Tag: trust

Jul 08

Microsoft quietly pushes 17 new trusted root certificates to all Windows systems

The aging foundation of Certificate Authorities shows yet another crack as security experts are caught unaware

Source: Microsoft quietly pushes 17 new trusted root certificates to all Windows systems

Apr 18

CALL FOR PAPERS | eDemocracy

CALL FOR PAPERS | eDemocracy.

 

e-Democracy 2015: Citizen rights in the world of the new computing paradigms 
6th International Conference on 
e-Democracy
CALL FOR PAPERS 
December 10-11, 2015, Athens, Greece
www.edemocracy2015.eu

Information and communication technologies move fast; faster than society, faster than governments, faster than the law. Connectivity is already impressive, but the near future brings about the interconnection of everything, via the Internet of Things. It also brings fundamental changes to our computing paradigm, with cloud computing gaining momentum and being expected to become the prevalent computing paradigm in the years to come. Increasingly more data are being collected, about almost everything one can imagine; and they remain there, in cyberspace, for ever, sometimes even resisting efforts to delete them. These data are so attractive that a new science, going by the name “big data” has already emerged. All these developments constitute in most cases an improvement in our everyday lives, but sometimes infringe our rights as citizens. The challenge, therefore, is to safeguard citizen rights in the face of a new era, landmarked by new computing paradigms.
This is the theme of the 6th occasion of the International Conference on e-Democracy that will be held in Athens, the cradle of democracy, on 10-11 December 2015. The conference is organized by the Scientific Council for the Information Society, in co-operation with the Hellenic Data Protection Authority and a substantial number of European and Greek universities and academia. It is intended, similarly to previous occasions, to provide a forum for presenting and debating the latest developments in the field, from a technical, political, and legal point of view.
The conference will include keynote addresses, tutorials, panels, Ph.D. colloquia and sessions, workshops, special, regular and poster sessions. All papers will be peer reviewed. Acceptance will be based on quality, relevance, and originality. Accepted papers will be published in the conference proceedings and selected papers will be invited to participate (after the necessary enhancements) to the evaluation process for inclusion in special issues of peer-reviewed journals.
The working language of the 6th International Conference on “e-Democracy ‘15: Challenges for Citizen Rights in the World of the New Computing Paradigms” is English. It is possible, however, that papers on Greek Law cases of e-Democracy issues be presented in Greek.
Topics of interest
The topics of interest include, but are not limited to, the following:

  • e-Democracy and e-Participation
      o e-Campaigning, e-Politics
      o e-Voting
      o Information and Consultation Platforms
      o Collaborative working environments for e-Democracy
      o Social computing and e-Democracy

• e-Government

    o Open and Big Data for e-Government
    o Cloud computing for e-Government
    o m-Government
    o e-Government services and administrative burdens
    o Business process modeling for e-Government systems
    o Tools and models for e-Government development
    o Case studies and European projects

• Security, Privacy and Trust

    o Security, Privacy and Trust in e-Business services
    o Security, Privacy and Trust in e-Government services
    o Security, Privacy and Trust in Online Social Network Services
    o Cloud Computing Security and Privacy
    o Identity Management, Identity Theft and Trust Management
    o Information Audit and Trust
    o Digital Rights Management
    o Trust and Reputation in Digital Environments
    o Cyber attacks and advances on network security
    o Cryptographic Technologies
    o Anonymisation Methodologies and Best Practices
    o Privacy by Design and Default Methodologies
    o Tracking Technologies and Do-Not-Track Systems
    o Privacy Impact Assessment Methodologies
    o Privacy Enhancing Location and Mobility Management
    o Security and Privacy Audit, Risk and Governance
    o Security and Data Protection Education
    o Tradeoffs between security and efficiency, usability, reliability and cost

• e-Crime, e-Fraud and Digital Forensics

    o Cyber Crime Detection and Prevention
    o Internet Fraud, Cyber War
    o Computer Forensics and Anti-forensics

• Social, legal and ethical issues

    o Digital Divide
    o Internet Addiction
    o Transparency and Accountability in Data Protection
    o Ethics in Digital Societies
    o Surveillance Technologies and Legal Implications
    o Freedom of Expression and Privacy
    o Freedom of Information and Privacy
    o Social factors of collaborative creativity

Important Dates
Full paper submission deadline: May 31, 2015
Notification of decision: July 15, 2015
Camera-ready deadline: July 30, 2015

Instructions for Authors
Submitted papers must not substantially overlap with papers that have been published or that have been simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymised (i.e., papers should not contain author names or affiliations, or obvious citations). Submissions should be at most 15 pages, including the bibliography and well-marked appendices, and should follow the LNCS style (http://www.springeronline.com/lncs). Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=edemocracy15. Only pdf files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of 31 May 2015 (11:59 p.m. American Samoa time). Authors of accepted papers must guarantee that their papers will be presented at the conference. Efforts will be made to publish the conference proceedings by Springer in the Lecture Notes in Computer Science (LNCS) series.

The authors of selected accepted papers will be invited to extend their work for further publication in the Emerald journal Information and Computer Security (http://www.emeraldinsight.com/journal/ics# ).

Conference Steering Committee
Sokratis K. Katsikas, University of Piraeus, Greece (Chair)
Vassilis Zorkadis, Vice-President of SCIS, Greece (Vice-chair)
Philippos Mitletton, Secretary General of SCIS, Greece (Secretary)
Lazaros Iliadis, Democritus University of Thrace, Greece
Constantina Costopoulou, Agricultural University of Athens, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Elias Pimenidis, University of the West of England, UK
Spyros Voulgaris, Vrije Universiteit, The Netherlands
Irene Vassilaki, Board member of SCIS, Greece
Charalampos Patrikakis, Technological Educational Institute of Piraeus, Greece

Conference Honorary Chair
Alexander B. Sideridis, Agricultural University of Athens, Greece

Program Committee Chair
Sokratis K. Katsikas, University of Piraeus, Greece

Program Committee
Isaac Agudo, University of Malaga, Spain
Evgenia Alexandropoulou, University of Macedonia, Greece
Zacharoula Andreopoulou, Aristotle University of Thessaloniki, Greece
Maria Bottis, Ionian University, Greece
Christos Bouras, University of Patras, Greece
Athena Bourka, ENISA, Greece
David Chadwick, University of Kent, UK
Vassilios Chryssikopoulos, Ionian University, Greece
Nathan Clarke,University of Plymouth, UK
Tina Costopoulou, Agricultural University of Athens, Greece
Ernesto Damiani, University of Milan, Italy
Sabrina De Capitani Di Vimercati, University of Milan, Italy
Christos Douligeris, University of Piraeus, Greece
Carmen Fernández-Gago, University of Malaga, Spain
Simone Fischer-Hübner, Karlstad University, Sweden
Sara Foresti,University of Milan, Italy
Steven Furnell, University of Plymouth, UK
Jürgen Fuß,University of Applied Sciences Upper Austria,Austria
Dimitris Geneiatakis, EC Joint Research Center Ispra, Italy
Christos Georgiadis, University of Macedonia, Greece
Dimitris Gouscos, University of Athens, Greece
Stefanos Gritzalis, University of the Aegean, Greece
Mp.Gupta,Indian Institute of Technology Delhi (IIT Delhi), India
Marit Hansen,Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany
Lazaros Iliadis, Democritus University of Thrace, Greece
Dimitra Kaklamani, National Technical University of Athens, Greece
Christos Kalloniatis, University of the Aegean, Greece
Ioanna Kantzavelou, Technological Educational Institute of Athens, Greece
Maria Karyda, University of the Aegean, Greece
Vasilis Katos, Bournemouth University, UK
Spyros Kokolakis, University of the Aegean, Greece
Nicholas Kolokotronis, University of Peloponnese, Greece
Panayiotis Kotzanikolaou, University of Piraeus, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Maria Lambrou, University of the Aegean, Greece
Konstantinos Limniotis, University of Athens, Greece
Antonio Lioy, Politecnico di Torino, Italy
Javier Lopez, University of Malaga, Spain
Nikos Lorentzos, Agricultural University of Athens, Greece
Euripidis Loukis, University of the Aegean, Greece
Emmanouil Magkos, Ionian University, Greece
Vicky Manthou, University of Macedonia, Greece
Nikolaos Marianos, University of the Aegean, Greece
Giannis Marias, Athens University of Economics and Business, Greece
Olivier Markowitch, Université Libre de Bruxelles (ULB), Belgium
Vashek Matyas, Masaryk University, Czech Republic
Vojtech Merunka, Czech Technical University in Prague, Czech Republic
Lilian Mitrou, University of the Aegean, Greece
Martin Molhanec, Czech Technical University in Prague, Czech Republic
Haris Mouratidis, University of Brighton, UK
Maria Ntaliani, Agricultural University of Athens, Greece
Christoforos Ntantogian, University of Piraeus, Greece
Martin Olivier, University of Pretoria, South Africa
Rolf Oppliger, eSECURITY Technologies, Switzerland
Andreas Pashalidis, K.U.Leuven, Belgium
Charalampos Patrikakis, National Technical University of Athens, Greece
Guenther Pernul, University of Regensburg,Germany
Elias Pimenidis, University of the West of England, UK
Nineta Polemi, University of Piraeus, Greece
Bart Preneel, K.U. Leuven, Belgium
Andreja Pucihar, University of Maribor, Slovenia
Gerald Quirchmayr, University of Vienna, Austria
Muttukrishnan Rajarajan, City University, UK
Kai Rannenberg, Goethe University Frankfurt, Germany
Panagiotis Rizomiliotis, University of the Aegean, Greece
Carsten Rudolph, Fraunhofer Institute for Secure Information Technology, Germany
Christoph Ruland, University of Siegen, Germany
Pierangela Samarati, University of Milan, Italy
Einar Snekkenes, Gjovik University College, Norway
Miguel Soriano,U niversitat Politècnica de Catalunya (UPC), Spain
Diomidis Spinellis, Athens University of Economics and Business, Greece
Paul Spirakis,University of Patras, Greece
Stephanie Teufel, University of Fribourg, iimt, Switzerland
Marianthi Theocharidou, Athens University of Economics & Business, Greece
Yannis Theocharis,University of Mannheim, Germany
Aggeliki Tsochou,Ionian University, Greece
Irene Vassilaki, SCIS, Greece
Maro Vlachopoulou, University of Macedonia, Greece
Vasileios Vlachos, Technological Educational Institute of Larissa, Greece
Spyros Voulgaris, VU University Amsterdam, The Netherlands
Edgar Weippl, Vienna University of Technology, Austria
Christos Xenakis, University of Piraeus, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Jianying Zhou, Institute for infocomm research, Singapore
Vassilis Zorkadis, Hellenic Data Protection Authority, Greece
Sotiris Karetsos, Agricultural University of Athens, Greece

Download CfP

Mar 24

The Palinopsia Bug

The Palinopsia Bug

Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM

This document describes a method of reading and displaying previously used framebuffers from a variety of popular graphics cards. In all 4 tested laptops the content of the VRAM was not erased upon reboot. It is also possible to show that the content of the host VRAM can be accessed from a VirtualBox guest, thereby leaking possibly confidential information from a trusted host into an untrusted guest machine.

via The Palinopsia Bug.

Jan 20

Secrypt 2015

CALL FOR PAPERS

International Conference on Security and Cryptography
SECRYPT website: http://www.secrypt.icete.org/

July 20 – 22, 2015
Colmar, Alsace, France

Sponsored by: INSTICC
INSTICC is Member of: WfMC, OMG and FIPA
Logistics Partner: SCITEVENTS

IMPORTANT DATES:
Regular Paper Submission: March 3, 2015
Authors Notification (regular papers): Mayl 18, 2015
Final Regular Paper Submission and Registration: May 26, 2015

You are cordially invited to submit a paper to the SECRYPT 2015 Conference, to be held in Colmar, Alsace, France. The deadline for paper submission is scheduled for March 3, 2015.

SECRYPT is an annual international conference covering research in information and communication security. The 12th International Conference on Security and Cryptography (SECRYPT 2015) will be held in Colmar, France on 20-22 July 2015.
The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography.

Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged.

SECRYPT is interested in promoting high quality research as it can be confirmed by last year acceptance rates, where from 139 submissions, 21% of which were orally presented and 22% presented as posters.

We would like to highlight the presence of the following keynote speakers:
– Anthony C. Boucouvalas, University of Peloponnese, Greece
– Eleni Karatza, Aristotle University of Thessaloniki, Greece
– Andrew Moore, University of Cambridge, United Kingdom

Submitted papers will be subject to a double-blind review process. All accepted papers will be published in the conference proceedings, under an ISBN reference, on paper and on CD-ROM support.
It is planned to publish a short list of revised and extended versions of presented papers with Springer in a CCIS Series book (final approval pending).

The proceedings will be submitted for indexation by Thomson Reuters Conference Proceedings Citation Index (ISI), INSPEC, DBLP, EI (Elsevier Index) and Scopus.
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library (http://www.scitepress.org/DigitalLibrary/). SCITEPRESS is a member of CrossRef (http://www.crossref.org/).

Best paper awards will be distributed during the conference closing session. Please check the website for further information (http://www.secrypt.icete.org/BestPaperAward.aspx).

Workshops, Special sessions, Tutorials as well as Demonstrations dedicated to other technical/scientific topics are also envisaged: companies interested in presenting their products/methodologies or researchers interested in holding a tutorial are invited to contact the conference secretariat. Workshop chairs and Special Session chairs will benefit from logistics support and other types of support, including secretariat and financial support, to facilitate the development of a valid idea.

SECRYPT is part of ICETE, the 12th International Joint Conference on e-Business and Telecommunications. Registration to SECRYPT allows free access to all other ICETE conferences.

ICETE 2015 will be held in conjunction with ICINCO 2015, ICSOFT 2015, SIMULTECH 2015 and DATA 2015. Registration to ICETE allows free access to the ICINCO, ICSOFT, SIMULTECH and DATA conferences as a non-speaker.

ICETE CONFERENCE CO-CHAIRS
Mohammad S. Obaidat, Monmouth University, United States
Pascal Lorenz, University of Haute Alsace, France

PROGRAM CHAIR:
Pierangela Samarati, Universita degli Studi di Milano, Italy

PROGRAM COMMITTEE:
Please check the program committee members at http://www.secrypt.icete.org/ProgramCommittee.aspx

CONFERENCE TOPICS:

– Access Control
– Applied Cryptography
– Biometrics Security and Privacy
– Critical Infrastructure Protection
– Data Integrity
– Data Protection
– Database Security and Privacy
– Digital Forensics
– Digital Rights Management
– Ethical and Legal Implications of Security and Privacy
– Formal Methods for Security
– Human Factors and Human Behavior Recognition Techniques
– Identification, Authentication and Non-repudiation
– Identity Management
– Information Hiding
– Information Systems Auditing
– Insider Threats and Countermeasures
– Intellectual Property Protection
– Intrusion Detection & Prevention
– Management of Computing Security
– Network Security
– Organizational Security Policies
– Peer-to-Peer Security
– Personal Data Protection for Information Systems
– Privacy
– Privacy Enhancing Technologies
– Reliability and Dependability
– Risk Assessment
– Secure Software Development Methodologies
– Security and Privacy for Big Data
– Security and privacy in Complex Systems
– Security and Privacy in Crowdsourcing
– Security and Privacy in IT Outsourcing
– Security and Privacy in Location-based Services
– Security and Privacy in Mobile Systems
– Security and Privacy in Pervasive/Ubiquitous Computing
– Security and Privacy in Smart Grids
– Security and Privacy in Social Networks
– Security and Privacy in the Cloud
– Security and Privacy in Web Services
– Security and Privacy Policies
– Security Area Control
– Security Deployment
– Security Engineering
– Security in Distributed Systems
– Security Information Systems Architecture
– Security Management
– Security Metrics and Measurement
– Security Protocols
– Security requirements
– Security Verification and Validation
– Sensor and Mobile Ad Hoc Network Security
– Service and Systems Design and QoS Network Security
– Software Security
– Trust management and Reputation Systems
– Ubiquitous Computing Security
– Wireless Network Security

Jan 13

Syncthing

Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it’s transmitted over the Internet.

via Syncthing.

Oct 28

OneRNG – Hardware Random Number Generator

The OneRNG is an Open Hardware, Open Source, simple and verifiable USB-connected source of entropy; we do not ask you to “trust” us, we give you the ability to verify for yourself that the OneRNG does what we claim, and that it does nothing else.

via OneRNG – Hardware Random Number Generator.

Jul 11

GostCrypt

The Gostcrypt project has been launched at the end of 2013 as fork of the (late) Truecrypt project. Snowden’s leaks have made clear more than ever that the massive use of encryption by citizens must become a reality. This is possible only if there is a vast, rich offer of trusted, open source products like Truecrypt, with the strong support of the hacker community. However, at that time we did not foresee the unprecedented upheaval of terrible shock with the recent Truecrypt disappearance. More than ever we all need more and more projects to replace it. Gostcrypt is one among (we hope) many others. The variety and richness of encryption solutions is THE solution.

But with Gostcrypt, we intend to go farther than ever. Since the late 70s, most of the algorithms used (not to say all) are UKUSA encryption systems that have been chosen, promoted and standardized under the control of the USA and its minions. It is more than likely that among the different levels of control, mathematical trapdoors are part of the game. We thus decided to used strong encryption systems (as far as we know and despite a few recent “manipulation papers” that have nothing to do with science and which are mistaken operational security with fantasy and which have been rejected recently again as non valid [Babenko & Maro, 2014]) which moreover were not invasive as UKUSA ciphers are (mostly AES) by now. The Gost cipher and hash functions are not everywhere, have not invaded our systems and have been designed by the former USSR for its own need. Aside the fact that it is indeed a very strong cipher (when correctly implemented and a suitable key management), this feature of non-aggressive technological expansion is a key point. GOST algorithms have never sought to spread and to impose on anyone. It has even been rejected from the ISO standardization process in 2012 as a consequence of fallacious, non-reproducible allegations of weakness.

Whatever may be the quality and features of a security project, it can be valid in the long run with trust only. Trust is only possible with open source code and above all with the active support of the hacking community, which will analyze the security, report bugs, make comments and contribute to the project. So welcome on board to everybody.

via GostCrypt.

Jul 08

Top 10 Secure Coding Practices – Secure Coding – CERT Secure Coding Standards

Top 10 Secure Coding Practices

Validate input. Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments, network interfaces, environmental variables, and user controlled files [Seacord 05].

Heed compiler warnings. Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code [C MSC00-A, C++ MSC00-A]. Use static and dynamic analysis tools to detect and eliminate additional security flaws.

Architect and design for security policies. Create a software architecture and design your software to implement and enforce security policies. For example, if your system requires different privileges at different times, consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set.

Keep it simple. Keep the design as simple and small as possible [Saltzer 74, Saltzer 75]. Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use. Additionally, the effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex.

Default deny. Base access decisions on permission rather than exclusion. This means that, by default, access is denied and the protection scheme identifies conditions under which access is permitted [Saltzer 74, Saltzer 75].

Adhere to the principle of least privilege. Every process should execute with the the least set of privileges necessary to complete the job. Any elevated permission should be held for a minimum time. This approach reduces the opportunities an attacker has to execute arbitrary code with elevated privileges [Saltzer 74, Saltzer 75].

Sanitize data sent to other systems. Sanitize all data passed to complex subsystems [C STR02-A] such as command shells, relational databases, and commercial off-the-shelf (COTS) components. Attackers may be able to invoke unused functionality in these components through the use of SQL, command, or other injection attacks. This is not necessarily an input validation problem because the complex subsystem being invoked does not understand the context in which the call is made. Because the calling process understands the context, it is responsible for sanitizing the data before invoking the subsystem.

Practice defense in depth. Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming an exploitable vulnerability and/or limit the consequences of a successful exploit. For example, combining secure programming techniques with secure runtime environments should reduce the likelihood that vulnerabilities remaining in the code at deployment time can be exploited in the operational environment [Seacord 05].

Use effective quality assurance techniques. Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities. Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program. Independent security reviews can lead to more secure systems. External reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions [Seacord 05].

Adopt a secure coding standard. Develop and/or apply a secure coding standard for your target development language and platform.

Bonus Secure Coding Practices

Define security requirements. Identify and document security requirements early in the development life cycle and make sure that subsequent development artifacts are evaluated for compliance with those requirements. When security requirements are not defined, the security of the resulting system cannot be effectively evaluated.

Model threats. Use threat modeling to anticipate the threats to which the software will be subjected. Threat modeling involves identifying key assets, decomposing the application, identifying and categorizing the threats to each asset or component, rating the threats based on a risk ranking, and then developing threat mitigation strategies that are implemented in designs, code, and test cases [Swiderski 04].

 

via Top 10 Secure Coding Practices – Secure Coding – CERT Secure Coding Standards.

Jul 08

50. Android (DRD) – java – CERT Secure Coding Standards

The following rules and guidelines are specific only to the Android platform. These do not apply to the development of Java or C programs for non-Android platforms. (The full set of Android -relevant rules and guidelines are here.) The term sensitive incorporates the Java glossary definition of sensitive data, as well as the Android concept of permission-protected.

DRD00-J. Do not store sensitive information on external storage (SD card) unless encrypted first

DRD01-J. Limit the accessibility of an app’s sensitive content provider

DRD02-J. Do not allow WebView to access sensitive local resource through file scheme

DRD03-J. Do not broadcast sensitive information using an implicit intent

DRD04-J. Do not log sensitive information

DRD05-J. Do not grant URI permissions on implicit intents

DRD06-J. Do not act on malicious intents

DRD07-J. Protect exported services with strong permissions

DRD08-J. Always canonicalize a URL received by a content provider

DRD09-J: Restrict access to sensitive activities

DRD10-J. Do not release apps that are debuggable

DRD11-J. Ensure that sensitive data is kept secure

DRD12-J. Do not trust data that is world writable

DRD13-J. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)

DRD14-J. Check that a calling app has appropriate permissions before responding

DRD15-J. Consider privacy concerns when using Geolocation API

DRD16-J. Explicitly define the exported attribute for private components

DRD17-J. Do not use the Android cryptographic security provider encryption default for AES

DRD18-J. Do not use the default behavior in a cryptographic library if it does not use recommended practices

DRD19-J. Properly verify server certificate on SSL/TLS

via 50. Android (DRD) – java – CERT Secure Coding Standards.

Jul 12

Is DEF CON right to ask the feds to stay away? [POLL] | Naked Security

The founder of the DEF CON hacker conference has announced that members of the U.S. federal government will not be welcome to attend this year’s event.

DEF CON is one of the world’s largest hacker conferences and has been running for 21 years. Until now the conference has always welcomed the participation of federal government employees.

This unusual step has been taken by DEF CON’s founder on behalf of the hacker community and is a response to the recent exposure of the NSA’s omnipresent online spying operation commonly known as PRISM.

The announcement was made by conference founder James Moss (AKA The Dark Tangent) on Wednesday in a short post on the DEF CON website:

“For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.”

via Is DEF CON right to ask the feds to stay away? [POLL] | Naked Security.