New attacks and vulnerability trends highlighted at Black Hat

By Shawna McAlearney, News Writer 28 Jul 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

LAS VEGAS -- Nearly 2,000 hackers of all stripes are expected at the 8th Annual Black Hat Briefings USA this week. Presentations beginning today will analyze vulnerabilities, zero-day code, phishing and secure wireless deployment, among many other topics.

According to conference organizer Jeff Moss, this year's event will demonstrate three significant exploits, 20 new freeware releases and new research on almost 50 topics. This year's focus will be on application security.

"The Black Hat Briefings have become the place where first demonstrations of relevant issues are discussed in the security industry," Jack Holleran, former technical director of the National Computer Security Center at the NSA, said in a statement. "This is where researchers unveil information that pushes the entire industry forward."

The two-day conference, which precedes the better known DEFCON, will offer a number of ground-breaking sessions, including:

• Phillip Hallam-Baker, principal scientist of VeriSign, presenting "Phishing: Committing Fraud in Public," on new research that tracks organized crime through forensics and data trending.



• Joseph Ansanelli, CEO of Vontu, and Mary Ann Davidson, CSO of Oracle, presenting "The Black Hat Hearings" on protecting customer data, followed by a question and answer session with privacy experts from Motorola, In-QTel and Informed Security.



• JD Glaser, founder of NT Objectives, on "Hacking with Executives," including new research, freeware and panel discussion with executives from VeriSign, Siebel and Safeway on the connection between banks and corporate networks where fraud and financial information leaks takes place.



• Peter Silberman and Richard Johnson, iDefense security engineers, releasing a new exploit and tool on buffer-overflow prevention. This presentation will focus on the most commonly exploited software vulnerability in the security world and include the first public discussion of available third-party buffer overflow prevention software for the Windows operating system.



• Gerhard Eschelbeck, CTO of Qualys, presenting "The Laws of Vulnerabilities for Internal Networks" based on research derived from real-world vulnerability data.

"This is an extension of Gerhard's popular talk from last year, this time focusing on internal vulnerability trends," said Moss. "I haven't seen a whole lot of statistics based on internal attack data, so I'm hoping his presentation will shed light about what's going on.

"This year, attendees will be able to play with Paul Wouters' unique WaveSEC deployment, the first wireless network I would consider using in my own home or office," added Moss. "On the more controversial side, David Litchfield will release zero-day code exposing a never before seen security flaw."

Tags: Security Industry Market Trends, Predictions and Forecasts,  Wireless LAN Design and Setup,  Handheld and Mobile Device Security Best Practices,  Vulnerability Risk Assessment,  Application Attacks (Buffer Overflows, Cross-Site Scripting),  Email and Messaging Threats (spam, phishing, instant messaging),  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Industry Market Trends, Predictions and Forecasts Schneier-Ranum face-off, part1: The future of information security Cybersecurity grant to fund research into critical infrastructure threats Hackers to sharpen malware, malicious software in 2010 Part 1: Marcus Ranum on the state of information security Part 2: Marcus Ranum on the state of information security Part 4: Marcus Ranum on the state of information security Part 3: Marcus Ranum on the state of information security Part 5: Marcus Ranum on the state of information security Layoffs prompt insider threat fears, cybersecurity survey finds Healthcare security spending remains sluggish, report shows Security Industry Market Trends, Predictions and Forecasts Research Wireless LAN Design and Setup Wireless network guidelines for PCI DSS compliance Best Wireless Security Products How to prevent wireless DoS attacks Lesson 4 quiz: How to use wireless IPS Wireless intrusion prevention systems: Overlay vs. embedded sensors Rogue AP containment methods How to monitor WLAN performance with WIPS The role of VPN in an enterprise wireless network Wireless AP placement basics Lesson 3 quiz: Who goes there? Wireless LAN Design and Setup Research Handheld and Mobile Device Security Best Practices Screencast: Find rogue wireless acess points with Vistumbler Secure your remote users in 2010 Researchers find thousands of flawed embedded devices Best Mobile Data Security Products Should Windows Mobile updates come from Microsoft? MMS messaging spoof hack could have global ramifications How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Handheld and Mobile Device Security Best Practices Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter body scanning  (SearchSecurity.com) marketecture  (SearchSecurity.com) NCSA  (SearchSecurity.com) Palladium  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary