Dailydave mailing list archives
HITB Security Conference 2003 website rant
From: "Tom Grazius" <trg_info () mailhaven com>
Date: Mon, 09 Feb 2004 19:13:44 -0500
I have to rant about the Hack In The Box website one last time. [rant] Correct me if I'm wrong, but isn't the HITB Security Conference a professional event? Didn't people travel half-way around the world to attend last December? They still have not put up any conference materials or presentations on their website. It's going on 2 months now. Their stock answer to "why not?" has been and continues to be "We're completely swamped." Can soneone please define "completely swamped" for me in terms I can relate to? IMHO if they had initially said they wouldn't get around to updating their website for 3 months, they would have taken some hits. But no, they string everyone along. On 14 December '03 they said "real soon now." On 2 February '04 they said "real soon now." If they're "completely swamped" to the point that they can't even update their website with the material they promised within a reasonable time frame then their credibility begs questioning. If my boss asked me, "Hey, Tom, where's that list of things you promised me last week?" and I replied "I'll get around to it, I'm completely swamped at the moment", and then he asks again 60 days later and I give him the same answer, guess where my ass is the next day? Is the information not time critical? Doesn't it get old and stale? Aren't most of the Microsoft RPC holes plugged already? After XP SP2 won't most of those presentations be obsolete? Sure, they may retain some historical value for educational purposes but there's nothing like keeping current. Shit, why doesn't the entire industry move to a once-per-year conference schedule? If I'm going to attend a professional conference and expect to be reimbursed for my "business expenses" I need a hell of a lot more justification for attending than playing capture-the-fucking-flag. I understand people get busy and have priorities, but give me a break. What could have higher priority than wrapping up the conference that has just finished? Didn't they charge people to attend? More than a thousand dollars? Each? Hire a web update person for a few days if you don't have time to do it yourself and get it done already! The LSD work on the Windows RPC flaws was groundbreaking (I guess). This was perhaps the most significant widespread vulnerability in 'doze in the last decade. But the HITB Conference people can't be bothered to make it available for those who did not attend the conference to see. They're completely swamped, you know. The Linux Kernel Modules talk must have been very interesting. How much of it is applicable to v2.6? Who knows? I can't find out from HITB because they're completely swamped. Advanced Linux Kernel Keylogger? Sorry, swamped. It's way past overdue for the HITB folks to get off their asses and finish what they started. "Completely swamped" is no longer a viable excuse. I'm not interested in the 0-day stuff from the conference. At this point they're not even being close to 0-day anymore. 60-day is more like it. There were plenty of presentations that had been set up months in advance. All they've managed is a couple of pictures. Whoop de-friggin-do. [/rant] There. I feel better now. -- http://www.fastmail.fm - Access all of your messages and folders wherever you are _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- HITB Security Conference 2003 website rant Tom Grazius (Feb 09)
- Re: HITB Security Conference 2003 website rant H D Moore (Feb 09)
- Re: HITB Security Conference 2003 website rant Nahual (Feb 10)
- Re: HITB Security Conference 2003 website rant Tom Grazius (Feb 11)
- Re: HITB Security Conference 2003 website rant H D Moore (Feb 11)
- <Possible follow-ups>
- Re: HITB Security Conference 2003 website rant harley mcdonald (Feb 11)
- Re: HITB Security Conference 2003 website rant H D Moore (Feb 09)