Black Hat: Security Research Celebs Prepare to Rock Black Hat
Every corner of the IT industry, or the business world for that matter, claims to have its own set of "rock stars."
However, unlike almost any other sector, the personalities that represent the celebrity contingent in the world of vulnerability research and ethical hacking actually look and act, in many cases, like the performance artists that their closest followers might imagine them to be.
OK, in other cases, not so much, but hey, let's face it, white hat hacking has transitioned from an underground world conveyed from one adult parent's basement to another into a slick, profitable market where leading advocates are often paid handsomely and treated like the luminaries that they truly are in such a relevant, cutting-edge space.
So it's not surprising that as we prepare for the Black Hat USA 2009 conference to get underway today, there's a full slate of speeches on the docket from some of these industry icons who have made previous years' shows so special, and carved out their respective roles as the de facto faces of different elements of the industry.
No question there will be breakout talks by lesser known experts, including those delivered later this week at Defcon and at the alternative "Security B-Sides" conference being held by speakers whose programs weren't accepted by Black Hat.
But among the big guns, here's a who's who of what is being presented on at Black Hat 2009 by those whose names have become "household" commodities in the ethical hacking arena (in alphabetical order):
-Along with Joshua "Jabra" Abraham, perennial standout Robert "RSnake" Hansen will offer up "Unmasking You" in which the researchers will demonstrate how to hack proxies and other privacy techniques, and release several related zero day exploits.
-Former National Cyber Security Center director Rod Beckstrom will present his "Model for Valuing Networks and Security," which values a network by "looking from the edge of the network at all of the transactions conducted and the value added to each."
-Dino Dai Zovi will show off his significant Apple hacking skills in a pair of presentations dedicated to highlighting "Advanced Mac OS Rootkits" and "Macsploitation" using the Metasploit penetration testing framework.
-Jennifer Granick will offer her annual legal take on issues of hacking, this year is presenting a "Year in Review" on cyber-crime incidents including those involving MySpace and the Massachusetts Bay Transportation Authority (MBTA).
-Jeremiah Grossman and Trey Ford will give a sequel to last year's "Get Rich or Die Trying" presentation that highlights simple but effective ways to game the Internet for a profit.
-Billy Hoffman and Matt Wood will speak on the topic of creating a browser-based Darknet infrastructure, and how realistic that concept is today.
-Mykko Hyponnen will delve into the "Mysteries of Conficker" in examining the specific challenges presented to the security community by the much-hyped botnet/worm attack.
-Dan Kaminsky and Len Sassaman will talk about some unspecified issue of network security, perhaps related to something insignificant like taking the entire Internet offline if earlier years' presentations are to act as a guide in 2009.
-Johnny Long will address the very notion of becoming a vulnerability research community rock star, and what all of that entails.
-Bruce Schneier will chat about "Re-conceptualizing Security" to help better calibrate real-world risk and our very sense of personal technology-driven security.
-Val Smith, Colin Ames and David Kerb will review methods for creating phishing and spear phishing tests using Metasploit.
-Alexander Sotirov and Mike Zussman will speak on "Security Myths of Extended Validation SSL Certificates."
And really that's just scratching the surface.
Along with all the big names we're certain to see new researchers taking over the industry spotlight at this year's confab in the desert.
The sun is just now rising over the Vegas strip.
It's time to get down to business.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.