• On GameSpot: So-called 'Halo killer' gets 23 to life

Defense in Depth

Read all 'Zac Franken' posts in Defense in Depth
February 22, 2008 1:49 PM PST

Black Hat D.C. wraps up

by Robert Vamosi
  • Post a comment

Breaking things--that's what the very bright and super curious do; they look beyond the obvious to see what's truly lurking beneath the surface. On Wednesday and Thursday, attendees at Black Hat D.C. 2008 got a window into the latest research being done on Web applications, wireless, and embedded technologies.

On Wednesday, researchers David Hulton and "Steve" showed how with about $1,000 with of equipment they can decrypt A5/1 cellular GSM traffic in less than a hour. Following that, Adam Laurie reprised his popular RFIDiots talk from last year's Black Hat briefings with a new program that allows him to read the data off smart credit cards "hands free."

Perhaps the best new presentation at Black Hat D.C. 2008 took place in the early afternoon. In "Bad sushi: Beating phishers at their own game" researchers Nitesh Dhanjani and Billy Rios relentlessly tracked down the origins of several online phishing sites to reveal, not super-smart ninja hackers, but sloppy coders who cut and paste and even steal from one another. Following that, David Litchfield, a substitute for a canceled talk on VoIP, presented on new Oracle vulnerabilities. Finishing the day was Neal Krawetz, who expanded his talk from Black Hat Las Vegas on image analysis, this time including his research into the veracity of Osama bin Laden's beard in a recent video.

Wednesday night included a social. There was also a speaker from the Washington, D.C.-based Spy Museum with stories of real-life spies.

On Thursday, Tiller Beauchamp and David Weston gave a presentation on DTrace, a security research application that is now available within Mac OS X Leopard and coming soon to various distributions of Linux. Following that, Zac Franken reprised his previous talk on biometric and token-based access control systems with new information on work access cards. After lunch, talks included Chris Wysopal on classification and detection of backdoors, Jason Larson on SCADA security, and Jon Oberheide on exploiting virtual machine migrations.

Topics:
Security
Tags:
security,
Black Hat D.C. 2008,
Adam Laurie,
David Litchfield,
Dr. Neal Krawetz,
Nitesh D,
Jon Oberheide hanjani and Billy Rios,
Zac Franken,
David Hulton and "Steve,
" Tiller Beauchamp,
David Weston,
Chris Wysopal,
Jason Larson
Share:
Digg
Del.icio.us
Reddit
February 19, 2008 3:59 PM PST

Black Hat D.C. 2008 begins

by Robert Vamosi
  • Post a comment

WASHINGTON--On Wednesday, Black Hat D.C. 2008 gets under way, after two days of intense training sessions. The D.C. Black Hat security conference is much smaller than the summer Black Hat USA in Las Vegas. But what D.C. lacks in size, it makes up for in sessions and talks.

On tap for Wednesday is a keynote speech from Jerry Dixon, former director of the National Cyber Security Division, Department of Homeland Security. Following the keynote address will be two parallel tracks of programming--Web app and wireless--including presentations from Chuck Willis of Mandiant on forensic challenges of cross site scripting, Adam Laurie on practical RFID hacking, Nitesh Dhanjani and Billy Rios on beating phishers, Sachin Joglekar and Sundeep Patwardhan on attacks on VoIP through IPSec tunnels, and Neal Krawetz on image analysis.

Thursday will continue with two parallel tracks--defense and hardware/embedded--and will include Christopher Tarnovsky discussing security failures in secure devices, Zac Franken on biometrics, as well as others.

Throughout the two-day event there will be various birds-of-a-feather talks, opportunities to talk to session speakers, and on Wednesday evening, additional speakers.

Topics:
Security
Tags:
security,
Sachin Joglekar,
Sundeep Patwardhan,
Neal Krawetz,
Nitesh Dhanjan,
Christopher Tarnovsky,
Zac Franken,
Chuck Willis,
Billy Rios,
Adam Laurie,
Black Hat D.C. 2008
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

Five New Year's resolutions for Google

Stakes are high as Google attempts to maintain one of the Internet's greatest cash machines while pushing into new and risky markets.
• Android event set for Jan. 5

For eBay sellers, a holiday hamster hangover

The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags lead to some impressive profits.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET