Black Hat conference coverage 2009: News, podcasts and videos

The team is live at the 2009 Black Hat conference. Look here for the latest headlines, interviews, podcasts and videos from Caesars Palace in Las Vegas.

Black Hat Conference 2009

Researchers say search, seizure protection may not apply to SaaS data
Researchers examining cloud computing security issues presented a number of technical and legal hurdles that Software as a Service users could face.


Mozilla security chief on Firefox improvements
Mozilla's "human shield" Johnathan Nightingale discusses Firefox browser privacy and security issues at the recent Black Hat briefings in Las Vegas. Nightingale talks about automated patching and Mozilla's security processes.

Vulnerability mitigation study shows need for faster patching
Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle. A Qualys study of dynamics in the vulnerability lifecycle shows administrators are not paying enough attention to application bugs. The study sampled 104 million vulnerability scans made during 2008, resulting in the discovery of 680 million flaws.

Researchers demonstrate MMS message spoof at Black Hat
In a video from Black Hat 2009, researchers Zane Lackey and Luis Miras demonstrate their ability to spoof MMS messages and falsify the signaling data that underlies these messages. The attack works on GSM-based networks used by carriers like AT&T and T-Mobile.

WASC Web Honeypot Project enters next phase
Ryan Barnett of Breach Security Inc. and leader of the Web Application Security Consortium (WASC) Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data. Formally called the Distributed Open Proxy Honeypot Project, in phase three it will be will more widely deployed, adding more participants and analytics. The Honeypot Project uses the open source mod_security Web application firewall (WAF) to monitor, identify and report the attack traffic.

Black Hat 2009: Researchers converge; Conficker update
Michael Mimoso, editor of Information Security magazine and Robert Westervelt, news editor of discuss what to expect at this year's Black hat conference. Also, listen to an interview with Mikko H. Hyppönen of F-Secure. Hyppönen plans to give an update on Conficker during a presentation at Black Hat.

Squad: TJX, Black Hat and Social Security numbers
The editors discuss TJX's settlement with 41 states over its data breach, Juniper's decision to pull a Black Hat presentation and whether our Social Security numbers are at risk.

MMS messaging spoof hack could have global ramifications
Researchers have figured out a way to spoof sender numbers, bypass carrier protections and trick mobile devices to pull content from an attacker's server. This would leave users vulnerable to phishing attacks and other scams.

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat
Researcher Dan Kaminsky returned to Black Hat with new research on X.509 certificates, explaining an attack method that could enable malicious hackers to spoof legitimate SSL certificates.

DoD urges less network anonymity, more PKI use
U.S. Department of Defense CISO Robert Lentz went down a laundry list of security technologies needed to protect both private and government networks from cybercriminals. The age of anonymity on networks needs to come to a close to improve national cybersecurity, Lentz said at Black Hat 2009.

Machiavelli Mac OS X rootkit unveiled at Black Hat
Researcher Dino Dai Zovi presented details on a rootkit called Machiavelli he developed for the Mac OS X that uses Mach remote procedure calls to make kernel calls, and create kernel threads and tasks.

New Cisco IOS bugs pose tempting targets, says Black Hat researcher
At Black Hat, security researcher Felix "FX" Lindner detailed Cisco IOS router flaws, saying VoIP implementations, basic coding within the devices and few router security features have made them an increasingly attractive target.

Microsoft kill-bits, browser plug-ins pose big risks, say Black Hat researchers
Researchers at Black Hat say complex interoperability flaws affect browser plug-ins that transmit data between different components of an OS. The holes could be exploited to gain access to a system.

Expert: Information security spending often restricts innovation
In the opening keynote at the Black Hat USA 2009 conference, a former Google executive urged security pros to stop spending money on technologies that place restrictions on employees and instead empower end users to be security aware.

Black Hat presenters to showcase smart grid security risks
While the smart grid is expected to increase efficiencies and reduce power consumption, some utility companies are rolling out smart grid devices that could be targeted by attackers.

Microsoft to issue security report card, new tool at Black Hat
In addition to updating the public on its new security programs, the software giant is issuing a guide outlining its patching process and how to assess vulnerability data.

Microsoft issues emergency Active Template Library updates
An IE fix also blocks a method being demonstrated at Black Hat that allows attackers to bypass ActiveX killbits.

Hackers to award most over-hyped bug, epic fail
The annual Black Hat hackers' conference will include an informal award ceremony recognizing security industry failures and over-hyped bugs.

Kaminsky interview: DNSSEC addresses cross-organizational trust and security
A year since his serious DNS cache poisoning bug was made public, security researcher Dan Kaminsky advocates for widespread DNSSEC deployments.

Researchers to demonstrate new EV SSL man-in-the-middle hacks
Security researchers Alexander Sotirov and Mike Zusman will demonstrate new offline man-in-the-middle hacks against extended validation SSL certificates.

Conficker authors prepping for next stage, researcher says
The Conficker worm authors have a vast army of zombie machines at their disposal. So far the botnet remains dormant, but one researcher will show at Black Hat that it could awaken.

Juniper pulls ATM hacking presentation from Black Hat
A Juniper Networks Inc. security researcher planned to demonstrate a hacking technique targeting the underlying software of a new ATM.

Security researchers develop browser-based darknet
Billy Hoffman, manager for HP Security Labs at HP Software, and Matt Wood, senior security researcher in HP's Web Security Research Group, plan to demonstrate a new browser-based technique that bypasses traditional ways of setting up a darknet.

Black Hat Las Vegas 2008: Special news coverage
For a look back at last year's event, check out news, features and podcasts from's special coverage of Black Hat Las Vegas 2008.

Researchers at the 2009 Black Hat conference in Las Vegas will no doubt demonstrate today's emerging security threats, including EV SSL man-in-the-middle hacks and the next phase of the Conficker worm. and Information Security magazine editors are live in Las Vegas and ready to talk to today's security experts about the cutting-edge threats that you'll need to prepare for. Look here for the biggest headlines, interviews and rumors, as well as videos, podcasts and more.

This was last published in July 2009

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.