TrustyCon was the 'Rebel Conference' Across the Street From RSA 2014

RSA holds big-time annual security conferences. The 2014 U.S. edition had 25,000 attendees, Stephen Colbert as the closing keynote speaker, and a major controversy (and some anger) from potential speakers and attendees over RSA's reputed $10 million contract with NSA to make sure the company's encryption software had back doors the secretive agency could use to spy on people and companies that use RSA software. This is part of a story that might be called The Snowden Revelations if it is made into a movie, but right now it's still controversial, and enough of a bombshell in the IT security industry that F-Secure's Mikko Hyppönen decided not to speak at this year's U.S. RSA conference, followed by Bruce Schneier, DEFCON founder Jeff Moss, Princeton professor Ed Felten, and other security luminaries.

And so, TrustyCon -- the Trustworthy Technology Conference -- was born. It was a sellout, with 400 people attending at $50 a head, and another 300 on a waiting list who couldn't get in. Slashdot's Tim Lord managed to get in, and got to speak briefly with several people there, including one of the TrustyCon organizers, Joel Wallenstrom. These were crude interviews, done on a "catch as catch can" basis, and the sound in them is poor. (Google sent a camera crew and shot over seven hours of the conference speakers, which you can watch on YouTube if you want to view TrustyCon presentations in good HD with great sound.). Will there be another TrustyCon next year? According to The Register, "The conference organizers said that, at this point, the plan is to hold another get-together next year, but that a final decision will be made closer to the time."

TrustyCon

[fustakrakich]

Sounds very, um... trustworthy... and believable...

Even the summary said it was a sellout..

Re:TrustyCon

Sounds very, um... trustworthy... and believable...

Even the summary said it was a sellout..

Well considering RSA is a for profit corp and the only underlying reason why they host it is to make money, I would be more comfortable going to an event where Jeff and Ed are any day...

TIL

[Clyde+Machine]

"catch as catch can.": using any available means or method : hit-or-miss

Security software with a known backdoor is useless

[Opportunist]

Even if it was for a "good cause". Let's for a moment even assume that the NSA is an all-holy entity that could never do anything wrong and that we trusted them implicitly, not because our software forces us to but because we genuinely wanted to.

Note the subjunctive.

Even then the security software would be a security hazard. Simply and plainly because there is (at least) one way to access data that is absolutely beyond your control. You cannot even audit the security level of the entity holding the additional key to your data.

If you need to give your non-tech boss a way to understand the severity, that's like having a general key to your office and the safe with all the highly classified and mission critical papers deposited at your local police force. While by itself not a problem (provided you trust your police), they are not required to give you any information concerning the key's storage or whereabouts. You will not be notified how they themselves will keep that key safe, nor do you get any kind of information should that key get stolen. You will not be notified if some potential attacker or burglar, or even a competitor, gets access to that key, legally or illegally.

No one sticks around for the keynote anyway

[xxxJonBoyxxx]

I went to RSA on my company's dime for about five years, but was always asleep on a plane before Bill Clinton, Tony Blair or whoever else was there said their piece and collected their fee.

Now that I'm more selective about which conferences I attend (I've already "seen the show" at the big ones), hitting alternative conferences like DEFCON (instead of BlackHat), and Thotcon (Chicago) and now TrustyCon will continue to be my focus.

Re:No one sticks around for the keynote anyway

BS, there were thousands of people watching Colbert, myself included.

Re:No one sticks around for the keynote anyway

[Midnight_Falcon]

Hate to break it to you but DEFCON is hardly much of an alternative conference anymore -- it's run by the same guy who started and later sold BlackHat. I was there last year. Vibe was very much the after-party for BlackHat -- lots of similar corporate T-shirts in groups, I think most of the attendees were sent there by their employer and many of them sported schwag. I watched a presentation that had a big "HP" logo for Hewlett Packard on the powerpoint. Lots of vendors (albeit smaller and non-corporate ones), like the pwnpad guys that run slashvertisements.... I'd recommend HOPE or ToorCon instead.

Stephen, not Steven

[jasonla]

Google.... is your friend.

Re:Stephen, not Steven

Rule 1 of journalism: get fact straight. Rule 2: Correctly spell people's name. "Miller has been a judge for the Lulu Blooker Prize and is on the online advisory board of the Online Journalism Review of the Annenberg Center for Communication at the University of Southern California." Well, there's that...

Re:Stephen, not Steven

[Roblimo]

Thank you for noticing. Fixed. And back to bed. (Feeling pretty awful this week - diabetes medication change).

Slashdot Mad Libs!

Jamie Tomasello:So CloudFlare is a web ____ optimization and web security company. We provide CDN services and distributive ____ protection.

noun, noun: "clown", "ass"

Tim:____ talk about that ____ think about ____ how do they react to that? Interjection, body part, plural noun: "Damn, ass, boobs."

Tim:This is your first one you went to ____ what do you think of this ____ conference?

Con, adjective: "Comic Con", "silly"

Tim:____.

Pejorative: "Beta."

Say what now?

[Matthew+Weigel]

Bruce Schneier did not boycott the RSA Conference. Instead, Schneier also attended TrustyCon.

"Rebel" Converence?

[CanHasDIY]

Really? Nobody else is gonna say it? Fine, I'll be that guy:

Day 1 event schedule:

- Using the Force to Grow your Leads - Sales Manager Kenobi

- 2 Meters Across: Beating the Niche Market Slump - Marketing VP Skywalker

- The Dark Side... of IT Infrastructure - CTO Vader

- It's A Trap! Avoiding Common Security Mistakes Keynote Speech - Adm. Ackbar

The end of RSA, hopefully

[Rigel47]

I hope this is the beginning of the end of RSA's conferences. That they can not categorically deny any modification to their encryption routines at the behest of the NSA is proof enough that their products can not be trusted. It's farcical that all these researchers, striving for maximally secure systems, would present their findings at a conference hosted by a company that sold everybody out -- and for little money at that.

The mysterious Time Lord!

[SethJohnson]

Slashdot's Tim Lord managed to get in....

I'm assuming this reference to the attendee was missing a letter 'e'. To clarify, this Slashdot staffer is the guy who uses his mystical powers to delay all postings a few days after they've appeared on news.google.com. When people say they don't believe in Time Travel, this guy shows them how to send articles into the future.

Re:Security software with a known backdoor is usel

Note the subjunctive.

What subjunctive?

Perhaps you meant: 'Even if it were for a "good cause"'

All about the Money Money Money

[CuteSteveJobs]

Yes, article sounds like an advertisment for some wanna-be-conf. Disappointing too that Colbert sold out to RSA. So much for Anonymous' folk hero. At the end of the day it's about opportunists trading people's liberties for cold hard cash.

$10 Million is Too Little

$10 million is too little for a company, as well known, established, and profitable, as RSA to sell out their name for a backdoor.

F-Secure just won my respect

[EmperorOfCanada]

This conference was a nice test of character. Colbert failed, RSA set the bar for epic fail, and it looks like F-Secure gets a pass.