Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/20/2010
05:10 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hackers Unite!

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.It's a good time to be me: This weekend I'll head to Florida to see friends and spend some time in South Beach. In three weeks I'll go to Seattle to catch up with the start ups of Puget Sound. After that, a few work trips to Asia and Europe.

But what I'm really excited about is that my annual pilgrimage to Las Vegas is only a week away. First, there's Black Hat, which will be filled with sponsored parties and great talks. Plenty of industry deals get closed here. The lineup of speakers and topics looks good this year, definitely worth attending.

As Black Hat begins to wind down, the city will be filled with a different crowd as the Defcon hacker conference kicks off at the end of the week. Defcon is an eclectic mix of who's who from the corporate and underground scenes. Good guys and bad all intertangled for the same purpose: to learn and spread ideas. This year, Defcon is running a bit longer than usual and has added talks all the way through the weekend, so if you're in town, swing by and check it out.

Less well-known is the Security BSides conference, or just BSides for short. The founders of BSides formed it with the intention of creating a more informal gathering where presenters and attendees have plenty of time to mingle and discuss topics in depth. Gone are the VIP suites reserved only for the elite few who speak. Instead, presenters, attendees, and yes even press are treated the same. We all talk, discuss ideas, and help one another learn and solve problems. BSides is beginning to draw traction as it expands to different parts of the country. Each BSides event is organized by people who live in the city where the event is being held; this gives a local feel and makes attendees feel much more at home.

The casual, collaborative environment fosters sharing of ideas. At a recent Boston event, some attendees were huddled in a corner writing code to prove a theory, while others were discussing problems they face day to day and how to solve them. At the end of the day, this is what it's all about.

I have always said my favorite time at conferences is not the talks, though there are some good ones. At RSA each year you can find me in the lobby of the W catching up and discussing the finer points of Russian cybercrime. At Black Hat ... well, it's Vegas, so you probably can't find me unless you have me on foursquare. At BSides I'll be watching quietly to see if this little scrappy conference that could is ready for prime time.

Just a few of the talks I recommend attending

Black Hat Jackpotting Automated Teller Machines by Barnaby Jack. Extending Data Visualization Tools for Faster Pwnage by Chris Sumner Ushering in the Post-GRC World: Applied Threat Modeling by Alex Hutton and Allison Miller App Attack: Surviving the Mobile Application Explosion by John Hering Hadoop Security Design by Andrew Becherner

Defcon How to Get Your FBI File (and other information you want from the federal government) by Marcia Hoffman/EFF Our Instrumented Lives: Senors, Sensors, Everywhere by Greg Conti Open Public Sensors and Trend Monitoring by Daniel Burroughs Web Application Fingerprinting with Static Files by Patrick Thomas Practical Cellphone Spying by Chris Paget The Chinese Cyber Army by Wayne Huang and Jack Yu

Security BSides Mobilizing the PCI Resistance: Lessons From Fighting Prior Wars by Gene Kim A Mechanics View of SQL Injection by Ray Kelly InfoSec Communities Career Success by Grecs Top Ten Things IT is Doing to Enable Cyber-Crime by Daniel Molina Drivespolit: Circumventing Both Automated and Manual Drive-By-Download Detection by Wayne Huang Multi-Player Metasploit by Ryan Linn (Special appearance by HD Moore?)

The clock is ticking down and I am ready to head to the desert. Find me during the week and let's catch up, or meet for the first time. As always, follow me on Twitter, @adamely, to get my up-to-the-minute thoughts during the conference. If you are sleuthy enough to find me on foursquare you might even locate the infamous RaffCon meeting and other parties during the week. See you in Sin City.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9717
PUBLISHED: 2019-09-19
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
CVE-2019-9719
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-9720
PUBLISHED: 2019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
CVE-2019-16525
PUBLISHED: 2019-09-19
An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
CVE-2019-9619
PUBLISHED: 2019-09-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.