Security researchers around the globe will convene next week in Las Vegas for the annual Black Hat/Defcon conference. As usual, researchers will unveil a number of new exploit methods, vulnerabilities and proof-of-concepts that are sure to raise a few eyebrows within the infosec community. Read on for some of the more-anticipated exploits and the people who will reveal them.
EV SSL Exploits A vulnerability in the way browsers handle Extended Validation SSL render the costly certs pretty darned useless until browser developers fix it. Researchers will show off a tool that leverages low assurance certificates to spoof the ‘green glow’ of EV SSL in browser bars.
Relevant Session Breaking the security myths of Extended Validation SSL Certificates Alexander Sotirov, Mike Zusman
Smart Grid Slip-Ups Smart Grid technology has the potential to help us greatly improve the efficiency of our power infrastructure—but with added connectivity comes added risks. Two different researchers will present exploits of Smart Grid technologies at the show this year.
Relevant Sessions Recoverable Advanced Metering Infrastructure Mike Davis Hacking the Smart Grid Tony Flick
Dan Kaminsky Update Dan Kaminsky made waves last year with his highly publicized presentation on DNS cache poisoning. He’s scheduled to present a mystery topic this year—"Something about network security," say Black Hat organizers.
Relevant Session Something about Network Security Dan Kaminsky
Thunder Clouds Did you know that it is possible for someone to attack the host on a virtualized server via a vulnerable guest machine? That’s why so many CIOs are so skittish about migrating to the cloud—their neighbors’ problems can easily become their own. Multiple presenters will offer their virtualization and cloud exploits this year.
Relevant Sessions: Cloudburst: Hacking 3D (and Breaking Out of VMware) Kostya Kortchinsky Clobbering the Cloud! Haroon Meer, Nick Arvanitis, Marco Slaviero Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade Alex Stamos, Andrew Becherer, Nathan Wilcox
Oracle Oops Metasploit creator Chris Gates will bring order to the world of Oracle exploits in his demonstration of a new framework for leveraging his pentest program to break Oracle in a very methodical way.
Relevant Session Breaking the "Unbreakable" Oracle with Metasploit Chris Gates
SSN Guessing Game Social Security Numbers just got a whole lot less secure with the discovery of one enterprising researcher, who’s found an algorithmic method for guessing an individual’s SSN based on their place and date of birth.
Relevant Session I Just Found 10 Million SSN's Alessandro Acquisti
Mac Mania Apple fanboys are pretty smug in their sense of security superiority, but it’s all unfounded. This year’s Black Hat lineup includes several presentations on how to exploit Mac vulnerabilities (yes, they’re there!)
Relevant Sessions Advanced Mac OS X Rootkits Dino Dai Zovi Macsploitation with Metasploit Dino Dai Zovi
Darknet Details Going ‘off-the-grid’ on a private and anonymous darknet may become a whole lot easier with the unveiling of a new proof-of-concept, browser-based darknet technology developed by researchers with HP.
Relevant Session Veiled: A Browser-based Darknet Billy Hoffman, Matt Wood
See All Slideshows
