Black Hat Cometh; You Afraid?


There is a certain mystique about the Black Hat conference in Las Vegas that it’s a place where bad things are talked about openly
and things that we once thought were secure get thrown out the window.


It’s a perception that is well founded and one that I expect will be further
reinforced at this week’s event.


Without a doubt the most highly anticipated vulnerability that will be
publicly discussed at the event is a vulnerability in
Apple’s iPhone
. That particular presentation, however, isn’t scheduled
until the last day of Black Hat. In the last time slot.


There is a lot of other stuff in between, including some new takes on things
first discussed at last year’s show.


Last year Cisco Network Access Control (NAC) was proven fallible; this year at least two different security researchers will
be presenting additional findings on how to bypass NAC.

In a presentation
titled NACATTACK, security researchers Dror-John Roecher and Michael Thumann
are going to release a tool that may well be able to help get around
NAC.


“We do not wish to simply release a tool; we want the audience to understand
how Cisco NAC works, why it is not as secure as Cisco wants us to believe
and which mitigations exist,” the Black Hat abstract for the NACATTACK
session states.


One of the other highlights of 2006 was Joanna Rutkowska’s landmark presentation on how to attack Windows
Vista with a virtualized rootkit. Rutkowska is back this year with more of
the same on virtualization-based malware. She also plans to reveal new,
practical methods for compromising the Vista x64 kernel on the fly.


Rutkowska is also the subject of another presentation titled, “Don’t Tell
Joanna, The Virtualized Rootkit Is Dead” where researchers from Matasano
Security will attempt to prove that the virtualized rootkit approach can be
detected.


Web services will also be violated in a talk titled, “Attacking Web Service
Security: Message Oriented Madness, XML Worms and Web Service Security
Sanity.” C++ developers won’t be safe, either, as IBM ISS researchers are set
to discuss how to break C++ applications.

According to the session abstract,
the researchers claim that this presentation will include a discussion of bug
classes that have yet to be discussed or exploited in a public forum.


Join the crowd.


Speaking of crowds, it might be a good idea to stay off the streets for a
few days, too. One of the more esoteric sessions is titled, “Injecting
RDS-TMC Traffic Information Signals a.k.a. How to freak out your Satellite
Navigation.”


“We’ll discover the obscure (but scary!) messages that can be broadcast (and
that are not usually seen over legitimate RDS-TMC traffic), the limits of
standard SatNav systems when flooded with unusual messages and the role that
RDS-TMC injection/jamming can play in social engineering attempts (hitmen in
the audience will love this!),” the session abstract states.


Everyday browser users might have a cause for concern, as well.


Mozilla Chief Security Officer Window Snyder is set to deliver a session
about how to break the modern Web browser. But wait, it gets better.


Mozilla will also be releasing protocol fuzzers for HTTP and FTP and a
fuzzer for JavaScript. These are the same tools that Mozilla themselves have
used to secure Firefox. Score one for the good guys here. Better to break it
yourself before others do it for you.


Speaking of when it’s appropriate to talk about breaking applications, there
is a legal aspect to Black Hat this year, too (And no all attendees won’t be
rounded up by the DHS and arrested)


Stanford Law School educator Jennifer Granick will discuss when a research
can or cannot disclose vulnerability. As a very appropriate case in point
she’ll be talking about the 2005 Black
Hat incident involving Cisco and researcher Michael Lynn
where legal
takedown threats and suits flew back and forth.



Black Hat has become the premiere place to disclose high-profile
vulnerabilities, of that I have no doubt. Whether certain
vulnerabilities are disclosed, such as the high-profile iPhone issue,
remains to be seen.


I’m not afraid of the Black Hat vulnerabilities. I’m more
worried about the ones we don’t know about, i.e. the lurkers that don’t disclose.


Thanks to Black Hat we know about broken applications and processes. We are
no longer naïve or ignorant. More so than just disclosing security
vulnerabilities Black Hat has also become the place to discover how to
discover those vulnerabilities, which can make us all safer.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web