A report from the Black Hat security conference in Las Vegas
On the final night of Black Hat (which is the first of two InfoSec conferences in Las Vegas in the same week), I have to report my Black Hat experience this year as a glass half full. On one hand, the show is getting bigger every year. It's starting to outgrow even the massive confines of Caesar's Palace, where it's held. On the other hand, many of the sessions were watered down or simply had bad speakers. One session I was in had a French speaker who not only spoke with a really strong accent, but also mumbled and didn't speak into the mike. Conference organizers should really vet their potential speakers over the phone.
On the plus side, Black Hat included some cutting-edge seminars, such as the DNS Vulnerability session by Dan Kaminsky. Even though the news had already been reported, his seminar was in-depth and insightful. There was also an interesting session on the security of political campaigns. The angle wasn't what you might think--hackers aren't going after the voting machines (yet), but rather the donation sites. As usual, they go where the money is. And finally, the most interesting demonstration to me was that of quantum encryption--I thought it was awesome, although I wonder how many attendees understood its significance. Once quantum computing becomes a real practical application (if the government hasn't already gotten it working secretly), much of the Internet as we know it will become obsolete. It will cause an upheaval at least as catastrophic as the one currently hitting American automakers with the switch to more fuel-efficient cars. And similarly, it will seem obvious to us in retrospect.
Back to Black Hat, the food was superb as usual, and the facilities were well run. All in all it was a good conference, though not one of their best. I hope they can raise the bar next year, or the conference might be doomed to the bloated fate of Comdex (is anyone old enough to remember that tradeshow?). So in the words of one of Black Hat's keynote speakers, the capitalist sees the glass as not half full or half empty, but rather too much glass. Hopefully DefCon will fill my glass up. Ill let you know....