No More Drama, lets get back to Innovating August 12, 2007
Posted by erik in : politics, security , 1 comment so far
You know what I don’t like about the security biz? All the Drama. I suppose this isn’t much different than any other line of work, but please I just want to sit in peace and think about the problems and then think about solutions and then make lots of money OK? Ahh right, there is the problem, that whole money thing, damn how could I be so naive? To many, fame is just another form of currency and when people start thinking someone is trying to take that away from them, you get drama.
For example, this little chain of events:
- Timing attacks on web privacy (Billy)
- Putting up, then shutting up (Jeremiah)
- RSnake Puts Up (Robert)
Please, all of you, put all this you stole your research nonsense behind you and move on. We all build our work on the shoulders of the giants who came before us. Half of the “new” ideas in security I read today were first presented in this book by James Martin
New research brings old ideas to life when they are presented in a new context. Often a context that didn’t exist back when the idea first appeared. It’s this context that the researcher brings to the idea which is the real innovation and we should all just sit back and bask in its glory. An idea is timeless and the good ones will get re-invented over and over again through the ages, like say for example ultrawideband wireless which was invented in 1894 or the fuel cell, invented in 1845. (Read: Tuning in to Technologies Past). These guys all invented something amazing, but nobody knows who these people are because they didn’t discover or even have the context that would have allowed their technologies to change the world.
There are also many examples throughout history where completely independent inventors have come up with the same idea nearly simultaneously (Gorman, 1998). These simultaneous inventions happens all the time but why? The explanation I like best is what the historian Thomas Hughes described as a Reverse Salient. “A salient is a protrusion in a geometric figure, a line of battle, or an expanding weather front. As technological systems expand, reverse salients develop. Reverse salients are components in the system that have fallen behind or are out of phase with the others” (Hughes, 1987). I believe that it’s these reverse salients that create an innovation vacuum that the leading researchers almost subconsciously rush to fill independent of each other. Or as John Campbell argues “Scientists and engineers, like everyone else, are influenced by their patrons and customers. The cultures of their communities thus affect the pace and direction of technological change.”
Pheww, well that puts it all in perspective right?
So, Robert (Rsnake), Jeremiah, and Billy, please, all of you, get back to innovating and discovering new context. The world is a better place when you are focused on that.
References and great reading
- Standage, R. (Jan 2005). “Tuning in Technology’s Past“, (MIT Technology Review, Online Article)
- Gorman, M. (1998). Transforming Nature, Chapter 3, Section 2 “Reverse Salients and Simultaneous Inventions“
- Campbell, J. (1996). “Perpetual Uncertainty” (Federal Reserve Bank of Boston, Online Article)
Blackhat 2007 July 29, 2007
Posted by erik in : security , 1 comment so farI’m about 24 hours away from making the yearly pilgramage to Blackhat in Las Vegas. This year is going to be a little different from last year. Yes SPI Dynamics has a booth and we are speaking again on the perils of the Internet but this time around we find ourselves in the middle of making a journey from SPI Dynamics to HP. For those of you who don’t know, HP announced their intention to purchase SPI Dynamics about 30 days ago. Over those past 30 days and well, many weeks before it was public it’s been an exciting journey. For me however it’s also one that started a little over 7 years ago when I learned of a company called Perfecto Technologies. I joined Perfecto shortly aftwards and the web application world has been my entire world since then. It’s now with a new excitement that I look around the corner on what will deffinitly be the start of an entierly new era. We find ourselves on a tipping point now and in the next 12 months this market will go farther than it has in the last 7 years.
So Blackhat is going to special this year, it’s a time to enjoy catching up with customers and friends in the community but also a chance to let loose just a little bit more than usual for me and the entire SPI crew, so if you see us, give us a shout and come join the fun.
See you in Vegas!
Blackhat August 12, 2006
Posted by erik in : General, security , 1 comment so far
I survived. Sleep was not an option.
This year’s Blackhat conference was the best event i’ll attend all year. It’s awesome to see a whole track of presentations dedicated to web application security which has only been my life for the past 7 years. The highpoints for me were the talks by Jeremiah Grossman & TC Niedzialkowski of WhiteHat Security on hacking intranets using JavaScript malware and of course the talks by Billy Hoffman and Bob Auger of SPI Dynamics (my company) where we brought attention to RSS issues, discussed new AJAX threats and presented analysis on web worms and viruses. The events during the day were awesome, the crowds were intense and for those who fought their way through them to our demo booth, we salute you.
I also spent a day wandering around DefCon, which is definitely a different vibe than BlackHat. Post-apocalyptic technologic organic anarchy comes to mind. I enjoyed wandering around, hanging out in the CTF room for a bit and browsing the shops, I didn’t get to see the talks I wanted to unfortunately. Despite all the technology IQ wandering around, event planning is a lost art at DefCon, you just have to go with the flow and I had a schedule to keep.
There was of course the fact that I was in Vegas with thousands of hackers and we were all hell bent on tearing up the town. After the sun went down the event parties kicked in. Leaving time travel for another time, I had to choose from many events, here are the reviews of the ones I attended.
Aug. 1st
Everyone… - Shadow Bar at Caesars
Ok, ok, this wasn’t an event party, but after getting off the plane, and checking into Caesars it was off to Shadow Bar, drinks were not free nor cheap (rough!) but the night was well spent seeing old faces and meeting a few new ones. Shadow was IMHO a nice way to ease into Vegas, no lines, simple atmosphere and dancers wearing next to nothing behind shadow curtains.
Aug. 2nd
SPI Dynamics - Tao Nightclub at the Venetian
I’d be pretty remiss if I didn’t go to my companies own party. Of course that means I can’t give a unbiased review, but I bet if you ask someone who was there, they will tell you it rocked! If you were there, add your comments and let people know what you thought.
Tipping Point - Body English at the Hard Rock
After all the fuss to get a pass, I didn’t go! Well I got my Tipping Point collectors key ring, maybe next year guys! Instead I headed over to…heck I really can’t remember…
Aug 3rd
Microsoft - the Pool at the Palms
Ok, despite the evil outdoor layout, the place was rocking. On arriving I ignored the “be careful around the pool warning” and I managed to step right into the crazy pool edges after receiving my first drink (damn sneaky 3 inch deep water “feature”!). I took my now soaked foot up to the SPI cabana, and quickly realized the amazing power of the dry Vegas heat to dry anything off in seconds. From there the drinks were flowing like water, the staff at the Palms was great and the Music was perfect. DJ Keith Myers rocks. Billy, thank you for his CD, I’m enjoying it right now.
Microsoft - After Party - RAIN at the Palms
The pool shutdown around 12:00, but with free entry into RAIN we decided to check it out. With fire shooting out above the dance floor so close I could have roasted marshmallows and a packed house I was impressed. Unfortunately there was some really annoying staff that kept on hitting people in the eyes with mag lights and overall RAIN was not the liquid experience I was hoping for. I bailed, and unfortunately a little too soon as KPMG showed up later and invited a bunch of the SPI folks up the VIP room. Next time, I’m listening to Caleb.
Aug 4th
Acuvant - The Foundation Room at Mandalay Bay
The foundation room is the best club I’ve ever set foot in, period. Members only, except for Monday nights, The foundation room is considered one of the most exclusive clubs on the strip. The entrance, which is a pretty non-descript, was guarded by one guy and a list (you are on the list right?). Once past the entry way you find your way to an elevator with one button. The ride to the top of Mandalay Bay is swift, and soon you find yourself standing in a club where no detail has been overlooked. Private rooms with a dark middle eastern flair, plenty of spaces to relax and enjoy on comfortable leather couches or just as many places to be in the thick of things in the main room, talking with friends and strangers near the bar or outside on the patio that overlooks the strip. The foundation room is not a simple club, it a complex experience. As the evening unfolded the hackers of Blackhat and the high rollers of Vegas mixed it up and shared stories. In between conversations on web application security with Jeremiah, Billy, TC, Rsnake, Arian, Bob, Matt, Caleb and others were amazing conversations with Vegas locals like Ed and Isaac about what really goes on behind the scenes in Vegas (I’m sworn to secrecy). Be careful if your taxi starts heading out the desert - you might not be coming back.
End of the Road
On the 5th we downshifted and slept in, had lunch and wandered around the strip. We did the tourist thing and watched the fountains at the Bellagio, shopped for friends back home and hit the road to the airport. It was a week spent to its fullest, any longer and I might have just spontaneously combusted. BlackHat, I’ll see you again next year.