missing out on a lot of good material despite the high price tag for entry. Also frustrating this year was the abundance of “technical” talks chosen because some BH staffers they are what draws people in. While often true, having so many tracks on SQL injection or Cross-Site Scripting gets old .. even with the various “new twists” or new methods for bypassing current protection schemes. I only mention this because I read several other proposals for talks that weren’t accepted, likely due to them being a bit less technical, even though they would have been in conjunction with new tools or information. If there will be six tracks next year, please consider keeping four of them for highly technical (but focused on *new*) presentations, and two for other presentations that are of interest to the security field.

Defcon’s big change was moving from the Alexis Park to the Riviera. On the up side, all indoors and air conditioned, bigger convention space, nifty skyboxes (underused though), more availability to quick food and drink in the hotel. On the down side, still ran out of room in some talks, couldn’t run across the road to as many restaurants and such, forced to deal with families / non convention types, many of the talks were either weak or previously done at BlackHat, they ran out of badges again (how many years before they print up an extra thousand), vendor area was cramped while the big room was underused, skyboxes were neat but most were empty all day even when it would have allowed dozens more to see a full talk, the talks couldn’t be piped to the hotel rooms like they were at Alexis and many other minor things.

All in all, I felt the cons were about average. Some good, some bad, not a whole lot really changed all said and done.

And finally, a lot of ‘thanks‘ are in order. In no particular order, sincere thanks goes out to: Mike Andrews and Foundstone for their detailed interviews with various folks involved in the security community. In return for an hour of my time talking about my involvement with OSVDB and Attrition.org, they gave me a chance to say a few things I felt important and kindly rewarded me with an excellent bag of schwag. iDefense, TippingPoint’s Zero Day Initiative and Microsoft (yes, I’m publicly thanking them!) for hosting excellent parties that allowed all sides of the industry to meet and talk. Steven and Bill of CVE as well as Jeffrey and Art from CERT.org (yes, I’m publicly thanking them!) for sitting down over beers to discuss vulnerability databases and related topics. I was a bit harsh on all of them but hopefully they know it’s because I care about the future of VDBs and want us all to provide a better service to our respective ‘customers’. William Knowles from InfoSecNews (ISN) for the offered sushi dinner I had to bail out on last minute as well as countless favors and advertising for OSVDB. Simple Nomad, Weasel and the fine folks at NMRC for a fun presentation and a steady stream of great research and information. Carole Fennelly and the rest of Hacker Court for another fun year of faux courtroom antics. Where else do you find an EFF lawyer mocking the EFF and a former DoJ lawyer defending hacker scum?! The Electronic Frontier Foundation (EFF) for stepping up and turning into the watchdog organization that we so desperately need. Pyr0 and the rest of 303 for skybox and party. Jake Kouns and Hooters for hosting the OSVDB Mangler Dinner. The Hilton Star Trek thingy for letting me finally get a replacement for the tribble I lost twenty years ago. To anyone I introduced to friends or colleagues as “older than dirt“, for giving me a little faith that a few others have stuck around. Delchi for getting us into the Krave Lounge and spinning great music there (as well as the 303 party).

Leave a Reply

%d