Posted on

ISC West 2017

Las Vegas. Decent show for me (in a wonky standards geek/compliance-cyber disruptive kind of way.) I seemed to see some amount of possibly-with-clue analytics solutions out of the corner of my eye but I didn’t stand still for any of the pitches. I respectfully assert that if they passed the “that booth actually looks like it’s trying to sell me something useful” first-10-seconds reaction that counts as good.

Do read the IPVM report. I think it’s accurate, in it’s gumshoe-snarky-investigative way.

Posted on

RSA 2017 San Francisco – another show bites the dust.

Another year, another security show. More suits on the show floor (hopefully good, hopefully IT management.) Lots of stuff claiming to provide event correlation. If even a handful of this year’s hopefuls can show up and deliver that’d be nice. AI, Hadoop, IoT sensors, clouds with unlimited vm capacity – you’d think someone would get correlation working at some point here. Bits and pieces of interesting kit.

Posted on

RSA 2017 San Francisco

It’s RSA conference time.  In the 21st century this is yet another fairly large fairly loud security trade show.  It is — psst don’t tell anyone — also a crypto conference.  However, here in the 21st century, we apparently have to not only wonder about the next big crypto thing, we have to worry about bad crypto out there in the wild.  40 bit Crypto-1 keys in Mifare cards.  AES in CBC mode in cases that definitely should be using GCM.  Vendors shouting “we use AES!” – for their homebrew IoT protocol they think nobody’s going to attack.  RSA keys used in the most amazing variety of malformed, ill-concieved, and poorly deployed TLS certificates.

Yeah, I’m headed to the show floor.   Even though I’m often dealing with pre-quantum cryptography and not this weeks’ swoopy-cool mathematics.  After all, the show floor will be full of vendors claiming to deliver brighter white packets from bigger blacker boxes.  Only a few of them actually do crypto.