ShmooCon seemed very policy focused this year. I liked it. The NSA debacle is going to shape the industry in the years to come. We need to talk about it. Hopefully we as an industry push for more encryption, but we’ll see.
Bruce Schneier argued the tools and techniques the NSA used will be in the wild in the next few years. They probably will be, but I don’t think that will change the threat landscape that much. Blackhole Toolkit is gone. Now I deal with CryptoLocker infections. CryptoLocker will eventually morph in to PowerLocker and then something else will replace it. Perpetual war?
@Quadling made a comment during a talk that Windows XP is the COBOL of our generation. Is it? I don’t know anyone claiming they will be XP free in the next few years. I’ve seen Windows NT active in the late 2000’s. Will there still be XP in 2020 and beyond? Most likely. Will the state of network security be advanced enough to mitigate the threat or will we still be battling NAC technology implementations?
Of the vendor area, I was most impressed by Parsons. Their Crash Analyzer seems like an interesting concept. Using GPO, you update your Windows systems to send their error reports to an internal server. The internal server analyzes the reports for malware. That seems like an extremely elegant solution to finding some malware as well as monitoring for general stability issues.