Black Hat: Security Conference or Burglar School?
There's a lot to like, even admire, in the agenda of the Black Hat conference in Las Vegas. But Security Supersite Editor Larry Seltzer wonders if the sessions also help foster new security problems for us all?
While writing my column earlier this week I got mad at the organizers of this weeks Black Hat conference in Las Vegas.. After all, why try to train people to write the worst, most invasive and difficult to defend against attack software? Their main argument is that security professionals need to understand attacks, even the worst ones, if they are to defend against them. Even if theres clearly something to it, Im not sure the argument completely works. I just dont like the idea of so openly spreading knowledge on such potentially destructive technologies. At the same time, a more comprehensive look at Black Hats sessions shows a picture of useful, interesting and undeniably legitimate training. Theres a wealth of information covering computer forensic examination and how to secure your network against general and specific threats, as well as postmortems on recent security incidents and evaluations of prominent products. Speakers at the conferences have included representatives from Microsoft, law enforcement officials, and even the Special Advisor to the President for Cyberspace Security. For more information take a look at Black Hats archive of presentations notes and videos of past conferences.
Still, on the flip side, theres the rootkit class I mentioned earlier. And the session on how to exploit DCOM. And how to write Cisco IOS exploits. I would feel a lot more comfortable with exercises such as these if they were always accompanied by information on how to defend yourself against the attack.