Social Network For CISO (Chief Information Security Officers)
Just had a hectic week at Defcon and Blackhat. Defcon is the largest gathering of hackers (and those interested in hacking) in the world. In the 22nd edition of the event there were nearly 15000 people from across the world who visited Vegas for Defcon.
I had been visiting both of these events for last several years. I believe I am more of a builder than a hacker but still this is one of the event which draws me every year. It is a great way to keep an eye of what's happening in the world of hacking and provides some valuable insights on how tomorrow could look like.
So here's the top things that I noticed in Defcon 22.
Hacking IOT (Internet of Things) is easy
It seems that the hackers found the sweet spot in breaking the internet of things. Security researchers demonstrated how several products like Google Nest, Dropcam, Elevators, Cars etc can be hacked. The attack techniques are not really new. It's the same old tricks on new set of devices. There is one hard part though- that's interacting with some of the devices. As an example, analyzing the attack surfaces of the car and building the right interfacing mechanism is an one-time hurdle. After that you may use all standard attack techniques.
Operating Systems are hard to hack
There had been relatively lower number of attacks on operating systems. It is evident that the OS is getting tougher to exploit. The OS vendors have done a decent job in making things tougher for the hacker.
Few (if not none) new attack techniques
There are lots of hacks demonstrated. However most, if not all, are old techniques. There had been no new "class of attack" discovered. At least I did not attend any such talks.
Mainstream computer science and maths researchers getting into hacking
There had been some talks on maths, machine learning and data mining. This is not very common at Defcon. This is a welcome change. More number of persons with strong maths and science skills are getting into hacking. There had been a decent rift between the computer science (theoretical) enthusiasts and the hackers in past which seems to be getting bridged slowly.
Strong dissent against government spying and privacy violations
There had been a good number of talks on how to detect if you are being spied upon or how to be anonymous on the internet. There is also a very high degree of dissent against the FEDs and government violating privacy.