Next week is Black Hat in Las Vegas, which is one of the world’s biggest shows for techies and hackers. We were lucky to catch up with Travis Carelock, technical director for the show, to chat with him about this year’s show.
VPN Haus: What are the expected trends at the this year’s show? What topics and sessions are getting a lot of buzz?
Travis Carelock: We are very excited about our keynotes. We are very fortunate to have highly respected individuals from both the public and private sectors. Ambassador Cofer Black, was director of the CIA’s Counterterrorist Center during the 9/11 attacks. He has since gone on to have a very successful career in the private world serving the information security sphere. His reflections over the last decade will provide attendees with an amazing view of the frontlines from someone who lived it. Our second keynote, Peiter “Mudge” Zatko of DARPA. He is an infamous “old school hacker” from the L0pht days. Mudge will tell us what the government can learn from a hacker, and because turn about it always fair play, what a hacker can learn from the government.
At Black Hat we have always delivered content centered on the latest attacks and zero days in many of IT’s most ubiquitous systems. However, one of the most surprising trends this year is all the attack vectors that are “outside” of the norm. We have some fascinating presentations on attacking SCADA systems, mobile device management systems, embedded webservers, wireless medical devices, laptop batteries, banking cards, USB devices, and even with UAVs (that’s right Unmanned Aerial Vehicles). The obvious trend is the ever-increasing complexity of our modern world. As more devices become “smarter” with code, hardware and features, history has told us that the unintended attack vectors will increase as well. The IT/Security department must broaden its scope to include this brave new world.
VPN Haus: How should Black Hat attendees secure their data, if they plan to tap into their corporate networks at the show? Do you recommend attendees bring their own VPNs?
Carelock: The three most important words Black Hat attendees need to remember in regards to their data is encryption, encryption, and ENCRYPTION! Realistically, users have not been able to store or send their data in cleartext and still maintain a reasonable expectation of security for many, many years now. If it is data on your hard drive, then it should be encrypted. If you are connecting back to your corporate network and passing the very lifeblood of your business (its data) through an unknown or hostile network, it HAS to be encrypted. Personally, if it is possible, I would suggest even using your VPN connection in a “bridge mode” with no split tunneling, and do all your Internet surfing using your corporate infrastructure via the VPN tunnel.
Stay tuned for next week, when we talk to Travis about security issues that can emerge at Black Hat.