RSA Conference & Expo (San Jose, CA)

[foxgrrl]

Oh yeah, I was also going to try to make it to the RSA Expo sometime next week; To collect some new pens, flashlights, and black t-shirts to use for the next year. (But really to spy on my company's competitors.) Also to tell the marketing and sales people in the booths, that the entire concept of their product is fundamentally flawed. And that they would have to completely redesign it from scratch, if what they were doing was even logically possible.

I had that conversation with quite a few companies at RSA Expo last year...

Me: "So, what is it exactly that your product does?"
Droid: "If the laptop is stolen, and a bad password entered X times. [Or it calls home too and stuff] It will automatically delete all of your sensitive files, so that the person who stole the laptop can't read them."
Me: "But what if the bad guy doesn't use your software?" [i.e. KNOPPIX]
Droid: "Uhh.. you'll have to talk to one of our engineers."

I got "Uhhh... You'll have to ask one of our engineers." from several of the companies I spoke to there. I was also the only person on the floor not wearing a suit. (Standard Black Hacker T-Shirt for me. I read that there is a dress code this year...)

http://2006.rsaconference.com/us/conference/faqs.aspx

Comments

[harlkyn.livejournal.com]

Ooooo, get me some swag! Like, some USB thumbdrives or something :)
Or some OSX encryption software...

[kysh.livejournal.com]

Yeah, I opted out of my 'opportunity' to go down there.

The entire industry is full of nothing but wankers in whom I have zero faith. (The industry being the industry, and not, strictly speaking, real security people).

The fact that people just don't get it, but still want their piece of the pie, is what makes me ill when it comes to the entire computer industry.

I find it exhausting and frustrating. I need to build an appliance with one 'in' ethernet port and one 'out' ethernet port, with no wiring to the jack.. just an empty case with two RJ-45 ports.. maybe if I wanted to get fancy a power supply to power an LED... and sell it as "The ultimate firewall" / "The ultimate network security device". At least I would be able to do it honestly, in good faith, and know I was right.

-Kysh

-Kysh

[reo-the-eagle.livejournal.com]

Hate sounding bad. But who takes Knoppiz seriously?

[drewkitty.livejournal.com]

Anyone who does either computer forensics or corporate espionage.

[dv-girl.livejournal.com]

You really shouldn't tell your competitors their product is broken and that they're going in the wrong direction. Let them waste time on a bad production path.

Wait until they get it to market, THEN point out all of the obvious gaping holes in it before it has a chance to get market share.

:)

[ephermata.livejournal.com]

Intel is touting their Active Management Technology as an answer to these sorts of questions. Well, OK, it's not going to be in laptops as far as I can tell any time soon, but still they seem to have an idea that there will be code running independently of the OS you choose to run (or not). This code could then do some of the call home features if the box is stolen.
http://www.intel.com/technology/manage/iamt/

I haven't been able to figure out how it actually works yet. There appears to be something integrated with the network card that talks to an enterprise management console, but I'm not sure what it can do to your running computer or how it authenticates the management console.

[foxgrrl]

With the Palladium/TCPA? whatever they're calling it now. And the VT "Ring -1" stuff. Everything they need will already be there for this [IAMT].

Or, this may just be a new marketing technique to get widespread adoption of Trusted hardware. Selling people on this feature, as an advantage. And silently at the same time sneaking in all the DRM stuff.