"Lyger Team" made it back from this year's Black Hat and Defcon "conferences" (note the quotes) in one piece, but probably only because there weren't too many good opportunities to break anything. By now, everyone has probably read the media stories about the reporters who were banned for life for sniffing the media network, or the legal discussion surrounding the state of Massachusetts filing an injunction against three college students scheduled to present their research. For some, the event as a whole was probably a lot of fun, but there were plenty of things that really kept it from being as enjoyable as it could have been. After meeting up with Jericho and d2d on Wednesday afternoon, we headed out to Black Hat. Since I wasn't an official attendee, I can only offer input as to what I saw from an "outsider" point of view.
Disclaimer: This is my opinion and my opinion alone. If you disagree, fine. If you agree, fine. Email me your opinions. I'll be polite in my responses... unless you're trolling, in which case there will be a "suitable" response.
First, I did scan through the list of BH briefings, and there's just no way I could justify convincing my employer that sitting in on a handful of these over a few days would be worth the $1500 (or so) admission charge. Think about it from an economic standpoint: if you're attending a BH seminar, chances are good that you're a security professional in some sense. If you attend eight seminars (which is highly unlikely because you're in VEGAS, HELLO), that's almost 200 bucks a session. Let's not even include the hotel and airfare to and from the conference. If your employer trusts you enough to go to Vegas on the company dime, attend these sessions, retain the information, and use it for business purposes going forward, then your employer is quite possibly:
a. uninformed about the general content of Black Hat presentations
b. willing to spend more money on pointless security "solutions" based on technology instead of REAL staff training, or
c. a retarded douchebag
... because all of the information presented in the "seminars" will be available on the internet or through personal contacts within days after BH is over, and none of it will be anything to mail home to Mom. Let's not even mention that about 113.258% of BH talks were repeated at Defcon (statistical fact!). End of story. Like the old saying goes, why buy the cow when the milk is free?
Second, BH needs to stop with the lame physical security bullshit. This year, they posted guards at the top of the escalators and the elevators, all of which would stop those without a badge while declaring that "this is a private event". Maybe it is a "private event" that costs around $1,500 an attendee, but locking the vendor booths inside the perimeter maintained by "Norm" and "Erma" isn't exactly a prime defense against people with an interest in security. If the seminars/sessions are the key focus of BH's revenue gathering, then put the vendors in a special area so they can potentially gain more new business and increase interest in BH itself. I can personally think of at least two vendors who may have lost revenue this year by NOT letting their booths be accessible to anyone without a funky pink pass. Which leads to...
The Fugly: Certain major vendors (two begin with "M", one of which provides an operating system with at least 90% market saturation, and the other which is a prime name in AV protection (hint: GO RAIDERS!), as well as another that begins with a "C" and ends in "isco") decided to be somewhat frugal with their customer relations regarding the lack of party invitations. I'm not naming names and not throwing anyone under the bus, but when a major vendor doesn't extend invites to customers who spent over a quarter-million dollars with them in the last calendar year, but also denies entrance to *their own employee who invited the customer*... well, that doesn't usually go over too well. Read that again... the vendor's employee who offered the customer an invite was not invited him/herself. That's ASS, and to whoever sponsors the Oakland Raiders' playing field, next year perhaps you will learn not to show your customers' portal passwords in plaintext as they flash past the registration screen (you assclowns).
The Bad: In no particular order:
1. Defcon not having the "cool" badges during PRE-registration. How many years and they still can't gauge market demand? Dumbasses.
2. French reporters screwing up the media network. I'll let Cancer Omega handle this one.
3. The cluebags in room 460 at the Hilton on Friday night. Not only was there a LOUD ten-minute conversation about how to pronounce Martin Roesch's
last name (roe-ch or rau-ch), but they eventually decided to try to take a collection for a stripper that "squirts". I shit you not. Ladies and
gentlemen, *that* is the future of your industry. P.S. the bitch with the high shrill voice who couldn't even slur the word "vodka" correctly at 4am
should die in a fire, preferably yesterday.
Leaving home, we carried and declared the usual amount of shampoo, deodorant, toothpaste, and all of the other gels and liquids that would normally be used by two adults for a four day visit to another city. There was no issue with this, other than whem the items were declared, one of us was patted down, wanded, and told that the agent in question was "going to do the arms, back, and legs". This alone would IMMEDIATELY have sent me into a major fap session had it not been done in an airport. On the way back, however, we went through security and kinda forgot to take those items out of our carry-on baggage since it was 5 AM, we were running on three hours sleep, and hell... it's Vegas, right? Guess what... we went right through TSA and all security with no baggies mentioned, no pat-downs, and not even one second of hesitation. I probably could have walked through the x-ray with my dick sticking out of my zipper and they wouldn't have blinked. So, for getting us home safely, major props to the TSA, the current presidential administration, and Starbucks coffee, all for doing absolutely nothing to provide security other than try to either scare people shitless or get them buzzed before getting on an airplane.
Assholes, all of them.
The Good: Again, in no particular order:
1. d2d's first time at Con... we're selling the Pink Taco Margarita Chug video on Ebay. Mail firstname.lastname@example.org
2. Some dipshit caught swirling a boar testicle in his mouth on camera. Exotic treat or something.
3. Finally meeting Mr. Zodiac. Cheers, brah.
4. Leaving Las Vegas. Seriously...
We were so glad to get out of there and get home, Lyger actually didn't make a wrong turn driving home from the airport. Straight home. We didn't even go out Friday or Saturday night and have no regrets about it given the general amount of over-hype and inflated vendor whoring that we saw in the previous four days. For next year, if there's no plan for change and if this was a movie review, we would just say "recommendation to avoid". Just get an "escort" for an overnight visit instead... money better spent.