42 comments

[ 2.9 ms ] story [ 93.9 ms ] thread
Someone TLDR this I am not subscribing.
is there a non-paywall version? Outline wont read it either.
We're sorry, but this URL is not supported by Outline
I’d really love it if HN allowed me to save in my profile a simple “hide from me” list of domains, so I could say just don’t show me wsj.com, nytimes.com etc.
That would be a good feature request. At the same time, I have found WSJ to be a really valuable source of lightweight tech news as well as a few in-depth tech articles, and they regularly run promos where you get three months for a couple dollars.
Works fine with me with the "Bypass Paywalls" extension, available for Firefox or Chrome.

https://github.com/iamadamdev/bypass-paywalls-firefox

https://github.com/iamadamdev/bypass-paywalls-chrome

That extension didn't work for me on Chrome, but "Anti-Paywall" did https://github.com/nextgens/anti-paywall
Same for me on Firefox, anti-paywall worked the other one not.

If you've never been to such a conference I guess this can tell you a few things about it. Otherwise, there's nothing of value in the article anyway.

Even this:

> Over the course of the conference, there were 84,875 “network events,” or activities suspicious enough to make the team want to take a look.

If you know about IDS and SIEM then you know that such a number is meaningless. Because if its badly configured, you are going to get a plethora of false positives. Its just meant to impress the clueless reader.

An event like this can be a goldmine for blue teaming though. The pressure, the sheer amount of data, fine-tuning your rulesets, etc. But that part the article doesn't explain. Cause it doesn't sound as sexy as some high number.

TL;DR if you haven't read the article, you're not missing out. Move along, move along.

Not paying for this
After much digging, a Chrome extension that overcame the paywall: https://github.com/nextgens/anti-paywall

For this extension, I selected for it to only load on-demand (Setting: "This can read and change site data", Option: "When you click the extension"). Enjoy :)

Thank you, it did work for me on firefox too
Is it me or have they removed the add-ons from Chrome's/Firefox's market?
It appears so for both the addons shared. 'Tis partly why I mentioned restricting the addon to only access on click vs. all sites.
Ok - haven't read the article, paywall, etc - but from what I've heard elsewhere, the tagline should be "...are the Feds"

Maybe that's more a joke than anything - but it wouldn't surprise me to find out that the Fed to Blackhat ratio wasn't something huge, and those actual BH attendees were either other researchers who go to "be cool" (or legitimately present research), or were major "n00bs" who don't understand what they are trying to get into, and will likely end up in the Feds hands in short order.

Or maybe all of them are faking it?

It just seems like - if you were a real BH worth your salt - a conference of any sort where you effectively are advertising your creds would be avoided. If you went at all, you'd want to do it under the radar. At which point you might as well go to DefCon, Hope or something.

Its an interesting scene nonetheless - which maybe is why there are any attendees at all; maybe the whole thing is just one giant form of cosplay LARP - and the people who participate are really BH's and LEO's? Like some kind of weird meta-thing going on...?

Lots of infosec and cybersecurity professionals go. I assume they make up the largest group of attendees.
Did you watch any of the BlackHat talks? We're very much talking about cybersecurity professionals - there's no faking that level of expertise. And just like any cybersecurity conference, there are people from all sides coming - likely both on the offensive and defensive sides. And yeah, of course the feds are there: cybersecurity is also part of their job.
The only people that call the field "cybersecurity" are the feds, and people trying to make money from the feds.
I wish that were (still) the case, because listening to someone talking about "cyber"-anything makes me feel like a 5-year-old.

Sadly the term has stuck, and making fun of it these days has reduced to just maturity/age-signalling.

Who are you to say? What would be the "correct" term, my gatekeeper? Information Security? Anti-Cracking? Black Hate Defense?
Blackhat is mega expensive, the only people that can afford to attend are those employed by large corporations or government entities.
Perhaps you can argue with examples or statistical analysis why a conference like BlackHat has a lower quality of attendance than CCC/DC/Hope. Without that, it seems like some kind of wild theory with no merit. Or: "what's in a name?"
Here you go guys, no extensions needed: https://pastebin.com/kV7hRm53
Thank you. You should consider automating this, it would be a great service to the community
Or pay for journalism you'd like to read? It's one of the things that makes sense to pay for.
The real problem is that HN doesn't annotate paywalled sites. 1/3 of the links I click I can't access. If I could filter by non-paywalled links I would agree with you
On some websites I can access the content with “reader view”. Didn’t work for this site though
I think temporarily disabling JavaScript works in more cases.
If the article had more journalism and less interview-bites from conference workers and maybe more then a generic overview, I'd agree with you.

As it is, IMO this article seems like more filler, than anything else.

The rules of the forum you're reading this on literally say that workarounds are fine for paid content.
Isn't copying a page and making it available to others copyright infringement unless given permission by the copyright holders?

Where in the guidelines is that ok?

Out of curiosity, does anyone know the statute of limitations on "computer hacking" crimes? When can people start telling their fun BlackHat/DefCon stories?
The short answer: It depends. But it's usually five years. The DOJ manual on prosecuting computer crimes[1] is in an interesting document to browse.

The long answer: It depends on the crime & sometimes the victim. There's a pretty good summary of all Federal Crimes (including many that can't be committed with a computer, at least not yet) starting on page 20 of this report.[2] Sometimes the statute of limitations doesn't begin to countdown until the crime is discovered or until the victim turns 18. Serious crimes, like espionage or terrorism, don't typically have any statute of limitations.

[1] [PDF] https://www.justice.gov/sites/default/files/criminal-ccips/l...

[2] [PDF] https://fas.org/sgp/crs/misc/RL31253.pdf

Someone should go in with fresh install of 2009 Windows 7 and see how long it lasts.
I want to see a full on security by obscurity run. Get something just new enough to be able to talk to public Wi-Fi, but alien enough to not be Windows or Unix of any kind.
I believe the threat are vulnerable systems. Black Hats/penetration testers/white hats/etc. find the problems. Developers/admins/ are the cure.

sickness, T-cell, white blood cell analogy

(comment deleted)
The attendees are the cure. Vulnerabilities are the threat.
(comment deleted)