Hackers have knack for beating NAC systems Black Hat: Network access control systems are widely used by enterprises...
to remediate client access to internal networks, but experts say many NAC systems can be easily bypassed.
|Additional coverage of Black Hat 2006|
Black Hat notebook: Flying under the radar
First details on a security vendor in stealth mode, security pros have keen interest in Windows Vista and a new problem looms for BlackBerrys.
Spyware war may be a losing effort, experts say
Black Hat: Spyware is a top concern among security professionals, but experts say there may be no technology that can stop its spread. Instead, the spyware battle may need to be waged on a different front.
RSS, Atom feeds ripe for attack
Black Hat: A researcher demonstrates how RSS and Atom feeds can spread the payload of a zero-day attack. His advice? Subscribe to feeds with care.
Ajax threats worry researchers
Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers.
Vendors reject preferential knowledge sharing
Black Hat: While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy.
Black Hat: Like hip-huggers and tweed, once-popular attack methods like ciphertext manipulation are finding new life as hackers look to cut through well-worn Web applications.
Cisco coping with more Black Hat revelations
Black Hat: Speakers have revealed a Cisco CallManager Express flaw and a proof-of-concept exploit. However, Cisco was notified in advance and had been investigating.
Possible Cisco zero-day threat, exploit revealed
: Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday presentation, are being kept under wraps as Cisco and US-CERT investigate.
Wireless cards make notebooks easy targets for hackers
Black Hat: Experts say flawed wireless cards are an industry-wide notebook security problem, thanks to weak device drivers and vendors who ship products without proper testing.
Litchfield: Database security is IT's biggest problem
Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data.
Feds court infosec pros in fight against cybercrime
Black Hat: Federal law enforcement officials hope a more cooperative and less territorial approach will help convince private sector organizations to join the fight against cybercrime.
Brief: Moore releases flaw-finding tool
On the eve of Black Hat, Metasploit Project founder H.D. Moore has released a new tool for finding vulnerabilities in Internet Explorer ActiveX controls, and an updated version of the Metasploit Framework.
Black Hat preview: Spotlight on Vista, new exploits
Researchers will pick apart Windows Vista and shine a light on security holes affecting NAC, VoIP, Web applications and databases at this year's Black Hat USA 2006 gathering.
Cisco may get more unwanted attention at Black Hat
Fifteen new exploits will be detailed at this year's conference, and two of them target NAC and VoIP vulnerabilities in products from Cisco and other vendors (third item).
Would 'Blue Pill' create a matrix for PCs?
This week in Security Blog Log: A researcher creates fake reality for Windows Vista's anti-malware sensors and plans to show it off at Black Hat. Not all bloggers are impressed.
|Highlights from Black Hat 2005|
Security researcher causes furor by releasing flaw in Cisco Systems IOS
Security researcher Michael Lynn caused quite an opening day buzz at the Black Hat Briefings security conference when he released a potential vulnerability in Cisco Systems' routers that could, if exploited to its potential by a malicious attacker, bring down the entire Internet.
End-users in an uproar over Cisco/ISS suit
Attendees at Black Hat had plenty to say in the wake of Cisco Systems Inc.'s announcement that it issued cease and desist orders to conference organizers and security researcher Michael Lynn, who presented his findings on a serious Cisco IOS flaw patched months ago.
Cisco, Black Hat litigation comes to a close
A litigation nightmare that began Wednesday for security researcher Michael Lynn and Black Hat Briefings organizers came to an end one day later when an agreement was reached Thursday afternoon with Cisco Systems and ISS.
Should Michael Lynn have kept his mouth shut?
One can only imagine what raced through Michael Lynn's mind the moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's controversial Black Hat Briefings presentation.
Information Security magazine interview: Jennifer Granick on 'Ciscogate'
The attorney for Michael Lynn still has plenty to say about responsible vulnerability disclosure.