With all the concern over Microsofts track at Black Hat youd think it was being held in Redmond, not Las Vegas.
I wont be at Black Hat, although I wish I could. Its the most interesting and useful security show of the year, but I have other obligations.
If I were there I would probably attend some of the Microsoft sessions (among them ISA Ninjitsu:Designing, Building, and Maintaining Enterprise Firewall and DMZ Topologies with Microsoft ISA Server 2004, Microsoft Security Fundamentals: Engineering, Response and Outreach, Case Study: The Secure Development Lifecycle and Internet Explorer 7, and Finding and Preventing Cross-Site Request Forgery) but its true that they seem more oriented toward the defensive side of security rather than the attack side.
So be it. Well see if people show up and how they rate those sessions on those forms you get at the end. Maybe Microsoft can give out donuts at their sessions. I find that always gets people into a meeting.
Compare those to some of the other sessions from non-Microsoft people: New Attack to RFID-Systems and their Middleware and Backends, Oracle Rootkits 2.0: The Next Generation, Hacking, Hollywood Style, and Hacking World of Warcraft: An Exercise in Advanced Rootkit Design. Its true, you wont find Microsoft presenting anything like this, and who can be surprised?
Its not like all of these attack sessions have serious credibility. Consider one of the higher-profile ones, Joanna Rutkowskas Subverting Vista Kernel for Fun and Profit.
While this comes across in preview as a flaw in Win64, in fact it appears to be a flaw in AMD hardware. A good Black Hat presentation, to be sure, but not the blockbuster its sold as.
And Microsoft isnt alone in providing “wholesome” security programming for the conference. There are plenty of others on topics unrelated to Windows.
There has always been some of this at Black Hat. It is the attack stuff that made them famous, and perhaps theres more “mainstream” content lately.
But looking back at the archives of the 2004 show (can you believe they leave this stuff up? Thats great) I see sessions on “Securing Solaris and Locking Down Linux,” “Internal Security Threats: Identification and Prevention,” and “The Evolution of Incident Response.”
So what if Microsoft isnt dropping its pants and showing all its flaws? Isnt it good for security professionals to have technical briefings from vendors delineating their strategies? If you dont want to go to these sessions, bring your own donuts and go to another one.
Black Hat may be riding high in the grand scheme of things, but its not a great era these days for trade shows.
The technological trends that made Comdex obsolete will eventually catch up with even the cooler, more specialized shows. If I were running this show, Id get whatever I could out of it while I could.
And if I were running Black Hat I would also do whatever I could to make the industry know I wasnt the enemy.
Black Hat has a history of presentations that get companies pissed off. You never know when someones going to cross the line and get the government involved. Its respectability or trouble for Black Hat. Im not worried for them.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at [email protected]