IDG logo

Advertise with InfoWorld

SiteMapNewsTest CenterOpinionsForumsCareersStock QuoteSubject IndexesAbout UsSearch SubscribeHome [Loose Cables]

August 17, 1998

Attendees beware: A Black Hat in the sun can scorch your brain

Some lab rats recently made the trek to temperate Las Vegas (temperate, that is, if you leave your thermostat set at 106 degrees) to attend the Black Hat Briefings (BHB) and DefCon 6. For those who don't know, Black Hat is to DefCon what a debutante ball is to a frat party: Think security-aware vs. security-crazy.

At BHB, $1,000 got us two days of sober presentations at the respectable (by Las Vegas standards) Caesar's Palace on the strip. Speakers included Marcus Ranum, president and CEO of Network Flight Recorder, and Dr. Mudge, chief financial officer at the Cult of the Dead Cow. Topics ranged from Windows NT vulnerabilities to holes in cellular encryption.

We enjoyed the conference, especially the "meet the enemy" and "meet the fed" sessions. At the latter, we found out how the federal government and military surprisingly have a lot in common with the private sector when it comes to security concerns.

And our long ears perked up when, at the mention of "eligible receiver," those in the shadows started whispering. We learned that eligible receiver is the government's method of testing itself. Officials have assembled a tiger team and are checking the vulnerabilities of every government agency (see

In other BHB news, we were happy to bump into friends from Ernst & Young, who were keeping their skills sharp at the show. We recently enrolled in their excellent "Extreme Hacking" security program and highly recommend it. (See "E&Y teaches the fine art of hacking at your site," July 27.)

Letting it loose

DefCon was a different animal than BHB, more of a party animal. Now in it's sixth year, DefCon always makes us feel like we're in high school again, surrounded by leather-clad longhairs who are a sharp contrast to the business casuals at BHB. Of course, with an admission fee of $40, we didn't expect anything more or less.

After saying farewell to the BHB's swank venue, we shuffled from the strip to the downtown Plaza Hotel (supposedly the location of Biff's Pleasure Palace in Back to the Future II). On the floor, we stuffed our goody bags to overflowing with underground books, copies of 2600 magazine, and CDs of OpenBSD. While listening to a cranium-cracking house beat, we watched a networked "capture the flag" session.

At the packed presentations, we found out how easy it is to break through dead bolts, and listened to a legal expert tell us what stupid things not to do when stopped by the law. During one of the entertaining "spot the fed" events, we learned that our friends in Redmond may be encroaching on the AS/400 farms that support the casinos. We only saw photographs, but it seems as if one of the MGM Grand's jumbotrons was recently hacked, displaying an enormous Blue Screen of Death and hex dump for hundreds of gamblers to puzzle over.

After performing every true Trekker's duty by genuflecting at the stations of "Star Trek: The Experience," we left Sin City. Our only regret: We wish we had picked up one of the Geiger counters on sale at DefCon. It could have been helpful in our plans to turn an abandoned missile silo in the Nevada desert into the perfect remote lab.

This week's Loose Cables was written by ex-Test Center rat Victor R. Garza, Security Watch columnists Stuart McClure and Joel Scambray contributed. Are you a business casual or a longhair? Let us know at

Missed a column? Go back for more.

Copyright © 1998 InfoWorld Media Group Inc.


Copyright © 2004. InfoWorld Media Group, Inc. is a member of complies with the ASME guidelines with IDG extensions For New media.