 So, welcome to the second annual DEF CON Recognize Awards. We actually gave it a name this year. And the goal here is basically to get everyone in DEF CON communities opinion on who was best, who was worst and that kind of stuff. So, this is Jericho, Brian Martin, he runs attrition.org and he does a lot of work with researching security charlatans, things like that. I'm not going to go too much into this. The why? Why do we do this? Well, we want to give all of you a voice, right? So, we have the Pony Awards and they're out there and everyone's like, you guys are just trying to mimic that and that's not actually entirely true. Not entirely true. We wanted to give you guys a chance to vote as well, right? Because we do a lot of this stuff at Black Hat and so we wanted to bring it to DEF CON because we actually have a much larger audience. You wouldn't know it from this room because track one and track four are packed, which is probably where Jeff is at, right? He's like, I'm going over there because my talk sucks. We wanted to give recognition both positive and negative to people that have made a difference in the industry, either good or bad. And that's really kind of where you guys come into this. How we did this was we put up a survey online several months ago and we allowed everyone to nominate everybody they wanted. We changed it a little bit from the year before where we allowed everybody to nominate and then everybody to vote and that caused a lot of issues, kind of skewed the voting. We ended up doing public voting anyway once we got to CON. So what we did was we put survey up. You were all allowed to nominate people for the various award categories as you wanted to over time and then we're going to vote here today. What we did was we took all the nominations that actually had useful information in them and that's very important to understand because there were a lot of very unuseful nominations with no supporting facts and nominations that didn't really make any sense. And so we brought those to you today and then we're going to have public voting here today. And so Jericho bought one of those noise meters and as we go through, ooh, ah, as seen on QVC, we're going to... Best 20 bucks ever. So as we get to each category, we're going to go through, kind of explain a little bit about why they're on the list, the details we were given by the people that nominated them and then we'll allow you to make as much noise as you want to for the people in the category that you want to vote for and based on that, we'll award the awards that way. The categories that we have this year, we've got a worst media person or outlet. Basically, these are people that have written something in print that was really bad about security or hacker related issues. And that's important to us because there are still people in the world that read despite what you might see on the internet. Worst media person or outlet broadcast wise, we actually dropped this one because we didn't get any valid nominations for this. We did want to bring up that we had some local media trying to sneak in again this year that were kicked out last year with TV cameras and that kind of stuff. And they were doing covert interviews in the hallway. As covert as you can be with a huge shoulder camera and microphones and that kind of stuff. So they were booted again, but we don't have many details on that. So we've actually dropped that category for this year. We have the best privacy enhancing tool, product, application. So we've got multiple products there as well. We've got the best security or hack related Twitter feed. We got a lot of nominations on these. We got probably six or seven that we got multiple nominations for. And we'll go through the honorable mentions as well as the ones that are on the list so that you know that you get an idea of everyone that was actually nominated with information. And then we have what we're calling the twit twat. And these are the worst Twitter feeds, right? So there's a bunch of hackers and security professionals and media people out there that have Twitter accounts that want a lot of followers. So they put as much sensationalistic or crappy stuff as they can on Twitter in order to get followers. And then we have the captain obvious award. Those are the people that have come here with a talk and they have taught us all something that we've all known for several years, right? And so we've got several, I think we ended up with two. We had another one that we were researching, but it turns out it was probably a B site's talk. And then we have Jericho's security charlatan of the year. And these are individuals that deserve the title of, you know, somebody that doesn't know what the hell they're really talking about. I had something I was going to say. I lost a thought. It's been a long weekend. All right. So let's talk about worst media coverage. So for print, we have two different ones. The first one was Matthew Schwartz. He actually popped up a couple of times, but the reason he's on the list is because of the detailed explanation and the reason and opinions of the people that nominated him. And I think they were probably working together on this. How many of you read the article a couple months back about the best way to get hackers to stop hacking is to get them a girlfriend? All right. He's not kidding. That's really the entire article. It is the article. It's basically they go through a bunch of facts and they've got psychological analysis and somebody has done some kind of review on hacker behaviors over the years. And so somebody sat down and put all this together and wrote an article. And his name is Matthew Schwartz. And the idea was that these hackers, if you want to get them to stop hacking, you've got to get them a girlfriend. And so that's the first one. I'll show you the article in a second. And you can see the webpage and kind of look through it yourself. The second one, we're not exactly sure who to attribute blame for, but it was based on a water pump hack. Did anybody hear about the water pump hack? Supposedly there were some Russian hackers that hacked all the way across the ocean into some water pumps at a SCADA plant. And it was like Iowa or something, right? To screw around with the water pumps. And as it turns out, one of the administrators of that SCADA system had gone overseas to Russia and was doing normal administration on these water pumps. And so when one of them failed a few weeks later, they went through their logs and saw an IP address from Russia. And he hadn't told anybody from his work, he was going from Russia. And so somebody blew it out of the water and it became a huge Russian hack attempt on this poor little water station in Iowa that apparently is critical infrastructure. So I think I have that one up as well. So let me put my browser and you guys can, it's actually kind of funny. Let's see. So Scarlett Johansson getting hacked. She wants lots of money for what she's doing. All right, so here is Matthew Schwartal. This is, this is what he looks like. I'll zoom in. There you go. Hi, Matt. Alright, so this guy actually seems to be a nice guy in his article. He actually released this July 16th. So this was a last-minute addition. And the person that submitted this had a lot of good information. So if you look at the submission and how this guy writes, it's honest, honestly, it's a subjective point of view on both sides. But, you know, this guy writes about how hacking, you know, is caused because people haven't grown up. They haven't made a commitment to society in one way or another, right? They're not invested. If you get them girlfriend, suddenly they're invested in something. So that gets them looking off in other directions. I figured the girlfriend thing was a different kind of distraction, but apparently it's a social commitment. Come on, I was a hacker. I know what it really is, right? But yeah, so he goes through. He writes this whole article. He's got a lot of really good references, right? He's got cyber psychology expert. There are cyber psychology experts now. I don't know where you get that degree. But, you know, he talks to a lot of people. He gives a lot of facts. He's not blowing everything entirely out of the water, but he does say some things that are fairly controversial. I'd like to point out that I don't think his research was very thorough because he didn't look at the alternative. It's like, well, maybe if you don't have a girlfriend, how about if you have a weekly hooker? Is that enough to keep you on the right side of things or not? Yeah, just poor research all around. There you go. So DHS can give us a grant here for DEF CON. You know, you walk in, you pick up your program. I'll take this hooker and you have a weekend of fun and that way for the rest of the year, yeah, you're not a minister society. I'm sure Jeff's going to go for this. It is equal opportunity. We'll have the beef cakes lined up with the rest. The beef cakes? No, Tracy, you can't have a beef cake. Oh, no, VIP will be above and beyond that. Yeah. Yes, this is like hooker welfare, right? You get only what the government can, here's your cheese and here's your hooker. We are creating jobs and insert joke about stimulus package. Wow. So he actually talks about Asperger's and autism and how that affects the hacker mind. He goes into all of this and apparently girlfriends fix it all. It's a difference between the red pill and the blue pill. Wait, I think one of those is a roofie though. Yeah, one's a roofie, the others of Viagra. Okay, all right. And then here is the water pump hack, right? So this guy, they actually put a picture of him and his family in the article because it wasn't embarrassing enough. He went to Russia and apparently hacked his own system. But what happened was he went to Russia with his family, right? Beautiful family picture. I feel bad about that. So something happened. The water pumps went down. They saw an IP come back because he had been asked to come fix the water pumps at the utility. He gets out there. He does this thing. He comes in securely but still coming from a Russian IP address. And then a few weeks later, something goes bad. They're looking through the logs. They see a Russian IP address and all hell breaks loose. That's not the worst part of it. Somebody leaked the story to the press to the point that it went all the way across. It popped up in magazines, online ads, or not online ads. That would really be bad. Online print articles, things like that. It was in dozens and dozens of news articles all over the internet that this guy, that Russia was hacking these water pumps from across the pond. And it turned out, you know, he's like I wasn't manipulating the system or making any changes or turning anything on and off. Right? All he did was log in to check the status of some pumps and give his advice. Because, you know, they're his pumps. There he is. He looks like a hacker. Actually, it looks a little bit like Jericho. Did you shave your head? Thanks for pointing this out in front of everyone. And by the way, when he logged in, he did it through secure VPN. And from what I understand, there weren't any login failures or anything. It was just one popped in like any other. It's just the IP address alone that caused the chaos. Right, right. Yeah, so that was it. And so that was the second one. So we got some other nominations. They were really, really terrible to be quite frank with you. People were just posting links and gave us no details about why it was bad. And as you guys have probably read on the page, we really need the details and some analysis, right? You don't just pop information up there because you're in a hurry. If you're going to nominate somebody, at least go through the trouble of actually justifying why. Social responsibility. Right, so we'll go back to the slide. And we're going to do our voting. So between Matthew Schwartz and the water pump hack, you need to decide which one you think is most significant as the worst media coverage. All right. So if you want to vote for Matthew Schwartz, make some noise. All right. If you want to vote for the Russian hack attempt into the water pump, make some noise. All right. So the water pump wins it on this one. We'll be notifying that poor guy in his family that they won the worst media coverage at DEF CON. Love the family picture. By the way, you're a terrorist in our eyes. Yeah. Please don't be PNN. All right. So the next one is the best privacy enhancing technology. We got a lot of stuff here, but these are the only four that actually had some kind of justification or comments. We saw tour last year. Tour did not win. Moxie won it last year. We have the Wicker application. How many of you use Wicker or have heard of Wicker? All right. There's two of you. All right. That's a really good application. Crypto cat. How many of you use crypto cat? All right. So we have four of you. Or the authors in the room. And somebody actually wrote down, and this popped up multiple times is why I put it on the list. Google turning on HTTPS by default. Any Google engineers in here? Yeah. Anybody use Google? All right. So Wicker is apparently a portable security device, right? Or security application. And it got several nominations. And one guy went so far as to say my wife and my 10 year old daughter use this on their phones as well. So that was cool. You know, if it's easy to use and you've got your kids trying to be secure, that's kind of a step up. Crypto cat is a chat program for web browsers that allows you to have multi-party chat that is encrypted. That's my understanding. I haven't actually used this. Is that about right? That makes sense? Yeah. So I'm getting some nods. I think everybody knows what HTTPS is. Just you don't know, right? I mean, there's a lot of people here. And then how many of you have used Tor in the past? Tor is a really good project. They've done a really fantastic job. And it was really, really close last year between Tor and Moxie just to let you know. This allows you to surf as anonymously as possible. But when the military started putting their own Tor nodes out there, you're never quite sure where you were going to pop out. So you can't entirely guarantee the security of the project anymore. But it is pretty good. So are there any questions about the projects before we do any voting on this? What? Bitcoin. No thanks. Yeah. Like I don't see how that's secure. But you know, you know, I'm going to get on a box here because we've lost about half our DEF CON groups. I mean, they're still DEF CON groups, but all they do is they sit there and drink beer and mine bitcoins and sell them back to the market. And they're making decent money, but I mean, that's a complete waste of time. They could be playing World of War Craft or something more productive. What? Yeah, get a girlfriend. Yeah. All right. So if you want to vote for Wicker, make some noise. Wow, that was awesome. Did that register? 67.8. Well, that wasn't bad. That's like ambient noise, though. That's like too above Russ speaking. Hey, all right. Crypto cat. If you use crypto cat. 73.4. We have a winner right now. Google turning on HTTPS by default. Sorry, Russ laughed and skewed that one, but it still didn't win. All right. And then the onion router. Tor. Cool. You guys are keeping this easy on me. It's the last one in the list. I won't have to remember anything later. This is awesome. All right, so we're going to go to best Twitter feed. How many of you are actually paying attention to Twitter? Wires. Come on, more of you are. Yeah, so there's a lot of people on Twitter. There's a lot of people that have accounts. There's a lot of people that are subscribed and following other people. And there's even more people that don't actually pay any attention at all. So it was actually quite a challenge to get people to submit best Twitter feeds. But these are the top four as far as nominations go. And we did actually get a lot of nominations on the Twitter side. And so for honorable mentions, ones that are not on this list, we have needed debit card. We have another one called injector. Is this space rogue? All right, so space rogue from the loft. Anybody remember space rogue from the loft? I can tell how long you've been at DEF CON if you remember. There's like one hand in the back. Hey, space rogue. And then we have B myths. And then, I can't read your handwriting. Brian Krebs. Brian Krebs. All right. That's not an exhaustive list, but those are the ones that popped up at least more than once. Right, so those are the honorable mentions. For the actual four we're going to vote on, what we've done here is we've shown the number of tweets and the number of followers. So we have spider labs. I'm sure most of you have heard of spider labs. If you haven't, it's a really good tweet, Twitter account to follow. They do a lot of research and stuff like that. It's decent. Attrition.org. I don't know who those assholes are. That's actually Brian's, Jericho's stuff. And that is legit. He did pop up. He tied with spider labs here. We have your Anon news. So there's actually a whole lot of people following anonymous on Twitter, oddly enough. And then we have packet storm. And I'm sure if you've been in the security community more than, you know, six months, you know who packet storm is as well. So you'll notice that the number of tweets is not necessarily tied to the number of followers that you have. But these are the top four. Have any of you looked at any of these tweets from these groups? Anyone? All right, cool. So there are people that are following Twitter. The reason this is so dangerous is because at this point, if something happens in the world of security, we don't have to wait for printed press or broadcast press anymore to get the word out, right? Somebody's heard about it. Somebody's going to tweet it. And somebody's going to go out and retweet it. I don't think that's me. Russ was backing up, sorry. I've been here all weekend eating buffets. So if you like spider labs best, make some noise. All right, cool. Attrition.org. Do you want me to stop there while you're winning? Thanks, everyone. Appreciate it. You're a non-news. Anyone? And then finally we have packet storm. Awesome. You guys just going by the last on the list, right? This is great. You're making it really, really easy for me. All right, so one of the new words. You're all jerks. All right, one of the last ones we have, or one of the new ones we have is the twit twat award because there's a lot of people out there, like I said, that are, they're pushing a lot of bad information. They're pushing a lot of hype and sensationalism. And really, we don't need that, right? I mean, we already have the media. We already have the politicians. Let's not dose ourselves with bad information as well. And so we got a lot of nominations on this. I'm going to steal your piece of paper. All right. Actually, we had planned to, but there was a slight problem with creating these slides, mainly that we did it 15 minutes before the presentation. And we got the information, obviously, but getting screenshots from one laptop to another was pretty difficult. So next year, yes we will. Yeah, we're only hackers, dude. PowerPoint sucks. All right. So I'm going to go through the honorable mentions real quick. And if you're interested, you can write these things down. We can post the list later on defconn.org as well. We have Team Grey Hat. Wow, dude. Beaker. Wow, Ralph. Beaker's on there. The Prez 98, I think they're going back and forth at each other. Those are people we know. Brian Krebs again. Was he just nominating himself? He didn't care what he wins. He just won something. No, he's actually really liked or really hated among some people. So it's not surprising. And he was not the only one that showed up on both nominations. Yeah, so he's on the best and the worst. So he's kind of in the middle, I guess. And then drama security. Somebody groans up front. That's always a good sign, right? All right. So in order of the top nominations, we have White Rabbit. Has anybody read White Rabbit stuff? And by the way, since we can't share your tweet, one of the number one complaints about his feed is that he writes these blogs. He is an evangelist for HP. And once he writes a blog, you will see that same damn link 18 times throughout the day. And then every day for the next three weeks. So yeah, you get to see these same blogs over and over. And that's why he has so many tweets in a relatively short time. And because he needs to, he's also got two accounts. He's got White Rabbit, his handle, and he's got his real name. So yeah, he, uh, he pollutes the Twitter a lot. Is his name Brian Krebs? Raffle Lose. Okay. Then we have the Jester. Real quick, the reason that the Jester has zero tweets, a lot of you may know, the Jester is a kind of notable figure in, uh, activism, supposedly taking down, uh, jihadist sites or whatever, fights with anonymous. So recently there's been a big stirrup and the Jester went through and literally deleted all of his tweets. Uh, I believe in the past few days, um, as of today it showed one tweet, but none were actually visible. Who knows? Yeah. Um, and then we have anonymous SABU. Most of you have probably heard of SABU. This is Hector. This is the leader of Lulsec, who was also kind of a, uh, stand in leader for anonymous. Uh, sometime, I think shortly after last DEF CON, he decided, oh well, since I got popped, I'm going to go ahead and snitch on all of Lulsec. So yeah, we've all read about Lulsec getting busted and that's courtesy of ol' Hector up there. Yeah. He's awesome. He's got kids too. He's on the DHS, uh, DHS Hooker program apparently. So yeah, that's, that's Hector. I just figured you'd want to see what he looks like. Um, there is a, um, he's the world's most wanted hacker apparently. Uh, yeah. Most wanted dead by the rest of Lulsec. All right. And the last one is, um, Sam Bown. Bone. Bone? Yeah. Sam's here at CON somewhere, but uh, Sam is a professor of ethical hacking at some community college. Uh, he's another one that people really, really like him or people really, really dislike him. His tweets range from, hey, that's cool. You know, it was a good link to what the fuck are you smoking, man? I mean, just, it's bad. Yeah. I am not Sam. All right. So, in order of preference, let's start with white rabbit. If you want to vote for white rabbit, please make some noise. All right. The jester. Anonymous Cebu. You guys are going to screw me on this one, aren't you? And the last one is Sam Bone. Yep. Just moving to the bottom. Yeah. I can't. It's PowerPoint. All right. Cool. All right. So Anonymous Cebu won that one. All right. So how many of you have been to a lot of talk during DEF CON in the last three days? All right. And by a lot, I mean more than one. All right. I know there's parties and other stuff going on. So, um, Brian came up with the idea this year to create a Captain Obvious Award, right? So this is DEF CON. And what we want to see talk wise are things that really, really make a difference, help us learn things, things that haven't been known for, you know, several years. And so we had two talks, like I said, we had a third one and found out it was actually at B-Sites. Somebody nominated something from B-Sites. So the two talks we have, there was one by Kenneth Gears called the Artist Cyber War. Did anybody see that? You walked out of it? It was that good, huh? Very quickly. Why was it so bad? So he says it was all fluff, no content. And if you made it all the way through the talk, at the end of his presentation, I walked up and I said, hey, can I get your email address? I'd like to discuss this. And he's like, yeah, sure. And I said, because you got the entire presentation wrong, you don't know anything about cyber war and it's clear, you know? And yes, I'm a little jaded. I was one of two authors that wrote an article that specifically says the art, or Sun Tzu in the art of whore, because we should not be using Sun Tzu in any cyber context. It's just, it's a bad analogy all around. So I went to the Q and A after and one of many questions, because he didn't really answer any of them, but one of the questions I put to him is, so you're talking about cyber war. That's your entire presentation, but you never defined it. What is cyber war? I asked him three times and he couldn't define it. He wouldn't give me his definition. And I think I really puts it in the context that if you can't define your own topic, why the hell are you speaking about it? That's a good point, right? So, yeah, Kenneth Gears. And we got several hands there. So we realized there were some issues in that talk. And the next one was anonymous in the online fight for justice. How many of you actually saw that talk? All right. Was it decent? What did you think? Right. Right. And so I'm here of any contact with you. Right. And not only did they do that, but some of them got up and basically spent five minutes giving their bio and then sat back down. It's like, right. So in the long run, the panel was one hour, but probably had maybe five to ten minutes of actual talk about anonymous. And it's unfortunate because a few of the people on the panel had very, very interesting backgrounds related to anonymous. You know, there was a lawyer up there, uh, Biela Coleman, done all sorts of research. They had good content. They just didn't give it to us. Right. So it was just a bad talk, right? You don't want, if you're going to a talk, you want to see the content, right? You don't necessarily just want to hear about the bios. So, real quick, by the way, the Q&A after that talk was outstanding. I mean, the room was packed. Of course, there's small rooms. So there was like 50 people, but the dialogue, the back and forth was great. I was like, that should have been the presentation. That would have been interesting. No, but we can type them up real quick. Yeah, we actually agree with that. Seconded. Yeah, that's fine. We can do that. Um, we actually have had people come up and complain about it, but nobody actually nominated General Alexander. And we kind of wondered at that ourselves. Um, that was the third hour. That was right after I left the room. Um, so that was it, huh? How long? Is that what he said? We're hiring? Wow. Okay, so he came here as a recruiting tool then. Oh yeah. All right. So let me add him on here. And you guys can vote for him. And we'll just call him the general, because that'll be funnier. And uh, and we're going to make sure Jeff gives him the award. In case you didn't notice, he had bodyguards. Yeah, yeah, with guns. Um, you know, and it was funny, somebody was talking about it and they're like, you know, if he came to DEF CON and he just walked through the conference area, nobody would have known who the hell he was, right? Because he really doesn't stand out at all. So, right. Did you show up with him or interesting? Yeah, there's anonymity and not, you know, broadcasting who you are here. So, all right. So for, um, the artist cyber war, uh, with Kenneth Gears, if you want to vote for that for Captain Obvious Award, make some noise please. All right. So, anonymous in the online fight for justice, make some noise. All right. And then finally, if you were really disappointed in, uh, the general, make some noise for us. All right. So that made the most, is it broken now? That made the most noise out of any of the votes you guys have had up to this point. So, um, thanks for adding that to the list. I'm glad somebody actually nominated it. Excellent, excellent contribution. Hey, you can, you can have the limitless smart shot. Fuel for your body. Focus for your mind if you want it. You want it? All right. I'm not going to throw it. Nice. Yeah. They, uh, they tagged somebody in the head yesterday at a talk, so I'm a little bit hesitant to do it because I am a white boy from Oklahoma. I know I'm going to hurt somebody if I chunk anything into the audience that's not foam coated. And that was, I don't want a red card for that. All right. So finally, security charlatan, I'm going to let Jericho get up here and talk about it. This is kind of his bailiwick. Um, he's been doing this for a really long time. If you follow Jericho or Trishon at all over the last 15 years, you know what kind of work he puts in all throughout the year. This is not a 15 minute thing that he does. And this is why Jeff asked him specifically to be involved in this. So I'm going to let him come up and, um, he can do it from there. Thanks. I actually, uh, gave a talk at Black Hat, um, 13 years of errata because that's how long it's been running. And the talk was basically like a behind the scenes, all the stuff you don't see, including the blowback and the charlatans screwing with me. Uh, it's an interesting history behind it. So. Oh, thank you. Uh, yeah, it had lots of squirrels in the presentation to keep it lively. Um, so the security charlatan award, these nominations all came from other people. They did not come from me. I had no influence on the nominations here. I want to make that very clear. Um, I can tell you that looking at this list, five of them do appear on the errata pages currently, two do not. I'm not going to tell you which. If you know, cool, keep it quiet because I want to see where this goes. So the first one, Steve Gibson. Anyone familiar with him? He's been around a while. A couple. Uh, it's like Gibson Research Center or something. He's the guy that has this, uh, uncanny ability to write the most convoluted weird tech paper. You'll read through it and you're like, wow, this is either the most brilliant thing I've ever read or, oh, he invented TCPIP again. Interesting. Okay. So. Yeah, you might actually recognize him as GRC. I think he calls himself GRC. Gibson Research Center, yeah. Right. Um, so historically a lot of his stuff is basically reinventing the same thing. I think he reinvented, uh, cookies. Um, something like a sin flood he reinvented under a new name. It's a common problem. Um, Rick Flores, uh, anyone familiar with him? No? Uh, Rick was nominated for apparently giving some presentations on social engineering that, uh, probably would have won the Captain Obvious Award. Uh, Raffalos, White Rabbit, which we mentioned, uh, he actually, did he win? No, he didn't win. Um, yeah. White Rabbit, he's been nominated for his role as the evangelist, uh, for HP. Ankit Fadia, anyone familiar with him? One of the early Indian whiz kids? Yeah. Uh, his entire start came by, uh, age 16. He decided to write a book on hacking that was 32% plagiarized. Um, right now he currently enjoys giving talks to little business groups and makes between 15 and $25,000 per talk. Yeah, figure that one out. His slides have not changed a whole lot and he's still, to this day, teaches you how to own a computer using Netbus. If any of you are like, oh, what's Netbus? It's that old. We have Rahul Tiagi. He's a recent addition. Uh, oh shit, I just gave that away. Um, yeah. Uh, he's up for plagiarism. Uh, he's another Indian whiz kid that decided, oh, I'm gonna write a book and I'm gonna take the shortcut, plagiarized all kinds of stuff. Infosec Institute, anyone? No? So Infosec Institute, they offer a wide variety of training and, uh, some of their training has been questionable. Some of it has been plagiarized. Uh, there's quite a bit of stir around them regarding this. And finally, Ira Winkler, anyone? Yeah, apparently Ira Winkler just got nominated as president of ISSA, something? ISSA? Yeah. So Ira's claim to fame historically was, I can hack any of you, any of your companies and I can steal a billion dollars. It doesn't matter if you have a billion, he can do it. And second, if you're a hacker, you're stupid. He can train a monkey to do your job. Uh, and he, he said all this while offering ethical hacking services. So it's like, well, did a monkey train him or? Anyway. In the interest of full disclosure, Ira Winkler used to be a, um, a big speaker here at DEF CON in the early years. So up to about DEF CON 10, Ira was here every single year. And then something mysteriously happened and he quit coming. And so now he's, uh, on the board with ISSA International as I understand it. Right. So these are the nominations. Uh, we will go one at a time. Steve Gibson. So for everyone that walked into the room afterwards, cause we've about doubled our population in the last three minutes. What we're doing is we're voting for the security charlatan of the year. The nominees are up on the screen. We're going to go through the names one at a time. When we get to that name, if you want to vote for that guy, make as much noise as you can. The person that we have the most noise from the sound meter will win the award of security charlatan of the year. And we actually take great pride in trying to present that award. Um, it's never actually been physically accepted. And actually last year, uh, last year's winner was Greg Evans. Who knows, Greg? Yeah. So in the interest of full disclosure, he was the number one most nominated again. Um, people actually gave justifications, but we wanted to change it up a little bit. We don't want him to win it every year, despite him probably deserving it. So last year, huh? Well, trust me in 10 years, lifetime achievement, he's probably there. So last year, uh, Russ and Jeff, they actually had these really cool, uh, awards made up and everything. And I figured, I'm not going to mail this to him. Or if I do, I'm going to wait until he's in prison, one of the other. So instead I put it up on eBay and it ended up selling for a stupid amount of money, like 200 bucks or something, which we donated to charity. So there's a little sliver of good in him, but not intentionally. All right. So make noise as you hear the one you want to vote for on the list. And you can vote multiple times. So once again, Steve Gibson, Rick Flores. Uh, that was weak. Uh, white rabbit. One gentleman down here clapping like a rabbit, humps. On confaudia. If he wins, I'll tell you a quick, amusing anecdote. Rahul Tiagi, Infosec Institute. And finally, Ira Winkler. So, uh, looks like on confaudia wins. So about a year ago, uh, he, uh, was doing a speaking engagement at some like future business leaders or whatever in Denver, Colorado. And, uh, I got wind that he was going to be talking and it was actually not even a mile from my place. So I tweeted to him and I said, hey, I'm going to show up. And afterwards, when you come out, I've got some questions for you. You know, I'm being a journalist, whatever. It's not even ambush journalism. I told him in advance that I was going to be there. I didn't say what the questions were. So it's at a restaurant, uh, down in like the, the basement meeting area. I get some food there. And I, uh, oh, this is in the middle of winter. It's, I don't know, 10, 20 degrees out. So I walk down to the restroom which is near there and I notice a Denver police officer is stationed down there. I'm like, okay, that's interesting. You know, that's not the usual post for him. Go back upstairs and I decided to wait in the lobby because, you know, 10, 20 degrees isn't very friendly. Uh, the cop comes up at some point and asks me who I am. So I tell him and I'm like, you know, I'm Brian, I'm a journalist. I'm waiting for this guy to leave so I can ask him some questions. He's like, well, do you have a press pass? I was like, no, you know, it's a website. It's basically a blogger. He's like, well, and I said, let me stop you officer. You know, recently the courts of rule bloggers are journalists, blah, blah, blah. I said, I'm telling you exactly what. And I even had a print out of my questions in the website and I gave him a copy and I said, you know, feel free to look me up. Uh, my name is Brian. I live a mile from here. Then I asked him, you know, are you district six? No, you're not. Why are you district three down in district six? Oh, it's downtown. You know, we had a good rapport. And so I asked him, I was like, you know, why all the attention? He said, oh, well, uh, we had reports that you're here to kill him. I wasn't even caring that day. Yeah. So yeah, that kind of took me by surprise. And you know, then when I started into a little rant about, hey, wait a minute, isn't lying to a police officer a crime. And you know, the cops like, oh, you know, and I was like, you know, this guy's a pure fraud night. Apparently I was a little animated and the cops just like, whoa, shit. What did I get in the middle of? Um, so two hours later, uh, the restaurant's closing. No sign of Fadia. The restaurant manager comes out. He starts to give me grief. And I'm like, look, man, I just had dinner. I'm waiting outside because the cop kicked me out of the lobby. I'm out there, you know, freezing. I said, what's the problem? I'm a journalist. I'm waiting for someone. I want to ask questions. He started getting all defensive. Like I was attacking him or his restaurant. And I was like, no, no, no, no, great food, bad guest. That's all. Um, so then they locked the doors and he said, oh, he's not in the building. I was like, how does that work? So at some point, probably with my luck, two hours earlier, they snuck him out the back door through the alley so he could avoid me. So these are the kind of people that end up on the charlatan page. You know, if you are a researcher in the security field and you go through that length to avoid legitimate questions, something's probably wrong with you and the way that you're presenting. So anyway, that entire story with a lot more detail is up on Fadia's charlatan page. And for those wondering, Flora's and White Rabbit are the two that are not on the charlatan page right now. So, thank you. Yeah. So with that, we are done with the 2012 awards. I do want to put a word out there. We're going to do it again next year. We do need full participation in the nomination process. So keep your eyes open, figure out who's out there messing things up or doing it right. If you have ideas for nomination categories, let me know. I'm Russ at Defconn.org. You can't spam me anymore than I'm already getting spammed. And also, you can nominate throughout the year, even before we open it up with the survey and everything. If you see something that bothers you, send a mail, you know, because we will keep track and add it for the next time. Yeah. And so, be here next year. Let's vote again. And let's hear it for the general and Ankit, because they did a great job getting on the list. Thanks, guys. Enjoy the rest of Defconn, and we'll see you at the closing ceremonies.