Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/20/2010
05:10 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hackers Unite!

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.

I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.It's a good time to be me: This weekend I'll head to Florida to see friends and spend some time in South Beach. In three weeks I'll go to Seattle to catch up with the start ups of Puget Sound. After that, a few work trips to Asia and Europe.

But what I'm really excited about is that my annual pilgrimage to Las Vegas is only a week away. First, there's Black Hat, which will be filled with sponsored parties and great talks. Plenty of industry deals get closed here. The lineup of speakers and topics looks good this year, definitely worth attending.

As Black Hat begins to wind down, the city will be filled with a different crowd as the Defcon hacker conference kicks off at the end of the week. Defcon is an eclectic mix of who's who from the corporate and underground scenes. Good guys and bad all intertangled for the same purpose: to learn and spread ideas. This year, Defcon is running a bit longer than usual and has added talks all the way through the weekend, so if you're in town, swing by and check it out.

Less well-known is the Security BSides conference, or just BSides for short. The founders of BSides formed it with the intention of creating a more informal gathering where presenters and attendees have plenty of time to mingle and discuss topics in depth. Gone are the VIP suites reserved only for the elite few who speak. Instead, presenters, attendees, and yes even press are treated the same. We all talk, discuss ideas, and help one another learn and solve problems. BSides is beginning to draw traction as it expands to different parts of the country. Each BSides event is organized by people who live in the city where the event is being held; this gives a local feel and makes attendees feel much more at home.

The casual, collaborative environment fosters sharing of ideas. At a recent Boston event, some attendees were huddled in a corner writing code to prove a theory, while others were discussing problems they face day to day and how to solve them. At the end of the day, this is what it's all about.

I have always said my favorite time at conferences is not the talks, though there are some good ones. At RSA each year you can find me in the lobby of the W catching up and discussing the finer points of Russian cybercrime. At Black Hat ... well, it's Vegas, so you probably can't find me unless you have me on foursquare. At BSides I'll be watching quietly to see if this little scrappy conference that could is ready for prime time.

Just a few of the talks I recommend attending

Black Hat Jackpotting Automated Teller Machines by Barnaby Jack. Extending Data Visualization Tools for Faster Pwnage by Chris Sumner Ushering in the Post-GRC World: Applied Threat Modeling by Alex Hutton and Allison Miller App Attack: Surviving the Mobile Application Explosion by John Hering Hadoop Security Design by Andrew Becherner

Defcon How to Get Your FBI File (and other information you want from the federal government) by Marcia Hoffman/EFF Our Instrumented Lives: Senors, Sensors, Everywhere by Greg Conti Open Public Sensors and Trend Monitoring by Daniel Burroughs Web Application Fingerprinting with Static Files by Patrick Thomas Practical Cellphone Spying by Chris Paget The Chinese Cyber Army by Wayne Huang and Jack Yu

Security BSides Mobilizing the PCI Resistance: Lessons From Fighting Prior Wars by Gene Kim A Mechanics View of SQL Injection by Ray Kelly InfoSec Communities Career Success by Grecs Top Ten Things IT is Doing to Enable Cyber-Crime by Daniel Molina Drivespolit: Circumventing Both Automated and Manual Drive-By-Download Detection by Wayne Huang Multi-Player Metasploit by Ryan Linn (Special appearance by HD Moore?)

The clock is ticking down and I am ready to head to the desert. Find me during the week and let's catch up, or meet for the first time. As always, follow me on Twitter, @adamely, to get my up-to-the-minute thoughts during the conference. If you are sleuthy enough to find me on foursquare you might even locate the infamous RaffCon meeting and other parties during the week. See you in Sin City.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25772
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25773
PUBLISHED: 2020-09-29
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.