* subscribe at http://techPolice.com Security showdown: Black Hat vs. Def Con By Robert Lemos, ZDNN July 11, 2001 4:38 AM PT Las Vegas plays host to two separate security conferences this week--one for people who guard computer systems, another for those who break into them. System administrators and hackers, CIOs and script kiddies will all gather in the desert to trade information, swap stories and take each other's measure. At the Black Hat Briefings security conference Wednesday and Thursday at Caesar's Palace, security experts will teach network administrators and information-technology managers how to protect their critical systems. Yet starting Friday, hackers become ascendant at Def Con, with many from the underground culture coming out into the hot Las Vegas sun to trade code, learn new tricks, and, in some cases, finally meet in real life. "They are very different conferences," said Scott Culp, security-program manager for Microsoft, who plans to attend Black Hat but not Def Con. "Def Con is very focused on attacking systems, while Black Hat is focused on defending them." Microsoft tests the wind yearly at Black Hat to see what security threats system administrators are most worried about, Culp said. Last year, the major worries were the virulent spread of worms through e-mail and the high cost of properly managing security. In response to hearing such worries at Black Hat and other conferences, Microsoft focused more heavily on getting the bugs out of its own programs, announcing its "war on hostile code" in April. Don't expect any panacea for the high-tech world's security woes, however. "If you're looking for a killer technology that has radically altered the security landscape in the past year, it's not there," Culp said. "Security is about banging out incremental improvement every day." The flip side of the security coin shows up at Def Con. While the past few years of media frenzy surrounding hackers has caused the crowds to swell at the conference, actual hackers still do show up, said Jay Beale, security team director for Linux-software maker MandrakeSoft. "Def Con just mirrors the population of hackers in general," he said. "The bulk are just script kiddies, but there is some small portion that really know what they are doing." With its "capture the flag" contest, where teams of attackers try to crack a handful of servers set up for the tourney, Def Con is a big game for some. Others barely attend the conference, meeting in rooms behind closed doors to swap information and finally chat in real life. But while there are two distinct conferences, the attendees have a lot in common. Some system administrators come early to Black Hat to attend seminars including "Ultimate Hacking!" a two-day course that teaches them to hack their own systems, the idea being that knowing your own weaknesses is the best defense. Others officially attend Black Hat on behalf of their company then stay on to meet the other side at Def Con. In the end, the worst thing about the conferences may be that security and hacking have become too popular, Beale said. "The only complaint I have is that there are too many people who know about it at this point," he said. ============================================================ Get FREE business cards for your business or personal use! VistaPrint.com is giving away 250 full color business cards - an $85 value. Claim this unique FREE gift now! http://click.topica.com/caaacASb1dhr0b2EDp2f/VistaPrint ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email To: [EMAIL PROTECTED] This email was sent to: archive@jab.org T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
