RSA 2015: Paranoia strikes deep

Random notes from the RSA conference.


You know it's an uphill fight when you get to the RSA press room and the WiFi is protected by a short garden fence asking for your first and last name. I used Rabo Karabekian, a Kurt Vonnegut character. Karabekian was an abstract art character. Security has become abstract art as well.

Keep up with all of our RSA 2015 coverage

Yes, there were plenty of warnings on the Wi-Fi fence, telling us to use VPNs, yada yada. I found 11 shares and I wasn't looking hard, just using standard SAMBA and Bonjour network probes. Two were iPhones, and an Android logged on, too. This is the conference that closely mimes hive mind.

Let me explain:

            Corporations and other organizations are often made up of humans in a hierarchy, whose online assets—including some of their money-making apparatus—is under constant attack. There are multitudinous attack vectors. RSA is a hive mind reacting to attacks. Otherwise, corporations and organizations are interested in thriving and (in lieu of that) surviving. Much of RSA is marketing to the functional security people within these organizations. It's an international endeavor.

            There is also Black Hat and the increasingly commercialized follow-up event, DefCon. There is much innovation in terms of new and interesting lines of thought in terms of how to attack, maybe defend, and have fun destroying. It used to be an event permeated by spooks and waves of black t-shirts, reminiscent of the black suits of CeBIT but with malcontent.

            It's the Chaos Computer Club event in Germany, in December, which is clearly scandalous, total fun, and inventive in the extreme—a new home for the sandal-footed analog of clever hackers. Lots of energy, inventive destruction.

            Summary is that these are all hives, each with different motives of provocation, defense, probing, protection, enforcement, melee, that are very much like the structure: corporate hierarchy versus bees buzzing around the corporate hierarchies versus a loose army of people who love to probe and mash and smash systems security for glee, and perhaps profit and fame.

Inside one corner of the press room, a security bard waxed eloquent on having been at this conference for a dozen years. His favorite conference is the CCC in Germany. I understand his sentiments. With the state of security as far into the crapper as it is, one wonders if the expediency of fast and quick might possibly meet the majesty of forethought. Somehow, I doubt this. I hope not to be rewarded. Likely, I will.

My own site was DoSed last week, but it's not tough to use. It's a wimpy static page server on a Wordpress Linux appliance. As I write this on Monday April 20, I still have some port probes coming in that try and eat TCP connects, along with a raft of http connects. I have a cron job rebooting Apache2 once every few hours to clear it out. An ugly simple site remains until I have time to put lipstick and mascara on it. It might come as no surprise that I'm more of a geek than an artist.

Sophos has tried to take over advertising with an enormous blitz showing up in places like the BART stations and the signage inside the Moscone. There are lots of aphorisms in their messages. By tomorrow, when the show floor opens, my head may have exploded.

Must read: Hidden Cause of Slow Internet and how to fix it
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies