LAS VEGAS--This year marks my ninth year of attending Black Hat in Las Vegas. From a small gathering of security professionals in 2000 to an uberconference in 2008, Black Hat has scaled well. And the transition from private company to corporate-owned also appears smooth. But hardly anyone's here yet.
On Tuesday, there are only a thousand or so attendees of the 30-some training sessions. Already I've noticed a few minor changes from last year.
The press room is now on the third floor, away from the maddening crowds. This may or may not work since almost all the sessions are on the fourth floor. So far the escalators have been jammed during breaks and it will only get worse as Black Hat ramps up.
Lunch, served in a tent located in the front of Caesar's Palace, is now buffet as opposed to being a serviced meal. This gives quicker access to the food (no more waiting until everyone at your table had finished a course before the next course was served). However the buffet itself (at least four different food stations) also removed a good chunk of tables and seats. By my count only one thousand people can eat at one time.
To accommodate the rest of us, Black Hat is also serving boxed lunches on the third floor. My lunch ticket is for a boxed lunches. I suspect that vendors and press will be shunted into the cold box-lunch room.
There are about 30 vendors set up across from the Augustus ballrooms. Last year it was impossible to move from session to session without bumping into the vendor tables. While this year's location is better, it's still not ideal. Perhaps next year Black Hat will simply shunt the vendors into a separate room. Those who want to chit-chat with the vendors can do so, while the rest of us get to our sessions unimpeded.
The hall for Dan Kaminsky's DNS talk seems too small. Maybe they'll simulcast it on jumbo screens in the hallway. We'll see on Wednesday.
Correction, 3:40 p.m. PDT: This story initially misspelled Dan Kaminsky's last name.
On Friday at Microsoft's Blue Hat conference in Redmond, Wash., Alex "Kuza55" K. of SIFT challenged the software company and others to build a better Internet browser by detailing the many ways browsers fail to parse malicious code.
In the talk, Kuza55 included details on how various attacks use logged out cross-site scripting (XSS), cross-site reference frame-protected cross-site scripting, JavaScript hijacking, session fixation, XSS reference frame token fixation, and CSRF vulnerabilities to compromise desktop Internet browsers. The talk was provided to CNET as a PowerPoint presentation.
Dan Kaminsky, of IOActive, told CNET News.com that Kuza55 talked about the "obscure internal elements of things you can do to Web browsers. Like how to use browsers to attack other protocols. Or how to use text in a browser to attack other particular protocols."
Kuza55 started his talk by showing ways to use browser cookies for XSS attacks. In one method, "by abusing the path attribute (within a cookie) we can effectively overwrite cookies very specifically, or for the whole domain by setting lots of them." Kuza55's noted that in Firefox and in Opera there is a limit to the number of cookies that can be stored within each browser, with the oldest cookie being removed to make room for the new. Thus, it is possible for an attacker to overwrite the existing cookies in these browsers by exhausting the limit. Internet Explorer does not have such a limit.
The talk also addressed potential abuses of the FindMimeFromData function, discussed one directory transversal bug within Flash 9.0.124.0, and how to use 7-bit Unicode Transformation Format (UTF-7) as a means to inject encoded meta tags or encoded cross-site scripting into a browser. For the latter, Kuza55 cited the work of Yosuke Hasegawa.
Kuza55 also mentioned abuses of HTTP protocol, DNS, and subdomains. He faulted the browser makers several times for not providing enough documentation, and said he had to use trial and error to make these findings. Despite that, he's continuing his research.
- prev
- 1
- next
