Black Hat 2011 has kicked off in steamy Las Vegas (highs over 100 this week!). But Black Hat isn’t about the weather, it’s about the hacking. And there will be hacking. ZDNet has already rounded up this year’s “10 can’t miss hacks and presentations.” Among those that made our ears perk up, are Moxie Marlinspike’s “SSL And The Future Of Authenticity” and Jerome Radcliffe’s “Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System.” Of course, if you’re worried about being hacked, Network World’s Tim Greene has published a checklist on “How to Survive Black Hat and Defcon without getting hacked – maybe” – love the caveat.
VPN Haus: Because so many people are doing demos of hacks at Black Hat, should attendees take more precaution in protecting their data and VPN networks, than they would at a show like, say, Interop?
Travis Carelock: To be honest the demos on stage are the least of the attendee’s concerns. The Black Hat speakers generally do a very good job displaying and demo’ing their PoC(Proof of Concept) in responsible ways. I have never heard of an attendee compromised because of a demo onstage. However, I have heard of an attendee compromised because of the attendee sitting to their right. One of the primary things that differentiate Black Hat from a show like Interop is our average attendee. Over 6,000 cutting‐edge security experts (with average cost of $3000, most companies don’t send their junior squad) will be in attendance, each smarter than the next, each with a complete hacking tool set updated, locked, loaded and ready to go, and most with a hacker’s mindset. So, yes taking more precautions at Black Hat is always good.
VPN Haus: How is Black Hat Las Vegas different than the DC, the Abu Dhabi, and the Europe show?
Carelock: Black Hat USA is our flagship event. It is several times bigger than our other events and serves as the yearly round up for the entire security community. The previous year’s trends are analyzed, predictions about the next year are made, awards are given based on community response and voting. In general, the community comes together to swap stories, techniques, and network. Our other events are more targeted affairs, in which we try to serve some of the specific concerns of the regions in which they are held. At all our events we try to bring the latest offensive and defensive security presentations and techniques, the smaller events merely allow Black Hat to tailor what can be.
Here’s to a great show – and stay safe, everyone. See part one of our conversation with Travis Carelock here.