Digg this story   Add to del.icio.us  
My first RSA Conference
Kevin Mitnick, special to SecurityFocus 2001-04-30

Ten thousand attendees, 250 vendor booths, and, still, something was missing.

The annual RSA Conference is noted for being the largest data security and cryptography conference in the world. It's the place the most respected cryptographers and security professionals in the industry gather to share their knowledge and experience. But I still found it incomplete.

The 2001 conference, held earlier this month in San Francisco, was my first RSA -- I was there as a guest of the fine security vendor Authentify, Inc. My first impression of the conference was made at the opening session, where rocker Pat Benatar belted out a live parody of her hit song "Heartbreaker." The title of the new song: "Codebreaker."

You're a Codebreaker
Crash Maker, File Taker
Don't you mess around with me...

Aside from the entertainment value, I was impressed with the sheer size of the conference. It's clear that the last six years have seen tremendous growth in the information security space. Literally. There were over 10,000 registered attendees, and Moscone Center's cavernous exhibit halls became a dizzying 250-ring circus featuring seemingly every security act in Creation, from Acotec to ZixIt.

Having once been banned from the 1991 DECUS conference in Las Vegas solely based on my reputation as a hacker (and my forays into DEC's Easynet), I know the feeling of being unwelcome. So I was pleasantly surprised to find most of the attendees friendly and respectful. It was good to reintegrate myself back into the computer security business without much resistance.

A lot of attendees didn't even recognize me. While waiting for a session on computer viruses to begin, I was listening to a conversation between two men seated next to me. When I glanced down at one person's badge, it said "FBI, Special Agent" right below the name. It was amusing for me to end up eavesdropping on a couple of FBI agents who were clueless to my identity. Or were they?

The Bold and the Badgeless
But when all is said and done, there was something missing from the conference. No sessions were offered covering physical attacks or social engineering. You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.

The world's largest security conference should have offered a session that discussed these types of attacks, if nothing more than to raise awareness.

For the most prestigious security conference in the world, I was also surprised by the lack of physical security for the exhibit hall itself. While waiting for my contact person to arrive, I decided to take a stroll to locate Authentify's booth. The hall was closed to everyone, with the exception of staff setting up the exhibits. Although I was wearing no form of identification (such as a exhibitor's badge), I managed to gain access into the exhibit hall on two occasions without being questioned. I walked around for a good half hour before even locating the booth.

No one thought to ask me what I was doing there while walking around with no badge. Anyone else could have walked off with an executive's laptop or PDA without being noticed. You would think with tens of thousands of dollars worth of computer equipment and technology lying around, and the nature of the conference itself, that the exhibit hall wouldn't have been so vulnerable.

What new security technologies will be marketed as the killer-app at next year's RSA Conference? This year, deployment of public key infrastructures (PKI) dominated the scene. But while PKI technology may reduce the risk of hacker attacks, it's not a silver bullet. If your goal is to protect your network, you can not rely on technology alone.

    Digg this story   Add to del.icio.us  
Comments Mode:
RSA Conference 2K++ was pretty bad 2001-04-30
ltlw0lf <ltlw0lf (at) home (dot) com [email concealed]>
Kevin to the rescue...... 2001-04-30
Charles Hutson (4 replies)
Kevin to the rescue...... 2001-05-01
ltlw0lf <ltlw0lf (at) home (dot) com [email concealed]> (1 replies)
Kevin to the rescue...... 2001-05-01
Charles Hutson (3 replies)
Kevin to the rescue...... 2001-05-01
ltlw0lf <ltlw0lf (at) home (dot) com [email concealed]> (1 replies)
Kevin to the rescue...... 2001-05-01
Charles Hutson (1 replies)
Kevin to the rescue...... 2001-05-03
ltlw0lf <ltlw0lf (at) home (dot) com [email concealed]> (1 replies)
Kevin to the rescue...... 2001-05-06
Charles....
Kevin to the rescue...... 2001-05-01
SHad0w
Kevin to the rescue...... 2001-05-01
To Charles (1 replies)
Kevin to the rescue...... 2001-05-03
C. Crunch
Kevin to the rescue...... 2001-05-06
Graham Rose
Re: Kevin to the rescue...... 2005-11-02
Anonymous
Conference Security 2001-04-30
abnelson (at) estec (dot) com [email concealed]
Charles Hutson 2001-04-30
dp (1 replies)
Charles Hutson 2001-05-01
elliptic
He IS right 2001-05-01
Charles Hutson (1 replies)
He IS right 2001-05-02
elliptic
Good SANS Conference Security 2001-05-01
Charles Hutson (1 replies)
Good SANS Conference Security 2001-05-01
Mark Davis, CCNA (1 replies)
Good SANS Conference Security 2001-05-04
Hazmat (1 replies)
Good SANS Conference Security 2001-05-04
Response to Hazmat's comments
Olé Kevin ! 2001-05-06
picardos (at) teleline (dot) es [email concealed]


 

Privacy Statement
Copyright 2010, SecurityFocus