« Internet Lawyer: Dismissal of MySpace Criminal Case | Main | Internet Lawyer: $675,000 Copyright Infringement Judgment »

July 27, 2009


You've outlined current DEFCON policies, procedures, and culture with which you take issue. You've also listed some remedies that you think will move DEFCON away from being "an unacceptable risk to society."

I didn't come away with any sense of what would change, even if DEFCON restructured itself. It would just be friendlier to a particular segment of attendees.

Mr Dozier, will you be in Las Vegas later this week? I can introduce you to anyone you'd like a meaningful conversation with.

Frank, thanks for your thoughts. This is the effect of what I am suggesting as a starting point. Removing anonymity is a first step towards accountability. And that alone will discourage the scofflaw attendees from showing up. Show respect for the rule of law by welcoming law enforcement and not violating state and federal hacking laws or encouraging others to do so under a guise of "research". Welcome the press into the fold in any way they see fit without mandating a "press credential" to be worn as a scarlet letter to incite contempt and ridicule and preclusion. And bar the crooks, thieves, and scofflaws from the premises. That's what I am suggesting as a starting point. At least it shows some good faith. Does it solve all the problems? No. But it is a start in the right direction.

Mr Dozier,

If I may be so bold as to suggest that the entire point of Defcon has always been a neutral ground of both good guys and bad guys. Don't underestimate the amount of valuable intel gleaned by good guys into the mind and tool set of the bad guys. Whether admitted or not, defense is reactive by definition. So in order to be more proactively defensive, intel must be gathered. What better way than to bring them all together. You must understand that it is widely speculated that this is the very reason our own government may have provided the initial funding for the conference in the first place. When your enemy is hidden all over the place, bring them together in the open, observe and you will understand them...

Zack: I understand the value of the good guys/bad guys approach in staying on the leading edge of developments, techniques and tactics. But there needs to be some balance. While government infosec types learn how to better execute and defend a cyberterrorist attack, DEFCON is educating scofflaws on how to ruin small businesses in minutes. I'm putting an audio up on our website shortly from a speech an infosec executive and I gave to Internet Retailer attendees in June. The solution is about striking a balance, and if a comfortable accommodation cannot be reached, finding an alternative approach for sharing knowledge and information away from the public eye.

Mr. Dozier,

If you have an opportunity, please come to Defcon. You might learn that there are other reasons than the ones you blow out of proportion in your article.

1) You state that your website "came under attack" last year and that was in retaliation of some article. Do you have any proof of this? Or are we supposed to take this as gospel because you say it?

2) You reference the incident where a female reporter tried to break the RULES of Defcon, and was caught and vilified. Yes, Virginia, there are RULES at Defcon.

3) You mention the talk (that was canceled due to lawyers chest thumping) that show the weaknesses of the Boston transit system, and don't reference the WHOLE story, that the Boston Transit System was notified of the weakness and refused to address it.

4) You state, "There is even an annual game for embarassing the federal authorities in attendance", when it fact, it is NOT to embarrass them, it is to see if someone can spot a Fed. The "Fed" is given a chance to decline to be publicly named, and all law enforcement personnel are treated with the utmost respect.

5) Because you haven't and don't plan on attending, you really have NO idea of the information exchange, the dynamics of what this type of conference brings the entire community, and why there are MORE Professional Security people at Defcon than there are at BlackHat.

What about Johnny Long and all the good things that go on at Defcon?

You ignore the talks such as:
Effective Information Security Career Planning - How to further your Career

Defending Yourself @ DEFCON - How to protect yourself while at Defcon

DC Network Session - Learning how to build a network to hold up to Defcon

Perspective of the DoD Chief Security Officer - Mr. Lentz, a Deputy Assistant Secretary of Defense in both the Bush and Obama administrations.

H*cking the Wiimote and Wii Fit to Help the Disabled - Don't tell me you don't like people with Disabilities...

Q & A with Bruce Schneier - do you know who Bruce is?

Meet the Feds 2009 - An entire panel of Feds, who WANT to be there, and expose themselves (figuratively you perv), to the Defcon attendees.

I would like to invite you out to Defcon, I'll even pay for your entrance. You need to experience it first hand to truly understand the purpose, people, and knowledge that is shared by the community.

Take a real look at the convention and stop being an Internet Troll. Read the actual content, http://defcon.org/html/defcon-17/dc-17-schedule.html.

As respectful as I care to be.

And yes, this is my real name.

All of the information presented at the conference is available for free, via the Internet, during or shortly after the convention. Anyone can download it or use the tools published at the convention, without using a real name, regardless of their intent or industry. How would changing Defcon to hold attendees more 'accountable' really protect anyone?

The reporter that was "Outed" Refused press badges and credentials. If you are advocating people should play by the rules & go Legit, that isn't a good example of why. That reporter clearly wasn't playing by the rules and suffered the consequences of her actions. Her Employers even had a history of Chasing down people in the same manor.

Also, you should fact check your posts. Room rate is 89/night not 109/night. Little thing, but is also one of the first things yous see when you look at the defcon page, and lessens your creditability in regards to this article. (Think I'm wrong on that? Think about how a judge would view you getting provable facts wrong. You're a lawyer shouldn't be to hard for you to answer that.)

You know what the problem is with the internet ... too many lawyers! Seriously, how can one just sit on the sidelines and act as if they have some notion as to what is going on at an event, but never attend. At the end of the day, I view this article as just another part of the DHS paranoia machine that thinks we are all better off with more government and handing over more control to others. Sorry, but I do not trust the government or lawyers ... I guess we all know where we stand (FYI - I use to work for the government ... I guess I joined the 'darkside' out of frustration with fools and bureaucrats .. and NO, I do not do illegal activities - it is morally and ethically wrong!)

I agree with Zack, and to advance the discussion further - the research that is presented at these conferences is only a very small part of the overall security research being conducted by criminal elements. If there was no public forum for this information then it would stay unknown and therefor small businesses would have no way of protecting themselves out of a lack of information.

I would personally love to see governments sponsor these types of events for this reason alone - but in the private sector it is the responsibility of the organizations to ensure they are able to digest the information into meaningful intelligence to protect themselves. The only way to get this information is to hire advice from blackhats - or hire advice from well-informed whitehats who are the majority of the people attending the conferences.

Away from the public eye means secret and secrets make us less secure as a whole.

The comments to this entry are closed.