Weekly output: LinkNYC, Google renews RCS plea, Chris Krebs at Black Hat, 5G explainer, Cyber Safety Review Board, Web3 security

After a week on the West Coast, including four days in Las Vegas for the Black Hat security conference, I now have two weeks of not going anywhere. Which is good!

8/8/2022: LinkNYC begins deploying 5G kiosks – but not yet with 5G inside, Light Reading

After too many months of not writing for this telecom trade-pub client, I filed this update on New York rebooting its LinkNYC effort to bring free WiFi and digital city services to individual blocks.

8/9/2022: Google Posts Yet Another Plea for Apple to Support RCS Messaging in iMessage, PCMag

Google makes fair points when it calls out Apple for hindering the quality and privacy of cross-platform text messaging by not supporting the RCS messaging standard in iMessage. But Google hurts its cause by not supporting RCS in Google Voice–or even explaining that hangup. Also unhelpful: Google has yet to ship an API that would let the developers of Signal and other third-party messaging apps support RCS.

Screenshot of PCMag post as seen in Chrome on a Pixel 5a, with a VPN service active.8/10/2022: Ex-CISA Chief’s Advice at Black Hat: Make Security Valuable and Attacks Costly, PCMag

I covered the keynote by former Cybersecurity and Infrastructure Security Agency head Chris Krebs that opened Black Hat. His talk ended on a self-help note, as he advised his audience: “Life’s too short to work for assholes. So don’t.” And yet Krebs worked for President Trump from 2018 through 2020, when Trump fired him for correctly confirming that the 2020 election was run fairly and securely; that could not have been easy for him.

8/11/2022: What Is 5G, and Does It Actually Make a Difference?, Wirecutter

I wrote yet another 5G explainer, this time for the New York Times’ Wirecutter site.

8/11/2022: How a US Govt Board Helped the Open-Source Community Leap to Patch Log4j, PCMag

As the token Washingtonian among PCMag’s crew of writers, I had to write up this very Washington panel about the first test of the Cyber Safety Review Board–an organization set up as an infosec version of the National Transportation Safety Board.

8/12/2022: Why Is Web3 Security Such a Garbage Fire? Let Us Count the Ways, PCMag

This talk about a series of security meltdowns at blockchain-based sites and services had more than a few unintentional-comedy moments.

Conference VOD: one half-decent thing we’ve gotten out of the pandemic

LAS VEGAS

The Black Hat security conference that wrapped up here once again left me wishing I could clone myself for a few days. Its info-dense schedule put as many as nine briefings in the same timeslot, requiring me to make some tough choices and hope that I’d picked a presentation that would yield enough news and insights to turn into an article.

(Spoiler alert: I did not always choose wisely.)

In the Before Times, the panels that I had to skip would have been lost to me until the event organizers uploaded video of them to Black Hat’s YouTube channel, often months later. But this year’s conference, run like last year’s as a hybrid in-person/online event, came with both streaming access to panels as they happened and video-on-demand playback 48 hours later for attendees.

This conference, unlike too many I’ve attended, also continues to post the presentations of speakers, so attendees don’t need to take pictures of every statistic-filled slide for posterity.

So I can treat my conference FOMO and see what I missed much sooner than I could have before. That’s one small side benefit of conferences having to make themselves open to remote attendees, a welcome democratization of events that in a better world would have happened without the pressure of a worldwide pandemic. It’s also personally convenient today because I’m already getting asked on Twitter about Black Hat briefings that I did not get to.

I do, however, still need to remember to catch up on these briefings before the 30-day window to watch them expires–the mistake I made last summer, when I had a much less busy schedule.

8/14/2022: I updated this to add a compliment to the Black Hat organizers for posting speakers’ presenations.

Black Hat pitches increasingly rememble CES pitches

When I’m spending a sunny Saturday in front of my computer, the usual reason is that it’s beastly hot outside. But today I have an additional, also seasonally-specific reason: I’m overdue to look over and make some decisions about all of the Black Hat meeting requests that have been piling up in my inbox.

A view of the Las Vegas Strip from the Foundation Room atop the Mandalay Bay hotel--a common event venue for both CES and Black Hat receptions.

Unlike last summer, I actually am going to this information-security conference in Las Vegas. And many more infosec companies seem to have made the same decision, leading to a flood of e-mails from their publicists asking if I’d like to set up a meeting while I’m in Vegas. How many? Over the last month, I’ve received 134 messages mentioning Black Hat, a number that makes me think of the annual deluge of CES PR pitches.

(Sorry, the total is now 135.)

Just like at CES, accepting even half of these invitations would leave me almost no time to do anything else at the conference. But where at CES I need to save time to gawk at gadgets on and off the show floor–and to get from venue to venue at that sprawling event–at Black Hat I want to save time to watch this conference’s briefings.

In the two prior years I’ve gone to Black Hat, I’ve found that the talks there have an exceptionally high signal-to-noise ratio. And since a coherent and entertaining explanation of a vulnerability in a widely used app, service or device is something that’s relatively easy to sell as a story, I also have an economic incentive to hold off on taking any meeting requests until the organizers post the briefings schedule–which this year only happened barely two weeks ago.

In other words, now I’m out of excuses to deal with these pitches. Which I could have done this afternoon had I not waited until this afternoon to write this post…