You can read plenty of other blogs about some of the great presentations at Black Hat.  So I thought I would take another angle and talk about some of the other stuff that may be important to you.

1.  secure@microsoft.com – This years hottest party was again the Microsoft party.  This year it was at the LAX club in the Luxor.  As usual there were quite a number of people at the door who thought they could talk their way in or worse yet were told they “were one the list”.  I was happy to be able to go and saw many of the usual suspects there as well. I had to leave the party early to go catch my red eye flight home, so went right to the airport from the party.  As I wrote earlier, Microsoft is trying really hard on security.  But I couldn’t help but notice the irony of this grainy, lousy picture of the DJ booth at the party.  If you can, notice the computers that the secure@microsoft.com DJs are using. That’s right they are Macs!

2. A new low for booth babes – What would a Shimel review of a trade show be without a booth babe rant.  Hey I recognize it is Vegas and all, but EdgeOS went way over the line this year.  A booth babe dressed as a Las Vegas showgirl or some other type of costume makes a statement.  I personally don’t like exploiting woman to make that statement, but I understand.  However, these guys had woman who were dressed so raunchy and classless, that I could not bring myself to post a picture of them.  Come on guys!  You want to resort to the booth babe thing (and BTW I think the Black Hat crowd does not respond to that), at least have a little class.  These girls looked like street walkers and do you and your company no favors.  Is that really the image you want to promote?  Grow up!

3.  The Security Bloggers Network – We are back!  With the end of the Black Hat show, the SBN is going back to being the SBN.  The old logo is back and our promotion with Black Hat is at an end.  However, I want to personally thank so many of you SBN members who blogged about Black Hat.  The Black Hat marketing folks made it a point to come over to me and thank us for the overwhelming support and help of the community.  Our network delivered big time with them and they are already thinking about ways we can work together next year.  I will keep you all posted on that.

We have several new promotions we are working on with the SBN and will have more on that soon. Also, we learned some valuable lessons.  Next time we will work with the network members more closely in doing these affiliations.  Also, for any show like this we need to have an official bloggers get together.  Not because we don’t want to buy our own drinks (thanks to Chris Hoff for doing more than his share in picking up a big bar tab), but frankly we need to reserve a place that has enough space for us.  Security bloggers are big time. We have a great community of people who get together. Lets make it better.

I have some other ideas around the SBN I am working on too and want to form a committee to help. If you are a member and want to get involved, please drop me a line or comment.

Anyway, another year of Black Hat is in the books. It was a good one and I can’t wait until next year!

Let me run with the pack and put up my own "off to Black Hat" post.  I leave Tuesday actually and won't get there until Tuesday evening.  I will be on a red eye home Thursday night/Friday morning.  In this way I don't break my own three day rule on Vegas.  What is my three day rule?  Suffice to say that it prevents me from spiraling down into the bowels of degeneracy.

So what am I looking forward to at Black Hat?  The Dan K / DNS stuff should be fun.  I will be cheering on my boy Hoff and I always sit in on Jeremiah.  But lets face it, I am there for the party and catching up.  I am looking forward to throwing a few back with Rothman.  Seeing Martin, Mogul and the rest of the bunch.  There are always good parties of course and free drinks and food never hurts.

Of course I will also spend some time at the StillSecure booth shaking hands and kissing babies.  If you would like to say hello feel free to stop on by.

Also, a quick thanks to all of the members of the SBN for their support on our Black Hat affiliation.  The last few weeks have seen a bunch of blogs raising the buzz on the conference.

Let me run with the pack and put up my own "off to Black Hat" post.  I leave Tuesday actually and won't get there until Tuesday evening.  I will be on a red eye home Thursday night/Friday morning.  In this way I don't break my own three day rule on Vegas.  What is my three day rule?  Suffice to say that it prevents me from spiraling down into the bowels of degeneracy.

So what am I looking forward to at Black Hat?  The Dan K / DNS stuff should be fun.  I will be cheering on my boy Hoff and I always sit in on Jeremiah.  But lets face it, I am there for the party and catching up.  I am looking forward to throwing a few back with Rothman.  Seeing Martin, Mogul and the rest of the bunch.  There are always good parties of course and free drinks and food never hurts.

Of course I will also spend some time at the StillSecure booth shaking hands and kissing babies.  If you would like to say hello feel free to stop on by.

Also, a quick thanks to all of the members of the SBN for their support on our Black Hat affiliation.  The last few weeks have seen a bunch of blogs raising the buzz on the conference.

Braving the Cold (Boot) – A Sneak Peek of My Presentation at Black Hat

by Patrick McGregor

Cold boot attacks aren’t theoretical academic exercises. Cold boot attacks are real. And they’re serious.

In the past few years, companies have poured hundreds of millions of dollars into full disk encryption technologies. Companies expect full disk encryption to reduce the risk of exposure of sensitive information such as intellectual property or customer data. Reality often deviates from what is expected, however. Researchers from Princeton shocked the industry earlier in 2008 when they released a research paper that showed that low-cost “Cold Boot” attacks could be used to defeat the security of most full disk encryption systems. They recently even published all the tools needed to do this at home!

Some have argued that Cold Boot attacks are not serious security threats. I disagree! First, an unskilled person can capitalize on the exploit using simple, automated steps and publicly available tools. In fact, Cold Boot attacks require nothing more than plugging a USB drive into a laptop. Second, the physical target of a Cold Boot attack, such as a laptop, is very easily obtainable (see the recent Ponemon report on laptops lost/stolen in airports – scary!). Third, although many laptops and desktops are stolen via random acts of theft, it is well known that some criminals profit from organized, calculated data theft. It is only a matter of time before we hear of a high-profile data breach that results from a simple Cold Boot attack.

I am excited to present at Black Hat several innovations for preventing Cold Boot attacks. In addition to summarizing how a Cold Boot attack works, I’ll describe four new software techniques for hardening full disk encryption against the attacks. The software technology was developed by myself, Tim Hollebeek, Alexander Volynkin, and Matt White. All of us work for BitArmor, an exciting security startup based in Pittsburgh. Here’s a sneak peek:

· Wash up: Wipe keys immediately before certain OS state transitions, such as before the computer shuts down or goes into hibernation mode – accessing the memory will yield nothing.

· Take advantage of BIOS memory smashing: By strategically placing keys in certain regions of memory, we can rely on the BIOS boot process to overwrite keys before any operating system can dump the contents of memory.

· Is it chilly in here?: Using built-in temperature sensors, we can lock down the system in reaction to temperature drops that may indicate a Cold Boot attack is in progress.

· Create a virtual enclave for keys: We can implement special cryptographic, OS and processor architecture techniques to provide robust protection for keys against the most aggressive cold boot attacks. By creating a “virtual secure enclave” for encryption keys in software, an attacker cannot extract critical keys from memory – even if the RAM is super-cooled.

Hope you can join us at Black Hat as we take an in-depth look at the future of full disk encryption technology.

I started blogging about 2 and half-years ago because I felt like it would be fun to add my two cents to the public debate.  When Brad Feld introduced me to the Feedburner guys I was given an insiders view into the quickly developing blogging world.  When Feedburner started networks, I thought it would be interesting to start a network of all the security blogs that I was reading.  I also inherently knew in my gut that eventually there would be some common good that would benefit all of the members of the network by aggregating our content and buying power for ads. I also believed and still do believe that there are other ways that a network such as the Security Bloggers Network can be a force for good.

However, reading the SBN feed tonight I was just blown away! From being on the road, I had not read the SBN feed in my Newsgator reader for almost 2 days.  I had over 160 articles cued up in the feed.  Forget for a moment that the Security Bloggers Network now has over 160 blogs and a combined feedburner subscriber base of almost 67,000 readers!  The content is king.  Going through the articles I could not believe the total coverage, the ongoing commentary and give and take, but most of all it was the quality.  There are so many great members of the network who are just so damn smart and are writing about such important stuff.

I am humbled and incredibly proud of the what the Security Bloggers Network has become. If you are interested in security, whether it be the technical aspects of security, the business of security or the security industry, you cannot afford to miss this SBN feed. 

We are kicking around a lot of new activities and ways to publicize the member blogs of the network over the coming months.  Stay tuned for details, but in the meantime keep reading, you won't be sorry!

I started blogging about 2 and half-years ago because I felt like it would be fun to add my two cents to the public debate.  When Brad Feld introduced me to the Feedburner guys I was given an insiders view into the quickly developing blogging world.  When Feedburner started networks, I thought it would be interesting to start a network of all the security blogs that I was reading.  I also inherently knew in my gut that eventually there would be some common good that would benefit all of the members of the network by aggregating our content and buying power for ads. I also believed and still do believe that there are other ways that a network such as the Security Bloggers Network can be a force for good.

However, reading the SBN feed tonight I was just blown away! From being on the road, I had not read the SBN feed in my Newsgator reader for almost 2 days.  I had over 160 articles cued up in the feed.  Forget for a moment that the Security Bloggers Network now has over 160 blogs and a combined feedburner subscriber base of almost 67,000 readers!  The content is king.  Going through the articles I could not believe the total coverage, the ongoing commentary and give and take, but most of all it was the quality.  There are so many great members of the network who are just so damn smart and are writing about such important stuff.

I am humbled and incredibly proud of the what the Security Bloggers Network has become. If you are interested in security, whether it be the technical aspects of security, the business of security or the security industry, you cannot afford to miss this SBN feed. 

We are kicking around a lot of new activities and ways to publicize the member blogs of the network over the coming months.  Stay tuned for details, but in the meantime keep reading, you won't be sorry!

A blog with one of the biggest followings on the SBN is the GNUCitizen blog. Today in a post called "Fear" the author states, "The entire information security industry today is based on fear." He then goes on to say, "This is what gives security vendors the power to sell you useless products which you don???t really need."  So of course I don't agree with the later statement, not all of those products are useless, but is it really fear that is motivating buyers?

Fear of what is a good first question. The blog post talks about fear of being hacked, fear of harm to reputation.  To that we can add fear of jail or fines and by doing so cover the compliance issue. So yeah, at first blush it does appear that fear is the prime motivator in security.  But think a bit deeper on this and you come to the conclusion that fear is a primary driver for so much of what we do besides security.  Fear of failure, fear of loss, fear, fear, fear. Is there anything besides fear that motivates people?

For me it comes down to the carrot or the stick.  The carrot being the reward.  So making money or however you measure success is certainly motivating.  The stick is failure.  Their are consequences of failure.  But really isn't success and failure two heads of the same coin.  Aren't the rewards of success and the consequences of failure a Zoroastic type of Yin and Yang? 

So if in the final analysis, success and failure are intrinsically linked. There really is nothing wrong with saying security sales are motivated by fear, because by the same token they are motivated by success.  Now as to useless security products, lets discuss that a bit later. All of this philosophy is hurting my head.

A blog with one of the biggest followings on the SBN is the GNUCitizen blog. Today in a post called "Fear" the author states, "The entire information security industry today is based on fear." He than goes on to say, "This is what gives security vendors the power to sell you useless products which you don’t really need."  So of course I don't agree with the later statement, not all of those products are useless, but is it really fear that is motivating buyers?

Fear of what is a good first question. The blog post talks about fear of being hacked, fear of harm to reputation.  To that we can add fear of jail or fines and by doing so cover the compliance isssue. So yeah, at first blush it does appear that fear is the prime motivator in security.  But think a bit deeper on this and you come to the conclusion that fear is a primary driver for so much of what we do besides security.  Fear of failure, fear of loss, fear, fear, fear. Is there anything besides fear that motivates people?

For me it comes down to the carrot or the stick.  The carrot being the reward.  So making money or however you measure success is certainly motivating.  The stick is failure.  Their are consequences of failure.  But really isn't success and failure two heads of the same coin.  Aren't the rewards of success and the consequences of failure a zoroastic type of Yin and Yang? 

So if in the final analysis, success and failure are intrinsically linked there really is nothing wrong with saying security sales are motivated by fear, because by the same token they are motivated by success.  Now as to useless security products, lets discuss that a bit later.

This post is intended to member of the Black Hat Bloggers Network and others who blog on security.  When we announced our affiliation with the Black Hat folks, we said that between now and the show in August we would pick topics of interest tied to presentations at Black Hat for us to "shine a light on".  With over 150 blogs in the network, if even a small percentage of us write on one particular topic that should be quite a concentration.  I am looking forward to see the many different tangents our members will take these topics. 

Our first topic comes to us from an SBN member who will be presenting at Black Hat. It is one of our resident big brains, Chris Hoff talking about virtualization and security. I asked Chris to give me a quick write up on what he is presenting and here it is:

This talk will clearly demonstrate that unless we radically rethink our approach, the virtualization security apocalypse is nigh!

• Some security things you do today are perfectly reasonable and work well in virtualized environments, others simply don???t work at all
• Virtualized Security can seriously impact performance, resiliency and scalability
• Replicating many highly-available security applications and network topologies in virtual switches don???t work
• Monolithic security vendor virtual appliances are the virtualization version of the UTM argument
• Virtualizing security will not save you money, it will cost you more

You can read more on this at Chris's blog here. So bloggers here is the deal.  You have what Hoff thinks, what do you think.  Wrap your heads around virtualization and security and lets hear what you have to say.  We will all be reading!  ON YOUR MARK, GET SET, BLOG!