security

The brawniest smart phones may be equipped to withstand a hearty flinging across the room, and the brainiest may be able to finesse your multimedia or autocorrect your photos, but few can do on their own what CodeWallet Pro and eWallet Professional (various versions) can to manage and secure your data in a central, locked-down location.

I'm not talking about one smart phone with separate notebook, word processing, e-mailing, and database programs that have been shrunk down from their original desktop formats to disco with your data. I'm talking about programs that have been made with mobility in mind, that regard themselves as serious guardians of very sensitive information. Whether they stand up to the task and whether you really need them are issues we'll get to. To begin, let's take a look at eWallet Professional and CodeWallet Pro (which shall henceforth simply be known as eWallet and CodeWallet).… Read more

LAS VEGAS--Robert Graham of Errata Security on Thursday showed how reverse engineering your security application can uncover a treasure trove of zero-day vulnerabilities. He also demonstrated a new man-in-the-middle attack scenario that affects several popular Web 2.0 sites. He did so in a talk at Black Hat titled "The Lazy Hacker's Guide to TCB (Taking Care of Business)."

David Maynor who is no stranger to controversy at Black Hat was scheduled to speak alongside Graham, but Maynor was called away at 4 a.m. by a client in need. Errata CEO Graham presented the talk solo. … Read more

LAS VEGAS--Thursday morning at Black Hat, Window Snyder and Mike Shaver of Mozilla released new tools for testing their browser, Firefox, and other popular browsers, such as Microsoft Internet Explorer, Apple Safari and Opera. The tools include a protocol fuzzer by Michael Eddington, and a Javascript fuzzer by Jesse Ruderman. Fuzzing is a method by which researchers randomly simulate common conditions under which most browsers fail.

In an interview before the presentation, Snyder said that Firefox enjoys a community of users in the millions worldwide. Of these, there are about 10,000 users who regularly download what are called nightly … Read more

LAS VEGAS--Thursday morning at Black Hat, Window Snyder and Mike Shaver of Mozilla released new tools for testing their browser, Firefox, and other popular browsers, such as Microsoft Internet Explorer, Apple Safari and Opera. The tools include a protocol fuzzer by Michael Eddington, and a Javascript fuzzer by Jesse Ruderman. Fuzzing is a method by which researchers randomly simulate common conditions under which most browsers fail.

In an interview before the presentation, Snyder said that Firefox enjoys a community of users in the millions worldwide. Of these, there are about 10,000 users who regularly download what are called nightly … Read more

LAS VEGAS--Bruce Schneier, CTO of BT Counterpane, has been talking about the psychology of security for some time now. In his keynote address to Black Hat on Thursday morning, Schneier said that one simply cannot quantify security because it's also emotional. How we feel about security in a given situation can affect how secure we really are.

Schneier says we're all security consumers; as humans, we're constantly deciding how much time, money and effort we spend to feel secure. All animals do this. A rabbit faced with a predator has to decide whether to keep eating or … Read more

LAS VEGAS--Want to build a Web site with all the latest Ajax technology? Or how about "Ajaxifying" an existing application? Bryan Sullivan, Senior Research Engineer for SPI Labs, and Billy Hoffman, SPI Labs' team leader, did just that during their talk "Premature Ajax-ulation" Wednesday afternoon at Black Hat. The two said that often developers see only the code that works, and not how someone else may come along and exploit it.

To demonstrate, Sullivan and Hoffman built a mock travel Web site, Hacker Travel.com.

"We're actually using examples that we find from popular … Read more

Much of the debate surrounding the nation's required shift to electronic voting systems has boiled down to one major question: to paper trail, or not to paper trail?

But those dead-tree representations of a voter's intent do little good unless state election officials actually scrutinize a sampling of them after the election, know what they're looking for, and know what to do next, argues a new report (warning: 90-page PDF ahead) released Wednesday by researchers at two prominent law schools.

And most of them don't, according to the report's authors, who represent New York University … Read more

This is my eighth Black Hat, and boy has it grown, especially in the last two years. When I first attended Black Hat back in 2000, the conference had just moved into Caesar's Palace and, with its four session tracks, fit neatly into a small conference area off the main lobby. Back in 2000, there were no vendors. Lunch was served in patio lounge.

Flash forward to today where more than 4,000 confirmed attendees sprawl over two floors, attending 10 session tracks, making their way among the more than 40 vendor stalls. And lunch is now served mess-hall … Read more

LAS VEGAS--In a presentation at the Black Hat conference here Tuesday, Neal Krawetz of Hacker Factor showed how basic manipulations to images can be revealed through digital analysis.

After presenting on the specific techniques he used, Krawetz launched into what he called the case of "Dr. Z," who happens to be Ayman al-Zawahiri, the No. 2 man in al-Qaida.

Using a photo that originally appeared on December 20, 2006, in USA Today, al-Zawahiri appears to be seated before a large banner with a desk underneath. On the desk, in the photo, is a tiny cannon. Yet in the … Read more