Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Defcon, vendor-hacker-shmoozing, and Storm Center Handlers in the Desert

Published: 2006-08-04
Last Updated: 2006-08-05 11:39:43 UTC
by Mike Poor (Version: 1)
0 comment(s)
Greetings ISC readers.  Being out here at Vegas for a certain hax0r fiesta that will go unmentioned, I figured Id give the readers that are not here a glimpse of the bruhaha and the goings on.

Defcon is a fascinating collection of minds bringing hacker and fed, experts and wanabees.  The talks are interesting, but what I found fascinating was amount of shmoozing that vendors were bestowing upon security researchers.

Think back six years ago or so... 
1. security researcher finds flaw in product Z
2. researcher contacts vendor, and gives them a timeframe for release
3. vendor makes changes
4. researcher  publishes flaw to bugtraq

Post 9-11, post DMCA, post PATRIOT Act...
1. security researcher finds flaw in product Y
2. researcher contacts vendor, and gives them a timeframe for release
3. vendor accuses researcher of violating DMCA
4. researchers start to horde malware

Defcon 13 (last year)
1. security researcher finds flaw in product X
2. researcher contacts vendor, and gives them a timeframe for release
3. resercher faces potential arrest... goes to worrk for the competition

Decon 14 (this year)

1. security researcher finds flaw in product W
2. vendor shmoozes him (as in wining and dining) at fabulous parties, interviews, PR opportunities, etc.

Microsoft, Apple, and many other mega-vendors were present to diffuse the FUD.

On that note, a big thank you to Microsoft for a fabulous party :)

Last but not least we spotted several handlers in Vegas... from Cory, Jason, Ed, Marc, Kevin, Adrien, Kyle, and me... (I probably forgot about 300 people, sorry)....

Mike Poor mike   < at >  
Keywords:
0 comment(s)
Diary Archives