Dear Daily Dave,
For a hacker conference, twenty years is a huge achievement — for a small conference, even more so. Over these years we’ve enjoyed speakers showcasing results from cutting-edge research, seen thought-provoking keynotes and bonded with other like-minded people from all over the world.
If we had to summarize the experience with one word, it would be gratitude. The speakers, repeat speakers, first timers or regular attendees, and friends of t2 — you have made the event and its atmosphere.
This was always a true community event – it’s organized for hackers, by hackers. The Advisory Board’s motivation and main driver was our love for the game. Creating a small event with a curated program, offering a backdrop for lobby bar and coffee break discussions was (and still is) our vision of a perfect infosec con. The chance to network with your industry peers was as integral part of t2, as the high quality content.
It’s rare you get the same level of interaction with current/former speakers and attendees alike at any other conference.
Tomi has fond memories of pretty much each and every year. Starting from the humble beginnings, when the legendary Phenoelit guys were kind enough to come and present at a conference that back then had no history nor reputation. How the Toolcrypt guys dominated the stage for years with their absolutely amazing research, and how Ivan Krstić (now Apple’s security samurai) shared his ideas on how modern security architectures should be built (iDevices anybody?), how the InversePath crew delivered some of the most enjoyable and hardcore research ever and well, you get the idea – the list just goes on and on – there are simply too many good memories to list here.
Mikko remembers learning from Ludde (during a t2 coffee break) how he works at Spotify. Then Mikko explained how impressed he was with Spotify’s early beta version, especially how you could skip parts of a song and it would still continue streaming instantly. Ludde nodded…and said ‘yeah…I coded that’.
Henri still reminisces how Halvar Flake took the time after his talk in 2010 to have a chat with him and Esa Etelävuori (RIP), despite Halvar feeling slightly under the weather in the midst of what later turned out to be the Zynamics acquisition by Google. In 2017 we enjoyed the late night/very early morning pizza in the hotel lobby bar with Dave Aitel, after proving him wrong.
Instead of dropping a surprise announcement sometime next year, or silently disappearing into the crowd, we wanted to let everyone know before this year’s t2 infosec that 2024 will be our last dance.
We have truly enjoyed the past two decades of world class cyber in Helsinki – all good things come to an end eventually. From the bottom of our hearts, a big thank you to all of you who made this happen. We are privileged to be able to call many of you out there our friends.
This goes especially to Dave, thank you for treating us so well over the years.
Tomi Tuominen
Mikko Hyppönen
Henri Lindberg
There seem to be a lot of people who think the problem with cyber security
is we aren't paying lawyers enough. This results in the current push for
software liabilities, or the need to click accept on cookies before we use
every website. It is natural for lawyers to want to feed the
next generation of associates, by regurgitating legal koans into their
mouths. These vomitous truisms pass for thought leadership when you go high
enough into the cyber policy clouds. "We don't know what we don't know!",
"You can't manage what you can't measure!" , "We need to be Secure to
Market not First to Market!", "Crawl, Walk, Run!"
These statements are the opposite of haikus, which when done right are one
crystalized emotional moment. This is why I think maybe we should hire more
poets to do cyber policy, instead of lawyers. What is "*i carry your heart
with me(i carry it in*" other than the first line to an exploit written in
a bash script we all forgot existed but our spirits remembered?
When LSD-PL said:
bn,a
bn,a
call
did that not carry with it an emotive punch? When we hack, do we not reach
within our internal well of hate to pull forth a tiny amount of darkness
and then send it into the world on tiny flaxen wings? I cannot do a survey
on this in any language that matters, but I look into the net and see all
the ancient hackers I grew up with still crouched in full armor, their
ocher swords smoldering.
This week in between cyber policy calls at 0500, I sat for hours, choking
on the byzantine syntax of LangChain attempting to wrestle an LLM into
submission. I kept thinking, what would Horizon do? What would Shubs do?
What would James Kettle do? What would Tiraniddo do? What would Chompie do?
What would Skylar do?
I told myself: They would *continue*, is what they would do.
-dave
Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known vulnerabilities in those OS'es and source code availability, surely there should be an amazing amount of SAST/semgrep/codeql rules that take as input existing known exploits and then do rules that find similar things, yet I don't seem to be able to find such projects
Surely, these two code bases should be the foundation of most good CS/cyber courses - like students finding new bugs, etc.
Is source code junk?
