Sunday, August 12, 2007

My experience at BlackHat and DefCon

I came back from blackhat and defcon last Sunday. I was there for the entire 9 days (combined blackhat and defcon) and when i came back, I realized why people said 9 days of Vegas are toooo long. It was my first time to Vegas so I didn’t see it earlier but now i have learnt my lesson. :)

It had been a very enjoyable experience. Though the party really took off on Tuesday night when most of the people started to come in for briefings. I had dinner with Mozilla guys along with several other webappsec professionals. I was talking to Dan from Mozilla and to my surprise; he asked me “What kind of security features would you like to see in firefox”. They also had a discussion with RSnake, Jeremiah Grossman and I am sure with some other webappsec professionals too. I am impressed by firefox’s approach. They are reaching out to the webappsec community and asking for their support and advice in making their browser more secure. I think it’s a great start and I know they will get flooded with suggestions, most of which they won’t be able to include until the next decade but at least they are sincere and making an effort(or so it appears, we’ll find out soon enough).

I met with a lot of great guys from the webappsec community including from google, TiVo, verisign, iSECPartners, Outpost24, ebay, Breach, Aspect Security, Ounce Labs, and many more. Some of them I didn’t know before, some of them I had interacted with emails earlier and some of them I did a reflection on, but it’s great to meet them in person (RSnake, Ryan Barnett, Ivan Ristic, Alex Stamos, Robert Auger, Andrew Van der Stock, Jeff Williams, Dinis Cruz). I spent sometime with id from He takes time in opening up but when he does, he is actually a very nice guy (that is only if you are not planning to take his laptop away from him).

I also got a chance to meet the ex-L0pht guys, now they are running their own company (SafeLight). Rob Cheyne (the guy who wrote LC4 and also the CEO of SafeLight) handed me his business card in a sleeve. Interesting, why is that? Actually the sleeve is a radio frequency blocking sleeve to protect your RF enabled credit cards from being stolen even when they are in safely tucked in your wallet.

Bubba Gump was another guy I can recall very well since he had a very interesting story to share which I will publish as a separate post as it is well worth the read.

The most hilarious presentation of Blackhat and Defcon award goes to Jeff Moss. Jeff Moss made a presentation titled “Cisco Gate” (his experience with the Cisco IOS flaw presentation fiasco). The content of-course was interesting since everyone wanted to know “behind the scenes” story but I think his content delivery was equally good. We could not stop laughing through the entire length of the presentation.

Last but not the least; the OWASP-WASC party was a huge success. There were over 350 people who came to the party. The feedback I got from several people was that it was the best party of Blackhat. Many thanks to Heather Cason of Breach Security, who did an excellent job in organizing the whole show. She also sent me the pictures of the party which you can see below.

No comments: