AOH :: ISNQ4372.HTM

The past is prologue at Black Hat Briefings




The past is prologue at Black Hat Briefings
The past is prologue at Black Hat Briefings



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1874541535-1186047222=:15707
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.gcn.com/online/vol1_no1/44780-1.html 

By William Jackson
Government Computer News 
08/01/07 

LAS VEGAS =E2=80=94 Botnets and browsers are sharing center stage at the Black 
Hat Briefings this week with rootkits, reverse engineering and social 
engineering, as the conference expands to explore more niches in 
information technology security. One thing you probably won=E2=80=99t hear much 
about at the conference this year is vulnerabilities in the Windows 
Vista operating system.

=E2=80=9CA lot of people are working on it,=E2=80=9D said the show=E2=80=99s creator, Jeff Moss. 
=E2=80=9CBut it=E2=80=99s still too early.=E2=80=9D

Black Hat is a nuts-and-bolts conference that brings together security 
professionals and researchers (formerly called hackers) to explore the 
latest trends, developments and discoveries in cyberthreats and their 
defenses. It is an outgrowth of the more freewheeling DefCon convention, 
the 15th edition of which is being held this coming weekend at the 
Riviera Hotel and Casino in Las Vegas.

Some of what is being offered this year at Black Hat will be familiar 
territory.

=E2=80=9CThings that we were talking about a year ago are coming to pass,=E2=80=9D Moss 
said. =E2=80=9CThe exploits against browsers have gotten more sophisticated, 
continuing the trend of the last three years.=E2=80=9D

Another continuing trend is the growing sophistication of 
command-and-control networks for botnets, the networks of compromised 
computers used to launch increasingly targeted attacks and to harvest 
profitable information for identity theft.

There are some differences in this year=E2=80=99s lineup, as well. One is the 
prevalence of work on rootkits, pieces of code that burrow deep into a 
system to resist detection and removal. These hidden programs can 
trigger unwanted activity or allow other malicious code into a system.

=E2=80=9CWe used to have one or two rootkit talks,=E2=80=9D Moss said. =E2=80=9CNow we could 
fill a whole track.=E2=80=9D

Rootkits do not yet get a track to themselves this year, but reverse 
engineering does, and so does fuzzing. This year the reverse engineering 
track offers several presentations focusing on security issues specific 
to the C++ code development language, a relatively new area of study, 
although much application development is being done today in C++.

Fuzzing, or fuzz testing, is a software testing technique in which 
random data =E2=80=94 or fuzz =E2=80=94 is imported into a program and then watched for 
failures or other problems. Fuzzing has been around as a way to detect 
programming flaws since 1989 and is a simple and cost-effective method 
for evaluating software, but it is not a formal process. Research has 
been going on for several years to make fuzzing less random and more 
precise and scientific.

Moss said he was surprised by the continued work on fuzzing techniques. 
After four or five years of interest he believed it probably had reached 
the end of its life cycle, but this year he received so many submissions 
on it that it was given a track to itself.

=E2=80=9CThat surprised us,=E2=80=9D he said. =E2=80=9CWe thought that was a mature field.=E2=80=9D

One field definitely not yet mature is Vista. At Black Hat=E2=80=99s federal 
briefings near Washington earlier this year there were presentations on 
the new operating system=E2=80=99s features and functionality, but little about 
vulnerabilities. In the submissions for this week=E2=80=99s briefings there 
probably were fewer than five on Vista compared with more than three 
dozen on browser vulnerabilities.

=E2=80=9CIt=E2=80=99s not ripe yet,=E2=80=9D Moss said. =E2=80=9CBy next year there will be a lot more.=E2=80=9D

A lot of the vulnerability research on the new operating system probably 
was interrupted by attention that was directed at Service Pack 2 for 
Windows XP, a major update of the previous Microsoft desktop OS that 
made significant improvements in security. There will be more 
information about Vista =E2=80=9Cas people unlearn the way the world works under 
XP and learn the way it works under Vista,=E2=80=9D Moss said.

One presentation touching on Vista, =E2=80=9CBreaking the Legend of Trusted 
Computing and Vista BitLocker,=E2=80=9D was unexpectedly pulled from the Black 
Hat Briefings schedule in June. According to Black Hat, Nitin and Vipin 
Kumar of NV Labs decided to pull the presentation themselves, for 
undisclosed reasons. The briefings have generated controversy in the 
past when threatened legal action has blocked or attempted to block 
presentations. Black Hat said there was no external pressure to pull 
this talk and that the decision was the Kumars=E2=80=99.

If you are interested in more esoteric security subjects, such as 
interrogation techniques and lock picking, you will have to attend Black 
Hat=E2=80=99s sister conference, DefCon. Both DefCon and Black Hat were founded 
by Moss, who sold the more commercial Black Hat to CMP Media in late 
2005. He remains as director of the briefings.

=E2=80=9CI own DefCon,=E2=80=9D Moss said. =E2=80=9CThat=E2=80=99s my other show.=E2=80=9D DefCon was and 
remains an enthusiast=E2=80=99s show, created before computer security became a 
profession. Moss started the Black Hat Briefings in 1997 when a market 
developed for security expertise. Black Hat is =E2=80=9Cmore professional, not 
like a hobby show,=E2=80=9D providing practitioners with practical information 
on how to do their jobs.

=E2=80=9CThe two feed off each other,=E2=80=9D but remain distinct, Moss said. =E2=80=9CI don=E2=80=99t 
think people would be lining up at Black Hat to see how to pick locks.=E2=80=9D

DefCon is profitable but not wildly so, Moss said. But he feels no 
pressure to expand or change it. =E2=80=9CI=E2=80=99ve made my money selling the (Black 
Hat) business, so I don=E2=80=99t need to make money from DefCon.=E2=80=9D


--1457021584-1874541535-1186047222=:15707
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com 
--1457021584-1874541535-1186047222=:15707--

Site design & layout copyright © 1986-2014 CodeGods