I’d really love it if HN allowed me to save in my profile a simple “hide from me” list of domains, so I could say just don’t show me wsj.com, nytimes.com etc.
That would be a good feature request. At the same time, I have found WSJ to be a really valuable source of lightweight tech news as well as a few in-depth tech articles, and they regularly run promos where you get three months for a couple dollars.
Same for me on Firefox, anti-paywall worked the other one not.
If you've never been to such a conference I guess this can tell you a few things about it. Otherwise, there's nothing of value in the article anyway.
Even this:
> Over the course of the conference, there were 84,875 “network events,” or activities suspicious enough to make the team want to take a look.
If you know about IDS and SIEM then you know that such a number is meaningless. Because if its badly configured, you are going to get a plethora of false positives. Its just meant to impress the clueless reader.
An event like this can be a goldmine for blue teaming though. The pressure, the sheer amount of data, fine-tuning your rulesets, etc. But that part the article doesn't explain. Cause it doesn't sound as sexy as some high number.
TL;DR if you haven't read the article, you're not missing out. Move along, move along.
For this extension, I selected for it to only load on-demand (Setting: "This can read and change site data", Option: "When you click the extension"). Enjoy :)
Ok - haven't read the article, paywall, etc - but from what I've heard elsewhere, the tagline should be "...are the Feds"
Maybe that's more a joke than anything - but it wouldn't surprise me to find out that the Fed to Blackhat ratio wasn't something huge, and those actual BH attendees were either other researchers who go to "be cool" (or legitimately present research), or were major "n00bs" who don't understand what they are trying to get into, and will likely end up in the Feds hands in short order.
Or maybe all of them are faking it?
It just seems like - if you were a real BH worth your salt - a conference of any sort where you effectively are advertising your creds would be avoided. If you went at all, you'd want to do it under the radar. At which point you might as well go to DefCon, Hope or something.
Its an interesting scene nonetheless - which maybe is why there are any attendees at all; maybe the whole thing is just one giant form of cosplay LARP - and the people who participate are really BH's and LEO's? Like some kind of weird meta-thing going on...?
Did you watch any of the BlackHat talks? We're very much talking about cybersecurity professionals - there's no faking that level of expertise. And just like any cybersecurity conference, there are people from all sides coming - likely both on the offensive and defensive sides. And yeah, of course the feds are there: cybersecurity is also part of their job.
Perhaps you can argue with examples or statistical analysis why a conference like BlackHat has a lower quality of attendance than CCC/DC/Hope. Without that, it seems like some kind of wild theory with no merit. Or: "what's in a name?"
The real problem is that HN doesn't annotate paywalled sites. 1/3 of the links I click I can't access. If I could filter by non-paywalled links I would agree with you
Out of curiosity, does anyone know the statute of limitations on "computer hacking" crimes? When can people start telling their fun BlackHat/DefCon stories?
The short answer: It depends. But it's usually five years. The DOJ manual on prosecuting computer crimes[1] is in an interesting document to browse.
The long answer: It depends on the crime & sometimes the victim. There's a pretty good summary of all Federal Crimes (including many that can't be committed with a computer, at least not yet) starting on page 20 of this report.[2] Sometimes the statute of limitations doesn't begin to countdown until the crime is discovered or until the victim turns 18. Serious crimes, like espionage or terrorism, don't typically have any statute of limitations.
I want to see a full on security by obscurity run. Get something just new enough to be able to talk to public Wi-Fi, but alien enough to not be Windows or Unix of any kind.
42 comments
[ 2.9 ms ] story [ 93.9 ms ] threadMods, please update original.
https://github.com/iamadamdev/bypass-paywalls-firefox
https://github.com/iamadamdev/bypass-paywalls-chrome
If you've never been to such a conference I guess this can tell you a few things about it. Otherwise, there's nothing of value in the article anyway.
Even this:
> Over the course of the conference, there were 84,875 “network events,” or activities suspicious enough to make the team want to take a look.
If you know about IDS and SIEM then you know that such a number is meaningless. Because if its badly configured, you are going to get a plethora of false positives. Its just meant to impress the clueless reader.
An event like this can be a goldmine for blue teaming though. The pressure, the sheer amount of data, fine-tuning your rulesets, etc. But that part the article doesn't explain. Cause it doesn't sound as sexy as some high number.
TL;DR if you haven't read the article, you're not missing out. Move along, move along.
For this extension, I selected for it to only load on-demand (Setting: "This can read and change site data", Option: "When you click the extension"). Enjoy :)
Maybe that's more a joke than anything - but it wouldn't surprise me to find out that the Fed to Blackhat ratio wasn't something huge, and those actual BH attendees were either other researchers who go to "be cool" (or legitimately present research), or were major "n00bs" who don't understand what they are trying to get into, and will likely end up in the Feds hands in short order.
Or maybe all of them are faking it?
It just seems like - if you were a real BH worth your salt - a conference of any sort where you effectively are advertising your creds would be avoided. If you went at all, you'd want to do it under the radar. At which point you might as well go to DefCon, Hope or something.
Its an interesting scene nonetheless - which maybe is why there are any attendees at all; maybe the whole thing is just one giant form of cosplay LARP - and the people who participate are really BH's and LEO's? Like some kind of weird meta-thing going on...?
Sadly the term has stuck, and making fun of it these days has reduced to just maturity/age-signalling.
As it is, IMO this article seems like more filler, than anything else.
Where in the guidelines is that ok?
The long answer: It depends on the crime & sometimes the victim. There's a pretty good summary of all Federal Crimes (including many that can't be committed with a computer, at least not yet) starting on page 20 of this report.[2] Sometimes the statute of limitations doesn't begin to countdown until the crime is discovered or until the victim turns 18. Serious crimes, like espionage or terrorism, don't typically have any statute of limitations.
[1] [PDF] https://www.justice.gov/sites/default/files/criminal-ccips/l...
[2] [PDF] https://fas.org/sgp/crs/misc/RL31253.pdf
sickness, T-cell, white blood cell analogy