I just returned from Vegas and an interesting couple of days at Black Hat  and Defcon . The Anti-Spyware Coalition  put on the same panel at both conferences. Eileen Harrington, Deputy Director at the FTC, gave a great overview of the Commission's work on spyware and suggested that they are spending a lot of time helping highlight the criminal aspects of spyware to others in the government -- since the FTC is a civil law enforcement agency, they pass criminal matters to the DOJ. Ben Edelman, now an Associate Professor at Harvard Business School, gave an overview of some of his latest research including his report  on several exploits that install Zango software that seem to be pretty clearly in violation of Zango's settlement agreement with the FTC. Mario Vaksun, Director of Knowledgebase Services at Bit9, showed some interesting research about how malware installers have been issued signatures by the two biggest certificate authorities raising questions about the long term ability of this form of authentication to protect users. It seems that the "Sexy Sexy" dialer was given over 1,700 certificates. Some of the other top notch policy presentations that I saw were given by Jennifer Granick, now at Stanford Law but soon moving to EFF, who gave an excellent case studies in Disclosure and Intellectual Property Law and by Robert W. Clark, of the Department of the Navy Secretariat, who gave one of the more informational and entertaining "Year in Review on Computer and Internet Security Law" presentations that I've ever seen. And yes, the Defcon badge  is as cool as advertised.