There are two big, annual tech conventions that demonstrate a major split among technology professionals who go to Las Vegas specifically for tech conferences, not the things everyone else goes to Las Vegas for (really big swimming pools and tacky architecture).
The first is the Consumer Electronics Show – a toyfest jam-packed with flashing lights, loud colors and the conscious pursuit of kitschy idiocy. It demands that you jump in and play – touching everything, talking to everyone, trying everything. Video racing, indoor skydiving, phones smarter than your laptop, laptops lighter than your phone, networking gear that creates network pipes so huge the demo requires that you get in and personally crawl at light speed to a router on the opposite side of the Las Vegas Convention Center (Which takes about five minutes 'less than half the time it takes the sun's energy to reach the Earth!")
At night is more of the same, but the unavoidable forced-fun participation starts out in rock bars, bit, tacky shows and open-decked sky-scraping cocktail lounges that is just the start of the kind of bacchanalia that re-fills the supply of morning-after stories you wore out after college and prompt a lot of unscheduled "check-ups" at the family doctor when you get home.
Black Hat, the annual hacker's convention whose attendees are split about evenly among real or wannabe hackers, security professionals from major corporations, and various depths of undercover federal agents either hoping to arrest the first group or recruit and hire the second.
Black Hat is the quintessential look-but-don't touch conference.
Everything is fascinating, most of it is frightening and everyone is trying with varying levels of subtlety that they're more leet than you and you really don't belong there because your skillz aren't mad enough to hang with this crew. (Most of "this crew" doesn't belong to a crew; they just want you to think they do so they can have someone to bully for the weekend before having to go back to their basements and be bullied on the way to the convenience store for Monsters and Cheetos.
If you're just there to learn or observe, you hang around the back of the conference halls, wonder why the all-black clothes you're wearing still don't seem black enough, never take your laptop out of your suitcase or turn on the WiFi to keep pimply punks from moving into it to run up their Hack-your-Neighbor scores.
If you listen to enough of the presentations, when you go home you drill holes in your hard drive, recycle the rest of the laptop and burn all your clothes before entering the house just so you can be sure only to have brought back bedbugs and scorpions, not the identity-thieving kind of bug you spent a week ducking.
At CES, which takes place in January, you'll learn that your phone, your computers and your whole approach to technology are hopelessly obsolete and you're going to have to spend every dollar you'll ever make keeping updating all your silicon.
At Black Hat, which happened last week, you learn there's no point in buying new tech because the punks who were too busy at the conference to try to make you feel inadequate have already hacked every gadget you plan to buy, most of them before they even left the factory, and are just waiting for you to type the first character so they can extract your Social Security Number, ATM password and a DNA sample through your fingernails and a little-known data leak in the cerebellum accessible through a tiny access port to which they can link by having the laptop whose loyalty they've usurped jam a tiny metal probe up your nose and into your brain.
Other than the potential for automated, extralegal, unexpected metal probes to suck passwords wetly out your nose directly from your brain with little notice, what did we learn at this year's Black Hat?
At Black Hat this year we learned:
- That it's possible to kill someone remotely by hacking into the computerized insulin pumps keeping them alive. (Which sounds more like a plot on House, MD than one among atual hackers.
- If you build a remote-control plane that picks up WiFi and cell-phone signals, you'll get as much attention as you can handle in at least two Black Hats in a row. Because planes are cooler than other geeks.
- That hacking is incredibly complex and difficult enough to have to be described by ascetic gurus who make the pilgrimage to Black Hat specifically for that purpose. And that there are a bunch of free and almost-free tools that will do the same thing without your having to learn much of anything.
- That if you have one of those transponder keys for your car, someone else can break into it by sending it a text message. Which is good because you can't get into it yourself since the battery in the transponder died while your keys were locked inside.
- That companies like IBM will bring their newest commercial security products to a hacker convention to get a head start on having them cracked, broken and useless as their designers break down into bitter tears.
- That Macs have finally crossed that difficult hurdle between being barely hackable and being completely worthless to anyone looking for secure but friendly computing in a business environment. (Also, that Macs are more secure than they used to be and are making great progress on security, though the speaker saying that had to stop rubbing his hands together with anticipation several times to wipe drool from the corner of his mouth and laugh evilly.)
- That, despite the obvious advantages and very-reliable-we're-sure privacy protection and security, Facebook's facial-recognition capability may make it possible for anyone who can find a picture of you online to trace you back far enough to steal your financial information, medical records and that nasty note your third-grade teacher warned would become part of your permanent record.
- That it's possible to just go along, minding your own business and, without really meaning to or even paying much attention, become a global laughingstock and lose all your technical credibility because someone hacked one of your networks, then everyone hacked the rest of them, then they gave you a prize for paying so little attention that you made life far more entertaining for hackers ten you probably wanted to. Luckily the pre-conference motion to change the name of Black Hat toThank you, Sony, was voted down.
- That if you really want to hack at the highest level, crack the hardest systems, decrypt the most tangled communications, baggy pants and black girlfriend jeans aren't going to cut it. The NSA is hiring, and they want the best of the best of the best, if they're smart enough to pull that squeally table over to make it easier to take the test.
- The NSA doesn't have the FBI's dress code (or its tendency to arrest people who either go to Black Hat or certainly would if the FBI wasn't going to be there) but it doesn't go for the all-day-in-jammies look that's popular in your mom's basement, either.
- We also learned that a lot of hacking goes on outside the boundaries of the Black Hat community, but without all the extras that make hacking-for-politics so much fun. More like hacking-for-not-being-executed. The hacking world is getting very real-politikal and Cold-Warrish, so we have to relish the fun stuff as long as we can.
- That there is a ton of good information on budding security issues, lots of training and networking for people looking for either jobs or employees, and even the opportunity to wear something other than black. But for those who aren't actually at the conference, the only thing that matters is the list of outrageous stunts, claims and flashy hacks – exactly the kind of showmanship that makes it clear that's why Black Hat keeps going back to Sin City. I'm sure it's not the increasing pressure on hackers from cybercrime units and harsher prosecutions, nor is it Nevada's relatively lax rules on extradition of non-persons to jurisdictions where they are not only persons, but persons Known to Police.
Next year it might go on an extra week or ten.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.