Sunday, January 27, 2008

Recap: Schneier at Technology in Wartime conference

I spent yesterday at the Technology in Wartime conference at Stanford. I wasn't entirely certain what to expect. As a Chicago-area native living in Silicon Valley, my crowd here thinks I'm horribly conservative; my crowd back home thinks I'm shockingly liberal. Sometimes, a guy can't win for being a moderate, but hey...

All in all, the conference was *excellent*. I can't tell you the last time that I received that good of a value for $50--a docket filled with excellent speakers, great interaction, refreshments and lunch, and a cool t-shirt.

Bruce Schneier gave the keynote; I haven't seen him speak in a while, but I do keep up on his thoughts courtesy of his monthly Crypto-gram. While Bruce touched on many interesting topics, including the conviction in the Estonian cyberattacks, the most salient takeaway was the quote "automation separates skill from ability". I've never heard that succinct a definition of what script kiddies pull off, but that's precisely it. I look back to when the first tools for cracking WEP came into play; rather than having to figure out a complicated hack, the script kiddies of the world simply starting downloading WEPCrack and AirSnort and had at it.  While these types of tools are extremely beneficial for security auditors, they're unfortunately used more often for nefarious purposes.  However, script tools that provide this type of automation also compel programmers to do a better job of vetting their code and concepts, ensuring that over time, we end up with better and better options (e.g., WPA/WPA2 versus WEP).  So, maybe some good does in fact come out of script kiddie tools.

More on the rest of the conference later...

No comments:

Post a Comment