Questions to Ask General Alexander at BlackHat 2013

By John Dickson

GeneralAlexander

In less than three weeks, security geeks will once again invade Las Vegas and the spacious confines of Caesars Palace conference center to hear three days worth of vulnerability announcements, boasting, and war stories.  There will also be some drinking.

BlackHat will be packed with security gurus – some good guys, some bad guys, and a lot of folks somewhere in between.   Gone mostly will be the bearded UNIX guys with suspenders, but you’ll see the occasional old school security guy mumbling about the Morris Worm or wardialing the entire (404) area code in the 80’s. There will also be legions of security guys decked out in jeans and black t-shirts, “security casual” so to speak.  Some t-shirts will have clever sayings, and others will be borderline offensive.  Standing out in the crowd will be a slightly older, stately gentleman who also might be wearing jeans and a black t-shirt like he did at DefCon 2012, or he might be wearing a crisply ironed military uniform, that of the United States Army.  His uniform will be bedecked with military ribbons and four shining stars on both epaulettes.   For those of you who have been under a rock for most of this summer, that person will be General Keith Alexander, Director of the National Security Agency (DIRNSA for those in the community) and Commander of the US Cyber Command.   Given that there are, shall we say, diminished expectations of cooperation between the hacker community and NSA this go around, trying to fit into the t-shirt and jeans crowd might go unappreciated.

Suffice it to say, General Alexander is a major player in the community (that would be the intel community, not the underground community).  He has guts.  He’s going into the belly of the beast – hacker central – right in the midst of the Eric Snowden leak story.  You might bump into him, and if you do, be ready with a question.  To get you thinking, I came up with a handful of questions to have in your back pocket should you have a chance encounter with the US’s #1 cyberspy…

  1. Seriously, how much fun was it when you hit the “Go” button for Stuxnet?
  2. What happens in Vegas, stays in Vegas is a total myth, right?
  3. How anonymous is Anonymous?
  4. What’s more fun, being a spook or a hacker?
  5. How quickly did you unfriend Eric Snowden on Facebook when he boogied to Hong Kong?
  6. Can you please limit the use by the military of the term “cyber” to only one million times/day?
  7. After APT was outted, is referencing Sun Tzu is every security PowerPoint still cool?
  8. Can NSA collect personal information faster than Facebook gives it away?
  9. What’s that medal for?

Follow me on Twitter at @johnbdickson for on-scene commentary and observations from BlackHat 2013 and Vegas.  See everyone in a couple and contact us if you'd like to meet up with Denim Group folks at BlackHat.

–John

john _at_ denimgroup.com

@johnbdickson

About dancornell

Dan Cornell has over fifteen years of experience architecting and developing web-based software systems. He leads Denim Group's security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP San Antonio chapter leader. Dan has speaks at such international conferences as RSA, ROOTs in Norway and OWASP AppSec EU.

Leave a reply