CMP Acquires Black Hat

An anonymous reader writes "Tradeshow and publishing behemoth CMP Media just acquired Black Hat for $10m.. It's ironic timing, because CMP also runs the Computer Security Institute tradeshow which wraps up in Washington DC today. There couldn't be a larger difference between a boring, institutional show like CSI and a small, independent event like Black Hat Briefings. Hopefully the corporate approach of CSI won't crush the life out of Black Hat."

Protection of larger corporate umbrella

[Tontoman]

Perhaps being part of a larger corporate community will come in handy next time Black Hat tries to expose another vulnerability. A few months back, Cisco got ticked off at the exposure they got courtesy of Black Hat. It wasn't until a few weeks ago that they released the fix. http://it.slashdot.org/article.pl?sid=05/11/03/161 3226&tid=172&tid=218

Re:Protection of larger corporate umbrella

[yamamushi]

Or perhaps this same corporate umbrella could prohibit a lot of what would otherwise be published. It could go both ways.

Re:Protection of larger corporate umbrella

[SillySnake]

Or maybe they'll just combine the two shows and call it grey/gray (What's the difference anyway?) hat.

Re:Protection of larger corporate umbrella

[jcr]

Or perhaps this same corporate umbrella could prohibit a lot of what would otherwise be published. It could go both ways.

So, someone starts another conference. No biggie.

-jcr

Re:Protection of larger corporate umbrella

[SLot]

So, someone starts another conference. No biggie.

Like maybe...

Toorcon

or Schmoocon

Re:Protection of larger corporate umbrella

Unfortunatelly, I'll rather buy this...

CSI

[iced_773]

I myself have never watched CSI but from seeing the commercials and considering the number of spinoffs I would hardly call it a "boring, institutional show."

</dumbjoke>

Re:CSI

[hackwrench]

Yeah, fashon these daya... I mean, can you believe somebody buying a black hat for $10m to celebrate a season wrap?

I don't think so...

[suitepotato]

Hopefully the corporate approach of CSI won't crush the life out of Black Hat.

I've never found that to be the case. Slow pacing, sudden plot twists, and overused "straight from the headlines" cliches maybe...

Oh.

Er, yeah it might, but I wouldn't worry. I'm, uh, gonna go back to watching tv now...

Re:I don't think so...

[Buran]

Not to worry, let me run that through the GCMS and see what the peaks show. We'll know if that's true or not soon enough.

(I got confused, too. Amusingly, I know all the jargon they use... I'm a science geek, which is why I like the show. Sadly, the GCMS on my campus was run on an old decrepit Windows 3.1 machine. I hope HP/Agilent is using something more up-to-date by now! Can't imagine they're not.)

SecurityFocus

Interesting. Back around 1999, SecurityFocus was in discussions with Jeff to buy Black Hat, but it would have been for stock options. Had he gone for it, they would have also been worth about $10 million when Symantec bought them. Jeff could have had his 10mil in 2002. I guess the stock option thing is a bit more risky than cash.

Re:SecurityFocus

[B3ryllium]

Stock options require banks and financial managers. Cash only requires a mattress to hide it in.

Re:SecurityFocus

[kesuki]

well 100,000 $100 bills doesn't fit under many people's mattresses... and you're also risking your money by buying something of no 'real' value 'paper' which is really only worth what other people are willing to take it for... which if the us govt were to royally screw everything up, could be worth a whole lot of nothing.

Re:SecurityFocus

[geekoid]

Without banks, that mattress full of cash is useless...well, except for sleeping.
Wothout Finance managers, banks can't do anything.

OTOH, you have more fingers

Re:SecurityFocus

Jeff is a arrogant dweeb, except to little kids.

Kiss of Death

[Dynamoo]

CMP aquired BYTE some years ago. And promptly shut it down, leaving it to be a web-only publication. They have a history of acquiring other publications and killing them off. God only knows what their business model is.

Re:Kiss of Death

I am a former employee of CMP and I can say as a company insider CMP in its current form is a disaster. To be fair it more a calamity of errors and greed dating back 1999.

CMP was sold by the Leeds Family a wonderful philanthropic family from Long Island, NY, they bent over backward to grow the business and help there employees. For many years CMP was listed as one of the top 50 places to work on LI. It truly was a wonderful place to work. In late April of 1999 CMP was sold at the height of the boom to United News and Media (now United Business Media) via Miller Freeman for 920M USD. The Leeds family gave a wonderful gift to there employees totaling about 40M dollars and then walked away with they're 900M.

Almost immedtiately after the purchase Miller Freeman was split up and sold in parts the largest part was purchased by VNU the dutch publishing monster. UBM also restructued selling off and stream lining offerings only to have the Tech market shit the bed in late 2000.

During the bad years CMP was a company coasting along on fumes no direction, no vision, no ideas. Just cost cutting and layoffs it was as if the Brits UBM were playing an accounting game to regain there 920M.

There has been some recent turn over in management at UBM and CMP but I honestly don't think a thing will change. I would imagine in the next five years CMP will be gobbled up by some bigger directionless mess of a company

I read byte for many many years before I worked at CMP. I hated them for closing that pub down. The only consilation is I actually got to yell at the guy who did it.

Re:Kiss of Death

[jroysdon]

If they stiffle Black Hat, the speakers will just move to a new venue. "Black Hat" will die and a new conference just like it, but with a new name, will spring up.

Re:Kiss of Death

I think the strategy comes from the parent company UBM, as the same thing happens with their sister companies. It's just another way of killing off the competition I guess.

Re:Kiss of Death

[B3ryllium]

I humbly suggest "Blacker Hat".

Re:Kiss of Death

Seconded.

In addition, while working at CMP I was also able to witness firsthand the company's tendency to let go of talented people without so much as batting an eyelash. It was truly strange. I met one guy who had been with the company for over a decade with a string of successes, but when one new magazine project failed his whole division was given the axe, him included. I chalk it up to the ongoing attempts by the CMP management to consolidate power and eliminate the "legacy" Miller Freeman people from the tech publishing division -- but even so, it just seemed like a ridiculous shame to throw away talent like that.

But then, it wasn't all that surprising, either. Oddly enough, the most powerful people I knew in the San Francisco office were in human resources. It sounds like a joke until you actually have to work in an office where the only people who never get laid off are the HR admins, no matter what their seniority. These were people who couldn't even answer a basic question from the employee handbook during a layoff meeting, and yet somehow they never seemed worried about their jobs. It took weeks and weeks to bring new hires on board, too, even to replace key positions. When we finally managed to bring in a new editor in chief at our book to replace the one who quit, we were told by the candidate that it had taken so long because HR made him jump through countless hoops. They had told him that they were doing this because we insisted that HR should be "a partner" in the interview process. Bullshit; all we ever asked for was for HR to open the envelopes with the resumes in them and forward us the qualified candidates.

Basically, though I can't speak for what it's like now, a few years ago that company seemed to be devolving into an administrative sinkhole of "Office Space" proportions. Nobody I know who was working at CMP during that era (2000-2002 or so) seems the slightest bit bothered that they aren't working there anymore.

Re:Kiss of Death

Let us all hope that you were not a proofreader or copy editor for CMP. On the other hand, that might explain some of the problems...

Re:Kiss of Death

[name773]

leaving blackest hat as an eventual replacement option for that one. brilliant!

Re:Kiss of Death

[SirNAOF]

I've been annoyed with CMP recently, and I only freelance for them on occasion.

People coming/going for various reasons (I've heard more than I remember, but some were just fed up with the way things were going), shuffling things around, losing paperwork...

Like I said, only a freelancer, but still annoyed with how they do things.

Death to CMP Media - on principle

[Elrac]

The first time I heard of CMP was when I got a letter telling me my subscription to BYTE was being phased out, along with BYTE magazine itself. As compensation, CMP generously offered me a choice of one of the worthless other magazines they were carrying. I don't know how long ago this was, but you can probably tell from my tone that I'm still angry about this.

I can no longer call CMP's entire assortment of rags worthless, because there are at least one or two I enjoy reading once in a while, and which I respect. But all in all, I see CMP as one of the first behemoths of dumbed-down conglomerated corporate press. I believe CMP has done useful, unbiased, technically qualified coverage of computer-news a disservice.

I find some small consolation in two publications: ct and SlashDot.

Re:Death to CMP Media - on principle

I couldn't agree more. I think it's a sad statement when the best computer publication is not even in English! (Although I also really enjoy DrDobbs, C't really is the closest thing to our regretted BYTE magazine).

Re:Death to CMP Media - on principle

[HardCase]

I find some small consolation in two publications: ct and SlashDot.

Are you sure that you meant to say "consolation"?

Re:Death to CMP Media - on principle

I agree. CMP is without a doubt the worst Media company I have ever dealt with. I subscribed to both C++ User's Journal and Dr. Dobbs' Journal. They took my money and only gave me one of them. When phoning their customer support line, they claimed to not have computers and therefore couldn't verify my subscription. After many months of battling to get a refund INCLUDING sending my visa bill in to show proof of purchase, they cancelled the OTHER subscription and never refunded me.

I would never, ever purchase another product published (or marketed) by CMP.

black hat is dead

[EllynGeek]

"Hopefully the corporate approach of CSI won't crush the life out of Black Hat." Don't worry, it will. They have a long history of doing just that. I hope the Black Hat folks take the money and use it to poke behemoth corporations who release leaky software even harder.

Re:black hat is dead

[Em+Adespoton]

Hmm... they could use the money to fund a meeting of like minded hackers... say, call it "Dark Headcovering"

Re:black hat is dead

[M.+Baranczak]

They could hold it in Quebec and call it "toque noir".

Farewell to Black Hat

Does Jeff think he can maintain Black Hat as an independent show under a huge company like CMP? Or is it just about the money? This is the end to Black Hat as we knew it. And what about Defcon? Is that a mega corporate show now too? Ugh....

BlackHat is crap anyways

BlackHat is crap anyways - this year was pretty damn corporate and rather boring. Other than Lynn's presentation, which was pretty thin on the goods and just a freakshow, it was lame. From what I hear, it's long since been anything really good.

Hopefully the submitter will RTFA

[winkydink]

Hopefully the corporate approach of CSI won't crush the life out of Black Hat.

From TFA:

Black Hat and CSI will remain separate entities within CMP; both will report to Chris Keating.

Re:Hopefully the submitter will RTFA

[geekoid]

"...both will report to Chris Keating."

so...yes.

Nice, unbiased summary

[sczimme]

There couldn't be a larger difference between a boring, institutional show like CSI and a small, independent event like Black Hat Briefings. Hopefully the corporate approach of CSI won't crush the life out of Black Hat.

Well, there is a nice, unbiased summary. Oh, that's right: Black Hat is a cool, hip, and edgy conference that is sponsored by such rockin' organizations as Ernst & Young and Microsoft. w00t.

Re:Nice, unbiased summary

[AEton]

And OSTG - no conflict of interest there! :)

Jeff Moss, the old owner of BlackHat Briefings

[SecureTheNet]

also does Defcon each year in Las Vegas. I've been to defcon 7 and 8 and found it to be too big and commercialized even for a "hacker" convention. Attendees at BlackHat Briefings used to receive free attendance at Defcon, and at defcon you could easily tell who the kiddies where and who were the professionals. I much prefer the smaller conventions like RootFest or ToorCon, that don't have rooms of booths or tons of script kiddies running around.

Re:Jeff Moss, the old owner of BlackHat Briefings

[gclef]

Attendees at BlackHat Briefings used to receive free attendance at Defcon

They still do.

at defcon you could easily tell who the kiddies where and who were the professionals

That's not changed, though which ones were speaking is an open question. I remember quite clearly a talk from a few years ago where the speaker was attempting (and failing) to give a talk on Active Directory security...while drunk...at 9am.

Re:Jeff Moss, the old owner of BlackHat Briefings

[engine+matrix]

...and don't forget the dumbass who was advocating terrorism against the Republican National Convention. I was amazed at the amount of time he was allowed to talk about "blowing shit up".

Re:Jeff Moss, the old owner of BlackHat Briefings

[Illusion]

How likely do you think CMP is to want to accept the liability of Defcon, given how little money it makes and often Defcon attendees tend to trash the hotel?

Defcon and Black Hat have been run as one week-long conference for two very different sets of attendees. My guess is that Jeff will be less able to combine expenses and resources between the two conferences now. I'd give it another year or two before he's too busy to bother.

-- Aaron

Oh me oh my

[koreaman]

Hopefully the corporate approach of CSI won't crush the life out of Black Hat.

Great, now you've gone and jinxed it. Now it will for sure.

And in other news. I had time to fix all the spelling and coherency errors in this post because of the stupid time filter thing that only lets you post every two (if you're lucky) minutes! And what is slashdot without errors?

script kiddies

[drewxhawaii]

I much prefer the smaller conventions like RootFest or ToorCon, that don't have rooms of booths or tons of script kiddies running around.

today's script kiddies are tomorrow's professionals.

heaven forbid these "script kiddies" try to learn something from the pros by going to these conventions.

get off your high horse

gosh darnit

well i don't gamble, or pay for sex... so I guess there is no reason to go vegas anymore. Vancover is nice thou, tis a shame that this will probably spell the end of a very influencial and powerful security forum.

Regarding BlackHat becoming too commercialized

[ninja_assault_kitten]

"Not as long as I am still in charge of it... which I still am. It was a big concern of mine, part of the reason it took so long to complete." -- The Dark Tangent

Re:Regarding BlackHat becoming too commercialized

Jeff, What are you going to do with all the money brother?

Re:Regarding BlackHat becoming too commercialized

"Jeff, What are you going to do with all the money brother?"

Hookers & blow, one hopes.

It's not selling out, folks, it's cashing in. The minute anyone took the first security job they were paid for they could just as easily be called a sell-out, minion of The Man, etc. etc. etc.

If you can be paid for doing something that interests you, more power to you.

If you feel that pulling your own weight in life by being gainfully employed on the basis of your talents is 'selling out', I'd suggest that you take that concept to its logical conclusions and apply the same thinking to actors, singers, songwriters, authors, artists, and anyone else whose skills and abilities permit them to not be YAFWR (Yet Another F***ing Welfare Recipient).

Re:Regarding BlackHat becoming too commercialized

Im sure DT is full of good intentions. Of course that was before he got 10 million dollars. :) Good for him, but money DOES change a person. :)

Buz zzz zzz zzt! Wrong Answer!

[GeneralEmergency]

The bigger they are, the more risk averse they are.

Careers will be trashed/squashed/snuffed and you will never even hear about it.

Hmmm...I wonder which of my vitamins is making me more pessimistic?

Prejudice?

I'm typing from my desk in the Marriott Wardman fresh from attending the CSI conference. I have to say that the characterization of the differences between Blackhat and CSI is a bit overdone by the original poster. Defcon and CSI perhaps would be a better comparison for this statement. I have been to both CSI and Blackhat and both offer pertinent information for Information Security professionals in a similar format. In fact, I appreciate the corporate focus of CSI. Maybe I'm just getting old (I'm 28).

I hate to be a troll, but I'm coming to expect this type of attitude more and more from Slashdot. It's unfortunate.

Re:Prejudice?

If you consider watching endless marketing droids pitch shovelware was a good show, then yes, CSI was excellent. Just look at the keynote speeches - New York Times celebrity (ho hum), CSI (meh), Qualys (marketing speak), IBM (yet more marketing speak). I mean, the DRM session was presented by Intel, the VOIP security session by Lucent and the pentest session by Core Impact - all of whom subtly pitched their products. Sure, there were a couple of good sessions but there was WAY TOO MUCH vendor bs pretending to be 'informative'. Keep that on the exhibit floor where it belongs. I'd say the ratio is 10x worse than BlackHat.

Re:Prejudice?

Sorry but you obviously did not actually attend the conference. Yes you can see the sponsorship but the "subtle" pitch was so subtle as to be non-existant. Also, Give the guy a break! That's where he works. I defy you to talk about your expertise (if you have any) and never ever mention your company or what you have done there. The Qualys presentation was terrific and other than introducing himself he never mentioned the company. IBM marketing speak? Geez the guy talked about neuroscience and and about 10% of what he said could be understood by anyone in the room. Obviously brilliant but on a totally different level then the listeners. What was he selling? Intelligence? Marketing speak is really discouraged and as a presenter you get it pushed in your face many times to keep it out.

Re:Prejudice?

Of course I attended. I've got my badge right here - standard white badge, behind my name there is faint superhero in pink on it with 'CSI 32nd Annual blah blah' and a Cisco logo on the back (of course). Along with the pink superhero I believe they also gave me a gay red backpack which I left in the trashcan in my room at the Marriot Wardman.

The highlight of the exhibit floor was the fat guy dressed as Elvis for no apparent reason, and the 'Russian Hacker' with an American accent who was an employee of the company. I also failed to win the Vespa they were giving out.

Speaking of the hotel, the hotel highlight was the berry and ice cream desert in Harry's British Pub, just up the elevator from the exhibit floor. The down side of the hotel (which really ticked me off) was an apparent complete lack of wireless anywhere in the lobby or rooms. Even the Starbucks which usually has a Tmobile had nothing. Obviously the Marriot don't want wireless to cut into their $10 a night Internet fees.

Convinced now?

Am I the only one..

[Skrekkur]

who saw this article as CMP Aquires Red Hat? :)

Crush the life out of it? Please.

I went to black hat this year, and beside from the Cisco controversy it was already boring and lifeless. The talks were uninspiring and non-technical. Defcon was the only con that actually brought out new and interesting information, limited though it was.

Just Like Us

My wife is a CMP and I am an MCSE. Maybe they were thinking of us.

Did anyone else....

[Oniko]

...go to the CSI website and think it looked a lot like the San Diego Comic-Con website? Between the superheroes and the very very similar color scheme? Or am I just crazy?