SearchSecurity.com special coverage: Black Hat 2006

By SearchSecurity.com staff 31 Jul 2006 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Featured article

Hackers have knack for beating NAC systems
Black Hat: Network access control systems are widely used by enterprises to remediate client access to internal networks, but experts say many NAC systems can be easily bypassed.

Additional coverage of Black Hat 2006

Black Hat notebook: Flying under the radar
First details on a security vendor in stealth mode, security pros have keen interest in Windows Vista and a new problem looms for BlackBerrys.

Spyware war may be a losing effort, experts say
Black Hat: Spyware is a top concern among security professionals, but experts say there may be no technology that can stop its spread. Instead, the spyware battle may need to be waged on a different front.

RSS, Atom feeds ripe for attack
Black Hat: A researcher demonstrates how RSS and Atom feeds can spread the payload of a zero-day attack. His advice? Subscribe to feeds with care.

Ajax threats worry researchers
Black Hat: While it makes smooth Web applications like Google Maps possible, the rush to adopt Ajax may fuel haphazard development and a feeding frenzy among hackers.

Vendors reject preferential knowledge sharing
Black Hat: While Cisco continues to investigate a potential PIX firewall flaw, it and other vendors say sharing security information quickly and indiscriminately is always the best policy.

In my opinion, database security is riddled with holes and it's the biggest problem we face in IT today. David Litchfield, on database problems being pervasive throughout the industry, Read the story here

Old attack vectors are back in style
Black Hat: Like hip-huggers and tweed, once-popular attack methods like ciphertext manipulation are finding new life as hackers look to cut through well-worn Web applications.

Cisco coping with more Black Hat revelations
Black Hat: Speakers have revealed a Cisco CallManager Express flaw and a proof-of-concept exploit. However, Cisco was notified in advance and had been investigating.

Possible Cisco zero-day threat, exploit revealed
Black Hat Featured Story: Details of an alleged flaw related to SIP and PIX appliances, briefly mentioned in a Wednesday presentation, are being kept under wraps as Cisco and US-CERT investigate.

Wireless cards make notebooks easy targets for hackers
Black Hat: Experts say flawed wireless cards are an industry-wide notebook security problem, thanks to weak device drivers and vendors who ship products without proper testing.

Litchfield: Database security is IT's biggest problem
Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data.

Feds court infosec pros in fight against cybercrime
Black Hat: Federal law enforcement officials hope a more cooperative and less territorial approach will help convince private sector organizations to join the fight against cybercrime.

Brief: Moore releases flaw-finding tool
On the eve of Black Hat, Metasploit Project founder H.D. Moore has released a new tool for finding vulnerabilities in Internet Explorer ActiveX controls, and an updated version of the Metasploit Framework.

Black Hat preview: Spotlight on Vista, new exploits
Researchers will pick apart Windows Vista and shine a light on security holes affecting NAC, VoIP, Web applications and databases at this year's Black Hat USA 2006 gathering.

Cisco may get more unwanted attention at Black Hat
Fifteen new exploits will be detailed at this year's conference, and two of them target NAC and VoIP vulnerabilities in products from Cisco and other vendors (third item).

Would 'Blue Pill' create a matrix for PCs?
This week in Security Blog Log: A researcher creates fake reality for Windows Vista's anti-malware sensors and plans to show it off at Black Hat. Not all bloggers are impressed.

Highlights from Black Hat 2005

Security researcher causes furor by releasing flaw in Cisco Systems IOS
Security researcher Michael Lynn caused quite an opening day buzz at the Black Hat Briefings security conference when he released a potential vulnerability in Cisco Systems' routers that could, if exploited to its potential by a malicious attacker, bring down the entire Internet.

End-users in an uproar over Cisco/ISS suit
Attendees at Black Hat had plenty to say in the wake of Cisco Systems Inc.'s announcement that it issued cease and desist orders to conference organizers and security researcher Michael Lynn, who presented his findings on a serious Cisco IOS flaw patched months ago.

Cisco, Black Hat litigation comes to a close
A litigation nightmare that began Wednesday for security researcher Michael Lynn and Black Hat Briefings organizers came to an end one day later when an agreement was reached Thursday afternoon with Cisco Systems and ISS.

Should Michael Lynn have kept his mouth shut?
One can only imagine what raced through Michael Lynn's mind the moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's controversial Black Hat Briefings presentation.

Information Security magazine interview: Jennifer Granick on 'Ciscogate'
The attorney for Michael Lynn still has plenty to say about responsible vulnerability disclosure.

Tags: Network Access Control Basics,  Virtualization Security Issues and Threats,  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Access Control Basics Security vendors can learn from ConSentry Networks demise Best Network Access Control Products Perimeter defense in the era of the perimeterless network Network access control technology: Over-hyped or underused? Symantec offers endpoint protection management, monitoring services Configuring access control lists What is the difference between a VPN and remote control? Quiz: Endpoint security on a budget Opinion: Gartner gets NAC wrong, again What security software should be installed on Internet café computers? Virtualization Security Issues and Threats Cloud computing data security starts with internal strategy, experts say PCI virtualization SIG closer to proposing changes to standard Security challenges with cloud computing services Secure virtual desktop software enables remote client security Security threats to virtual environments less theoretical, more practical At VMworld 2009, companies focus on virtual desktops for security Security fundamentals remain focus of virtualization deployments How to implement virtual firewalls in a complex network infrastructure How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance Hacker Tools and Techniques: Underground Sites and Hacking Groups Russian cybercriminals target H1N1 Swine Flu fears Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Kerberos  (SearchSecurity.com) masquerade  (SearchSecurity.com) phreak  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary