Room362.com

Val Smith recently wrote a post on the new Attack Research / carnal0wnage blog titled:
”Security Conferences, pen tests and incident response”

Here are my thoughts on what he wrote:

In paragraphs 2-6 he talks about two points. The first being that Hacker Conferences have become sort of commercialized with most speakers going for their day in the lime light or to pimp some product/0day. And the second being a lot of the talks are things that most can’t go home / back to work and test out or implement.

I agree with him on both points.

On the first point I think that one detail was left out of this evaluation. Size. Back when DEFCON was <500 people, almost everyone knew each other. 90% of those attending had the passion, had the fire for that what makes our line of work such an art. Now that our community has become “popular”, that percentage is around 20-30%. These numbers aren’t based on any stats, just something that I have been observing as well.

On the second point, my first security conference was ShmooCon ‘06. I was glued to might seat in each talk I attended, and in just 3 short years I have seen EXACTLY what he’s talking about. I used to have to decide between awesome talks in the same hour. Now I actually find times where I’m not interested in anything being presented for that hour. But, rooms still get packed so I guess that’s just my own pickiness.

Penetration Testing and Incident is the second portion of his post and I really think he’s hit the nail on the head, Pen Testing and Incident Response should work closely together. I want to throw Vulnerability Assessment and Forensics into the mix as well, feeding each other, sharing data, and assisting. The segmentation of duties / teams is killing collaboration.

Lets get back to the basics, and really show what this community is capable of.

First I wanted to say, sorry for this and the last installment of Room362 being non-technical. They are topics that I feel strongly about and so felt impelled to share.

One of the biggest problems in the world, IMHO, are people who have unfounded hate. This is compounded by the anonymity of the Internet. Allowing that hate to have no reprocussion or identity. Let me also say I have a deep respect for Free Speech, the depths of which I fear, few truly know. What I don't have a respect for is people who abuse that right. It's ultimately a respect of your fellow man/woman/it, that transends any nationality, race, creed, or color.

Now that you know where I stand, let me step down to a slightly lower soap box. On my last post about ethics, I received a comment from an individual who posted under the guise of not only a false email and name, but also from a proxied address. They were on my side of the argument and were digusted with Dave's. His/her/it's post was pointed, rude, and had no constructive criticism or facts. It was deleted. It does not deserve a direct response. So I am issuing a response to all who tred here.

These types of posts are allowed to flow on other forums, blogs, and mediums of the Internet. They WILL NOT be allowed here. Period. 

You may think of me what you will, pompous, self righteous. I don't care. I will keep my bit of the Internet clean how I see fit. 

Lastly, I hope I demonstrated this fact already, but I want to reiterate it here. I will never delete comments on any side of any discussion I have here, even if I disagree with the comment. I enjoy debat and discussion. I am religous in my faith fight for free speech and it's application on the internet.

You have something to say fine. You better do it with respect or you can take your posts to slashdot, digg, or some other place. They won't see the light of day here.