BH10: Unexpected losers, noteworthy winners

So, if you were following our Twitter feed yesterday, you probably noticed we were all fired up about the Robin Sage discussion. After all, everybody says that social networking is the next big thing, and this talk (we thought) would expose threats in that medium: laying out how a social engineer can leverage the social network as a launch pad to get to bigger and better goods.

To say we were disappointed would be an understatement.

It’s not that the discussion didn’t lay out how Tom Ryan did what he did – oh sure, there was plenty of that.  He even had the woman whose picture he pilfered in attendance.  But at the end of the day, the discussion was very heavy on the titillation factor: from the girl he exploited to the practitioner he embarrassed via their connection to a wife swapping site. But why do we care? So he tricked some people into friending him…  And (surprise, surprise) Facebook and Twitter make it easy to link together various information about someone – that’s the point.  So if you went into that talk wondering why you should care, you came out of it the same way.

Anyway, we thought the discussion was light on everything we went to go see it for: ramifications of the experiment, lessons learned, conclusions, and… well, value to the community.  So bummer for us.

On the other hand, the discussion from RedTiger about SCADA was hands-down awesome.  He was able to distill down the issues to give enough detail to keep it interesting but sped it along enough that it was fast-paced.  This was a huge win.  Unfortunately, the other SCADA discussion we attended wasn’t as useful. But you can’t win them all…