In my 30+ years in the computer industry, I’ve attended hundreds of tech conferences. Somehow, though, I’ve never made it to Black Hat – until this year. Here’s a few of the presentations that I’m particularly looking forward to.
My first tech conference was the Spring Comdex in 1983, held in a cavernous convention hall in Anaheim. Every vendor was equipped with an 8-foot table, an extension cable, and the certainty that his software could change the world.
In the years since, I’ve worn out several pairs of shoes by traipsing through hundreds of exhibit halls, attending technology briefings (and speaking at a few), and permitting myself to be locked in small rooms for vendor briefings. It’s a point of geek pride that I only missed one Fall Comdex from 1987 to 2000; I’ve gone to CeBit in Germany, the Consumer Electronics Show (CES) in Las Vegas, JavaOne in San Francisco, Microsoft TechEd in Orlando, and dozens more.
But somehow I haven’t managed to get to the Black Hat security conference until this year. I’m rather excited about attending, despite all the tales about people hacking cell phones just to prove they can. Mostly, I’m psyched to listen to experts explain security topics that are relevant to my job… and, I suspect, to yours as well.
These are the tech briefings I’ve put on my must-attend list. See if they match with the sessions you’re planning to attend… or wish you could.
The Lifecycle Of A Revolution
At some conferences, the keynote speaker is a corporate figurehead speaking in generalities about industry trends that never come to pass. Ho hum. But I have high hopes for this presentation, given that Jennifer Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society. She promises to give an overview of the changes we’ve seen – or haven’t seen – in the 20 years since I could write things like, “…the on-ramp to the Information Superhighway.”
Twenty years on, says the session abstract, “cyberspace” looks a lot less revolutionary than it once did. “Hackers have become information security professionals. Racism and sexism have proven resilient enough to thrive in the digital world. Big companies are getting even bigger, and the decisions corporations not just governments make about security, privacy, and free speech affect hundreds of thousands, or millions, of people.” In the next 20 years, she asserts, the key issues are centralization, regulation, and globalization, which will change digital networks and information security. “So where does that leave security, openness, innovation, and freedom?” she asks. I’m interested in hearing her answers.
Remote Exploitation of an Unaltered Passenger Vehicle
Possibly the most anticipated presentation is this session to be given by Charlie Miller, a security engineer at Twitter, and Chris Valasek, director of Vehicle Security Research at IOActive. That’s because a Wired post in which they demonstrated how to remotely kill a Jeep on the highway got a huge amount of, ahem, traffic. For good reason: The speakers raise quite a few issues about the possibilities of vehicular automation (a subject that has fascinated me for quite a while).
“The ambiguous nature of automotive security leads to narratives that are polar opposites,” suggest Miller and Valasek: “Either we’re all going to die or our cars are perfectly safe.” They promise to show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered factory vehicle and by demonstrating the reality and limitations of remote car attacks.
I expect to be glad I’m flying home from Las Vegas instead of driving. Uh, I think.
Android Security State Of The Union
I’ve watched the evolution of the mobile phone market from Nokia market domination to Blackberry-uber-alles to today’s Android-versus-iPhone. These days, it seems as though Android is on top – let’s just wait ten minutes for the next innovation, shall we? Given Druva’s attention to supporting and backing-up mobile devices, this is a big hairy issue for my colleagues as well.
Certainly, there is no more authoritative speaker on the topic of Android security than Adrian Ludwig, Google’s lead engineer for Android security. Ludwig promises to establish a baseline for the major factors driving security in the Android ecosystem, using data collected from hundreds of millions of Android devices. He’s sure to have thought in great depth about the issues that merit community attention and research contributions. It should be fascinating.
How to Implement Security After a Cyber Meltdown
Druva is all too familiar with the sound of panicked voices on the phone, after an about-to-become customer lost their data (in a security breach, laptop-left-behind, or other scary mishap). We are, after all, in the business of helping enterprise organizations protect their assets – or at least helping them prevent another such occurrence.
So I am interested to hear what Hypasec’s Christina Kubecka has to say about the real world of “put the pieces back together again.” She implemented the first IT Security unit for Aramco Overseas Company, a Saudi Aramco affiliate which provides all IT services for Saudi Aramco in South America and the EMEA region outside of Saudi Arabia – which endured cyber attacks in 2012. Although oil production wasn’t directly affected, she says, business operations were greatly interrupted and remain so.
The Battle For Free Speech on the Internet
I’m an unapologetic tech hippie who was first drawn to microcomputers in the era of the Whole Earth Catalog because of the goal of “power to the people.” I’ve been involved in online communities since the era of the BBS, and running them since 1990. So the issues of free speech, censorship, Internet trolls, and “mob rule” are very close to my heart.
In this session, Matthew Prince, co-founder and CEO of CloudFlare, will explain the cost of mob rule trumping the rule of law, and how it affects the fight to keep the Internet free and open. Ideally we’ll hear strategies for managing high-risk content, and his suggested strategies for the future. It’ll be hard to shut me up during the Q&A session; I feel rather passionately about this topic!
These are the sessions that grab me. Which appeal most to you?
And if you see me at the conference (or the Druva booth in the exhibit hall, #465) please say Hi! (Especially if you bring chocolate. Or a cat.)
- The Black Hat Attendee Guide
- Staying Secure At Black Hat and DEFCON: Tips to Keep You Off the Wall of Sheep