Blackhat August 12, 2006
Posted by erik in : General, security , 1 comment so far
I survived. Sleep was not an option.
This year’s Blackhat conference was the best event i’ll attend all year. It’s awesome to see a whole track of presentations dedicated to web application security which has only been my life for the past 7 years. The highpoints for me were the talks by Jeremiah Grossman & TC Niedzialkowski of WhiteHat Security on hacking intranets using JavaScript malware and of course the talks by Billy Hoffman and Bob Auger of SPI Dynamics (my company) where we brought attention to RSS issues, discussed new AJAX threats and presented analysis on web worms and viruses. The events during the day were awesome, the crowds were intense and for those who fought their way through them to our demo booth, we salute you.
I also spent a day wandering around DefCon, which is definitely a different vibe than BlackHat. Post-apocalyptic technologic organic anarchy comes to mind. I enjoyed wandering around, hanging out in the CTF room for a bit and browsing the shops, I didn’t get to see the talks I wanted to unfortunately. Despite all the technology IQ wandering around, event planning is a lost art at DefCon, you just have to go with the flow and I had a schedule to keep.
There was of course the fact that I was in Vegas with thousands of hackers and we were all hell bent on tearing up the town. After the sun went down the event parties kicked in. Leaving time travel for another time, I had to choose from many events, here are the reviews of the ones I attended.
Aug. 1st
Everyone… - Shadow Bar at Caesars
Ok, ok, this wasn’t an event party, but after getting off the plane, and checking into Caesars it was off to Shadow Bar, drinks were not free nor cheap (rough!) but the night was well spent seeing old faces and meeting a few new ones. Shadow was IMHO a nice way to ease into Vegas, no lines, simple atmosphere and dancers wearing next to nothing behind shadow curtains.
Aug. 2nd
SPI Dynamics - Tao Nightclub at the Venetian
I’d be pretty remiss if I didn’t go to my companies own party. Of course that means I can’t give a unbiased review, but I bet if you ask someone who was there, they will tell you it rocked! If you were there, add your comments and let people know what you thought.
Tipping Point - Body English at the Hard Rock
After all the fuss to get a pass, I didn’t go! Well I got my Tipping Point collectors key ring, maybe next year guys! Instead I headed over to…heck I really can’t remember…
Aug 3rd
Microsoft - the Pool at the Palms
Ok, despite the evil outdoor layout, the place was rocking. On arriving I ignored the “be careful around the pool warning” and I managed to step right into the crazy pool edges after receiving my first drink (damn sneaky 3 inch deep water “feature”!). I took my now soaked foot up to the SPI cabana, and quickly realized the amazing power of the dry Vegas heat to dry anything off in seconds. From there the drinks were flowing like water, the staff at the Palms was great and the Music was perfect. DJ Keith Myers rocks. Billy, thank you for his CD, I’m enjoying it right now.
Microsoft - After Party - RAIN at the Palms
The pool shutdown around 12:00, but with free entry into RAIN we decided to check it out. With fire shooting out above the dance floor so close I could have roasted marshmallows and a packed house I was impressed. Unfortunately there was some really annoying staff that kept on hitting people in the eyes with mag lights and overall RAIN was not the liquid experience I was hoping for. I bailed, and unfortunately a little too soon as KPMG showed up later and invited a bunch of the SPI folks up the VIP room. Next time, I’m listening to Caleb.
Aug 4th
Acuvant - The Foundation Room at Mandalay Bay
The foundation room is the best club I’ve ever set foot in, period. Members only, except for Monday nights, The foundation room is considered one of the most exclusive clubs on the strip. The entrance, which is a pretty non-descript, was guarded by one guy and a list (you are on the list right?). Once past the entry way you find your way to an elevator with one button. The ride to the top of Mandalay Bay is swift, and soon you find yourself standing in a club where no detail has been overlooked. Private rooms with a dark middle eastern flair, plenty of spaces to relax and enjoy on comfortable leather couches or just as many places to be in the thick of things in the main room, talking with friends and strangers near the bar or outside on the patio that overlooks the strip. The foundation room is not a simple club, it a complex experience. As the evening unfolded the hackers of Blackhat and the high rollers of Vegas mixed it up and shared stories. In between conversations on web application security with Jeremiah, Billy, TC, Rsnake, Arian, Bob, Matt, Caleb and others were amazing conversations with Vegas locals like Ed and Isaac about what really goes on behind the scenes in Vegas (I’m sworn to secrecy). Be careful if your taxi starts heading out the desert - you might not be coming back.
End of the Road
On the 5th we downshifted and slept in, had lunch and wandered around the strip. We did the tourist thing and watched the fountains at the Bellagio, shopped for friends back home and hit the road to the airport. It was a week spent to its fullest, any longer and I might have just spontaneously combusted. BlackHat, I’ll see you again next year.
Ask A Ninja June 3, 2006
Posted by erik in : General , 3 commentsEvery day, one has to make hard decisions, like, umm do I use the vanilla flavored toothpaste, or do I use the classic mint flavor? Generally one can safely get away with making such difficult decisions without consulting anyone else, other times, not so much. For days when things get rough, I recommend you ask a Ninja. 
Progress Part 2 May 21, 2006
Posted by erik in : General , add a commentIt’s done. The site is moved, and hopefully you are enjoying the new clean look of silvexis.com/blog 2.0. For those of you just showig up, well you missed it, the old look is gone and I didn’t even save a screen shot. I did manage to save some of the old posts from the previous system, overall not an entierly painful process. I’m totaly digging wordpress…for now.
Progress part 1
Posted by erik in : General , 2 commentsI sense that i’m finaly emerging from my XBOX 360 induced coma. I’d like to thank the makers of oblivion for taking away about 3 weeks worth of 24/7 playing from my life. Really. Ugh.
The first order of business is a facelift, the look and feel of this place is driving me nuts. I’ll be upgrading to wordpress later today. I’m sure in the process that all my past entries will disapear and links will break so for my readers out there, please be prepared to adjust your TV set.
I’ve upgraded a friends blog from BoastMachine to Wordpress and well it wasn’t pretty. There are hardcoded paths all over the place and sparse documentation that just make it a pain in the ass to change something as simple as the blog root, so no i’ll probably not have a link to the old blog, sigh… In the meantime enjoy some very excelent Orbital Grooves, it will get you through the transition…
Why you won’t be seeing much of me in the coming months March 28, 2006
Posted by erik in : General , 1 comment so far
’nuff said!
Funny February 19, 2006
Posted by erik in : General , add a commentFun read, those of you who are security minded and live a bit in the grey will appreciate this. N074H4×0r … I’m no Hacker
Going back to Redmond August 22, 2005
Posted by erik in : General , add a commentI find myself in Redmond this week hiding in Building 20 - the DevLab for VSTS. For those that know, this building has way too many cool things going on inside. Not to mention free ice cream, breakfast, lunch and dinner…and after your day is done, and the brain is full there is the of course the x-box room. hmmm could someone be trying to make us happy?
Happy we are.
We are working on our DevInspect product integration with Visual Studio and Visual Studio Team System that will help Visual Studio 2005 developers build and test secure software. DevInspect goes the extra mile and makes your applications self defending once they are deployed which is key if we are every going to start seeing truly secure web applications out there vs. the current state of afairs.
Ooooh I think I smell lunch, gotta run 
I want to beleive August 11, 2005
Posted by erik in : General , add a commentI find this inspiring…it’s tough to explain. I’m not even that big of an X-Files fan
