DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 10, 2008
FUD Watch | Black Hat and the Hype Machine
Fellow NAISG board member Jack Daniel, a sharp security mind who does blacksmithing for fun and inspired me to write a story on how folks in our industry blow off steam, has gotten my brain spinning once again.
The inspiration this time is an item he wrote in his Uncommon Sense Security blog about the Black Hat and Defcon events that'll have Las Vegas crawling with hackers next month. He notes how he'll be attending and how he will point out the disconnect between "real" security types and much of the real world.
"So if these events are just a bunch of security geeks and hackers getting together, where's the relevance?" he asks. "Isn't it really just preaching to the choir? What's the point in that when the people who need to get the message aren't there or listening? Why go through the torment and degradation that defines modern air travel just to stress-test your liver?"
He ultimately concludes that there's still a very good reason to attend these gatherings, because "as 'the choir' it is our responsibility to spread the word to the rest of the world. If we need to hang out with a few thousand other security and hacker types and sacrifice some brain and liver cells to keep up with the latest news so that we can spread the word, I am willing to make that sacrifice for the good of the world," he writes.
Since Black Hat falls on the same week as my tenth wedding anniversary I won't be going to Vegas this time around. But I did make the trek last year and the year before, and I've often found myself wondering if the hype surrounding what happens on the upper floors of Caesars Palace squares with what security pros need to be focusing on.
Some say events like these are nothing more than an ego fest for vulnerability researchers. Though there's some truth to the ego fest part, I agree with Jack that Black Hat and Defcon are ultimately worth the time and money.
At the same time, things happen there that sometimes get in the way of the big picture.
In 2005, a lot of presentations were overshadowed by a big stink Cisco made over researcher Michael Lynn's plans to unveil a vulnerability in Cisco's routers that, if exploited, could have theoretically done serious harm to the Internet. That one controversy was practically all the tech media would focus on, and, nearly three years later, the digital underground has yet to bring down the Internet with that particular flaw.
At last year's Defcon event, which takes place in a different Vegas venue after Black Hat, all else was overshadowed by the public outing of a Dateline NBC reporter who was undercover at the hacker gathering with a hidden video-camera to see if she could out an undercover federal agent at Defcon and make a story out of the perceived sinister deeds that transpire there.
There is always a lot of coverage leading up to the events, especially the buzz about one big flaw or another that will be revealed there. Sometimes, the buzz is justified.
This time, for example, a lot of the focus is on a Domain Name System (DNS) flaw researcher Dan Kaminsky will present on in technical detail. The flaw, one of the genuine big ones that prompted a variety of vendors to collectively release software updates to patch it this week, is worth the hype because it affects one of the Internet's underlying protocols.
Has all the hype diminished the relevance of these events? I don't think so. It will always be human nature to stop and glare at high drama, but those who pay attention to the rest of the agenda are bound to come out of it with some wisdom they can take back to their jobs.
The trick is for security pros to go there with eyes and ears at attention, taking note of the dramatic moments but not being consumed by them. It's up to the professional to see through the hoopla and focus on presentations that just might have an impact on their individual security program.
Source: CSO Online
All news for August, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
