The day kicked off fairly well, albeit tinged with disappointment and anger at Cisco for being Butt Heads.
I read about Michael Lynn’s legal problems with Cisco in more detail. I tried finding him to offer my support, but unfortunately it’s a big conference and I bet he was lying low. I for one will be making sure that Cisco products are off my buy list for a long, long time. If they really think that squishing security researchers is the answer, then they do not deserve business. Fix your damn bugs, morons.
I tried interesting the press in talking to me about web application security issues, but unfortunately, they seem to be curiously disinterested. I think the next time, I’ll ask Black Hat (or whoever) to organize a press conference as honestly, they are missing the major story.
Robert J. Hansen and Meredith L. Patterson’s talk on Dejection, a mathematical model to detect dynamic injection patterns was an eye opener. This was the best talk for me so far this conference. I later had lunch with Robert, and we’re meeting with both of them again on Saturday to go through how their work might be referenced in OWASP. They are seeking patents and working with a VC, so it might be tricky to go forward without causing either themselves or OWASP issues.
I bought a copy of Michael Howard, David LeBlanc, and John Viega’s new 19 Sins book during the first break.
I went to Phil Zimmerman’s talk. It was encrypted VOIP. He uses Macs and talked off the cuff, but despite that, this was the least technical talk I went to at BlackHat. In some ways, I should have gone to another session as I didn’t learn that much. I read the new book rather than tune into the VOIP demo.
I and about five others went to Tzi-cker Chiueh’s excellent if very technical talk on using x86’s segment registers to provide hardware array bound overflow protection. He was very thorough, but unfortunately, did not demonstrate the approach live. This is the sort of stuff that BlackHat should be concentrating on to some degree – preventing attacks using novel approaches. Unfortunately, too many people want to see the latest exploits.
After lunch, I decided to try out the turbo talks. I went to Mike Pomraning’s talk on “not validating”, which actually was about validating. 🙂 I had a good long talk with Mike the night before, so I felt I should at least see his talk and heckle a bit 🙂 I sat with Robert and Meredith and we sort of heckled.
I skipped a few of the next sessions as I didn’t really think they’d be that interesting (and more to the point, the CD-ROM materials had good presentations) to go read more of 19 Sins, after which I wrote up a preliminary review.
The last session I attended was the Jericho Forum’s challenge, which is a deperimeterized architecture group. They were handing out prizes for best papers received which furthered their aims. None of the winners were there, but the papers themselves are fascinating. I’d really suggest you go get them:
All of them are here:
I am retaining my reputation for piking on social events. For some reason, I just didn’t feel like being smoked upon at the nightclubs where most of the apres parties were being held. In fact, I don’t know why they still allow smoking in the foyers of the conference during the day. Only a few took advantage of the smoking – most in IT aren’t stupid enough to smoke, but it was enough to make me feel queasy. I complained to the organizers at the end when I handed in my card. I’ll follow it up with an e-mail.