Q&A: DEF CON At 22

  /     /     /  
Publicated : 22/11/2024   Category : security


Q&A: DEF CON At 22


DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CONs evolution, the NSA fallout, and wider security awareness.



DEF CON 22, held earlier this month in Las Vegas, saw a 25% jump in the number of attendees over last year -- a whopping 15,000 people converging on what is considered the worlds largest hacker conference. Dark Reading executive editor Kelly Jackson Higgins sat down with DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, to get his take on this years show, the NSA, and the reality that cyberattacks are inevitable. Here is an excerpt from that interview:
Dark Reading:
What is the biggest difference you see in this years DEF CON than in years past?
Jeff Moss:
  Theres an energy difference. Last year, it was right at the beginning of Snowden, so there was lots of frustration or tension, on why do we bother trying to defend anything if you can just get a court order. Theres a lot more optimism [this year].
Dark Reading:
Last year, you made the fairly controversial
request that the feds not attend DEF CON
given the air of distrust amid the leaked NSA documents showing the scope of the agencys spying operations. Feds were back at DEF CON this year. Whats different?
Moss:
They are engaged in a very healthy [way], involved in contests [for example]. Theres not a recruiting booth from the NSA. The NSA has not figured out its narrative yet. The challenge for the intel community, NSA folks, etc., is to figure out what their message is and how they can re-engage with this community.
We dont want the bad guys to break into our SCADA [systems]. We just need to figure out how we are going to work together [with the intelligence community] and repair that broken trust... Im hoping by next year, they have a coherent story to tell our community.
Dark Reading:
Any chance youd have the new NSA director keynote here again like former NSA director Keith Alexander did in 2012?
Moss:
It would be a huge risk or a huge opportunity for them. They would have to have a good story.
We have unlimited resources there [at the NSA] for capturing unlimited traffic. Id like to see a cost-benefit analysis. Now that forces them to go to Congress and have to justify [the traffic capture]. That forces some discipline. I dont doubt it was working [for legitimate intelligence-gathering]... but a less invasive [approach is best].
Dark Reading:
Whats new at DEF CON this year?
Moss:
We now have a privacy Village. Thats been a theme since day one. We have an industrial controls Village, and its amazing what they built there. We had the expansion of the Hardware Hacking Village.
On the fun side, we had a DEF CON badge counterfeiting contest. I wanted to know how the hell theyre doing it [so the contest was added this year]. If you can counterfeit the badge and then teach your techniques to others, thats really cool.
All of the contests and tracks were full. There [were] a lot of [people] demanding how do we capture these [attackers]... what strategies do we use detecting them. There was a healthy defensive conversation here.
Dark Reading:
What is the biggest mindset change in the industry now from your perspective?
Moss:
Theres a mindset shift: It was an IT problem to keep everyone secure and if they break in, its an IT failure. Now its if theyre going to break in, what are you going to say? You need to have a communications plan ready, an incident response team, legal, are you going to sue or call the cops. You have big decisions to make if you go to the feds or not. What information do you have to tell the CEO or CIO or CFO. If it reaches this level, do I wake the CEO up?
Theres cross-departmental communications. They all feel like theyre involved now. Thats so much more healthy than saying Im hired to be the security guy in the security department.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Q&A: DEF CON At 22