Black Hat Las Vegas 2008: News, podcasts and videos

The annual Black Hat conference is never boring. Check out the latest news, podcasts and videos direct from Caesars Palace in Las Vegas.

Visit the Black Hat USA 2008 Web site

Initial virtualization costs could outweigh benefits
It could be costly for companies to sort out the new governance, oversight and manageability issues being introduced by virtualized environments.

Analysis tool uses Intel virtualization to hide from malware
The Azure tool uses virtualization extensions in Intel chips to give security researchers the upper hand by avoiding detection from malware.

PODCASTS

Nameless Security Podcast: The researcher's-eye view of security
Dino Dai Zovi is the featured guest on the second installment of the Nameless Security Podcast with Dennis Fisher. Dai Zovi is a well-respected researcher whose work on Mac OS X security and virtualization has won him acclaim. He's also the information security officer at a financial service company, and in this podcast he talks about the ways his dual roles intersect, the real problems with virtualization and the highlights of Black Hat 2008.

Security Wire Weekly: Hackers Are People Too
Ashley Schwartau, director of a new documentary Hackers Are People Too, explains the challenges of making a movie about hackers. The documentary looks at the human side of the hacking community. The film debuted at DEFCON 16.

Security Wire Weekly: Kaminsky at Black Hat
Dan Kaminsky gave his Black Hat briefing this week, disclosing full details about the extent of the DNS cache poisoning flaw. Listen to excerpts of his briefing.

Security Squad: Black Hat preview, Pwnie awards
Join the Security Squad for a quick preview of next week's Black Hat briefing in Las Vegas. SearchSecurity.com editors talk about Dan Kaminsky's DNS cache poisoning flaw. The Pwnie award nominees are also reviewed. Which song submission could win? Listen to find out.

Security Wire Weekly: Wireless insecurities
In this special edition of Security Wire Weekly, Karsten Nohl, the security researcher who was part of a team that broke the crypto algorithm in the Mifare Classic RFID-based smart card, talks about his upcoming briefing at the Black Hat briefing in Las Vegas. Nohl, a University of Virgina graduate student talks about how RFID use could improve security in smart cards.

Security Wire Weekly: Infiltrating phishers
Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview of their upcoming Black Hat presentation: "Bad Sushi: Beating Phishers at Their Own Game."

Podcast: Researcher prepares for 'virtualization apocalypse'
Christofer Hoff, chief security architect at Unisys, previews his upcoming Black Hat briefing, "The four horsemen of the virtualization security apocalypse." Hoff says virtualization security could prove to be very costly for companies as they try to sort out the new governance, oversight and manageability issues being introduced by the technology.

TOP STORIES

Researchers use browser to elude Vista memory protections
Black Hat: Two researchers Thursday will demonstrate how to use Java, ActiveX controls and .NET objects to essentially bypass all the key security safeguards in Windows Vista.

MySpace, Facebook ignoring basic principles of security
Social networking websites MySpace and Facebook present a significant security risk to users, largely because their wide-open application programming interfaces (APIs) are a tempting target for malicious hackers.

Hacking techniques compromise Microsoft Vista heap
Black Hat: Ben Hawkes, an independent researcher, demonstrated several scenarios in which Microsoft Vista can be compromised by hackers via its main storage memory.

Vista functionality still wins over security
A researcher renowned for tinkering with Active X controls tossed a pail of ice water today at Black Hat on the security-first marketing associated with Vista.

Positive changes coming to ModSecurity
A big gap in the popular open source Web application firewall is addressed via a new tool called ModProfiler that establishes a baseline of Web application behavior and feeds that intelligence to ModSecurity.

Researchers develop lightweight Cisco IOS rootkit
Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.

Bluetooth 2.1 is easy to crack
Black Hat: A cryptographer for Aladdin Knowledge Systems says Bluetooth version 2.1, designed to be more secure than previous versions, is actually extremely vulnerable to attackers.

Kaminsky: DNS flaw capable of attacks on many fronts
Network security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems.

Black Hat buzz grows around Vista exploit briefing
According to sources, a pair of researchers Thursday will reveal new ways in which attackers can bypass Windows Vista security features.

Mozilla to release Firefox threat-modeling data
The Mozilla Foundation's security chief says it will soon publicly release threat-modeling data for the next version of the Firefox Web browser.

Microsoft to revamp patching, add exploitability index
Microsoft plans to give some security vendors early access to vulnerability information prior to the patch release.

Hoffman to demonstrate new hacking techniques
Researcher to demonstrate hacking methods that enable malware authors to shield their programs from analysis.

EV SSL certificates won't stop phishers, researchers say
Two researchers call Extended Validation (EV) SSL certificates a Band-Aid approach, and share their research of the phishing underground.

Valuable lesson emerges from DNS flaw handling
Any effort to prevent others in the legitimate security community from working out the problem is a waste of time.

This was last published in July 2008

Dig Deeper on Security industry market trends, predictions and forecasts

Risk & Repeat: Highlights and lowlights from Black Hat 2016 In this Risk & Repeat podcast, SearchSecurity editors discuss the good and bad news from Black Hat 2016 in Las Vegas, including critical flaws in web protocols.

Black Hat 2012: Dan Kaminsky tackles secure software development Security researcher Dan Kaminsky’s annual "black ops" talk at Black Hat 2012 focused improving secure software development with better code.

Black Hat 2011: Dan Kaminsky reveals network security research topics Noted researcher Dan Kaminsky presented his latest network security research topics, including vulnerabilities in P2P networks, UPNP and home routers.

ICANN announces DNSSEC deployment to root Internet servers Announced at this week's Black Hat Briefings, root servers and Internet domains have now been signed with DNSSEC.

DoD urges less network anonymity, more PKI use U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates..

Black Hat Las Vegas 2008: News, podcasts and videos

The annual Black Hat conference is never boring. Check out the latest news, podcasts and videos direct from Caesars Palace in Las Vegas.

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Benefits of using Azure Security Center for security assessments

Use Azure Security Center to conduct a security posture assessment

How container adoption affects container security

SearchNetworking

Juniper Mist roadmap includes SD-WAN, security integrations

Why Secure Access Service Edge is the future of SD-WAN

5 common SD-WAN challenges and how to prepare for them

SearchCIO

Don't let edge computing security concerns derail your plans

Risk-based digital identity benefits CIOs, CMOs and customers

Agile practices endure and continue to adapt

SearchEnterpriseDesktop

4 ways to fix Windows 10 boot problems

When not to convert basic disks to dynamic disks

Project Limitless' 5G PC and what desktop admins need to know

SearchCloudComputing

Save money on instances with these cloud discounts

Google joins bare-metal cloud fray

Google boosts VMware public cloud support with CloudSimple buy

ComputerWeekly.com

Senators raise questions over Facebook’s monitoring of phone users’ locations

Extreme stretches datacentre fabric with added automation

NHSX seeks chief information officer

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.