That would allow an attacker enough control, from as far as a half-mile away, to change settings that could be lethal. Radcliffe said the device had no way to notify the user that it had been modified. He told AP that he found the technology “really cool,” but he also confessed to, “sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive."
“Black Ops 2008 – It’s the End of the Cache as We Know It” – Dan Kaminsky, 2008
It was hard to imagine better advance publicity. Kaminsky’s presentation, on a Domain Name System (DNS) flaw he discovered, had prompted an emergency summit months earlier with DNS vendor representatives, hosted by Microsoft, to create a fix. He disclosed it publicly early in July – about a month before the conference – with vendors simultaneously releasing patches on the same day in what Black Hat termed, “a combined effort of historic proportions.”
It made “cache poisoning” and “DNS flaw” into IT buzz phrases. All deserved, since the “gaping hole” he discovered would allow attackers to redirect users of nearly every DNS server in the world to malicious sites, hijack their email, steal their passwords, subvert legitimate updates, target FTP and SSL and more.
So, by the time Kaminsky took the stage it was standing room only. After hearing him say things were even worse than he had initially thought – that, “there are a ton of paths that lead to doom” – they gave him a standing ovation. To this day, his discovery is known as Kaminsky’s Flaw.
“Keynote” – General Keith Alexander, 2013
The fact that security guards confiscated eggs from some of those heading into the auditorium was one hint that Alexander’s appearance was controversial. The then-NSA director’s speech came less than three months after former NSA contractor Edward Snowden leaked thousands of documents showing that the agency was conducting mass surveillance on US citizens, with the cooperation of telecoms.
Alexander was able to defuse at least some of the hostility. He insisted that NSA surveillance was not nearly as broad as reported. He said, “Not all the facts are on the table.” He said surveillance was necessary, and that much of it had to be classified because, “Terrorists use our communications.” He said surveillance had disrupted or prevented dozens of terrorist attacks, and that there were technical and policy restrictions in place that protected Americans’ privacy – he said he was unable to intercept his daughters’ emails – and that included “100 percent auditability.”
He did not address Snowden’s revelation of XKeyscore, a program that reportedly allowed analysts, without authorization, to use databases to monitor emails, other communications and the browsing history of anyone in the world. He called the damage from the Snowden revelations, “significant and irreversible.”
Sign up for CIO Asia eNewsletters.