Okay, so I'll just give you a little bit of a background on this. It's something we've wanted to do for years and years, and like a lot of ideas for DEF CON that we've wanted to do for years and years, we've just never done it. We've gotten too overwhelmed with stuff. And so Russ came along and said, hey, you know, we should do an award ceremony. I said, yeah, that's a great idea, but we've been wanting to do that for years.

But it always gets, you know, lost in the weeds. And Russ stepped up and said, hey, I'll do it. And so this has largely been all the work of Russ, and I want to give him a lot of props and a lot of recognition for stepping up and doing something that we've been meaning to do for a long time,

and Russ made it happen. So the idea behind it is we don't want to be like the Pony Awards. Pony Awards are awesome, and they're really funny. But, you know, it took the Pony Awards two or three years to get going. And the same thing's going to happen here. You know, this year was more about let's get this done, let's see the community reaction and really grow it.

So next year, DEF CON 2020 anniversary, we'll have this planned and going months and months in advance. We've already figured out all the ways people are cheating us and trying to vote stuff and, you know, spoof IPs and do everything to get their favorite thing recognized. So what we've done is we've taken the winners are going to get these Lucite or epoxy-cased badges,

and next year what we'll do is each year they'll get that year's badge embedded in it. And you'll notice that we don't have all the awards up here because we don't think some of the losers are going to want to pick up their badges. So Russ is going to talk to you through the process, what we did, who the nominations are.

We're going to ask the audience for your feedback on stuff. Would you have voted sort of the same way as we did? And then tell you our plans for next year. So thanks for coming. I know this is a first-year effort, and I'm really glad you guys are here at the beginning of it. So let me pass it off to Russ. All right, we're going to see how this works here.

Oh, shit. It was a little suspicious when the, well, never mind, I'm not going to reveal all the secrets at the beginning. So how did you guys hear about this?

The program? You didn't see, like, any of the stuff on Facebook or Twitter or any of our other stuff? It's pretty much... Yeah. I didn't know. We've got to figure out where people are hearing about this. Like, how many people here nominated something? Okay, cool. And you guys, how many people voted, got involved?

A couple people did. How many people are running botnets that vote for you? Yeah. Kind of like the way you have to buy tickets for Shmoo, I think. Like, all the tickets sell out in 2.2 seconds. You got it?

All right, so, you know, I don't know what I was thinking when I suggested this, because if you get a bunch of hackers online on an automated voting site, what you're going to end up with is a bunch of hackers on an automated voting site.

And so this didn't work out nearly as well as I'd hoped. So let me just go with this. We kept this really simple so you could see what we're doing. The goal here was to give the community a voice, right? So we really wanted to allow everybody to talk about some of the best stuff that's out there

in areas that we're interested in, and also, you know, highlight some of the crap that happens out there. You know, embarrassed by people talking to the press, writing stories, doing dumb stuff, making us all look dumb. People that we generally just don't like, right? And that was kind of what we've planned for today.

So we'll highlight some of the best, verbally sodomize the worst, and just try to have a good time. Bear in mind, this is the first year. The statistics from the voting are heavily skewed, and I watched votes go from roughly 400 to 1,700 in a period of two days,

and they were all for a single candidate in each of the categories. And so we assumed that there was some monkeying around going on there, so we've had to insert our own level of logic into this as well. The categories are worst coverage of security and hacker issues

by media, person, or an outlet. So, you know, I know we've all seen some good stories, we've seen some bad stories, we've seen some ridiculous stuff, and we'll cover a little bit of that. We've got the most interesting malware innovation. There shouldn't be a whole lot of surprises there, but there were a couple of good ones. Best privacy-enhancing technology.

What has impacted, you know, your ability to maintain your own privacy and security on the net while you're operating. We have the best open-source software response to an attacker method. What have people done to try and help the community out with that? And this was one of the areas where we got kind of hit with that voting thing.

We also have the best author and story that captures the hacker mindset. Now, being the overly prepared person that I am, I don't have slides for those last two categories, so we'll just talk through those. And then for security charlatan of the year, we've got Jericho from attrition.org that will come up and talk a little bit.

He's got all the statistics. He also knows the votes that were skewed, which direction they went, that kind of thing. And he can give you an idea of how he made that decision. We tend to leave the charlatan thing strictly up to him because he does a lot of research in this area, and he was actually surprised by some of the nominations himself.

So for the nominations on worst media coverage, we had a bunch of nominations, but what people don't realize is if you give us a name and you don't give us a link so we can read the article or watch the video or any of that, it doesn't do us any good at all, right? So you can tell us that, hey, my local NBC station posted a story and it was really stupid.

Well, that's great, but I've got nothing to look at, right? So out of all of them that we got, we have two that were fairly significant. We have Ben Grubb, who's a reporter for the Sydney Morning Herald. Now, for this particular guy, his editor actually contacted me first

once the nominations first went out, and she apparently thought it was kind of funny. She had decided to write another piece talking about it. Ben was actually arrested at a security conference, Auscert in Sydney or somewhere in Australia. Yeah. And so his iPad was confiscated by the police, and it had all of his anonymous contacts' information on this iPad,

and so there was a lot of controversy about how easily he gave that up, you know, and so his editor wanted to write a story up about it, and then I started getting emails from Ben himself. He's like, dude, what the heck? I'm like, I didn't nominate you. You're getting freaked out at me. He said, well, how do I rebut this?

How do I defend myself? I'm like, write something else. Try and fix it. So he's on there, and then we have Fox 11 that has done a really interesting piece on anonymous, and I'm going to play just a quick video of that now so you can see what they've said since I have now hosed that.

Let me see if I can find my browser again. Review later. All right. Can you guys see this? I just upgraded to Lion today. That was a really bad thing to do because your trackpad quits working the way you'd hope. They call themselves anonymous. They are hackers on steroids,

treating the web like a real-life video game, sacking websites, invading MySpace accounts, disrupting innocent people's lives, and if you fight back, watch out. Pusheman tracks down the hacker gangs in this Fox 11 investigation. Destroy, die, attack.

Threats from a gang of computer hackers calling themselves anonymous. I've had seven different passwords, and they've got them all so far. They attack innocent people like an Internet hate machine. We are anonymous. We are strong. We do not forgive. We do not forgive. Those who fight back face death threats.

Get the fuck out of here. Anonymous has even threatened to bomb sports stadiums. I believe they're domestic terrorists. Their name comes from their secret websites. It requires anyone posting on the site to remain anonymous. All right. So just in case any of you were confused,

we are really, really bad people, and anonymous leads us in this war. So it was actually fairly easy to pick the winner of that. That was a horrible story. So if there's anybody from Fox 11 that would like to come claim your award, no one.

All right. Do I? Yeah, they're in LA. They're in LA. Yeah. So, huh? Can you have their award? She just elbowed the shit out of him for something he was getting ready to say.

All right. So most interesting, what? What does the audience think on that one? So what do you guys think out of those two? Fox 11? Yeah. Yeah. So who else would you guys have nominated? See, the problem we had was we had significantly fewer nominations than we had people voting, and then we had everybody voting for, like, one person.

So anybody else? Yeah. But, see, that's not useful, right? No. Because that doesn't do anything, but you can't point at one person doing a really ridiculously poor job. Everybody covering Stuxnet is kind of silly because we had Vanity Fair that spent a week and a half with us in Abu Dhabi

talking to everybody they possibly could, trying to get all the information they could. And it was a good article. It was actually very educated. Yeah, real quick. You can't even say that because Kim Zetter wrote an awesome article on Stuxnet. You know, it was, like, ten pages dissected. It gave the whole history. And you're not even listening, are you? Who said Stuxnet? Okay. Kim Zetter's article is outstanding on that,

so you can't just blank it, coverage it. One of the nominations was, like, everything WikiLeaks. Well, again, a lot of the coverage was really horrible. Some of it was good. So that's why we need specific names of a journalist, maybe even, you know, the entire outfit or a link to an article or something.

Oh. Yeah. So, again, but consider the source. You know, who are they writing to? They're writing to a bunch of people that have never seen that,

and, yeah, if they start throwing in this jargon, it becomes very difficult for the reader to follow. So that's kind of a necessary evil, you know. Maybe they went too far with it. Maybe they explained it horribly. Then it would fall in that category. Yeah, I think Fox is the clear winner. Yeah. Yeah, it was as dramatic as my 16-year-old daughter. What was that?

Oh, yeah, the Louise boat. See, that's another good one. Those are the kind of things that we need, you know, when you submit. That and the link to it, that would be perfect. That's a great nomination. That was far better than about 90 percent that we got.

That one's actually interesting. That's not so much poor journalism. That's just kind of interesting research that is, yeah, you know, not very well backed. That falls in the category. We'd love to get that kind of nomination and consider it, though. Yeah, so next year, try to get involved in this if you can. So nominations for most interesting malware.

We had a bunch of stuff on this. I would like to point out that we had five nominations that turned up in every single category, regardless of what the category was. Apparently, Batman and Jacob Applebaum are important enough to the security world that they were in every single one of the categories. Bill Gates was in every single one of the categories.

I didn't realize he was still that relevant. But what we ended up with was the top two are legitimate, okay? These are interesting pieces of malware. We have Stuxnet. Everybody's heard about Stuxnet. You've read good articles. You've read bad articles. You may have heard all the different rumors of how it was spread and that kind of thing.

And then we have Bitcoin Jacker. Everybody knows what Bitcoin is, right? We're trying to create some kind of digital currency, and somebody wrote a Ruby script where you could basically screw up the entire economy with this. And then we have, like, you know, dumb stuff. SQL injectors, you know?

If I'm a pin tester for a legitimate security company and I'm doing this to try and figure out how vulnerable my databases are and that kind of stuff, that's not technically malware, right? Fire sheep. These are things that aren't necessarily malware, and they're certainly not as interesting as, say, Stuxnet and Bitcoin, which made an impact in the rest of the world. Do you agree with that?

Okay. Well, let's get the audience to vote who they go for. Okay. So, too late. What do you guys vote for? What do you think? Stuxnet. Stuxnet. Any others that you would have nominated? Or is there a single vote for the other one? So, yeah. So, Stuxnet won that.

If the author of Stuxnet is here, you're welcome to claim your trophy. We'll be around afterwards, so if you'd like to just meet us in the hallway, you know. Yeah. You and your whole team can come up. No feds involved. Yeah, and I think Stuxnet also wanted the ponies. Yeah. Because no other malware has gotten such international coverage

from the top level political all the way down to the trenches with the technical guys. I mean, it was… Yeah. It scared the shit out of everyone. And the authors were shy at the ponies and didn't show up there either. Yeah. Maybe they're just waiting, you know. They wanted to make sure they had clean sweeps. Clean sweep. All right.

So, best privacy technology. Again, we had some stuff on here that was technology and stuff that was not. ACLU lawsuits, not technology. All right. I put it on there because it's interesting. Anyone ever use the Tuton plug-in for Tor? It's a Tor plug-in to make it easier to use.

All right, so… So, according to the votes, I think about 99% of you should have known about this tool. Yeah. How strange. This is one of those that was obviously slanted towards one particular category. And then we have Tor. Everybody knows what Tor is? Yep.

Most of you know what Tor is? There's some very deadly signs. So, you're either dead or you're sleeping. Yeah, yeah, exactly. We have Moxie's Whisper Systems. He's done some really good work. We have datalossdb.org, which Brian's actually involved in.

I already said it shouldn't win. It's a neat project, but it's definitely not fitting the bill here. Yeah. And then we have, you know, your normal junk nominations like unplugging your box, which… That's a technique, not a technology. That's as non-technical as you can get. And then IPV6.

So, what would you guys have voted on this one? Okay, so between the Tor and the Whisper Systems, what do you think? Yeah, so why don't you reveal what we're… reveal who wins.

Next year we're going to call this also best new technology. Yeah, so Whisper Systems wins for a number of reasons. Tor has been out for a number of years, and they're doing really, really good work. But Whisper Systems and Moxie and his crew's work. They released RedPhone, good timing.

They released it for people in Egypt. They released TextSecure for text messaging. They've got the encrypted Android stuff. They've got the encrypted cloud stuff. So, within a year, they released four significant apps to help around text security, voice security, backup security, and full device security. And that's pretty significant to come from nowhere and achieve all of those for Android.

And really, honestly, I wouldn't be using my own Android unless I was using Moxie's stuff. So, I think they deserve a lot of credit and recognition for really changing the landscape. All in just one year. Would you guys agree? Yeah? Yeah? Good. So, hopefully Moxie's not speaking right now.

He is? I hope not. So he can get his award. All right. So, for this next one, I'm going to actually go to the responses that we've got here. And these are the nominations that we received. And this is best open source software response to an attacker method. And as you look through here, I kind of want you to see the filth that we had to filter through

to get to anything interesting, because there's a lot of crap in here. The FBI arresting the face of terrorism without her bunny ears. What the hell does that mean? You know? I mean, that's not open source software, and it's not really helpful.

Metasploit. It's debatable whether that's open source anymore. Who thinks that's still open source? Metasploit is. They've got Metasploit Pro, which is not. Right. Bill Gates. Bill Gates is, like I said, Bill Gates showed up on every single one of the categories. That's not helpful. Defeat lame web scanners with Web Labyrinth.

And that may actually be useful, but update WordPress. A bunch of. And again, Moxie shows up here as well. GR secured, SQL map, Backtrack. Backtrack was actually a fairly strong response, and since they just released a new version last summer,

they're still working on that. Stop trying to copy the Pony Awards showed up in every category as well. And I was going to post the IP addresses on every one of these, but it's like somebody up in the front said, you know, they're all probably coming from Tor Notes anyway, so some poor grandmother is going to get run over by people ticked off at people trying to be silly.

Jacob Applebaum, he's on every one of them. OWASP was actually a very interesting one. Okay. But how do you really feel? Batman, again, Batman is very into computer security.

So who would you guys have voted for? Jeff? Who do you think? I think Backtrack. Yeah, Backtrack actually gets this one.

Out of all the nominations we got, that was actually the one that stood out and made a difference. Well, and they've been good for a number of years. Yeah, yeah. It's a mature product. They're actually very, very dedicated to it. They're walking around here. I think there's speakers here as well, right? Chris and his groups? Yeah, Chris, yeah. So, very, very good guys.

And then the last one, best author and story. Now, before I show you what all the responses are, I do want to mention I'm a little, we got two or three really, really good nominations here, and I was actually excited to see those. And then we got a whole bunch that are kind of crap. Somebody nominated a 18th century British novelist or something, some woman, or maybe it was 19th century, that wrote Romances or something.

And I actually had to look the name up. And I'm like, okay, so probably not representing the hacker mindset. But there were multiple of those kinds of things, so let me show you what we've got here, and you guys can let me know what you think.

There has been a problem communicating, and I am not getting on this network. Fucking hackers. Yeah, I know. Okay, hang on. It's a Mac, it should just work, right? Yeah. Unplugging so you can't see who I connect to internally.

Donkey porn. It's okay, he's connecting to me. I know one of the authors was Bill Brain, Techno Weenie. He actually runs all the registration for Def Con, so in his spare time of not handing you guys badges, he actually did write a book called Across the Wire.

Down to the Wire. Down the Wire. And it's actually really, really good. And I was kind of hoping it would win myself, but there we go. We'll plug back in and try this again. And get my mouse back. You are not connected to the internet. That's how I work.

Don't record that token, you know, because that's probably your authentication token right there. There we go. Camera flashes. All right, best author. Show responses. There we go. LulzSec showed up on this. How is LulzSec an author?

Freaking lion. All right. So Jason Street. And he writes, he has some books. Yeah, yeah, he's got a book. It's a legitimate. Stop laughing. He didn't write it. It wasn't me.

Space Rogue for Hacker News Network. I think that's actually legitimate as well. I probably, yeah, he still writes a lot of that stuff, right? Ars Technica, Peter Bright, he actually wrote on Anonymous attacking HBGary. But that's more of a news story.

I don't, I won't. That's not capturing really the mind. Yeah, it's not really capturing the hacker mindset unless you're anonymous. Yeah. It could be either. So it could be like, it could be like Steven Levy's book Hackers. Or it could be Bruce Sterling's book like Cypherpunk. Right. You know, something like that.

We had a lot of votes for Mark Rusnovich, Zero Day. And that was actually a legitimate nomination. We also had Bill Gates on here. Down the Wire by William Breen. If you haven't read that one, I would check that one out.

It's actually really good. And it's not that expensive either. That's a good article. Patrick Gray. Yeah, Patrick Gray for his coverage of LulzSec. Honestly, I got a little bit tired of the LulzSec and Anonymous stuff in the nominations. I think it's a little bit overdone. Patrick Gray, his piece is very different.

Is it? Is it good? He stands out and basically says a lot of what people are thinking. Okay. And Kevin Polson, who does a lot of technology writing as well. I haven't read any of his stuff recently, so. Well, that's another one where you would need to specify author and work. Because, yeah, Kevin writes all kinds of articles. Right. And books.

Yeah, Kevin Polson's new book is outstanding. And so that one would definitely be up here. Yeah. But, you know, maybe just a mundane article on something else wouldn't. Okay. So, Brian, Jeff, what do you guys think? I'm either going for the, I'm guessing I would either go for the Mark Russinovitch's. Uh-huh. Or I would go for, what was that further?

The, I can't remember his name. The person you were mentioning. Patrick Gray. Yeah, Patrick Gray. Oh, Patrick Gray. He's an extensive article. So what about you guys? Russinovitch. Polson. As a total contribution, Polson's total body of work, you're thinking?

Kingpin. Kingpin. The new book, Kingpin. Kevin Polson's book, Kingpin, you mean? Yeah, Kingpin. Kingpin, yeah. Kingpin, I would say, is between those two. You know, I even like the Fatal System Error by Joseph Men was really good, but that was also more like an investigative piece that tracked the cat and mouse, and it was less

about the mindset, and it was more about, you know, the sort of police procedural of chasing down the bad guys. All right. So, Zero Day or Kingpin? Let's see, hands, show of hands. Zero Day? Kingpin? Yeah? Yeah, it looks like it's pretty close.

Duet? I think it's pretty close. Kingpin, I think, is edging them out. Okay. All right. So, we'll give that to Kingpin. And I haven't seen Kevin this year at all. No, I don't think he's here. Yeah. So, we'll have to mail him his. Or give it to us. All right. And so, for the last one, and this is actually the most important category, in my opinion, we have a lot of people that go out there, and they call themselves security experts,

and this actually kind of goes back to the worst media coverage as well, because you see a lot of these people on CNN and Fox News, and they'll hire anybody as long as there's a marketing guy that tells you they're an expert in the security field. And I'm going to let Brian talk a little bit more about it, but there is a difference between somebody that is unethical and makes poor decisions

versus somebody that actually doesn't know what the hell they're talking about, so. Right. And you've been doing this for a long time. Yeah. Actually, one of the very first charlatans we put up was Gregory Evans in 2002. So, while most people think, hey, it's a recent thing in the last year or two, no, it actually goes back. And ironically enough, in the past week, we got evidence, well, we have not what we can publish on,

but we have the initial evidence that says even his real crappy high-tech, memoirs of a high-tech hustler was written by an employee, that he didn't even write that. So, yeah, it's just an ongoing saga. But as Russ said, one of the distinctions is with the charlatan, you know, you have to kind of think of snake oil. It's the guy pitching something that doesn't really know what he's doing.

He's not an expert, and obviously he, she, whatever, where one of the most common nominations for this was like Aaron Barr. Well, I was on a panel regarding that earlier. Aaron Barr, he may be an asshole, he may be unethical, he may be money-driven, but it doesn't mean he was charlatan. If you actually read through his stuff, a lot of what he was proposing is being done by other companies,

and they are doing it very successfully, and they are making a shit ton of money off of it. So, you really, you can't call him a charlatan for that. You call him a jerk or whatever else, you know. It's almost like a confidence game, right? They're misrepresenting themselves to be something they are. Right. So, as an example, because this one's well-known, Gregory Evans, he goes in and says,

hey, I'm an expert, and one of the first things he quotes is, you know, I was arrested for hacking, and I served two years for hacking. Well, as the details show, no, he never hacked anything. All he would do is call up, and it wasn't even social engineering by the definition today. He would basically steal a phone line and resell it for profit.

And he wasn't the one that even secured the phone numbers. So, yeah, there's a difference between, you know, a charlatan and a dick. Or he's both, you know. Or common criminal. Some of the other nominations we got, Ankit Fadia, one of the Indian whiz kids, which is a growing phenomenon.

In the last year, I think we added three more to the charlatan page. From India? Yeah, all India. It's a growing thing. It's like, Ankit Fadia started when he was 14. Well, next one, oh, started when he was 13. Gifted a computer when he was 12. It's like every goddamn year, someone a little younger comes up. And one of them was, I think his name is Sahil Khan.

So he decided, oh, I'm going to write a couple books, and it was full of plagiarism. And I forgot. I think I actually mailed him and said, you know, what the hell are you doing? So he may have mailed me. Anyway, we got to chatting, and I said, you know, this is plagiarism. He says, well, when are you going to remove this page? And I didn't even miss a beat. I said, never. You know, it's going to stay up. There's a permanent mark on your record, you know.

So he says, well, you know, I basically want to become a lawyer. I was like, good luck with that, you know. You know, when you go into law school, try not to plagiarize. Either way, we had a great conversation in the end. He learned his lesson. He said, you know, he's never going to plagiarize again. So it's a great thing, you know, that, sure, he screwed up, but he learned from his mistake.

Some of the others don't even contact you or? Right. You know, for the most part, they don't. And here's a great one, like going back to Evans. Evans doesn't understand that my real name, Brian, and Jericho, I'm the same guy, even though it was in an article last week by Penn and Berg. He also thinks that one of those two names is Randy Morris, an ex-employee of his,

and he still can't make the distinction that any of this is involved with attrition. So when he filed a court case that was involving us, he filed us as a John Doe. This is the same guy that goes out and says, I'm a technical expert at computer forensics. I dig up thousands of pages of evidence on blah, blah, blah.

You know, that really embodies the charlatan. One of the other names that came up that surprised me, Christian Heinrich. Does anyone know that name? What's the story there? Yeah. Well, okay. Oh, hey, that could be another category next year, boring speaker. So is he just a boring speaker or is he a charlatan?

Okay. Was any of it wrong or did he flat out say, ooh, look at this basic stuff. It's brand new and revolutionary.

Okay, anyway, his name came up way too many times, so he's now going on my to-do list. You don't want to be on his to-do list. No, no, no, no. Yeah, we had Greg Hoagland from HB Gary. Again, he might be an asshole. He definitely is an asshole. He's the one that threatened a legal injunction against Aaron Barr for speaking on the panel earlier.

Fucker. HB Gary, HB Gary, same thing. Apple Bomb. Oh, LeGat Security, I guess. Yeah, LeGat, same thing. A few others. Sony, RSA. Again, you know, there's Pony Awards, TSA. Yeah, Julian on there.

Oh, one other one like HT Bridge. That's another recent addition. And that one's kind of interesting. HT Bridge, they're a company out of Switzerland, and they got some really stupid shit on their web page. One of them is, hey, you can trust us because we are Swiss, which means we're vendor neutral. Wow, okay.

You know, so it starts out like that, and then the actual rod is that they published these security advisories that if any of you kind of close your eyes, drink a bottle of vodka and puke, it's about the same quality. You know, real light on technical details, all kinds of mistakes in them. I posted their page, and one of their leaders emails me and says, you know, oh, I am completely surprised at your article.

I was like, you're surprised despite me tweeting to you three times directly that I was publishing this two weeks in advance? Or, you know, the, and I counted them up, it was like 18 replies over nine months on bug track that you ignored. How did you really miss that I was on to this, you know? So, anyway, he mailed me, it was long, whatever, I made a couple corrections on my errata.

I was like, okay, I'll give you that one, that might be a vulnerability. I mailed him back, he mailed again, I haven't read it. You know, it was just like, at some point, I don't know, call me selfish, but dealing with that kind of bullshit, it really eats at your soul.

So, anyway, we have all those. That's another category, bullshit soul eater. Yeah. So, is this a visceral vote, like, who caused you the most, like, psychic pain? Oh, man. Or is this a vote on who caused the community, like, the most misdirection and has done the largest amount of harm to the community?

Well, this can also be a second fun break off, who was the most amusing to us? Who did we laugh at the most, you know? So, out of all those names, for any reason, who do you think would be the charlatan of the year? Is there anyone who thinks it's anyone other than Evans?

Cricket, cricket, cricket. Oh, yeah, Ankit Fadia, whatever. So, one more fun story. He used to publish where he was going to speak. And, by the way, he gets up to $25,000 to speak on stuff that is mundane. I mean, just boring, simple, security 101 crap and it's hype.

One of his talks begins with, do you use Gmail? Don't, you're vulnerable. Do you use search engines? Don't, you're vulnerable. That kind of thing. You know, it's all fun. So, anyway, he publishes a list and he says, you know, I'm speaking at so and so in Denver, Colorado, where I live. And I was like, ooh, that's a mile from my house. So, I warn him.

I said, Ankit, when you come to Denver, I've got questions for you and I'm going to ask them. So, I went down to the restaurant. Nice cold night. I'm standing in the lobby waiting. And, actually, I had dinner there. And I went downstairs and I noticed that there's a Denver police officer standing outside. And I was like, you know, this is kind of an odd place for you to be posted. He's like, oh, well, security for the private, you know, party. I was like, great, Ankit called the police already, you know.

So, I go back up to the lobby. I wait. Ten minutes later, the cop comes up. And, apparently, me asking him that triggered some, you know, something in his mind. He says, you know, why are you here? I was like, oh, I'm a journalist. I'm with Attrition, Arata Project. I explained it and I gave him a card and everything. And I just want to ask him some questions. He's like, are you going to hurt him? His feelings, maybe, you know.

I wasn't there to, you know, actually hurt him. It might make him cry. Long story short, he called the police in advance and lied and said that I was there to assassinate him. Maybe verbally. Yeah. So, the cop's like, well, because of that, you know, you can't be in the lobby. I was like, well, you know, I'm a paying customer.

I just, you know, paid $30 for dinner here. He's like, well, you're done. You need to leave. I was like, fine. So, I went out and I waited out in the cold. And when I say cold, 10 degrees. You know, it was in the middle of the winter. I waited out there for two hours watching everyone come out. I know what he looks like. Don't see him come out. Eventually, no one else is coming out of the restaurant. Finally, employees start walking out. Then the manager comes out. Why are you waiting here all night?

So, I explained to him. He gets all, you know, in my face about this. I was like, look, man, I'm a journalist, you know. Ambush journalism. Whatever you want to call it. And he's like, well, there's no one left in the restaurant. I was like, oh, thanks. That means that he snuck out the back alley like a rat. Appropriate. So, yeah, I wrote all that up. And since then, he hasn't published where he's speaking in advance. He's locked his Twitter feed.

Doesn't update his Facebook page. You know, again, there's the sign of a charlatan. Yeah, they run from you. They won't take any kind of constructive criticism or legitimate questions. Does anybody subscribe to his Twitter feed that made it in there? Hasn't gotten locked out? The funny part is that a lot of these charlatans,

they've actually blocked me, you know, because once I figure out who they are and once we put them on the page, I'm a little vocal on Twitter, you know. I will taunt them and I will call them names or challenge them. And so they end up blocking me, but they don't realize that a month in advance I followed on a ghost account so that I can keep reading after they block. And that way, yeah, I still read Gregory Evans.

I still read Joseph Black. I still read Fadia. You name it, I read their Twitter feeds. And it's, you know, kind of fun to see what they have to say after all that. But the fact that they go in hiding, that's a good first step. So, anyway, that was a fun story. Sorry. Majority says Gregory D. Evans gets it. He promised he would be at DEFCON.

He promised he would buy one of the podcast crew dinner. He's a no-show. What the? Don't get it. Shocker. Yeah. Long story short, he ended up flying to D.C. and conned Wall Street Journal into an article. Oh, brooding. It took us freaking two months to get CNN to drop him as a speaker. So now I've got to go start at the Wall Street Journal.

One takeaway. Please, if you see a charlatan, if you see someone suspicious like that, send me a mail. Just say it's to Arata at attrition.org. Hey, this guy seems a little, you know, out there. Gregory D. Evans spoke in this article. Even better, start sending feedback to these media outlets.

Say, this guy's a quack. This is why. Here's the evidence. And that's what Arata does is we put up as much as we can that's fully backed with evidence. We try to make it as little opinion as possible. But we need help. We need more eyes. We just need submissions. Just need a little more information, a little more push, and we can keep publishing it.

Yeah, if you want to see the current charlatans that he's watching and the up-and-coming charlatans that he's got on his watch list, you can actually see those at his website. Yeah, it's all online, and there is a third list that's the kind of to-do list. And as I said... You can help prioritize that list. Yes. Okay, so the winner.

Gregory D. Evans by a landslide. Yeah. And since he's not here to take it, I will take his award, and I will put attrition stickers all over it, and I will mail it to him. You've got to take a picture of that before you send it to him. So he will get a very special box with that and, you know, maybe some squirrel poo in it.

All right, so for next year, we're going to increase the number of categories. We're going to change the way we do the voting and the nominations. I think this is a good number of categories. Do you think like one more maybe? One or two more. Yeah, maybe one or two. I don't want it to be too complicated.

Well, yeah, the worst corporate security response. Yeah, so for that, I think the ponies are doing a great job there. So I tried to stay more like open source, community-oriented, and let the ponies do what they do really well and will complement each other. Right, ideally these categories should be completely different from the ponies. And if you miss it, it's worth going to Black Hat for the ponies alone.

It's a lot of fun. The guys that do that, they did a really great job. Yeah, so we're just trying to start ours up with more of a community twist. So with that said, we've got the awards. If any of the winners are here, we'll give it to them. Otherwise, we'll make sure they get delivered. And next year, we will announce a lot earlier and we'll get you involved a lot sooner.

And we really look forward to you guys just spreading the word and hopefully so for DEFCON 20. We'll actually have it really going. Cool, guys. Thanks. We appreciate your time. Thanks.