10:00 AM
to 11:00 AM
Wolfgang Kandek: The Laws of Vulnerabilities 2.0
81 Attendees
Location
Pompeiian Ballroom
Type Panels
Wolfgang Kandek (mod), Richard Bejtlich, Mark Weatherford
The Law of Vulnerabilities, version 2.0, is the updated version of the Laws research that was premiered at Black Hat in 2003. This research exposes findings on patch trends, prevalence, persistence and exploitability of vulnerabilities within global enterprise networks for internal and external systems.
What"
What"
11:15 AM
to 12:30 PM
Bob West: CSO Panel - Black Hat Strategy Meeting
41 Attendees
Location
Pompeiian Ballroom
Type Panels
Bob West (mod), John Johnson, Max Kelly, Dan Klinger, Bob Lentz
A comprehensive inside look at the impact of the research being released at Black Hat this year. The panel will also discuss overall strategy with new vulnerabilities.
1:45 PM
to 3:00 PM
Eli O : Analyzing Security Research in the Media
47 Attendees
Location
Pompeiian Ballroom
Type Panels
Eli O (mod), Dennis Fisher, Rob Lemos, Robert McMillian, Mike Mimoso, Tim Wilson,
This session will comprise a panel discussion on the ways in which the media affects the security research community, why some seemingly insignificant security stories are hyped while other quite legitimate stories are ignored, and how the advent of news and research blogs has changed the way that security news is covered. The media have made stars out of researchers such as Dan Kaminsky, David Litchfield, Dino Dai Zovi and others, eagerly reporting their every movement, no matter how insignificant, and regularly play up low-frequency, high-impact stories like electrical grid vulnerabilities and Chinese government hacking. This has led to a high level of frustration in both the security community and the press that the only stories that get covered are the sensational ones designed to drive traffic and get on Slashdot. The discussion will focus on what factors drive the coverage of security stories, whether coverage of vulnerabilities and new attacks is a net good and how the media influence which flaws are patched and how quickly they're fixed.
3:15 PM
to 4:30 PM
Amit Yoran: DC Panel - Update from Washington
56 Attendees
Location
Pompeiian Ballroom
Type Panels
Amit Yoran (mod), Leslie Gold, Richard H. L. Marshall, Marchus Sachs
Washington is giving cyber security more attention. What does this mean for current cyber security bills? This panel will look at security and website liability, consumer privacy legislation, government access to cloud computing data, location privacy and international human rights issues.
4:45 PM
to 6:00 PM
Rich Mogul: VC Panel - Security Business Strategies During a Recession
42 Attendees
Location
Pompeiian Ballroom
Type Panels
Rich Mogul (mod), Becky Bace, Rick Gordon, Mark McGovern
All too often we forget that economics, not any collection of vulnerabilities, exploits, or technologies, affects the practice of security more than any other single factor. Economics determines what data the attackers target, what resources we have for defense, and what technologies are at our disposal. Over the past year we've seen all aspects of the global economy affected by the current recession, and security is no exception.
Our panel of investors and analysts will present their latest findings on the current state of the business side of the security industry, and how to best thrive in a down economy. Is cyber security immune, as some like to claim, or will enterprise budgets be slashed as new technologies wither without funding? Are startups better off now, or will security innovation have to migrate back to the large vendors? Can you take advantage of the downturn to pressure your vendors for better prices and services? Does the recession create opportunities to improve security strategies? How does the economy affect the offensive side of security? As we answer these questions, our panel will also review the major security business trends for the next three years, with specific predictions on which technologies and vendors will survive, which will die, and how it all affects the day-to-day practice of security.
Our panel of investors and analysts will present their latest findings on the current state of the business side of the security industry, and how to best thrive in a down economy. Is cyber security immune, as some like to claim, or will enterprise budgets be slashed as new technologies wither without funding? Are startups better off now, or will security innovation have to migrate back to the large vendors? Can you take advantage of the downturn to pressure your vendors for better prices and services? Does the recession create opportunities to improve security strategies? How does the economy affect the offensive side of security? As we answer these questions, our panel will also review the major security business trends for the next three years, with specific predictions on which technologies and vendors will survive, which will die, and how it all affects the day-to-day practice of security.
10:00 AM
to 11:00 AM
Hacker Court
44 Attendees
Location
Pompeiian Ballroom
Type Panels
Kevin Bankston, Carole Fennelly, Jonathan Klein, Brian Martin, Paul Ohm, Kurt Opsahl, Richard Salgado, Simple Nomad, Richard Thieme, Weasel, Peiter "Mudge"
This presentation is a mock trial that demonstrates legal issues in cyberspace. All events are fictitious, but legally accurate. A summary of the case follows:
A federal grand jury indicted two men, known as "Weasel and Silent Nomad" for their alleged role in perpetrating a hoax on the online social messaging utility, "Wanker"
A federal grand jury indicted two men, known as "Weasel and Silent Nomad" for their alleged role in perpetrating a hoax on the online social messaging utility, "Wanker"
11:15 AM
to 12:30 PM
Hacker Court (continued)
39 Attendees
Location
Pompeiian Ballroom
Type Panels
Kevin Bankston, Carole Fennelly, Jonathan Klein, Brian Martin, Paul Ohm, Kurt Opsahl, Richard Salgado, Simple Nomad, Richard Thieme, Weasel, Peiter "Mudge"
This presentation is a mock trial that demonstrates legal issues in cyberspace. All events are fictitious, but legally accurate. A summary of the case follows:
A federal grand jury indicted two men, known as "Weasel and Silent Nomad" for their alleged role in perpetrating a hoax on the online social messaging utility, "Wanker"
A federal grand jury indicted two men, known as "Weasel and Silent Nomad" for their alleged role in perpetrating a hoax on the online social messaging utility, "Wanker"
1:45 PM
to 3:00 PM
3:15 PM
to 4:30 PM
Meet the Feds: Feds vs. Ex-Feds
116 Attendees
Location
Pompeiian Ballroom
Type Panels
Feds: Jim Christy, Mike Convertino, John Garris, Barry Grundy, Bob Hopper, Mischel Kwon, Robert Lentz, Rich Marshall, Stephane Turgeon, Shawn Henry, Ken Privette, Paul Sternal, Jamie Turner, Lin Wells
EX-FEDS: Rod Beckstrom, Jerry Dixon, Andy Fried, Greg Garcia, Jon Idonisi, Ray Kessenich, Kevin Manson, Keith Rhodes
EX-FEDS: Rod Beckstrom, Jerry Dixon, Andy Fried, Greg Garcia, Jon Idonisi, Ray Kessenich, Kevin Manson, Keith Rhodes
Did you ever wonder if the Feds were telling you're the truth when you asked a question? This year we're inviting you to "Meet the Feds and Ex-Feds" to answer your questions. The objective is to get you the answers to your questions without getting a public official fired! Come ask your question and compare the answers you get.
Each of the agency reps and ex-agency rep will make an opening statement regarding their agencies role, then open it up to the audience for questions.
Agencies that will have representatives include: Defense Cyber Crime Center (DC3), FBI, IRS, NCIS, NASA, DHS USCERT, DoJ, National White Collar Crime Center (NWC3), NSA, US Postal IG, Office of the Secretary of Defense, National Defense University.
Each of the agency reps and ex-agency rep will make an opening statement regarding their agencies role, then open it up to the audience for questions.
Agencies that will have representatives include: Defense Cyber Crime Center (DC3), FBI, IRS, NCIS, NASA, DHS USCERT, DoJ, National White Collar Crime Center (NWC3), NSA, US Postal IG, Office of the Secretary of Defense, National Defense University.
4:45 PM
to 6:00 PM
A Black Hat Vulnerability Risk Assessment
78 Attendees
Location
Pompeiian Ballroom
Type Panels
Jerry Dixon, David Mortman, Alex Hutton
Security professionals regularly fall into the trap that security is only about vulnerabilities and who has more. In reality, vulnerabilities need to be viewed in the context of how the system or "
