May 8, 2024
Black Hat/Def Con meetings
Black Hat/Def Con meetings highlight role for hackers in federal policymaking
The Black Hat and Def Con meetings Aug. 7-11 in Las Vegas brought together hackers, cybersecurity professionals and federal policymakers to discuss some of the biggest challenges facing the nation's digital economy and infrastructure, including securing software and disclosing vulnerabilities, threats from foreign adversaries and cyber criminals, and ensuring the security of elections and democratic institutions. This special report provides access to our complete coverage from the meetings, where the hacking community was encouraged by lawmakers and other federal officials to get more involved in policymaking affecting development of 5G networks and the Internet of Things, among other issues.
White-hat hackers explore a growing role as technology and policy domains collide
LAS VEGAS. Def Con 27, which wrapped up here Sunday, was true to its roots as a hackers’ conference replete with hands-on workshops, technical briefings and contests, but many of the 30,000 attendees also flocked to the public policy sessions and were beseeched to dive into the political domain.
Wanted: ‘Public-interest technologists’ to inform raging debates on cybersecurity policy
LAS VEGAS. Technologists are the missing voice in cyber policy debates on issues ranging from encryption to supply-chain security, says Bruce Schneier of Harvard Law’s Berkman Klein Center for Internet and Society, who made several presentations here calling for development of a robust “public- interest technologist” community to help shape laws and rules for this technology century.
Official: CISA well-positioned for role on election-system vulnerability disclosure
LAS VEGAS. DHS’ cyber agency is eager to play a role ensuring election-system vulnerabilities are reported and fixed, the department’s vulnerability disclosure lead said, while urging vendors and researchers to collaborate on this critical national security issue.
State officials to Congress: Send more money for election-security efforts
LAS VEGAS. As Congress debates whether state and local governments need more funding for election security, the answer was a no-brainer for the election officials gathered here for Def Con, who cited intense resource needs even as they take aggressive and innovative approaches to securing the vote.
Wyden rallies Def Con in speeches chastising telecom sector on privacy, Sen. McConnell on elections
LAS VEGAS. Sen. Ron Wyden (D-OR) delivered a scathing review of FCC Chairman Ajit Pai and the telecom sector on privacy and data security before an enthusiastic Def Con audience, hours after urging the white-hat hacker community to help overcome Senate Majority Leader Mitch McConnell’s (R-KY) roadblock on election security legislation.
Rep. Swalwell summons cyber community to ambitious ‘Manhattan Project’ on secure voting
LAS VEGAS. Rep. Eric Swalwell (D-CA), who put cyber and technology at the heart of a short-lived presidential bid, challenged techies at Def Con here to help develop a “mobile secure, auditable voting platform” through a “Manhattan Project to secure the vote.”
Sen. Wyden calls on ‘white hat’ cyber community to mount grassroots campaign for election security
LAS VEGAS. Noting that “one percent of the United States Senate is here today” at the Def Con conference, Sen. Ron Wyden (D-OR) sought to enlist the “white hat” hacker/researcher community as a force multiplier to prod Majority Leader Mitch McConnell (R-KY) for action on election-security legislation.
DHS’ Krebs: Def Con initiative could reach new communities with conduit for vulnerability disclosure
LAS VEGAS. Def Con, the massive annual white-hat hacker conference here, is working with the Department of Homeland Security and others on creating a vulnerability disclosure conduit for bug hunters uncomfortable dealing directly with the government, Black Hat/Def Con Founder Jeff Moss and DHS cyber chief Christopher Krebs said at an opening panel today.
Current, former lawmakers urge ‘hacker’ community to engage with Congress
LAS VEGAS. Two leading congressional voices on cyber and a prominent former lawmaker said there is plenty of unfinished business on elections and other cybersecurity issues languishing on Capitol Hill and urged participants at the Def Con conference here to get involved.
New report describes acute threat from criminal cyber actors in Russia
LAS VEGAS. A new report by cyber firm IntSights on the dark web in Russia describes an advanced criminal hacking community in Russia and the Commonwealth of Independent States that operates with impunity -- as long as it's attacking abroad and steering clear of Russian government and industry targets.
Researcher details how GDPR, privacy laws can be manipulated for identity theft
LAS VEGAS. A PhD researcher at Oxford University has discovered a seam in how companies are complying with the European Union’s General Data Protection Regulation, allowing him to assume the identity of his girlfriend and access her data often with little pushback from data controllers for hotels, educational services, retailers and others.
Leading figures offer ways to assess effectiveness of Trump’s aggressive cyber deterrence strategy
LAS VEGAS. Two leading cybersecurity strategists are offering tangible ways to assess whether the Trump administration’s embrace of offensive cyber actions as the linchpin of deterrence actually “makes things better or worse” for the nation in cyberspace.
CISA chief Krebs to speak on vulnerability reporting at Def Con
DHS Cybersecurity and Infrastructure Security Agency Director Christopher Krebs will be speaking on reporting cyber vulnerabilities to the government at the Def Con meeting in Las Vegas on Friday, the agency announced today.
Commerce’s Friedman says ‘champions’ can promote software bill of materials, avoiding regulation
LAS VEGAS. Draft documents are coming in weeks from a Commerce Department-led “software bill of materials” initiative, according to project leader Allan Friedman, who says this “why and how” stage should move quickly into a “turn-key” phase of raising awareness and actually putting the SBOM concept into practice.
New NSS Labs analysis shows ‘technology suites’ can meet claims of enhanced protection
LAS VEGAS. A new report by the cyber testing firm NSS Labs finds that cybersecurity products bundled by vendors into “suites” of services can provide enhanced protection against increasingly sophisticated attackers.
Public-advocacy groups make ‘toughest job you’ll ever love’ pitch to technologists
LAS VEGAS. Demand is growing at public-interest groups and in academia for technologists to help these organizations take on the cyber-related policy challenges they increasingly face, according to a Wednesday panel here at Black Hat.
Black Hat keynoter: If cybersecurity is everyone’s job, what’s the security team’s job?
LAS VEGAS. Black Hat kicked off here with a keynote by Dino Dai Zovi -- the mobile security lead at Square -- and with a record 20,000 participants expected to attend the two-day conference.
Lawmakers in Vegas for 'crisis simulation'; software, IoT on conference agenda
Internet of Things security, election hacking, a “software bill of materials,” cyber insurance and deterrence are among the policy issues on the agenda at the annual Black Hat and Def Con “hacker” conferences this week in Las Vegas, along with plenty of discussions on what the cyber pros and researchers are seeing and doing on the battlefields of cyberspace.