Revisiting L0pht testimony – 20yrs later

Here is a copy of my introductory statement from the May 22, 2018 briefing where L0pht revisited its historic Senate testimony of twenty years earlier. (supporting links at the end.)

Good Afternoon, I’m Space Rogue. Twenty years ago, out of fear of corporate retaliation through lawsuits Space Rogue was the only name I used. Today I also use the name Cris Thomas, although not as frequently, and I work as the Global Strategy Lead for IBM’s X-Force Red which is the offensive security services part of IBM Security.

We are here today to talk about how things have changed in information security over the last twenty years. When we were here twenty years ago a lot of people said, we were a voice of reason attempting to warn people about just how much risk was inherent in our critical systems. A lot of people in information security, or I guess we call it cyber security now, that’s one change right there, will tell you that nothing has changed, that we still have issues with passwords from password reuse, to weak passwords, to no passwords. We still have organizations who ignore the problems either through ignorance, ambivalence or just greed. And we still have people who try to blame users for technological failures.
Continue reading