[ISN] Black Hat 'supersizes' in Las Vegas

From: InfoSec News (alerts@private)
Date: Mon Jul 30 2007 - 22:23:19 PDT


http://news.com.com/Black+Hat+supersizes+in+Las+Vegas/2100-7355_3-6199338.html

By Robert Vamosi
Special to CNET News.com
July 30, 2007

LAS VEGAS -- The 11th annual Black Hat security conference will occupy 
more space at Caesar's Palace this year in order to accommodate more 
people, more topics, and, of course, more controversy.

The conference kicked off over the weekend, starting with four days of 
topic-specific training, before concluding Wednesday and Thursday with 
two days of public sessions.

If past conferences are any guide, expect the overall total attendance 
to be more than last year. With that in mind, Black Hat is expanding its 
footprint within the Caesar's Palace resort here.

But count out at least one prospective attendee. On Sunday, Thomas 
Dullien, CEO of the German company Sabre Security, reported in his 
personal blog that he had been denied entry to the U.S. for reasons 
having to do with H-1B visa regulations. He says that U.S. Customs 
officials detained him over material he was carrying to Black Hat in 
order to teach what was billed as an "intense course encompassing binary 
analysis, reverse engineering and bug finding."

A larger conference means not one but two keynote addresses. One is from 
Richard Clarke, President Bush's former special adviser on cyberspace 
security. Clarke, whose 2002 Black Hat keynote speech stated that 
software vendors and Internet providers must share the blame for 
malicious software, is now with Good Harbor Security. This year, he will 
talk about those "who seek truth through science, even when the powerful 
try to suppress it." The other keynote speaker will be Tony Sager, 
vulnerability chief of the National Security Agency, who will talk about 
creating government security standards while working with commercial 
vendors.

Unlike last year, when Microsoft hosted an entire series of sessions 
focusing on the yet-to-be released Windows Vista platform, there will be 
no similar tracks offered this year. Returning tracks include sessions 
on voice services security, forensics, hardware, zero-day attacks and 
zero-day defenses. New tracks include operating system kernels, 
application security, reverse engineering, fuzzing and the testing of 
application security.

But it's the individual sessions that could get heated.

Several presenters are familiar to Black Hat attendees and not without 
controversy. Neal Krawetz is returning to tackle image forensics, 
showing how to peel back the layers to find less-than-obvious 
manipulation; Dan Kaminsky is presenting his annual Black Ops survey; 
and Phil Zimmerman is returning to talk once again about his vision of a 
secure telephone for the Internet, called the Z Phone.

Meanwhile, Jeremiah Grossman will talk more about "Hacking Intranet 
Websites from the Outside (Take 2)--Fun with and without JavaScript 
malware", and Billy Hoffman will team with Brian Sullivan to discuss 
"Ajax-ulation," a talk about building a secure Ajax-laden Travel Web 
site.

The talk "Breaking Forensics" is already controversial. iSec researchers 
Chris Palmer, Tim Newsham and Alex Stamos have stated they've found up 
to six vulnerabilities within Guidance Software EnCase, a digital 
forensics program used primarily by government and law enforcement, 
prompting swift denials from the company.

Also controversial is Joanna Rutkowska, whose presentation last year 
drew a standing ovation from the crowd. This time, Rutkowska is 
appearing alongside Alexander Tereshkin to talk about methods for 
compromising the Vista x64 kernel. Luis Miras will reprise a talk he 
gave this past spring at CanSecWest on hacking peripheral devices such 
as mice and pointers.

In the evening, there will a mock hacker trial presided over by a real 
judge, and a talk by security researcher Johnny Long titled "No-tech 
Hacking"--and that's all just within the first day.

On Thursday, there will be only one keynote speaker, Bruce Schneier, who 
will talk about the psychology of security. Then David Maynor, who last 
year presented an Apple wireless flaw, will return with "tips your 
security vendor doesn't want you to know." Mozilla's Window Snyder and 
Mike Shaver will introduce new tools to fuzz browsers as well as talk 
about the security features expected in Firefox 3 due later this fall.

Also, Hoffman will give a second talk along with John Terrill on the 
possibility of a Web-based Ajax-enabled worm and how antivirus companies 
might cope with it; Gregg Hoagland will give a talk about reverse 
engineering; Adam Laurie will talk about RFID vulnerabilities; Gadi 
Evron will discuss the supposed cyberwar in Estonia; and retired Special 
Agent Jim Christy will host a regular feature called "Meet the Feds."

At the end of the second day, F-Secure's Mikko Hypponen will talk about 
mobile phone vulnerabilities. Meanwhile, Brian Chess and Jacob West will 
have some fun with something they're calling "Iron Chef Black Hat," a 
session where two different methods of vulnerability testing will be 
used to try to discover the "secret ingredient" nestled within in an 
open-source application.

All Black Hat events are being held here at Caesar's Palace. A sister 
conference, DefCon 15, will run Friday through Sunday at the Riviera 
Hotel, also in Las Vegas.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jul 30 2007 - 22:37:59 PDT