Black Hat: Security Conference or Burglar School? | eWeek

Black Hat: Security Conference or Burglar School?

Verfasst von
Larry Seltzer
Larry Seltzer
Jul 31, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

While writing my column earlier this week I got mad at the organizers of this weeks Black Hat conference in Las Vegas.. After all, why try to train people to write the worst, most invasive and difficult to defend against attack software?

Their main argument is that security professionals need to understand attacks, even the worst ones, if they are to defend against them. Even if theres clearly something to it, Im not sure the argument completely works. I just dont like the idea of so openly spreading knowledge on such potentially destructive technologies.

At the same time, a more comprehensive look at Black Hats sessions shows a picture of useful, interesting and undeniably legitimate training. Theres a wealth of information covering computer forensic examination and how to secure your network against general and specific threats, as well as postmortems on recent security incidents and evaluations of prominent products. Speakers at the conferences have included representatives from Microsoft, law enforcement officials, and even the Special Advisor to the President for Cyberspace Security. For more information take a look at Black Hats archive of presentations notes and videos of past conferences.

Still, on the flip side, theres the rootkit class I mentioned earlier. And the session on how to exploit DCOM. And how to write Cisco IOS exploits. I would feel a lot more comfortable with exercises such as these if they were always accompanied by information on how to defend yourself against the attack.

For instance, theres the class “Attacking and Securing UNIX FTP Servers.” This one-sided training reminds me of the people who publicly release exploit code for a vulnerability before it has been patched. Such people are part of the problem in spite of their puerile excuses. Just because people ought to look where theyre going doesnt make it right to throw banana peels on the sidewalk. If someone trips you are to blame.

When I was younger, there was a time when I wanted to become a locksmith, and I still like to tinker with locks. Im sure some percentage of the people who attend locksmith vocational and technical schools do so intending to use their knowledge in the pursuit of crime. Same thing for people who learn about alarm systems. Im sure everyone in the business just accepts this situation, since you cant read peoples minds when you train them. You have to hope they will be honest.

And even though a good locksmith must think like a burglar in order to make a building really secure, I really doubt that they teach “Breaking and Entering 101” and “Advanced Bank Robbery” in locksmith school. Or do they? Should they?

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.