virtsec

Day 1 of Black Hat 2008 is in the books. It's great to see a lot of old friends, and it seems this year (more than the last two) many of the folks I'm talking to are more focused on the networking than on the session. Not me. I'm still fired up about seeing really smart guys discuss what they are up to and give me a lot of food for thought about how we need to continue protecting ourselves.

I ended up hitting almost all the sessions I wanted to, so let me go through some quick observations.

•  Keynote: Ian Angell, Professor London School of Economics - Professor Angell is a pretty engaging character and I enjoy his systematic skewering of the common knowledge about risk and what we can really control. Which is basically nothing.
• Bad Sushi: Nitesh Dhanjani and Billy Rios - As mentioned on Tuesday, I was looking forward to this session and it was a lot of fun. Especially when they pulled the RickRolling prank on the phishers and to see how many of them fell for it was great. Sometimes it's nice to strike back, although it doesn't have much of an impact on how we do things.
• Kaminsky's DNS talk: It was packed. I mean PACKED. And Dan delivered the goods. The thing that resonated the most is how dependent we are on DNS for pretty much everything, and if DNS is not trustworthy, we've got a real problem. Lots of innovative ways to comprise stuff assuming the bad guys own DNS and plenty of other goodies. I have some larger thoughts about the DNS topic, which I'll write up for Monday, but the only conclusion you can really draw is that we're screwed. But isn't that what Black Hat is all about? Giving security folks that uneasy feeling of not being able to keep up with all the attacks?
• Hoff's Four Horseman: The Hoff delivered the goods as well. First of all, the slides were very pretty. You should check them out. But aside from the aesthetic beauty of the content, Chris really put into question a lot of the assumptions many folks are making about securing the virtualization layer. Rich did a good write-up of Hoff's pitch and other Black Hat topics.
• Network Monitoring, Bruce Potter: I hadn't seen Bruce speak before and it was very entertaining. But most interesting was the very compelling case he made for why you need to monitor your networks using something like Netflow. He also talked a bit about a new open source tool called Psyche that his team is releasing and it looks pretty cool. It's nice to see the idea of network monitoring being discussed on the big stage. Of course, there are folks like Bejtlich that have been beating that drum for years. But given all the other stuff we're seeing at the show this week (basically we're screwed), the idea of figuring out everything isn't going to happen. So we need to REACT FASTER and monitoring is the way to do that.

The Mogull and I recorded a quick podcast yesterday as well. We talk about Kaminsky and Hoff's pitches and come the conclusion that basically we're screwed. You can check it out at the Network Security Podcast site.

Before I head off to Day 2, I have to relay my latest Vegas star sighting. To wrap up the night Shimmy, Mitchell, Adrian Lane and I are catching a little late night breakfast at Caesars. Sitting right next to us is Jeff Dye, one of the finalists on this season's Last Comic Standing. You all know what big fans of comedy the Boss and I are, so it was great to see him in person. He's a very nice guy and he really is that pretty. They are announcing the winner of the show tonight, so I told Jeff we'd be pulling for him.

Only in Vegas...

...must come down. You know that old saying. I think it was a dude named Newton that first came up with that gravity thing, right? Well it seems that while I was blissfully away at the beach, the virtualization market came back to reality a bit.

Between Diane Greene being thrown out of the VMware car at a high rate of speed and their acknowledgement that VMware revenues will be a bit lighter than expectations over the rest of the year, you get the feeling that a bit of the helium in the virtualization balloon is escaping into the atmosphere.

By the way, that doesn't mean that I don't believe that virtualization is a critical technology and that it's going to be growing quickly for a long time to come. I do. With legitimate competition from Microsoft and Citrix, VMware now has a fight on its hands. Which is great for customers, as pricing will come down and innovation go up. That's they way competitive markets work.

Since I do focus on security, this is just more ammo for me relative to my positions that virtsec is largely a hype market for the next few years. I don't need to rehash that again.

So why bring back up the topic of virtualization? I just like to poke fun at all of the folks that believe the world changes overnight. Yeah, mostly vendors, but the media (and a lot of analysts by the way) are also willing accessories to the crime. Disruption does not happen in the blink of an eye. I believe that old adage that we overestimate change over a two year period, but underestimate change over a decade. I've seen it and lived it, and it will happen again.

In 2018 (as if I could predict further out than breakfast tomorrow), the fundamental computing infrastructure will be radically different. You could guess that a lot of processing will happen in the cloud and that we'll have open (maybe even secure) APIs to weave together our interfaces, logic, and data. Yet things in 2010 will look largely the same as they do today.

Maybe. Who the hell knows? If there is any rationalization I'm coming to grips with is that I'm pretty crappy at predicting.

In fact, we all are. This is going to be a major research focus of mine in the second half of the year. How do we make decisions when we are crappy at predicting the future? Stay tuned for that.

Photo credit: "img_0906" by mbeldyk