8 Black Hat Breakthroughs

Security - Channel Insider

Empowering the next generation Channel

Home

Security

8 Black Hat Breakthroughs

By Ericka Chickowski on 2009-07-24

Security researchers around the globe will convene next week in Las Vegas for the annual Black Hat/Defcon conference. As usual, researchers will unveil a number of new exploit methods, vulnerabilities and proof-of-concepts that are sure to raise a few eyebrows within the infosec community. Read on for some of the more-anticipated exploits and the people who will reveal them.

by Ericka Chickowski

EV SSL Exploits

A vulnerability in the way browsers handle Extended Validation SSL render the costly certs pretty darned useless until browser developers fix it. Researchers will show off a tool that leverages low assurance certificates to spoof the ‘green glow’ of EV SSL in browser bars.

Relevant Session
Breaking the security myths of Extended Validation SSL Certificates
Alexander Sotirov, Mike Zusman

Smart Grid Slip-Ups

Smart Grid technology has the potential to help us greatly improve the efficiency of our power infrastructure—but with added connectivity comes added risks. Two different researchers will present exploits of Smart Grid technologies at the show this year.

Relevant Sessions
Recoverable Advanced Metering Infrastructure
Mike Davis
Hacking the Smart Grid
Tony Flick

Dan Kaminsky Update

Dan Kaminsky made waves last year with his highly publicized presentation on DNS cache poisoning. He’s scheduled to present a mystery topic this year—"Something about network security," say Black Hat organizers.

Relevant Session
Something about Network Security
Dan Kaminsky

Thunder Clouds

Did you know that it is possible for someone to attack the host on a virtualized server via a vulnerable guest machine? That’s why so many CIOs are so skittish about migrating to the cloud—their neighbors’ problems can easily become their own. Multiple presenters will offer their virtualization and cloud exploits this year.

Relevant Sessions:
Cloudburst: Hacking 3D (and Breaking Out of VMware)
Kostya Kortchinsky
Clobbering the Cloud!
Haroon Meer, Nick Arvanitis, Marco Slaviero
Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade
Alex Stamos, Andrew Becherer, Nathan Wilcox

Oracle Oops

Metasploit creator Chris Gates will bring order to the world of Oracle exploits in his demonstration of a new framework for leveraging his pentest program to break Oracle in a very methodical way.

Relevant Session
Breaking the "Unbreakable" Oracle with Metasploit
Chris Gates

SSN Guessing Game

Social Security Numbers just got a whole lot less secure with the discovery of one enterprising researcher, who’s found an algorithmic method for guessing an individual’s SSN based on their place and date of birth.

Relevant Session
I Just Found 10 Million SSN's
Alessandro Acquisti

Mac Mania

Apple fanboys are pretty smug in their sense of security superiority, but it’s all unfounded. This year’s Black Hat lineup includes several presentations on how to exploit Mac vulnerabilities (yes, they’re there!)

Relevant Sessions
Advanced Mac OS X Rootkits
Dino Dai Zovi
Macsploitation with Metasploit
Dino Dai Zovi

Darknet Details

Going ‘off-the-grid’ on a private and anonymous darknet may become a whole lot easier with the unveiling of a new proof-of-concept, browser-based darknet technology developed by researchers with HP.

Relevant Session
Veiled: A Browser-based Darknet
Billy Hoffman, Matt Wood

Recent Slideshows

See All Slideshows

Sponsored Links

Get up and running in as quickly as 30 days with BI. Learn how today.

FREE Securing Smartphones & Tablets for Dummies Book from Sophos

5 New Technologies That Will Change Enterprise IT

Build an IT Infrastructure That Delivers the Future

CHANNEL RESOURCE CENTER

Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking.
Learn More

WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace.
Click Here

New Technologies That Will Change Enterprise Computing

Check out our top five picks for technologies that will change the game in enterprise computing.
Learn More

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
Complementary Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 9

8 Black Hat Breakthroughs