New attacks and vulnerability trends highlighted at Black Hat

By Shawna McAlearney, News Writer 28 Jul 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

LAS VEGAS -- Nearly 2,000 hackers of all stripes are expected at the 8th Annual Black Hat Briefings USA this week. Presentations beginning today will analyze vulnerabilities, zero-day code, phishing and secure wireless deployment, among many other topics.

According to conference organizer Jeff Moss, this year's event will demonstrate three significant exploits, 20 new freeware releases and new research on almost 50 topics. This year's focus will be on application security.

"The Black Hat Briefings have become the place where first demonstrations of relevant issues are discussed in the security industry," Jack Holleran, former technical director of the National Computer Security Center at the NSA, said in a statement. "This is where researchers unveil information that pushes the entire industry forward."

The two-day conference, which precedes the better known DEFCON, will offer a number of ground-breaking sessions, including:

• Phillip Hallam-Baker, principal scientist of VeriSign, presenting "Phishing: Committing Fraud in Public," on new research that tracks organized crime through forensics and data trending.



• Joseph Ansanelli, CEO of Vontu, and Mary Ann Davidson, CSO of Oracle, presenting "The Black Hat Hearings" on protecting customer data, followed by a question and answer session with privacy experts from Motorola, In-QTel and Informed Security.



• JD Glaser, founder of NT Objectives, on "Hacking with Executives," including new research, freeware and panel discussion with executives from VeriSign, Siebel and Safeway on the connection between banks and corporate networks where fraud and financial information leaks takes place.



• Peter Silberman and Richard Johnson, iDefense security engineers, releasing a new exploit and tool on buffer-overflow prevention. This presentation will focus on the most commonly exploited software vulnerability in the security world and include the first public discussion of available third-party buffer overflow prevention software for the Windows operating system.



• Gerhard Eschelbeck, CTO of Qualys, presenting "The Laws of Vulnerabilities for Internal Networks" based on research derived from real-world vulnerability data.

"This is an extension of Gerhard's popular talk from last year, this time focusing on internal vulnerability trends," said Moss. "I haven't seen a whole lot of statistics based on internal attack data, so I'm hoping his presentation will shed light about what's going on.

"This year, attendees will be able to play with Paul Wouters' unique WaveSEC deployment, the first wireless network I would consider using in my own home or office," added Moss. "On the more controversial side, David Litchfield will release zero-day code exposing a never before seen security flaw."

Tags: Security Industry Market Trends, Predictions and Forecasts,  Wireless LAN Design and Setup,  Handheld and Mobile Device Security Best Practices,  Vulnerability Risk Assessment,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Email and Messaging Threats (spam, phishing, instant messaging),  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts Cybersecurity czar candidate questions clout of new position Gartner sees better days ahead for security budgets Sophos CEO on Symantec, McAfee after Utimaco acquisition WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Security budgets take hit in media, tech industry, survey finds Cybersecurity Act of 2009: Power grab, or necessary step? Opinion: Gartner gets NAC wrong, again Cloud computing security group releases report outlining trouble areas White House cybersecurity advisor calls for public-private cooperation Security Industry Market Trends, Predictions and Forecasts Research Wireless LAN Design and Setup A list of wireless network attacks Wireless Security Lunchtime Learning An introduction to wireless security Hunting for rogue wireless devices A wireless network vulnerability assessment checklist Lesson 1: How to counter wireless threats and vulnerabilities Risky Business: Understanding WiFi threats Wireless Security Lunchtime Learning Entrance Exam Lesson 1 quiz: Risky business Study reveals lack of financial wireless computer security Wireless LAN Design and Setup Research Handheld and Mobile Device Security Best Practices Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Apple iPhone app could boost two-factor What Obama's Blackberry means for mobile device security SMS mobile worm attacks Symbian smartphones Smartphone security lacking at many businesses Handheld and Mobile Device Security Best Practices Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary