InformationWeek has a top 10 Infamous Moments In Security Research artice, David Litchfield and Black Hat are listed as #1 for David’s work on an SQL problem that turned into the slammer worm. You will notice that Mike Lynn is mentioned as #3, but it is not revealed that he presented this research at Black Hat as well, nor the ISS and Cisco lawsuits against Black Hat mentioned. But not to worry, Davaid Litchfield is also in position #6 with his Oracle PLSQL gateway vulnerability.
Black Hat in ’10 Infamous Moments In Security Research’
Black Hat Briefings and Training Europe Registration now open
Black Hat Europe 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 25 presentations. There will be 10 Training classes with new offerings and an updated SensePost class “Hacking by Numbers: Combat Edition.” Due to limited class size, many of our classes fill up quickly. Register early to ensure training availability and to take advantage of our early bird registration discount.
Black Hat Briefings and Training Federal Registration now open
Black Hat Federal 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 22 presentations. There will be 11 Trainings classes, with new offerings such as Saumil Shah’s “The Exploit Laboratory – Buffer Overflows For Beginners,” and Matt Hargett’s “Binary Static Analysis: From the Inside-Out.” Class sizes for all trainings are limited to ensure each student receives individual attention. Register early before classes fill up and to receive an early discount.
Dan Kaminsky “Black Ops Of TCP/IP 2005″ Audio on-line
Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed.
Chris Hurley (Roamer) “Identifying and Responding to Wireless Attacks” Audio on-line
This presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presented.
David Maynor “Architecture Flaws in Common Security Tools” Audio
Look at your new device! It has a great case, plenty of buttons, and those blue LEDs – wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepted encoding schemes to launch attacks right through most security tools? Come and see what hackers know; if you rely on these products to keep you safe, you can’t afford not to.
Dominique Brezinski “A Paranoid Perspective of an Interpreted Language” Audio
Interpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all.
Ejovi Nuwere “The Art of SIP fuzzing and Vulnerabilities Found in VoIP” Audio
This presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors. The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches for fuzzing text based protocols which can be more complex then fuzzing binary protocols.
Hideaki Ihara “Forensics in Japan” Audio (Japanese)
In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character encoding and Japanese are significant issues for Japanese agents. This session will cover the various issues on Japanese when using popular forensic tools and other technical issues for future considerations.
Jeff Moss Interviewed about Ciscogate wired.com
From the article “The legal wrangling finally ended this week, and the FBI case against Lynn has closed. Lynn spoke with Wired News in July to tell his side of the story. Now Black Hat founder Jeff Moss talks about what happened from his perspective and why companies continue to repeat the mistakes of their predecessors in trying to suppress the full disclosure of security bugs and punish security researchers.”
