By Keith Jones and Brian Dykstra
Special to Law.com
August 20, 2008
As always, the 2008 Black Hat security conference in Las Vegas, N.V.,
was full of cutting-edge computer security research, the latest in
computer security vulnerabilities, and more than a little controversy.
Since the beginning of the Black Hat conference 15 years ago, the show
has always been a place for the elite of the computer security industry
to release their latest work on what is known as "zero-day exploits."
A zero day or "0-day" exploit is a previously unknown computer security
vulnerability that is released before vendors like Microsoft have a
chance to release a security fix. There were fewer zero-day exploit
presentations this year than we have seen in the recent past, but the
ones that were presented were big.
The most popular presentation at Black Hat 2008 was on the Internetwide
DNS vulnerability discovered by Dan Kaminsky, director of penetration
testing for IOActive. Over 2,000 attendees packed into an 800-person
capacity room to hear Mr. Kaminsky tell the intriguing story of how he
had been working on a nonsecurity related, Web-caching project for a
friend at Wikipedia. Dan was looking into how Domain Name Servers
(DNS), the computers on the Internet that convert computer names (like
www.law.com) to IP addresses (and vice versa). Looking for ways to
improve performance, he stumbled upon a "DNS cache poisoning"
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!