4 Tips for Jaded Black Hat/DEF CON Attendees

Soon, in various publications, articles will appear with advice for folks attending Black Hat and DEF CON for the first time. Advice for newbies is important, and I’ve written my own survival guide for that over the years. But for this post, I’m speaking to the battle-hardened veterans who have made the journey repeatedly over the years. Having attended too many of these to count, I consider myself ...

Continue reading

“Equal Respect” at ‪#‎RSAC

Some folks in the security industry see me as a member of the "Equal Respect" movement against so-called booth babes at conferences. Not exactly. I certainly respect the opinion of people attached to the cause, and good for them, fighting for what they believe in. But for me, this has never been about equal respect among the genders. It's never been about whether women who work as booth babes are ...

Continue reading

Videos from #BSidesSF

If you missed BSidesSF, you now have a chance to see everything that happened there, thanks to the efforts of @irongeek_adc. He has already posted a full plate of videos from BSidesSF. Go to his website for the full index of videos, which capture the presentations given over the last two days. Our thanks to @irongeek_adc for all the great work.

Four Security Exhibits That Won Without “Booth Babes”

After last week's post on RSA Conference banning so-called booth babes, I heard from a lot of people who agree vendors need to find other ways to attract attention during security conferences. One reader correctly noted that this unfortunate phenomenon isn't the result of bad intentions. It's just that some marketing teams don't know any better. They assume the booth babes work because they see others using them. What to ...

Continue reading

RSA’s Move to Ban Booth Babes

The language above has been added to exhibitor contracts for RSA Conference 2015. Zenobia Godschalk, a communications practitioner in the security industry and vocal critic of so-called "booth babes" at conferences like RSA and Black Hat, dropped me a line to say RSA added the language to force vendors to stop with the skimpy clothing. It appears the years of blowback over booth babes has had an affect, at least in ...

Continue reading

What “Hug-Gate” Says About The Infosec Community

Every once in awhile, someone in the security community says something on Twitter that ignites emotional discussion (some call it drama). This past weekend, it started with a comment about hugs. Someone commented that some security cons involve a lot of hugging and that it makes her uncomfortable. Someone responded with a comment about the benefits of hugs. Then all hell broke loose. Why, the first person asked, do people ...

Continue reading

New Adobe Flash Vulnerability – CVE-2015-0313

Oh, joy. Adobe has put out yet another security bulletin for vulnerabilities in Flash.  Details: Security Advisory for Adobe Flash Player Release date: February 2, 2015 Vulnerability identifier: APSA15-02 CVE number: CVE-2015-0313 Platform: All Platforms Summary A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected ...

Continue reading

3 Books that Changed My Life

The following is cross-posted from the Security Uncorked blog... My friend Jennifer Minella is doing a series where she asks folks from the security community about three books that changed their lives. She kicks it off with me. *** In this series, I asked infosec professionals to name 3 books that changed their life. This entry includes picks from journalist, writer and podcaster Bill Brenner. When I set out seeking contributors for ...

Continue reading

The Oracle of Security Flaws

When it comes to patching vulnerabilities, Oracle does nothing small. In its latest quarterly CPU (Critical Patch Update), the database giant hands its customers 169 new security fixes affecting many products. The full patch matrix is here. SiliconANGLE offers a decent analysis of the vulnerabilities and patches. From Maria Deutscher's report: One flaw that drew an outsized amount of attention is a misconfiguration affecting the enterprise technology stalwart’s popular E-Business ...

Continue reading

“Hackers. It’s time to Unite”

Last week I wrote about the new anti-hacking laws President Obama plans to float in his State of the Union address and how the proposals are Draconian at best. I noted that it's in our power to educate the masses and stop this thing before it becomes law. To that end, I have something to share with you. Derek Watson -- better known in the security community as Blak Dayz (@...

Continue reading