I had a good time at TRISC yesterday. It was cool to meet up with Martin and Cutaway again. We had a good time in just the short time we got to hang out, and we even managed to record a couple of videos for Podtech.
There were some interesting talks yesterday. One highlight of the day was meeting Mark Loveless, a.k.a. Simple Nomad. Martin has met him and interviewed him before, so he introduced me. He had an interesting talk and quick demo on techniques for evading IDS / IPS systems. It was really cool hearing about his attempts at fingerprinting IDS / IPS systems.
There was also a pretty cool talk about translating vulnerability assessments by Doug Landoll. The questions during and after his talk really highlighted how people still don’t know the difference between a vulnerability assessment and a risk assessments and a gap analysis. That still amazes me.
After Doug’s talk, he stopped me in the hall to ask me what I thought about the Certified Ethical Hacker certification. I expressed some disdain for the cert by a sour look on my face, and he quickly agreed with my opinion. But it turns out that our dislike for the cert were coming from different angles. I don’t like it because I don’t like the furthering of the negative definition of the term “hacker”. He doesn’t like it because he doesn’t want to introduce anyone to a client that has the term “hacker” associated with them. He realized that the term had been hijacked, but he was looking at it from the aspect of the CEO / CFO who didn’t know any better. I can see where he is coming from because that term can negatively affect business. But I also think it incumbent upon us who really know what a hacker is supposed to be to help make the term a positive one again. Doug and I also had some disagreement about whether or not companies should hire less-than-completely-reputable hackers because of their skills. He made good points (like letting ex-child molesters watch your kids - good one Doug), but I still think that much talent is bad to waste. And child molesters are sick, twisted people. Black and gray hats aren’t mentally ill by definition.
About my talk, I think it went really well. It furthered my suspicions that a lot of people have no idea what blogs can do for them when it comes to gathering useful information. Almost all of the group (about 25 people - small conference) did not read blogs. Amazing.
Anyway, I will post some more stuff about my talk later. I have some meetings to go to.
Vet
