LAS VEGAS -- A few leftover bits and bytes from the insanity and inanity that is Black Hat USA 2006.
At Black Hat, everyone's in 'stealth mode'
Black Hat always has had its share of attendees looking to remain anonymous: mainly reformed and not-so-reformed crackers and the federal agents trying to track them down (while wearing khakis and FBI polo shirts, of course). This year there were a number of representatives from security startups still in stealth mode prowling the grounds at Caesars Palace and testing the water for their new projects. Perhaps the most interesting of these is Veracode Inc., a company started by a handful of former @stake veterans, including Chris Wysopal, Chris Eng and "DilDog," the coder behind the Back Orifice 2000 remote administration tool. Veracode plans to launch early next year and will be focusing on binary analysis, a specialty of Wysopal, who helped write the consultancy's SmartRisk Analyzer tool before Symantec Corp. bought @stake in 2004. Eng gave a talk at Black Hat on tried-and-true ways to break Web applications, and Wysopal was around all week as well.
Fire when ready
Researchers and crackers are gearing up for the release of Windows Vista, which is due to ship to consumers this fall, although that date -- as all Microsoft ship dates are -- is subject to change. Symantec did a quick survey of Black Hat attendees and found that 55% of them are planning to take a close look at Vista's security in the next year. If the attendance at the conference's Vista talks is any indication, the bet is that number is closer to 95% and that it'll be about 48 hours from the time Vista hits Best Buy to the release of the first vulnerability advisory. Symantec and others already have been busying themselves with finding problems in beta builds, and given the size and complexity of the Vista code base, there are likely plenty of avenues for researchers to explore.
Speaking of Microsoft, the Redmond crowd was in full force at the show, and not just the guys from the Microsoft Security Response Center. A passel of Windows engineers showed up this year, in addition to the normal contingent from the MSRC, to show the flag and talk to the attendees about Vista security. They were mixing with the crowd during the Vista talks and soliciting feedback on the presentations and the security concepts built into the new OS. Jeff Moss, Black Hat's founder, joked during his opening speech that he'd heard a lot of complaints about Microsoft "buying" a track at the conference. "Microsoft didn't buy a track," he assured the crowd, though he did jokingly reference CMP Media LLC's November purchase of Black Hat. "We sold our souls already and you can't sell your soul twice in one year. There's a clause."
We have to make our money back somehow
One of the great things about Black Hat has always been the relative lack of vendor influence. Sure, there were always a few booths set up in the lobby outside the meeting rooms, but most of the vendors seemed more interested in giving away the coolest t-shirts or getting the most people at their parties than pitching their wares. That changed this year, as everyone expected it would, now that the conference is owned by a media conglomerate. Along with a three or four-fold increase in the number of vendor booths, the organizers also added a lounge where attendees could relax between sessions and drink $5.25 bottles of water. Still, the content was widely considered to be as good as ever and the sessions even ran mostly on time, which was a rarity in the old days. And there is still the view of the Caesars pool…which they'll probably find a way to charge for by next year.
'CrackBerrys' get cracked
Attackers aren't spending all of their time on Vista. Some of them also are thinking about ways to exploit devices such as BlackBerrys. Jesse D'Aguanno, a consultant with Praetorian Global, unveiled BBProxy at Black Hat, a hacking program he created that takes advantage of the trust relationship between a BlackBerry and an enterprise's internal server to hijack a network connection. Intrusion detection systems (IDS) deployed at the network perimeter would be useless against this type of exploit, he said, because the data tunnel between the BlackBerry and the server is encrypted. BBProxy must be installed on a BlackBerry or sent to one as an emailed Trojan horse. Once installed, the program causes the BlackBerry to call back to the attacker's system in the background, opening a communications channel between a company's internal network and the attacker. D'Aguanno plans to release BBProxy for download sometime in the next week.
Senior News Writer Bill Brenner contributed to this report.