Thursday, July 11, 2013

Secure Ideas will not be presenting at DEF CON this year

James Jardine and I were accepted to present at DEF CON 21 in Las Vegas this year on attacking SharePoint.  For 21 years DEF CON has been a very respected organization and the opportunity to present is only given to a small number of people.  We were honored to be chosen to speak there again and hope to be able to in the future.

Just recently, it was posted on the DEF CON website (https://www.defcon.org/) that they are requesting that the "feds" do not attend this year's event.  Although there is no concrete indication as to the reason for this request, it has made us reconsider our opportunity to present at the event.

We do not want to make this a "political" move, and we do not make this decision based on their motivations. The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend.   We believe the exclusion of the "feds" this year does the exact opposite at a critical time.

James and I do not feel that this should be about anti/pro government, but rather a continuation of openness that this event has always encouraged. We both have much respect for DEF CON and the entire organization and security community.  It is with this respect that we are pulling our talk from the DEF CON 21 lineup.  We understand that this may cause unfortunate change of plans for some, but feel we have to support our beliefs of cooperative collaboration to improve the state of information security technology.

The SharePoint talk is already scheduled to be presented in an updated form later this year, so people will still be able to see it.  We will also still release the tools and guidelines we planned.

10 comments:

s0lanum said...

Good for you guys... DefCon takes itself too freakin seriously sometimes... You have just gained a permanent reader of your blog.

Nick said...

Correct me if I'm wrong, but by not attending you are taking the same stance that DEF CON has taken against the fed.

They are indirectly saying F*ck you to the fed and now you guys are saying the same thing to DEF CON.

Just because they decided to be childish doesn't mean you need to be too.

loneknife said...

I'd Love to see defcon as an open forum. Bring the feds. Talk with them. I'm sure most of them hate what is going on as much as we do. Many of these people joined Government work to make a difference and protect people. Segregation does not help us achieve our goals. Lets make allies instead of enemies. Snowden was a Fed contractor with a conscience after all. The real problem is from the top. Lets not exacerbate it. Let's find out how we can support each other and make the government hear the people.

Michael Haggerty said...

That's sad you will not be there, but, honestly, what kind of strange alternate future is it where the NSA shows up at hacker conferences? I used to get jacked up by the feds when I would show up for 2600 meetups, and I don't really see these guys as people I want to be around.

I started going to Defcon and Blackhat, in part, to get away from these people and find my own communities. You can say that they belong there all you want, but it denies a very rough and manipulative past that should also not be ignored.

Blake Webb said...

"We do not want to make this a "political" move, and we do not make this decision based on their motivations. The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend. We believe the exclusion of the "feds" this year does the exact opposite at a critical time.

James and I do not feel that this should be about anti/pro government, but rather a continuation of openness that this event has always encouraged. We both have much respect for DEF CON and the entire organization and security community."

The specific inclusion of the federal government was never the intent of DefCon. The intent was to provide a neutral ground for people working in the security industry or on the fringes of the industry to be able to come together and discuss ideas, problems, and solutions. The Feds began coming, not to participate in the DefCon community but hoping to catch hackers or to recruit them. Obviously there may be some federal employees who attend for the same reasons we do, but DefCon prizes anonymity and those who would legitimately be attending obviously could not and would not be excluded.

For your team to purposely pull your talk from DefCon because they have asked that the feds not attend this year is absolutely silly. If your purpose is openness and community, it seems rather fishy that the organizers simply asking that the 'Feds' don't attend (i.e. the guys trying to track hackers) would incite you to pull your talk. I think it is completely disingenuous to say that this is not a political move because the community will still be there - you just aren't targeting the community anymore with your talks and your target audience may not be present...at least that's the way you make it seem.

Kerry Coleman said...

Ill leave this here from a Slashdot user:

"""Saying that Defcon fosters an open community where there are no sides is a little misleading. The government has it's own reasons for showing up and they are not all related to sharing ideas, learning and having a good time. It's just the other people who really lack an agenda.

I know people who are not going to Blackhat because the NSA is giving the keynote. What kind of strange alternate future is it we live in where this even happens?"""

Alex McQuown said...

So, in other words, you're going to be cowards and side with privacy-invading constitution-breaking Feds instead of following the proper hacker ethos.

DEF CON was NEVER a neutral ground. Our game of 'Spot the Fed' should've been a dead giveaway of that, you ignorant scumbag.

PzTw said...

You say the reason for this move is because excluding federal agents from attending somehow damages the culture of openness at DEFCON... yet you don't explain what you actually mean by that at all, or how you think it will damage the conference... nor do you even consider the possibility that it harms the culture of openness for the feds to be included.

I think it is far more likely you've just realized that a large portion of the customers you thought were going to be at DEFCON are no longer invited, and you decided that you would rather make your presentation at a later time and date when those customers can actually attend. Would obviously look bad to pull out because your prime customers have been excluded from the conference, so you chalk it up to "Openness" and use it to try and make yourselves look good.

Businesses are not this altruistic, guys... and this would be a ridiculous reason to take a stand on something unless it is actually going to effect the business in a material way.

Your credibility has been seriously damaged, and hope DEFCON doesn't invite back people who drop out at the last moment under the guise of "openness."

John Allison said...

I applaud your decision. You can't have a conference for anonymous open sharing of ideas and exclude certain groups at the same time. I have to wonder how many people who support excluding feds would be outraged if next year they announced they would prefer it if blackhats stayed away.

DrJim said...

Something we should all bear in mind here is that the Feds (probably several agencies) have files and keep track of everyone who has ever showed up at BH/DefCon. These folks have their own agendas and their own view of the world. Look at the war on whistleblowers that his going on right now. They are working overtime to figure out which of us might be the next Snowdon/Manning. They started coming back when because of terrorists. Now they are coming to see which of us is the "spy" who might tell the truth to the world. It is a shame really. But they (the Feds) chose this course, not us.