You Don’t Want To Know!

 

August 1, 2013

The Black Hat Security Conference is divided into two sections, trainings & briefings. The trainings began on Saturday and continued through Tuesday. As I mentioned, a co-worker and I attended some very interesting training around building active defenses. 

However, today began the briefings. This is a multi-track format wherein security researchers, hackers, crackers, and other generally smart people present what the good folks at Black Hat deem to be important revelations pertaining to information security. The day began with a keynote address by General Keith Alexander, Commander of the U.S. Cyber Command (USCYBERCOM) & Director of the National Security Agency/Central Security Service (NSA/CSS) or ‘DIRNSA’ as some of us know him. Briefings followed immediately afterwards and continue until 6 PM.

Besides visiting the Sponsor Hall or as I like to call it ‘Swag Central', I attended four briefings today. Two of them got me thinking about not underestimating your opponent. The first was by Allison Nixon, who is a security researcher/penetration tester for Integralis. In Allison’s presentation, she discussed the use of Distributed Denial of Service (DDoS) protection services and how so many of them are trivial to avoid. Scary stuff indeed! The second briefing was presented by Matthew Cole, who is a journalist/producer at ABC News. Mr. Cole discussed the use of metadata from cell phones that foreign intelligence services used to track illegal spy networks in Europe.

Both of these briefings examined the ‘exploitability’ of victims because they do not consider the expertise of their ‘enemy’ to be meaningful or dangerous. The clear message from today is ‘don’t underestimate your enemy.’ I believe that the secondary message is to ‘keep good friends and to listen to them.' By that, I mean people and organizations don’t have to ‘go it alone.'  There are people that want to help you with your security. Find people that you trust and help them, and then let them help you as well. A good team is much harder to defeat when there are multiple resources engaged.

Erich Diener

Security Architect, Echopass

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s