Network Security

Black Hat 2011 notebook

  • Conspiracy theories are running rampant after Riley Hassell and Shane Macaulay, two researchers with Privateer Labs, didn't show up for their planned (and highly anticipated) 10 a.m.Thursday talk at Black Hat: "Hacking Androids for Profit."

The presentation promised to reveal "new threats to Android apps and discuss known and unknown weaknesses in the Android OS and Android Market," according to the Black Hat program guide. Audience members sat and waited for several minutes, as the person scheduled to introduce the researchers asked if anyone knew a way to contact them.

While some speculated that the pair may have had too much to drink the night before – Black Hat is known for its rowdy parties – a spokeswoman for the conference wasn't letting on. Nico Sell did say the pulled presentation was not related to any legal threat, as has been the case before.

"It happens," she said of the talks when the speakers simply fail to show. "DEFCON (Black Hat's sister show), more."

  • The security industry's version of the Oscars, the offbeat Pwnie Awards, were announced Tuesday night.

Awards were handed out in categories ranging from "Best Client-Side Bug" to "Most Innovative Research" to "Lifetime Achievement."

But the evening climaxed with announcements of the winners of "Lamest Vendor Response" (RSA after its SecurID breach), "Epic 0wnage" (Stuxnet) and "Most Epic FAIL" (Sony).

Sony received all five of the nominations in the "Most Epic" category. Lulz.

Find the list of winners here.

  • Black Hat representatives expected more than 6,000 people at the 15th annual installment, which would be up from last year, though official tallies were not available. 

Introducing the show on Wednesday morning, conference founder Jeff Moss said this year's attendee pool covered a swath of nations around the world, with the United States, Canada, the U.K. and Sweden leading the pack.

Moss said he wants audience members to take what they learn from the presentations to highlight the need for business leaders to more closely collaborate with security teams at their organizations, especially as we live in a new era where compromise should be assumed.

"But if you only call us after the house is on fire, you have very few options," he said.

Moss underscored the need for events like Black Hat, one of the rare forums for the good guys to openly discuss the reality of the modern-day threat landscape.

"They're one of the very few people who are talking about what's going on," Moss said, adding that vendors often have limited insight into the motives of the attackers.

  • With Black Hat winding down, attention now turns to the less formal, even more unpredictable, DEFCON event, held for the first time this year at the Rio hotel. reported on Monday that the National Security Agency will be on hand to recruit hackers at the $150-cash-only event.

But there's at least one person who argues that attendees should stay far away from the men in suits.

DEFCON is known for allowing attendees to remain anonymous at the show. Event registrants don't even ask for a name.

So it's no surprise that two of the security industry's most nameless (and bitter rivals) are supposedly on hand

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.