Black Hat and DEF CON: The song remains the same

Black Hat and DEF CON: The song remains the same

Yes, history repeats itself. I’m looking at the July 20-27, 2009, issue of Network World.

The front page headlines are:

- Black Hat to expose attacks

- Microsoft’s embrace of Linux seen as strategic

- Data Loss Prevention Clear Choice Test

- Burning Questions:

1) Are mobile Web apps ever going to grow up?
2) How much longer are you going to hang onto that Ethernet cable?
3) Do you have any idea how much money you’re wasting on international wireless services?

I saw Network World's Tim Greene, author of the 2009 Black Hat article, sitting in the working press area, seven years later, typing furiously.

+ Also on Network World: Black Hat: Quick look at hot issues +

Not long ago, Black Hat was in a smaller venue, but now it has expanded to fill half of the Mandalay Bay Convention Center. Of nominal amusement, the other half was filled by a gathering called SuperZoo.

Black Hat has an exhibitor floor, along with Black Hat Briefings, and a long schedule of events. Tim and I could agree on one thing of many: Black Hat is the RSA Conference, but with black T-shirts.

Exhibitors hypnotized visitors with the mantra of: APTs, malware and bad guys (oh my!). The secret security sauces were many, but the threats were largely the same. Certainly the headlines varied.

Yes, most “modern” Android-based phones can be spearfished and p0wn3d by a 3-year-old child. Windows 10 kernel resources can be hacked via its in-kernel Linux guest and vice versa. There are headlines galore, each as gruesome as the prior. It was the same way in 2009.

DEF CON—A different beast

DEF CON, however, is a completely different vibe: enshrouded in chaos, where word of mouth is better than any “official channel.”

In line, waiting for an “inhuman” badge, I heard the following discourses among the press, speakers and Black Badge holders. The Black Badge is community reward for favors done during previous years. As with other badges, it’s anonymous and so it must be re-lit each year to prevent fraud.

Overheard: IoT is the ultimate playground, you know, so many devices, so little time! Reply: Thank God for Intel IoT Framework documentation….

Overheard: …the key is to get the registry hive splice in, then do a System Registry backup call so that the backup copy has the same hive in it….

Overheard: Poisoned libs, man. Suicide. Reply: Yeah, like something outta Shakespeare.

Overheard: Cgroup flaws are killing us. Reply: Swarms. Like genetically altered Floridian Zika mosquitos. Reply: ((nods head))

Vibe: Black Hat — Largely corporate/organizational
Vibe: DEF CON — Calmer, more at ease and infinitely patient

Organization Black Hat — Pros
Organization DEF CON — An oxymoron

I like both conferences. And both of them scare the living hell out of me. Even though they sell lock picks at Black Hat (along with $30 T-shirts), at DEF CON, it might be safer for this reason alone: intellectual bullets are mightier than marketing bullets.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.