Black Hat Las Vegas 2008: News, podcasts and videos

The annual Black Hat conference is never boring. Check out the latest news, podcasts and videos direct from Caesars Palace in Las Vegas.

Visit the Black Hat USA 2008 Web site

Initial virtualization costs could outweigh benefits
It could be costly for companies to sort out the new governance, oversight and manageability issues being introduced by virtualized environments.

Analysis tool uses Intel virtualization to hide from malware
The Azure tool uses virtualization extensions in Intel chips to give security researchers the upper hand by avoiding detection from malware.

PODCASTS

Nameless Security Podcast: The researcher's-eye view of security
Dino Dai Zovi is the featured guest on the second installment of the Nameless Security Podcast with Dennis Fisher. Dai Zovi is a well-respected researcher whose work on Mac OS X security and virtualization has won him acclaim. He's also the information security officer at a financial service company, and in this podcast he talks about the ways his dual roles intersect, the real problems with virtualization and the highlights of Black Hat 2008.

Security Wire Weekly: Hackers Are People Too
Ashley Schwartau, director of a new documentary Hackers Are People Too, explains the challenges of making a movie about hackers. The documentary looks at the human side of the hacking community. The film debuted at DEFCON 16.

Security Wire Weekly: Kaminsky at Black Hat
Dan Kaminsky gave his Black Hat briefing this week, disclosing full details about the extent of the DNS cache poisoning flaw. Listen to excerpts of his briefing.

Security Squad: Black Hat preview, Pwnie awards
Join the Security Squad for a quick preview of next week's Black Hat briefing in Las Vegas. SearchSecurity.com editors talk about Dan Kaminsky's DNS cache poisoning flaw. The Pwnie award nominees are also reviewed. Which song submission could win? Listen to find out.

Security Wire Weekly: Wireless insecurities
In this special edition of Security Wire Weekly, Karsten Nohl, the security researcher who was part of a team that broke the crypto algorithm in the Mifare Classic RFID-based smart card, talks about his upcoming briefing at the Black Hat briefing in Las Vegas. Nohl, a University of Virgina graduate student talks about how RFID use could improve security in smart cards.

Security Wire Weekly: Infiltrating phishers
Security researchers Billy Rios and Nitesh Dhanjani explain how they infiltrated the phishing underground in a preview of their upcoming Black Hat presentation: "Bad Sushi: Beating Phishers at Their Own Game."

Podcast: Researcher prepares for 'virtualization apocalypse'
Christofer Hoff, chief security architect at Unisys, previews his upcoming Black Hat briefing, "The four horsemen of the virtualization security apocalypse." Hoff says virtualization security could prove to be very costly for companies as they try to sort out the new governance, oversight and manageability issues being introduced by the technology.

TOP STORIES

Researchers use browser to elude Vista memory protections
Black Hat: Two researchers Thursday will demonstrate how to use Java, ActiveX controls and .NET objects to essentially bypass all the key security safeguards in Windows Vista.

MySpace, Facebook ignoring basic principles of security
Social networking websites MySpace and Facebook present a significant security risk to users, largely because their wide-open application programming interfaces (APIs) are a tempting target for malicious hackers.

Hacking techniques compromise Microsoft Vista heap
Black Hat: Ben Hawkes, an independent researcher, demonstrated several scenarios in which Microsoft Vista can be compromised by hackers via its main storage memory.

Vista functionality still wins over security
A researcher renowned for tinkering with Active X controls tossed a pail of ice water today at Black Hat on the security-first marketing associated with Vista.

Positive changes coming to ModSecurity
A big gap in the popular open source Web application firewall is addressed via a new tool called ModProfiler that establishes a baseline of Web application behavior and feeds that intelligence to ModSecurity.

Researchers develop lightweight Cisco IOS rootkit
Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.

Bluetooth 2.1 is easy to crack
Black Hat: A cryptographer for Aladdin Knowledge Systems says Bluetooth version 2.1, designed to be more secure than previous versions, is actually extremely vulnerable to attackers.

Kaminsky: DNS flaw capable of attacks on many fronts
Network security researcher Dan Kaminsky outlined more than a dozen ways the DNS cache poisoning flaw could be exploited by an attacker to wreak havoc on vulnerable systems.

Black Hat buzz grows around Vista exploit briefing
According to sources, a pair of researchers Thursday will reveal new ways in which attackers can bypass Windows Vista security features.

Mozilla to release Firefox threat-modeling data
The Mozilla Foundation's security chief says it will soon publicly release threat-modeling data for the next version of the Firefox Web browser.

Microsoft to revamp patching, add exploitability index
Microsoft plans to give some security vendors early access to vulnerability information prior to the patch release.

Hoffman to demonstrate new hacking techniques
Researcher to demonstrate hacking methods that enable malware authors to shield their programs from analysis.

EV SSL certificates won't stop phishers, researchers say
Two researchers call Extended Validation (EV) SSL certificates a Band-Aid approach, and share their research of the phishing underground.

Valuable lesson emerges from DNS flaw handling
Any effort to prevent others in the legitimate security community from working out the problem is a waste of time.

This was last published in July 2008

Black Hat Las Vegas 2008: News, podcasts and videos

The annual Black Hat conference is never boring. Check out the latest news, podcasts and videos direct from Caesars Palace in Las Vegas.

Dig Deeper on Security industry market trends, predictions and forecasts

Risk & Repeat: Highlights and lowlights from Black Hat 2016

Black Hat 2012: Dan Kaminsky tackles secure software development

Black Hat 2011: Dan Kaminsky reveals network security research topics

ICANN announces DNSSEC deployment to root Internet servers

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Lyft's open source asset tracking tool simplifies security

5 steps to a secure cloud control plane

3 steps to prepare IT operations for multi-cloud

SearchNetworking

Network device discovery best practices -- other than ping sweeps

5G vs. Wi-Fi: Verizon says cellular will win

Gartner WAN edge Magic Quadrant offers buying advice

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

What is the state of CIO tenure today?

The evolution of RPA, from macros to process transformation

SearchEnterpriseDesktop

New Ivanti CEO plans to stay close to the customer

With support for Windows 7 ending, a look back at the OS

Image-level methods for Windows application deployment

SearchCloudComputing

AWS multi-account management best practices with Control Tower

Beat vendor lock-in with a cloud exit strategy

Google Cloud support premium tier woos enterprise customers

ComputerWeekly.com

IR35 private sector reforms: Recruitment industry urges chancellor to halt April 2020 roll-out

Mixing it up: Cloud and datacentre in the new world of IT

Infographic: Gartner 2020 IT spending forecast