Black Hat!

I went to the Black Hat security convention this year in Las Vegas and attended nine talks. The tenth of the nine talks was the keynote of Alejandro Mayorkas, our (America's) Deputy Secretary of Homeland Security, at DEF CON which was titled "Working Together to Keep the Internet Safe and Secure" and which was an apologetic reaction to what he had experienced at Black Hat and an unabashed attempt to try to extend an olive branch from the government to the distrustful hacker community. The only specific idea that Alejandro suggested was to form an advisor board from the hacker community which could interface with our government. This seemed like a good idea to me. Alejandro had spoken at Black Hat and must have faced some abrasion as this talk seemed to be entirely about doing damage control. He acknowledged a woman in the audience sitting near me who had told him that Wassenaar (information sharing between nations on the distribution of arms to other nations) was a train wreck at Black Hat in trying to sight examples of the fact that the government was listening and wanted to listen to the hacker community. Alejandro acknowledged that a divide of distrust had grown between "the two groups" (government peeps and hackers) over recent years. He didn't mention Edward Snowden or Bradley Manning by name but clearly this was about the bigger picture they are a part of and the whole sense of 1984esque watching-over-your-shoulder ubiquitous gloom that is so much on everyone's mind. The government needs the trust of hackers and their embrace (patriotism) and such trust is not going to be rebuilt overnight. He asked that we start somewhere and try to find a place of acceptable risk within which to take a chance on being vulnerable and, thus, trustful. In the wake of this or perhaps just before, some of the DEF CON staff walked onto stage with him and told him that he had to have a shot of Jack Daniel's in front of the crowd as an initiation into DEF CON given that he was a first time speaker. Of course, given his tiptoeing and how-can-I-win-your-trust-pretty-please projections there was no way for him to say no. He negotiated that the shot be small and mentioned whatever party it was that he had to meet on official government business immediate after to try to rationalize the shot being small. He had a small shot of Jack Daniel's which may have been inappropriate as could be if he was working for the government officially in that moment. In return I will trust that the government did not hack my laptop while I was at Black Hat. There was a time, a few days earlier, when I jumped on Four Seasons' wireless which required no password for a moment to check email and when I did the command prompt's little black window on my laptop flickered open/closed twice before I powered my laptop off in reaction. I'm going to have faith that this wasn't Uncle Sam Mr. Mayorkas. At the end of the talk, when he took questions, a member of the audience tried to get Alejandro to denounce the imposition of backdoors asserting that it was stupid for commerce. This was a theme I saw at Black Hat. No one likes the backdoors and the golden keys. Alejandro said that he knew what the problem was with respect to the threat of terrorists and that he did not know what the solution was. He did not denounce the backdoors and the crowd did not boo him either. I guess he did OK. So what is Black Hat? I once had a coworker give a presentation on the six thinking hats which Wikipedia describes like so:

1. Managing/Blue what is the subject? what are we thinking about? what is the goal?
2. Information/White considering purely what information is available, what are the facts?
3. Emotions/Red intuitive or instinctive gut reactions or statements of emotional feeling (but not any justification)
4. Discernment/Black logic applied to identifying reasons to be cautious and conservative
5. Optimistic Response/Yellow logic applied to identifying benefits, seeking harmony
6. Creativity/Green statements of provocation and investigation, seeing where a thought goes

...but black here goes just back to black versus white thematic good versus evil I think. There used to be a separate White Hat convention (I've heard) for the security professionals and then Black Hat was an independent convention for the hackers they tried to keep out, but they got combined into one annual event. I have always heard stories, and now, I've been. As mentioned, there were another nine talks I saw and if you'll be patient I'll type up blog postings for all of them.