In this Risk & Repeat podcast, SearchSecurity editors discuss the good and bad news from Black Hat 2016 in Las Vegas, including critical flaws in web protocols.
Now that Black Hat 2016 has come to a close, the Risk & Repeat podcast looks at the highlights and trends of the show, from Apple's bug bounty to critical vulnerabilities in web protocols.
Black Hat 2016 kicked off with a lengthy keynote address from Dan Kaminsky, security researcher, co-founder and chief scientist of White Ops, who encouraged people in the infosec field to cooperate and share knowledge in order to contend with increasingly sophisticated threat actors and attacks. Kaminsky also discussed why it's important for security professionals to "break" systems and software to find weak spots, and preached that playing cybersecurity defense without playing offense is just compliance.
Black Hat 2016 highlights included a highly-touted iOS security session from Ivan Krstić, head of security engineering and architecture at Apple, which introduced Apple's first official bug bounty program, and a presentation on new critical vulnerabilities in web protocols such as HTTP/2. Other top sessions included a presentation on point-of-sale flaws that expose credit card data, including EMC PINs, and a session on trends in DDoS DNS amplification attack patterns.
In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin review the biggest news and most interesting sessions, speakers and trends from Black Hat 2016.
Risk & Repeat: ASN.1 compiler flaw raises concern
Risk & Repeat: Analyzing the httpoxy vulnerability
Risk & Repeat: Catching Pokémon GO security issues