Postmortem: Black Hat's Evolution Continues
It was another impressive year in the desert at Black Hat last week, with a record-sized crowd, tons of cutting-edge research and all the usual hoopla that goes along with the IT security industry's annual Las Vegas hacking summit.
From the presentations themselves to the vendor buzz to the undeniably vibrant and colorful social scene that goes along with the conference, it was clear that the security industry, and in particular the vulnerability research community, only continues to grow more mature and diverse in its overall makeup.
Having been to a handful of these shows now, it's easy to detect the increasingly corporate, formal air that has encroached on Black Hat's tradition of gamesmanship and merry pranksterism, over the last few years in particular. However, with the show officially adding to the floor the Wall of Sheep for unwary wireless users and with some journalists launching a secret man-in-the-middle attack in the press room, that atmosphere was alive and well in '08.
And the underlying academic spirit that has always made the show so great is far from gone, nor has it really been subdued, as so many of the people who started out snooping for vulnerabilities, writing exploit code and heading to Black Hat primarily for their own enjoyment have found ways to turn their efforts into successful business models or projects.
It is in that sense that the hacking community continues to grow up, and nowhere is that more evident than at Black Hat, though I suppose there were things that went on at the sister Defcon conference over the weekend that might lead one to think otherwise. FTR, don't ask me, I get out of town way before that thing starts rolling, as should anyone else who doesn't know how to defend themselves from outright electronic assault.
But the most significant impression that this year's show left me with is that somehow the security research community has managed to become more even more legitimatized over the last 12 months, while at the same time retaining its cool, and that's a pretty neat trick.
I didn't have as much time to attend research presentations this year, as my vendor duties kept me busy most of the time hawking software, or more specifically handing out T-shirts. But at the demonstrations that I was able to get to, there was a remarkable array of innovative concepts being displayed, and the talks were delivered with the flair and obvious love for the work being presented that we've come to expect at the show every year.
From major vendors such as Microsoft announcing powerful new initiatives that should benefit everyone involved with IT security, to relatively unknown researchers unveiling unique projects that are mostly quirky proof of concepts, there was a broad range of truly fascinating topics covered over the two-day briefings.
As always, the show only served to reinforce that this sector has some of the most intelligent, creative and entertaining people you could encounter anywhere, and that the hacking ecosystem has become a truly global phenomenon.
So, hats off to everyone who makes the show what it is, from the organizers to the participants to the attendees themselves. There was plenty of fresh intel to be shared, and everyone at the proceedings seemed to be having fun.
Fun, at an industry trade show: Yup, this is the business for me.
Hope to see you there again next year.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.