Black Hat - Day 2 - Class

The class I have chosen to attend at Black Hat is called "Designing Secure Web Applications Through Enlightenment and Understanding". Why not let hackers tell me what it is about web apps they find easy to hack!

When I walked into the room, I was immediately amused. A bunch of introverted geeks had (probably subconsciously) arranged themselves in the most efficient way to ensure that no one sits next to them until absolutely necessary. One person per row, scattered about so that no one was even sitting directly behind another person. Very odd.

Now the surprising part ... everyone, with the exception of the guy that ultimately sat down next to me, was running Windows. I expected Linux everywhere. (Yes, Paco, I'm writing this under Linux.) Of course, it's not hackers in the class, it's corporate developers (including 3 from Microsoft), so I guess I shouldn't have been surprised. The Microsoft guys, by the way, look like they knew they were headed into hostile territory. Their machines looked like they were clean installs, probably given to them just for this conference.

Some interesting people in my class: The Director of Security for TiVo, and a security analyst for a bank in Singapore. One of the Microsoft guys - self-reported "new guy" to the Passport team - talks a hell of a lot. He's getting his money's worth by making the instructor teach him directly. And, there's 4 women in here (total size of class = 15), but only one is remotely attractive (a Texan!) and she's getting a lot of attention. Gotta love geeks.

Speaking of which, I had to participate in a fairly rough conference call in the middle of the day, and did it from the window in the hallway. This window happens to overlook the only topless-bathing-allowed pool at Caesar's. That made the call easier to take, but CURSE YOU VEGAS! Stop giving me good luck with t-shirts and nudity, and give me bags of cash!