Because CBS keeps pushing news articles that present Walter as a respected expert in the infosec industry. None of us had heard of him before the show. He does not speak for us.
thank you.. This is the problem, this assclown is representing his delusions as state of the art in the Infosec world. None of us in that community had heard of this dude before.
We have enough problems with the world at large assuming that everything we do is magic. Walter's bullshit is actively damaging to our field.
...or it was turned down because other people submitted better, more technical, talks, that included actual data and demonstrations (All three of which are what the Defcon CFP team actually look for in a talk, if you want to know how their minds work)
Jeff hasn't been a part of Black Hat for years now, and the last connections between BlackHat and Defcon were broken last year.,there's nothing about 'silencing' this guy, he's just another one of the many hundreds of CFP submissions that don't make it to the top of the pile. and No, it's loaded with *quotes*, not facts.
speaking from experience, it comes down to this. the people with a critical eye to all this stuff (like me) don't have access to the big picture. I can only speak to the stuff I've worked on personally, and it doesn't add to what people are telling us.
Conversely, the people who *do* have access to the bigger picture stuff, have no vested interest in giving us the unfiltered truth (or any truth at all), so although they're in a position to know that's actually happening a little more clearly, we have no reason to believe that they're telling us anywhere near the truth of the matter
(remember, Mandiant told us the Chinese Sky Is Falling for *years* before they finally decided to 'show their work' with the APT1 document, until that point, their whole proof was "Trust us, we see more than you do". The government wonks take the same approach.)
yeah, I got the same feeling too, the meat of the presentation seems to be stuff that those of us that do this for a living have know for years (there is no head of the dragon, but there are a lot of snakes out there). Kudos to someone standing against the warhawk cyberwar types, but the whole preso, while interesting, seemed more like a book pimping session, wrapped up in a lot of pandering to people's existing knowledge.
Ex employee here, my lawyer pretty much laughed at the incredible reach of EMC's employment agreement, which effectively states that "If at any time, any point in the future, you publish an idea, which we believe you may have originally thought of while working for us, even though you never used it, wrote it down, or discussed it with anyone during your employment; you agree to immediately turn over all rights to said idea, including buying out the rights from any co-creators, at your own expense".
As symbolic as this is, It's worth pointing out that the RSA Conference and RSA Security are two separate corporate entities (and I worked with both, producing RSA Security's own booth content at RSA Conference 2011). They do however, all funnel back up to EMC (y'know.. the world's largest storage systems corporation).
It's not like this is one of the cases where the, the wrong version flows well enough to let it slip ("12 items or less"), it even reads awkwardly. You'd think the writer would have stopped to go 'wait, that doesn't sound right' at the very least.
Welcome to the self-hatred that is working in the infosec business - any illusions we held about trying to improve the state of things for the greater good fell away many years ago when people started realizing that there was no profit in working towards making ourselves obsolete - casualties be damned. When it comes to computers, you're either responsible for your own OPSEC 24/7, or you accept that your systems will be interfered with in perpetuity. Nobody is looking out for you, least of all the infosec business.
certainly, if a government does it, it's not unlawful... and there's the rub. If interference and espionage with another nation's information systems are acts of aggression, will be ever see some updating of geneva/hague convention notions towards this? They both mention spies, but largely in the protection and treatment of them in habeus corpus situations... Do we even need such an updating? there is plenty of material on the legality of peacetime espionage, yet the sabotage issue remains murky as ever.
no, it was referencing the irony of something. You really aren't very good at this comprehension thing are you, so I think I'll take my leave of this thread now and give you some space for you and your bugbears to spend some time alone.
yet you remain blissfully unaware of my using it as a mechanism of irony to illustrate that if people are going to insist upon the term cyber -*war*, that perhaps some of the same perceptions and controls should apply to it equally? At least my brand of pedantry doesn't cause me to lose sight of the entire discussion as I crawl up my own asshole in sophistry.
If these developers are so good at consciously creating vulns, you'd think they'd be better at NOT creating them too, now wouldn't you? After all, software shouldn't require/hundreds/ of these backdoors, just a handful that were constructed carefully enough.. They certainly shouldn't be getting discovered by independent researchers without all these necessary criminal and Military Industrial connections you describe.
Reality does not support your hypothesis here I'm afraid, I think your tinfoil hat might have been backdoored...
Sad I blew mod points to comment on this article, but this reply deserves modding up. Your point about the redundancy of the term 'ethical hacker' is something I wrote about on Bloomberg last year (and was promptly libeled by Richard Stiennon in his column a day later)..
Because it is the common term used to paint the broader picture here (and the source of much debate in my circles). I used it so people would know what I'm talking about - it's this thing called a framing device. I brought it up first because that the is the larger context of the topic discussed in this article. Is the written word a second language for you or something? If you don't understand this, you're not the demographic I'm speaking to anyway and are still probably happily ignorant of the whole issue; for your own sanity, I'd probably keep it that way.
good point, I concur that laws are full of gotchas, and I was using ITAR as an example that a precedent has already been set once, not that ITAR is the hammer that should be used this time around...
There is no disclosure to these vulns, disclosing them would remove the value in them. These orgs aren't paying big money for vulns to have them/fixed/ people...the exact opposite.
you can't sell something for profit that will be used in hostile actions, if you've already disclosed the information in public, now can you? The issue is profiteering from things that will/not/ be fixed, and specifically used to the detriment of another.
Slashdot Mirror
Because CBS keeps pushing news articles that present Walter as a respected expert in the infosec industry. None of us had heard of him before the show. He does not speak for us.
thank you.. This is the problem, this assclown is representing his delusions as state of the art in the Infosec world. None of us in that community had heard of this dude before.
We have enough problems with the world at large assuming that everything we do is magic. Walter's bullshit is actively damaging to our field.
...or it was turned down because other people submitted better, more technical, talks, that included actual data and demonstrations
(All three of which are what the Defcon CFP team actually look for in a talk, if you want to know how their minds work)
You're an idiot.
Jeff hasn't been a part of Black Hat for years now, and the last connections between BlackHat and Defcon were broken last year. ,there's nothing about 'silencing' this guy, he's just another one of the many hundreds of CFP submissions that don't make it to the top of the pile.
and No, it's loaded with *quotes*, not facts.
so you've personally seen the other 600 submissions for Defcon this year, and can unequivocally say that this deserved to be at the top of the pack?
No. this dude is just making a song and dance about being one of the 550 people who get a rejection letter every year.
exactly, this was just rejected.
not like he couldn't still submit it to Skytalks, we don't record those talks either, so he's got a lot more scope to speak off the record there too.
speaking from experience, it comes down to this. the people with a critical eye to all this stuff (like me) don't have access to the big picture. I can only speak to the stuff I've worked on personally, and it doesn't add to what people are telling us.
Conversely, the people who *do* have access to the bigger picture stuff, have no vested interest in giving us the unfiltered truth (or any truth at all), so although they're in a position to know that's actually happening a little more clearly, we have no reason to believe that they're telling us anywhere near the truth of the matter
(remember, Mandiant told us the Chinese Sky Is Falling for *years* before they finally decided to 'show their work' with the APT1 document, until that point, their whole proof was "Trust us, we see more than you do". The government wonks take the same approach.)
yes, because the vendor booths selling TShirts, make up the bulk of Defcon funding.
you've never actually been to Defcon, have ya.
.
yeah, I got the same feeling too, the meat of the presentation seems to be stuff that those of us that do this for a living have know for years (there is no head of the dragon, but there are a lot of snakes out there). Kudos to someone standing against the warhawk cyberwar types, but the whole preso, while interesting, seemed more like a book pimping session, wrapped up in a lot of pandering to people's existing knowledge.
my lawyer pointed out the date of publication on the employment IP agreement. April 1st, asking if it was intentional.
EMC's legal council did not appreciate the humor.
Ex employee here, my lawyer pretty much laughed at the incredible reach of EMC's employment agreement, which effectively states that "If at any time, any point in the future, you publish an idea, which we believe you may have originally thought of while working for us, even though you never used it, wrote it down, or discussed it with anyone during your employment; you agree to immediately turn over all rights to said idea, including buying out the rights from any co-creators, at your own expense".
As symbolic as this is, It's worth pointing out that the RSA Conference and RSA Security are two separate corporate entities (and I worked with both, producing RSA Security's own booth content at RSA Conference 2011). They do however, all funnel back up to EMC (y'know.. the world's largest storage systems corporation).
It's not like this is one of the cases where the, the wrong version flows well enough to let it slip ("12 items or less"), it even reads awkwardly. You'd think the writer would have stopped to go 'wait, that doesn't sound right' at the very least.
Everyone is an editor on wikipedia, many edits are entirely anonymous (IP address only).
what you're talking about is an Admin.
please tell me this is some attempt at sarcasm, and you aren't actually that ignorant?
Many states (such as the one I reside in) specifically ban the registration of firearms in their state constitution.
Welcome to the self-hatred that is working in the infosec business - any illusions we held about trying to improve the state of things for the greater good fell away many years ago when people started realizing that there was no profit in working towards making ourselves obsolete - casualties be damned. When it comes to computers, you're either responsible for your own OPSEC 24/7, or you accept that your systems will be interfered with in perpetuity. Nobody is looking out for you, least of all the infosec business.
certainly, if a government does it, it's not unlawful... and there's the rub. If interference and espionage with another nation's information systems are acts of aggression, will be ever see some updating of geneva/hague convention notions towards this? They both mention spies, but largely in the protection and treatment of them in habeus corpus situations... Do we even need such an updating? there is plenty of material on the legality of peacetime espionage, yet the sabotage issue remains murky as ever.
no, it was referencing the irony of something. You really aren't very good at this comprehension thing are you, so I think I'll take my leave of this thread now and give you some space for you and your bugbears to spend some time alone.
yet you remain blissfully unaware of my using it as a mechanism of irony to illustrate that if people are going to insist upon the term cyber -*war*, that perhaps some of the same perceptions and controls should apply to it equally? At least my brand of pedantry doesn't cause me to lose sight of the entire discussion as I crawl up my own asshole in sophistry.
Tl:Dr - "Whoosh!"
If these developers are so good at consciously creating vulns, you'd think they'd be better at NOT creating them too, now wouldn't you? After all, software shouldn't require /hundreds/ of these backdoors, just a handful that were constructed carefully enough.. They certainly shouldn't be getting discovered by independent researchers without all these necessary criminal and Military Industrial connections you describe.
Reality does not support your hypothesis here I'm afraid, I think your tinfoil hat might have been backdoored...
Sad I blew mod points to comment on this article, but this reply deserves modding up. Your point about the redundancy of the term 'ethical hacker' is something I wrote about on Bloomberg last year (and was promptly libeled by Richard Stiennon in his column a day later)..
Because it is the common term used to paint the broader picture here (and the source of much debate in my circles). I used it so people would know what I'm talking about - it's this thing called a framing device. I brought it up first because that the is the larger context of the topic discussed in this article. Is the written word a second language for you or something? If you don't understand this, you're not the demographic I'm speaking to anyway and are still probably happily ignorant of the whole issue; for your own sanity, I'd probably keep it that way.
good point, I concur that laws are full of gotchas, and I was using ITAR as an example that a precedent has already been set once, not that ITAR is the hammer that should be used this time around...
There is no disclosure to these vulns, disclosing them would remove the value in them. These orgs aren't paying big money for vulns to have them /fixed/ people...the exact opposite.
you can't sell something for profit that will be used in hostile actions, if you've already disclosed the information in public, now can you? The issue is profiteering from things that will /not/ be fixed, and specifically used to the detriment of another.