Top infosec trends in the social media spotlight this week

It was another week filled with controversy in the ever-tumultuous world of infosec, kicking off with the closure of the much beloved DerbyCon, an annual hacking conference in Louisville.

In an announcement made on Monday, the organizers said that the next edition of the grassroots conference, scheduled for this September, would be its last, citing a “small, yet vocal group of people” who created a negative environment that they could no longer manage.

Twitter, naturally, exploded. Some said that so-called social justice warriors were ruining the con scene, while others asserted that there was definitely more to it than a few bad eggs.


For the full story, see The Daily Swig’s coverage here.


It seems there’s always something to argue about in infosec, but one thing the community seemed to agree on this week was that a newly launched website shouldn’t tell them how to think.

Pwnhead.com – the site in question which launched in December of last year – markets itself as a “database and ranking system” for both security conferences and researchers.

The site had listed global conferences and individuals, aiming to be a one-stop shop for information on research, networking, and speaking opportunities.

“There is no standardized review/scoring system in computer security scene,” the site said, writing in a blog post on January 3.

“We built pwnhead.com as a solution for these problems.”

But many were not convinced of the system behind the site’s ranking methods, where researchers were given a score based on factors like GitHub statistics, the popularity of the tools they’d written, and number of books published.


The ranking system has now been removed.


Keeping on the con track, Jeff Moss, founder of Black Hat and DEF CON, released some of his own news about what to expect for 2019 venues.

The popular security conference – ranked as the number one event in the InfoSec calendar, according to pwnhead.com – has grown considerably since its humble beginnings in 1993, but its ‘Hack All The Things’ spirit evidently remains.


Black Hat USA runs this August 3-8 in Las Vegas, Nevada, with DEF CON to follow, from August 8-11.


In other news, a major dump of personal information has been labeled as one of the largest breaches ever seen.

Disclosed by ‘Have I Been Pwned’ creator Troy Hunt, nearly 773 million records – including emails and unique passwords – were posted to the hacking forum MEGA, although the origins of the dataset are still unknown.

The leak has been called Collection #1, and given the fact that this breach impacts users who signed up for any number of websites, there’s been some disagreement over amount of media attention the incident received.


Head over to the Have I Been Pwned site and punch in your details to see if you’ve been affected.


And finally, like it or loathe it, the #10YearChallenge has been doing the rounds on social media this week.

While people took in their droves to posting comparison pictures of themselves from 2009 and today, others were quick to use the meme format to draw attention to wider global issues, such as climate change.

Amid the memefest, one hacker took the opportunity to highlight the progress that has been made in the realm of vulnerability disclosure over the past decade.

Others joined in with some amusing examples of their own.


The fun, however, promptly ended with accusations that Facebook had started the seemingly innocent meme for nefarious reasons, with Wired reporting that the social media giant was using the #10YearChallenge to continue building its facial recognition dataset.