Darth Elmo reports on Black Hat and DEF CON, covering a variety
of talks and lectures: "DEF CON, which began as a relatively small
get-together for members of the IS underground, has grown in recent
years to become the world's largest and most publicized annual
gathering of the diverse groups that comprise Information Systems
Security. But despite its growth and more-or-less-mainstream
success (measured in numbers and news articles), DEF CON is first
and foremost for hackers."
"Jose Nazario gave a chilling but coherent, plausible
and technical description of the imminent onset of Internet worms
which will not only replicate themselves (what sets worms apart
from viruses--viruses depend on other programs to propagate) but
will also adaptively mutate themselves in ways that make them both
more dangerous and more difficult to identify and neutralize. This
lecture came out of research Jose is conducting in his pursuit of a
PhD in Biochemistry.
Jay Beale, primary developer of the Bastille Linux
system-hardening package, gave an excellent talk on securing Domain
Name Services (DNS) and BIND (the most popular DNS package). Jay's
talk included both the fundamentals of good DNS security and also
specific techniques for and examples of applying them to BIND. He
also discussed djbdns, an alternative to BIND.
Hacker-journalist Richard Thieme gave an extremely subtle and
deep lunchtime keynote address on reality constructs and how they
must adapt as the realities of computer security evolve. He used
war in space as a metaphor. For example, consider the general who
described high-velocity debris and even paint chips as a major
threat to a spacecraft's structural integrity. Since technology has
already advanced to the point where plasma/energy-shielding is
possible, the general must change his understanding of the reality
of threat-models in space. This sort of adaptation is necessary at
a number of levels for all of us who deal with the rapidly-evolving
world of info-sec."