Black Hat Las Vegas 2008: News, podcasts and videos

The annual Black Hat conference is never boring. Check out the latest news, podcasts and videos direct from Caesars Palace in Las Vegas.


Visit the Black Hat USA 2008 Web site


Initial virtualization costs could outweigh benefits
It could be costly for companies to sort out the new governance, oversight and manageability issues being introduced by virtualized environments.

Analysis tool uses Intel virtualization to hide from malware
The Azure tool uses virtualization extensions in Intel chips to give security researchers the upper hand by avoiding detection from malware.


Nameless Security Podcast: The researcher's-eye view of security
Dino Dai Zovi is the featured guest on the second installment of the Nameless Security Podcast with Dennis Fisher. Dai Zovi is a well-respected researcher whose work on Mac OS X security and virtualization has won him acclaim. He's also the information security officer at a financial service company, and in this podcast he talks about the ways his dual roles intersect, the real problems with virtualization and the highlights of Black Hat 2008.

Security Wire Weekly: Hackers Are People Too
Ashley Schwartau, director of a new documentary Hackers Are People Too, explains the challenges of making a movie about hackers. The documentary looks at the human side of the hacking community. The film debuted at DEFCON 16.

Security Wire Weekly: Kaminsky at Black Hat
Dan Kaminsky gave his Black Hat briefing this week, disclosing full details about the extent of the DNS cache poisoning flaw. Listen to excerpts of his briefing.

Security Squad: Black Hat preview, Pwnie awards
Join the Security Squad for a quick preview of next week's Black Hat briefing in Las Vegas. editors talk about Dan Kaminsky's DNS cache poisoning flaw. The Pwnie award nominees are also reviewed. Which song submission could win? Listen to find out.

Security Wire Weekly: Wireless insecurities
In this special edition of Security Wire Weekly, Karsten Nohl, the security researcher who was part of a team that broke the crypto algorithm in the Mifare Classic RFID-based smart card, talks about his upcoming briefing at the Black Hat briefing in Las Vegas. Nohl, a University of Virgina graduate student talks about how RFID use could improve security in smart cards.

Security Wire Weekly: Infiltrating phishers
Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview of their upcoming Black Hat presentation: "Bad Sushi: Beating Phishers at Their Own Game."

Podcast: Researcher prepares for 'virtualization apocalypse'
Christofer Hoff, chief security architect at Unisys, previews his upcoming Black Hat briefing, "The four horsemen of the virtualization security apocalypse." Hoff says virtualization security could prove to be very costly for companies as they try to sort out the new governance, oversight and manageability issues being introduced by the technology.


Researchers use browser to elude Vista memory protections
Black Hat: Two researchers Thursday will demonstrate how to use Java, ActiveX controls and .NET objects to essentially bypass all the key security safeguards in Windows Vista.

MySpace, Facebook ignoring basic principles of security
Social networking websites MySpace and Facebook present a significant security risk to users, largely because their wide-open application programming interfaces (APIs) are a tempting target for malicious hackers.

Hacking techniques compromise Microsoft Vista heap
Black Hat: Ben Hawkes, an independent researcher, demonstrated several scenarios in which Microsoft Vista can be compromised by hackers via its main storage memory.

Vista functionality still wins over security
A researcher renowned for tinkering with Active X controls tossed a pail of ice water today at Black Hat on the security-first marketing associated with Vista.

Positive changes coming to ModSecurity
A big gap in the popular open source Web application firewall is addressed via a new tool called ModProfiler that establishes a baseline of Web application behavior and feeds that intelligence to ModSecurity.

Researchers develop lightweight Cisco IOS rootkit
Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.

Bluetooth 2.1 is easy to crack
Black Hat: A cryptographer for Aladdin Knowledge Systems says Bluetooth version 2.1, designed to be more secure than previous versions, is actually extremely vulnerable to attackers.

Kaminsky: DNS flaw capable of attacks on many fronts
Network security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems.

Black Hat buzz grows around Vista exploit briefing
According to sources, a pair of researchers Thursday will reveal new ways in which attackers can bypass Windows Vista security features.

Mozilla to release Firefox threat-modeling data
The Mozilla Foundation's security chief says it will soon publicly release threat-modeling data for the next version of the Firefox Web browser.

Microsoft to revamp patching, add exploitability index
Microsoft plans to give some security vendors early access to vulnerability information prior to the patch release.

Hoffman to demonstrate new hacking techniques
Researcher to demonstrate hacking methods that enable malware authors to shield their programs from analysis.

EV SSL certificates won't stop phishers, researchers say
Two researchers call Extended Validation (EV) SSL certificates a Band-Aid approach, and share their research of the phishing underground.

Valuable lesson emerges from DNS flaw handling
Any effort to prevent others in the legitimate security community from working out the problem is a waste of time.

This was last published in July 2008

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.