Feeds

Security bods boycott DEF CON over closed door for feds

'Hey, if you're just here for interest, don't consider yourself a Fed!'

Secure remote control for conventional and virtual desktops

At least one group of researchers is pulling out of DEF CON in protest at the decision to tell federal agents to stay away from the annual hacking convention.

Jeff Moss, the US government security advisor who founded the DEF CON and BlackHat, urged federal agents to stay away from DEF CON in Vegas next month. G-Men were unwelcome because of the recent revelations about wholesale surveillance on US citizens by the NSA, Moss (AKA @TheDarkTangent) said in a post on the official DEF CON website.

"When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship," Moss said. "Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year."

It's unclear how effective the request will be. Several people in the security community have questioned Moss's stance, given he's served on the US government's Homeland Security Advisory Council since 2009 and is chief security officer for internet overlord ICANN. Others dismiss the G-men exclusion request as showboating.

"Of course I think the whole ban the Feds at Defcon thing is just controversy to get media attention and more mainstream exposure :-)," said convicted hacker turned security consultant Kevin Mitnick, in a Twitter update.

Federal agents have been welcomed at DEF CON from the genesis of the long-running conference, with the main conditions being that they be open about their status and willing to put up with a certain amount of mickey taking from other attendees. Some security researchers such as Robert Graham of Errata Security, reckon the stay-away request is a sensible move towards defusing potential antagonism at this year's show.

However other security researchers argue that dialogue between hackers, security and representatives of federal agencies has become even more important in the wake of PRISM-gate. Turning DEFCON into a closed shop that excludes federal agents, or at least forces them to operate in stealth mode, is counterproductive - according to Secure Ideas. The security consultancy was due to present research into attacking SharePoint at DEF CON but has cancelled its own plans to appear at the show in response to the exclusion-of-federales request, as a blog post by Secure Ideas explains.

We do not want to make this a "political" move, and we do not make this decision based on their motivations. The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend. We believe the exclusion of the "feds" this year does the exact opposite at a critical time.

Instead of unveiling its research at DEF CON Secure Idea will present an updated version of its SharePoint talk (and release tools) at another as-yet-unconfirmed conference. ®

Bootnote

DEF CON organisers have posted a clarification update to its original post saying they're not banning anyone from attending, criticising the press for suggesting otherwise. Federal agents can still come to DEF CON on condition that this is to satisfy their personal interest in computer security, the post states.

"There is a lot of tension in the community right now and he was asking politely for feds to consider not attending this year," the post explains.

"If you are on your own dime pursuing your own personal interests in hacking and not assigned to be there working your federal Intel job, then don't consider yourself a Fed! We want motivated people to attend!"

Beginner's guide to SSL certificates

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.