black

LAS VEGAS--Electronic toll systems like FasTrak and E-ZPass may be convenient for drivers, but they are rife with privacy risks, a security expert said Wednesday at the Black Hat 2008 security conference.

Strangers with the right transponder reader walking through a parking lot can steal the ID number off the transponders that are visible through the windshield, put the data on their devices and pass through bridge and other tolls for free, with the victim paying the bill, according to Nate Lawson, principal of security consultancy Root Labs.

The transponder ID, which lacks encryption, could be wiped and switched with … Read more

LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.

Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.

The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a … Read more

LAS VEGAS--This year marks my ninth year of attending Black Hat in Las Vegas. From a small gathering of security professionals in 2000 to an uberconference in 2008, Black Hat has scaled well. And the transition from private company to corporate-owned also appears smooth. But hardly anyone's here yet.

On Tuesday, there are only a thousand or so attendees of the 30-some training sessions. Already I've noticed a few minor changes from last year.

The press room is now on the third floor, away from the maddening crowds. This may or may not work since almost all the … Read more

Microsoft will be giving companies that sell security software and services to its customers a sneak peek at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly "Patch Tuesday" updates.

The new Microsoft Active Protections Program, set to be announced at the Black Hat security conference on Tuesday, is designed to give software vendors a chance to prepare updates to their software before attackers have a chance to reverse engineer Microsoft's security patch and create an exploit.

"It's essentially a race between the attackers and the protectors," said … Read more

LAS VEGAS--Black Hat 2008 is bigger, and some might say better. Occupying most of the third and fourth floors of the convention hall at Caesars Palace, the conference started on Saturday with two- and four-day training sessions that continue through Tuesday.

The "public" part of Black Hat runs Wednesday and Thursday and features speakers in 15 separate tracks. One of the tracks will consist of Turbo talks of 20 minutes each. After those, there will an opportunity for the audience to talk with some of the speakers in a another room.

Wednesday starts with a bang with … Read more

LAS VEGAS--A panel discussion with Apple employees talking about the company's security practices was canceled by its moderator.

Black Hat founder and director Jeff Moss told ComputerWorld that "it was them talking about security engineering and how they take security seriously. It would have put Apple in a positive light."

Last week, another session on Apple FileVault was pulled at the request of its presenter, Charles Edge. He reportedly signed an agreement with Apple preventing him from talking about the vulnerablities he'd found.

Click here for full coverage of Black Hat 2008.

Iron Chef returns to Black Hat. No, its not the Food Network import from Japan broadcasting live, but the Fortify edition featuring lead security researchers as they struggle against the clock to find vulnerabilities. This year, the secret ingredient is open-source code.

Brian Chess, chief scientist at Fortify Software, and Jacob West, who manages Fortify Software's Security Research Group, tell CNET's Robert Vamosi that one team will use static analysis while the other will use fuzzing. Chess confirmed that Charlie Miller and Jacob Honoroff will be on the fuzzing team, and Sean Fay and Geoff Morrison from Fortify … Read more

Gold and silver are fine colors for cell phones and smartphones--that is, if you like to play it safe. However, if you like to make a statement, you might want something a little more bold like green, purple, or how about sunset red? If you fit into this latter group, you might interested to know that today, T-Mobile released a sunset red model of the RIM BlackBerry Curve 8320.

Rocking an orange-red casing, the BlackBerry Curve offers the same great features of the previously released versions, including integrated Wi-Fi, support for T-Mobile's HotSpot@Home service, Bluetooth, and a 2-megapixel … Read more

Apple makes beautiful products, but don't try looking under the hood to see how secure they are. I'm a huge Apple fan, but I found this news that two presentations on Apple's security were pulled from the annual Black Hat conference.

One was a presentation by Apple employees on the company's security policies. On that one, it's shocking that the employees were planning to speak at all, as Apple is very tight-lipped about anyone within the company speaking publicly.

But the other, as the Slashdot commentary highlights, was to discuss problems with Apple's … Read more