Weekly output: security attitudes at Black Hat, American Airlines bullish on Boom, Visible changes plans, business cybersecurity worries, Mark Vena podcast

With our kid going back to school a week from Monday, this is my last week of day-camp-commute driving for the year.

Screenshot of column as seen in Firefox for macOS8/16/2022: As Black Hat security conference turns 25, a lesson: security doesn’t have an end point, USA Today

I didn’t finish writing this recap until leaving Vegas and using that conference’s video-on-demand option to watch the panel I’d most regretted missing.

8/16/2022: American Airlines Puts Down Deposit on 20 Boom Supersonic Overture Jets, PCMag

Once again, Boom Supersonic had news of an airline order for its Overture jet land unaccompanied by news of an engine design, so this time I reminded readers of how long two recent jet engines took to enter revenue service.

8/17/2022: Visible Reshuffles Plans: No More Party Pay, But Solo Service Is Now $10 Cheaper, PCMag

Visible is taking a page out of its parent firm Verizon’s book by having more than one plan with “unlimited” data.

8/18/2022: What Do Business Execs Worry About Most? Getting Hacked, PCMag

A PricewaterhouseCoopers survey finding that business executives worry most about information security shouldn’t be news… except that none of PwC’s previous surveys of suits had found infosec to be their top anxiety.

8/19/2022: S02 E34 – SmartTechCheck Podcast, Mark Vena

Recording this week’s episode of the podcast hit a few technical glitches, and for once they weren’t on my end.

Weekly output: LinkNYC, Google renews RCS plea, Chris Krebs at Black Hat, 5G explainer, Cyber Safety Review Board, Web3 security

After a week on the West Coast, including four days in Las Vegas for the Black Hat security conference, I now have two weeks of not going anywhere. Which is good!

8/8/2022: LinkNYC begins deploying 5G kiosks – but not yet with 5G inside, Light Reading

After too many months of not writing for this telecom trade-pub client, I filed this update on New York rebooting its LinkNYC effort to bring free WiFi and digital city services to individual blocks.

8/9/2022: Google Posts Yet Another Plea for Apple to Support RCS Messaging in iMessage, PCMag

Google makes fair points when it calls out Apple for hindering the quality and privacy of cross-platform text messaging by not supporting the RCS messaging standard in iMessage. But Google hurts its cause by not supporting RCS in Google Voice–or even explaining that hangup. Also unhelpful: Google has yet to ship an API that would let the developers of Signal and other third-party messaging apps support RCS.

Screenshot of PCMag post as seen in Chrome on a Pixel 5a, with a VPN service active.8/10/2022: Ex-CISA Chief’s Advice at Black Hat: Make Security Valuable and Attacks Costly, PCMag

I covered the keynote by former Cybersecurity and Infrastructure Security Agency head Chris Krebs that opened Black Hat. His talk ended on a self-help note, as he advised his audience: “Life’s too short to work for assholes. So don’t.” And yet Krebs worked for President Trump from 2018 through 2020, when Trump fired him for correctly confirming that the 2020 election was run fairly and securely; that could not have been easy for him.

8/11/2022: What Is 5G, and Does It Actually Make a Difference?, Wirecutter

I wrote yet another 5G explainer, this time for the New York Times’ Wirecutter site.

8/11/2022: How a US Govt Board Helped the Open-Source Community Leap to Patch Log4j, PCMag

As the token Washingtonian among PCMag’s crew of writers, I had to write up this very Washington panel about the first test of the Cyber Safety Review Board–an organization set up as an infosec version of the National Transportation Safety Board.

8/12/2022: Why Is Web3 Security Such a Garbage Fire? Let Us Count the Ways, PCMag

This talk about a series of security meltdowns at blockchain-based sites and services had more than a few unintentional-comedy moments.

8/12/2022: The 14 Scariest Things We Saw at Black Hat 2022, PCMag

My contribution to this recap was the “Startups Shirk Security” section.

Updated 8/21/2022 to add the PCMag Black Hat recap.

Conference VOD: one half-decent thing we’ve gotten out of the pandemic

LAS VEGAS

The Black Hat security conference that wrapped up here once again left me wishing I could clone myself for a few days. Its info-dense schedule put as many as nine briefings in the same timeslot, requiring me to make some tough choices and hope that I’d picked a presentation that would yield enough news and insights to turn into an article.

(Spoiler alert: I did not always choose wisely.)

In the Before Times, the panels that I had to skip would have been lost to me until the event organizers uploaded video of them to Black Hat’s YouTube channel, often months later. But this year’s conference, run like last year’s as a hybrid in-person/online event, came with both streaming access to panels as they happened and video-on-demand playback 48 hours later for attendees.

This conference, unlike too many I’ve attended, also continues to post the presentations of speakers, so attendees don’t need to take pictures of every statistic-filled slide for posterity.

So I can treat my conference FOMO and see what I missed much sooner than I could have before. That’s one small side benefit of conferences having to make themselves open to remote attendees, a welcome democratization of events that in a better world would have happened without the pressure of a worldwide pandemic. It’s also personally convenient today because I’m already getting asked on Twitter about Black Hat briefings that I did not get to.

I do, however, still need to remember to catch up on these briefings before the 30-day window to watch them expires–the mistake I made last summer, when I had a much less busy schedule.

8/14/2022: I updated this to add a compliment to the Black Hat organizers for posting speakers’ presenations.

Black Hat pitches increasingly resemble CES pitches

When I’m spending a sunny Saturday in front of my computer, the usual reason is that it’s beastly hot outside. But today I have an additional, also seasonally-specific reason: I’m overdue to look over and make some decisions about all of the Black Hat meeting requests that have been piling up in my inbox.

A view of the Las Vegas Strip from the Foundation Room atop the Mandalay Bay hotel--a common event venue for both CES and Black Hat receptions.

Unlike last summer, I actually am going to this information-security conference in Las Vegas. And many more infosec companies seem to have made the same decision, leading to a flood of e-mails from their publicists asking if I’d like to set up a meeting while I’m in Vegas. How many? Over the last month, I’ve received 134 messages mentioning Black Hat, a number that makes me think of the annual deluge of CES PR pitches.

(Sorry, the total is now 135.)

Just like at CES, accepting even half of these invitations would leave me almost no time to do anything else at the conference. But where at CES I need to save time to gawk at gadgets on and off the show floor–and to get from venue to venue at that sprawling event–at Black Hat I want to save time to watch this conference’s briefings.

In the two prior years I’ve gone to Black Hat, I’ve found that the talks there have an exceptionally high signal-to-noise ratio. And since a coherent and entertaining explanation of a vulnerability in a widely used app, service or device is something that’s relatively easy to sell as a story, I also have an economic incentive to hold off on taking any meeting requests until the organizers post the briefings schedule–which this year only happened barely two weeks ago.

In other words, now I’m out of excuses to deal with these pitches. Which I could have done this afternoon had I not waited until this afternoon to write this post…

8/24/2022: Fixed the typo in the headline that nobody seems to have noticed until my wife asked about it today.

My next in-person tech conference will have to wait a little longer

Next week was going to feature a conference badge and triple-digit temperatures, and now the only way I’ll get any of those things is if the forecast for D.C. turns out to be completely off.

Barely a month after I’d booked flights and a (refundable) hotel room for the Black Hat security conference, convinced that this security gathering in Las Vegas would represent my first in-person conference since February of 2020, I cancelled those bookings this week. Instead of flying to Nevada to take notes in the middle of a physical audience and then network in person at a series of receptions, I’ll follow the briefings online and then connect with nobody new as I have dinner at home.

It wasn’t any one thing about this conference happening in the middle of a not-yet-over pandemic that led me to bag this trip, even though I’ve been fully vaccinated since late May; it was all the things.

First, while I would expect most information-security professionals to evaluate their risks intelligently and therefore have gotten vaccinated long ago, there’s always going to be the exceptions.

Second, Black Hat is like everything else in Vegas in August in that it must exist in a series of air-conditioned bubbles. And while I wouldn’t have a problem wearing a mask while watching briefings, staying masked-up is a lot harder at a conference reception.

Third, Vegas has a giant tourist demographic that self-selects for poor risk management, raising the odds of me sharing an elevator or check-in line with some hard-partying idiot who has made pandemic denial part of his personal political brand.

Fourth, the city itself has a depressingly low vaccination rate, with only 41% of Clark County residents fully vaccinated. Seeing that many people spend that many months declining to use the best tool we have against the pandemic does not make me want to go to their city and spend my money.

The odds remain pretty low, as I understand them, that I would pick up the Delta variant of the novel coronavirus over those two days and change in Vegas. But when one of the people I’d see afterwards would be my not-yet-vaccine-eligible 11-year-old daughter, I can’t justify the risk posed by what strikes me as an especially bad scenario compared to any of the events I’m contemplating for later this year.

So even while I have resumed some business travel, it’s going to be a little while longer before I come home with a new conference badge to add to the collection that’s now been collecting dust for a year and a half.

Weekly output: Apple silicon, undermining Facebook’s business model (x2), remote teamwork, cybersecurity and privacy (x2), banning strong encryption, Google paying news sites, Washington Apple Pi

I only had a four-day work week, but Tuesday was no day off for me: I worked my second primary election in Arlington. Turnout was exponentially lower than what I saw in March, between this primary being limited to Republican candidates for Senate and the novel-coronavirus pandemic pushing people to vote by mail, but I still appreciated the work and appreciated the voters who showed up.

Patreon subscribers got an (overdue) post from me in which I recap recent reader reports of bad behavior from Comcast, Google, Spectrum and Sprint.

6/23/2020: No Intel inside? What Apple’s change will mean for your Mac, USA Today

I contributed to USAT’s coverage of Apple’s upcoming switch from Intel to ARM-based processors by quizzing a few Mac software developers about how they thought the transition would play out.

6/23/2020: Giving Facebook less data is a good idea. Even better: Just use it less, Fast Company

I filed this story a week or so earlier, but the delay allowed events to catch up to my topic of undermining Facebook’s business model, in the form of the first big-name advertisers saying they’d pull their ads off Facebook properties in July.

6/23/2020: Is it possible to unite a remote team?, Collision

My first panel at this conference that would have had me in Toronto this week before the pandemic forced its move to a virtual format focused, appropriately enough, on the challenges of remote teamwork. We–meaning myself, Aptum CEO Susan Bowen, Vidyard CEO Michael Litt, and Real Ventures managing partner Janet Bannister–recorded the discussion in advance, so my spending all of Tuesday working the election was not a problem.

6/24/2020: Building a paradigm of trust, Collision

My second pre-recorded Collision panel, this time about new challenges in cybersecurity, featured Akamai chief information officer Mani Sundaram, Sumo Logic chief security officer George Gerchow, and Honeywell chief digital technology officer Sheila Jordan.

6/24/2020: These Senators Want To Force Tech Firms To Give The Cops Keys To Our Encrypted Data, Forbes

I really thought a story about a bill that would ban end-to-end encryption across an enormous range of devices and apps–and that got introduced by its Republican sponsors just as Attorney General Bill Barr’s role as President Trump’s political commissar in the Justice Department became even more obvious–would get more readers. My venture into getting paid per click isn’t off to the best start.

6/25/2020: What is the role of the media in covering online security and privacy matters?, Collision

I hosted a roundtable discussion about press coverage of these issues that wound up not drawing many attendees, but I enjoyed the discussion anyway. Getting to talk about the issues you cover with knowledgeable people you hadn’t met before is one of the things I liked about going to conferences, and this part of Collision reminded me of that.

6/26/2020: Google Says It Will Pay News Sites For Their Work—But Not Yet Here, Forbes

My other post for Forbes this week covered a new initiative by Google to pay news publishers to reproduce their stories on some of its properties. I reported it out by checking in with the news types I’d quizzed for a feature last month about Google’s relationship with news publishers.

6/27/2020: Rob Pegoraro Zooms into the Pi, Washington Apple Pi

I talked to this Apple user group via Zoom instead of appearing in person as I did last June. That meant I couldn’t do my usual giveaway of trade-show swag, but not having to drive anywhere also meant I could mow the lawn before this virtual session.

6/27/2020: Advertisers boycotting Facebook, Al Jazeera

I talked about the growing number of advertisers choosing to pull their ads off of Facebook properties, in some cases off of social media entirely.

Weekly output: WiFi help, SpaceX and NASA, cybersecurity issues and the coronavirus (x2), Trump’s social-media executive order (x3)

This weekend has shown some of the ugliest sides of the United States, from systemic racism to abuse of police power to wanton destructiveness. It would have been even worse without Saturday’s reminder from SpaceX and NASA that we can also do great things together.

5/25/2020: Think you are ready for a new router? First, try these free home Wi-Fi fixes, USA Today

I borrowed the expertise of my friends Tom Bridge and Glenn Fleishman for this column about no-cost tweaks to a home network that may improve your experience.

5/27/2020: SpaceX’s Dragon launch ushers in a new era for Americans in space, Fast Company

I’d meant to write this story from the Kennedy Space Center’s press site. Instead, I wrote it from my desk at home–below a picture I took of the last shuttle launch that STS-135 commander Chris Ferguson signed for me at a later NASA Tweetup.

5/27/2020: The Thought Leadership Summit, Webit Virtual

This conference was once going to take place in Spain next month and have me moderate some panels. Webit’s had to go virtual like every other large event, so my first spot involved a panel on cybersecurity issues in the novel-coronavirus pandemic that featured Webit executive chairman Plamen Russev, Siemens chief cybersecurity officer Natalia Oropeza, Inrupt security-architecture chief Bruce Schneier, and VMWare security vice president Tom Corn.

5/27/2020: Trump vs. Twitter, Al Jazeera

The Arabic-language news network had me on to talk about President Trump’s temper tantrum of executive order that makes a lot of noise about Twitter’s alleged unfairness but contains almost nothing in the way of a legally-valid signal.

5/28/2020: The Leading Media Forum, Webit Virtual

My second appearance for Webit featured an extended discussion about media coverage of cybersecurity issues with Webit’s Russev, Wired Italia’s Luca Zorloni, Forbes’ Monica Melton, and Euronews’ Salim Essaid. The video on this should look much better than the earlier panel, because I realized that my laptop’s camera had the white balance so hideously bad that my navy-blue shirt looked purple. With only a couple of minutes to go before showtime, I grabbed my iPad, braced it between my laptop keyboard and screen, and used that instead.

5/28/2020: Trump’s social-media executive order, Al Araby

My second TV hit about the Trump executive order came right after he signed that document, which meant my interpreter on this Arabic-language network and I had to wait for him to stop talking.

5/29/2020: Trump’s Twitter Tantrum; Hong Kong Crackdown, Bipodisan

My first tweets about the Trump order caught the eye of my friend Robert Schlesinger, who then invited me to join him and his co-host Jean Card on this political podcast. We had much more fun than you might expect from a chat about Section 230 of the Communications Decency Act.

Weekly output: small telecom firms dropping pay TV, remote-working security, Facebook bias allegations

This week brought bad news on the client front: Glimmer, the tech-culture publication where I’ve enjoyed writing long features about such wonky topics as Google’s complex relationship with news publishers, did not survive a round of layoffs at its corporate parent Glitch. As crummy as this was for me, it was worse for my editor there who now finds herself unemployed.

5/18/2020: Small TV providers need to hold customers’ hands to exit TV, FierceVideo

This story took much longer to report than I expected, mainly because I had a hard time getting enough of the small number of tiny Internet providers to have dropped pay TV outright to return my calls or e-mails.

5/19/2020: Session 3 Security Panel, Futureproof IT

In my first virtual-conference panel, I talked about security issues with remote-work software (via Zoom, naturally) with Secureframe CEO Shrav Mehta, Splunk senior technology advocate Amélie Erin Koran, and freelance tech journalist Yael Grauer.

5/22/2020: Facebook bias allegations, Al Jazeera

The Arabic-language news network had me to discuss complaints that Facebook is blocking pro-Palestinian speech. That’s not an allegation I’ve seen confirmed independently–it’s not hard to find pages advocating for Palestine and against Israel’s occupation–but I spent most of my time on air emphasizing the general difficulty of content moderation at scale. I hope my effort at nuance was as persuasive in the interpreter’s rendition.

Updated 6/30/2020 with the screengrab from the Futureproof IT site that I forgot to add the first time.

Weekly output: Facebook customer dissatisfaction, Facebook meddling in the Middle East (x3)

Tuesday has me departing for Las Vegas for the Black Hat and DEF CON information-security conferences, aka Hacker Summer Camp. In addition to the usual risk of getting pwned, this year I and other attendees will also have to deal with a plague of grasshoppers.

Yahoo Facebook ACSI post7/30/2019: Study shows Facebook’s customer-satisfaction scores plunging, Yahoo Finance

A new survey from the American Customer Satisfaction Index showed people’s contentment with Facebook plummeting to depths you could call Comcastic–except the cable company still rated lower in ACSI research earlier this year. If this post seems somewhat familiar, you may remember me writing up a similar set of ASCI findings in 2010. The issue of what we’ve learned about Facebook in the intervening years is left as an exercise for the reader.

8/1/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

The Arabic-language news channel had me on air live–twice in this day–to talk about Facebook’s announcement that it had booted hundreds of accounts and pages run out of Saudi Arabia, the United Arab Emirates and Egypt for “coordinated inauthentic behavior,” its phrase for disinformation campaigns.

8/2/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

Saudi Arabia misbehaving on social media put the Qatari network into flood-the-zone mode–not difficult to understand, given the enmity between the kingdom and Qatar–and so AJ had me on for a second day in a row to talk about this story. If you don’t care about Gulf politics, please consider that the Facebook-meddling move here of impersonating local news sources could work in the many U.S cities and towns now starved for local news coverage.

Weekly output: cybersecurity, pay-TV satisfaction, U.S. vs. Huawei, personal air transport, open-source SaaS, Collision conference

I don’t have to fly anywhere Monday, which seems a cause for joy after the last six weeks of travel.

5/21/2019: Cybersecurity: In search of the Holy Grail?, Collision

This somewhat broad description yielded a talk on what we’re doing wrong in infosec with defy.vc managing director Trae Vassallo, Veracode co-founder Chris Wysopal, 4iQ CEO Monica Pal, and Emerson Collective managing director (and former Democratic National Committee CTO Raffi Krikorian. I will add a link to video of this (and the other panels I moderated in Toronto) whenever the organizers post it; in the meantime, enjoy the picture by my friend John Ulaszek.

5/21/2019: Comcast, DirecTV and others suffer another round of low customer satisfaction scores, FierceVideo

I wrote up the latest findings of the American Customer Satisfaction Index survey for my occasional trade-publication client FierceVideo.

5/21/2019: U.S. vs. Huawei, Al Jazeera

I talked to AJ’s Arabic-language news channel about the growing isolation of the Chinese telecom firm via Skype from the Collision speaker-prep lounge; if you watched this hit live, that setting should explain the dull backdrop.

5/22/2019: The race to rule the skies, Collision

My second Collision panel featured Gwen Lighter, founder and CEO of the GoFly competition, and Ben Marcus, co-founder of the drone-cartography firm AirMap, talking about efforts to enable personal air transportation.

5/23/2019: Open source in the SaaS era, Collision

Panel number three of this week called for me to interview MongoDB CTO Eliot Horowitz, and that proved harder than I’d expected: The stage acoustics made it difficult for mo to hear complete sentences from him.

5/24/2019: At Collision conference, Facebook and the rest of tech gets taken to task once again, USA Today

I wrote a recap of the conference for USAT that noted the general distaste for Facebook’s reach and conduct as well as the lack of certainty over what, exactly, we should do about that company.

Updated 6/29/2019 to add links to videos of my Collision panels.