Day one at Black Hat


Author: Joe Barr

LAS VEGAS — If you’ve been concerned about the death of Black Hat — either because of its purchase last November by CMP, or by the rumors you’ve heard of a “Microsoft track,” — you can relax. The place is jammed.

Black Hat is bigger this year, its tenth in Las Vegas where it began with about 100 attendees. This year it has more space in the convention center at Caesars Palace, and it has more people, too. I’ve heard unofficial attendance figures of roughly 3,500 people at the show, but I don’t know if that is an accurate count or not. What I do know is that yesterday afternoon and this morning the lines have been a nightmare.

There was a very long line for registration, and an equally long line to pick up the Black Hat goodies bag covered by the registration fee. There was even a line to purchase Black Hat geek chic shirts, hats, and other memorabilia.

The founder speaks

Jeff Moss opened the Black Hat Briefings this morning with a short talk before introducing the morning’s keynoter, Dan Larkin. The ballroom was packed beyond seating capacity, and attendees lined the walls around the room.

Almost the first words out of his mouth this morning were “I want to dispel the myth that Microsoft bought a track for Vista.” The crowd was appreciative of Moss’s approach, and he followed that by saying “I’ve already sold my soul. You can’t do that twice, in the same year.” They loved it.

Waiting in line at Black Hat

Before turning the podium over to Larkin, Moss talked a little bit about the attendance and the size of the show. He noted that more than 15% of the crowd was from overseas, with virtually every part of the globe represented. After mentioning mainland China, he brought the house down again with a pretended under-his-breath remark “I wonder what those guys are doing here.”

The cyber crime cop

While Jeff Moss is a young, bright, hip to the scene kind of guy, Larkin is a middle-aged suit and by his own admission, a recovering technophobe. He is the unit chief of the FBI’s Internet Crime Complaint Center. He says recovering, I guess, because much of his job — and his talk — is about bridging the gap between the hacker, business, and federal communities. “One in ten attendees this year is a fed,” he says.

He had plenty of slides and a few decent one liners, but the crowd began filing out of the room in small numbers long before he finished his talk. Larkin is better suited, no pun intended, to addressing a chamber of commerce or federal business luncheon than talking to geek security pros, most of whom seemed to be uninterested in how the FBI was learning to partner with subject matter experts (SMEs) and businesses affected by cyber crime in order to do a better job of catching the bad guys.

One note from his talk I will pass on. According to Larkin, it seems that penny-stock scams are the coming next bad thing out there, so be wary.

Black Ops 2006

I caught Dan Kaminsky‘s session on Black Ops 2006 in the /dev/random track immediately following the keynote. His talk, the sixth he has given at Black Hat over the years, was a brisk stroll investigating pattern recognition that might be useful for fuzzing attacks.

After introducing his grandmother, who got a round of applause for attending her third Black Hat, Dan rushed into his talk, skipping over some material in order to make up for the late start of the keynote.

Net neutrality was his first topic. He talked about how Comcast is already non-neutral, selling a premium service to allow customers to pass video or encrypted traffic without interference, and how the state of Washington had to move thousands of its employees off of Comcast because of their interference with the state’s VPN. He also talked about various ways non-neutral networks could be detected, and ways to route traffic around them.

The next target was SSL, and he mentioned that he knew of a firm that had 60 thousand servers set up with the same SSL key. He refused to name names, but said they were probably in the audience and they knew he was talking about them.

It seems most of his passion was saved for the topic of pattern recognition, and for a tool called Sequitur which can examine seemingly random data and represent it in non-random ways. He hopes to turn it into a top-notch fuzzing test creator, saying that test creation is the big bottleneck with not doing more fuzzing tests.

The rest of the show

Today’s tracks are Database Security, Voice Services Security, Forensics, Zero Day Attack, Deep Knowledge, /dev/random, and Panels, Forums, or Breakouts. An additional track, called Human Network, has a single session late this afternoon.

Tomorrow’s tracks are on Web Security, Hardware Security, Rootkits, Zero Day Defense, Windows Vista Security, Breakouts, and Turbo Talks. Stay tuned, there is more to come.