HITB Security Conference 2003 website rant

["Tom Grazius" <trg_info () mailhaven com>]

I have to rant about the Hack In The Box website one last time.

[rant]

Correct me if I'm wrong, but isn't the HITB Security Conference a
professional event?  Didn't people travel half-way around the world to
attend last December?  They still have not put up any conference
materials or presentations on their website.  It's going on 2 months now.
 Their stock answer to "why not?" has been and continues to be "We're
completely swamped."  Can soneone please define "completely swamped" for
me in terms I can relate to?

IMHO if they had initially said they wouldn't get around to updating
their website for 3 months, they would have taken some hits.  But no,
they string everyone along.  On 14 December '03 they said "real soon
now."  On 2 February '04 they said "real soon now."  If they're
"completely swamped" to the point that they can't even update their
website with the material they promised within a reasonable time frame
then their credibility begs questioning.

If my boss asked me, "Hey, Tom, where's that list of things you promised
me last week?" and I replied "I'll get around to it, I'm completely
swamped at the moment", and then he asks again 60 days later and I give
him the same answer, guess where my ass is the next day?  Is the
information not time critical?  Doesn't it get old and stale?  Aren't
most of the Microsoft RPC holes plugged already?  After XP SP2 won't most
of those presentations be obsolete?  Sure, they may retain some
historical value for educational purposes but there's nothing like
keeping current.  Shit, why doesn't the entire industry move to a
once-per-year conference schedule?

If I'm going to attend a professional conference and expect to be
reimbursed for my "business expenses" I need a hell of a lot more
justification for attending than playing capture-the-fucking-flag.  I
understand people get busy and have priorities, but give me a break. 
What could have higher priority than wrapping up the conference that has
just finished?  Didn't they charge people to attend?  More than a
thousand dollars?  Each?  Hire a web update person for a few days if you
don't have time to do it yourself and get it done already!

The LSD work on the Windows RPC flaws was groundbreaking (I guess).  This
was perhaps the most significant widespread vulnerability in 'doze in the
last decade.  But the HITB Conference people can't be bothered to make it
available for those who did not attend the conference to see.  They're
completely swamped, you know.  The Linux Kernel Modules talk must have
been very interesting.  How much of it is applicable to v2.6?  Who knows?
 I can't find out from HITB because they're completely swamped.  Advanced
Linux Kernel Keylogger?  Sorry, swamped.

It's way past overdue for the HITB folks to get off their asses and
finish what they started.  "Completely swamped" is no longer a viable
excuse.  I'm not interested in the 0-day stuff from the conference.  At
this point they're not even being close to 0-day anymore.  60-day is more
like it.  There were plenty of presentations that had been set up months
in advance.  All they've managed is a couple of pictures.  Whoop
de-friggin-do.

[/rant]

There.  I feel better now.

-- 
http://www.fastmail.fm - Access all of your messages and folders
                          wherever you are
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave