Security

RSA Badge Challenge redux

Leave a comment

Well, I said I would post more, and then I actually posted several things over on Bruce’s blog…odd that he took the $100 fee I mentioned to him as gospel. Anyway, the bottom line is that Bruce said I should try to get in without my badge because it wouldn’t work if he tried it (I said he should do it, but he claimed he is too well recognized — yes, I am transferring all blame to Bruce). He had asked me to email the results of my tests, but I guess I didn’t get done in time for his blog entry to pop up.

Anyway, I did as told by the great Bruce and stuck my badge in my pocket and just wore the lanyard and plastic holder with the pocket agenda. The only thing I didn’t try was just walking right up to the booth and saying “I need a new badge, what will that cost me?” I probably would have done it, too, if I hadn’t found it so easy to walk around badgeless. Sadly, I wasn’t challenged sufficiently to actually have to produce my badge. In fact, on a few occaisons I had to actively look around and seek out the guard who was stationed at the main doors. The presentation rooms had a single person for a huge crowd and there were so many issues with the readers during the sudden influx of people that I was not the only person literally forced to enter without my badge being carefully checked.

All-in-all a bizarre situation for a security conference. I started to feel like I needed to beg people to challenge me for my badge so that I could see if the $1900 replacement fee was for real. In fact, at one point I put my badge back on just to see if it mattered and was still working. Of course, at that point I was scanned. Dumb luck, I guess, or it could have been because the woman in line in front of me said she worked for Homeland Security. Alas, sometimes a hypothesis leads to a completely different set of conclusions than was originally expected.

Overall the conference was a huge benefit to me as I managed to meet several people who can help with the secret key issues I’m working on, and I learned a great deal of very useful tidbits from security industry luminaries like Ron Gula and Crispin Cowan (just in casual conversation outside the conference). McNealy’s presentation was very funny and helped me understand how Sun plans to get back on track. His human message was also very appreciated. Honestly I had given up on them back around Solaris 7, but they definitely seem to be back in the swing of things with Open Solaris and Office…tempting to see what it would take to replace our Windows desktops that are mainly used for analytics and email. In the Expo I was particularly impressed with the Identity Engines product and the Array SSL VPN (very fast, very clean). The food was sufficiently edible as well.

I give the conference high marks for bringing so many great minds together, but I really wish they would sort out the conference badge/identity situation properly (hey, this is a chance to really do something secure and efficient and not just talk about it) and work on quality/quantity of presentation issues. A DoJ speaker actually started her talk with “RSA sent me some presentation gurus. They said that I need to use humor and avoid going off-topic into the weeds”. Then she put up a cartoon and said “ok, here’s some humor” and then she proceeded to immediately head right into the weeds, so far off-topic that she (and her presentation buddy) became too lost to continue the slides. Oh, and I can’t forget that at one point she looked at a symbol for the British pound and said “um, that’s in Lira, right?”. I know, boring trivial stuff, but the presentation was so bad I had to wonder what might have been rejected from the conference.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.