[ISN] The past is prologue at Black Hat Briefings

From: InfoSec News (alerts@private)
Date: Thu Aug 02 2007 - 03:05:08 PDT


http://www.gcn.com/online/vol1_no1/44780-1.html

By William Jackson
Government Computer News 
08/01/07 

LAS VEGAS — Botnets and browsers are sharing center stage at the Black 
Hat Briefings this week with rootkits, reverse engineering and social 
engineering, as the conference expands to explore more niches in 
information technology security. One thing you probably won’t hear much 
about at the conference this year is vulnerabilities in the Windows 
Vista operating system.

“A lot of people are working on it,” said the show’s creator, Jeff Moss. 
“But it’s still too early.”

Black Hat is a nuts-and-bolts conference that brings together security 
professionals and researchers (formerly called hackers) to explore the 
latest trends, developments and discoveries in cyberthreats and their 
defenses. It is an outgrowth of the more freewheeling DefCon convention, 
the 15th edition of which is being held this coming weekend at the 
Riviera Hotel and Casino in Las Vegas.

Some of what is being offered this year at Black Hat will be familiar 
territory.

“Things that we were talking about a year ago are coming to pass,” Moss 
said. “The exploits against browsers have gotten more sophisticated, 
continuing the trend of the last three years.”

Another continuing trend is the growing sophistication of 
command-and-control networks for botnets, the networks of compromised 
computers used to launch increasingly targeted attacks and to harvest 
profitable information for identity theft.

There are some differences in this year’s lineup, as well. One is the 
prevalence of work on rootkits, pieces of code that burrow deep into a 
system to resist detection and removal. These hidden programs can 
trigger unwanted activity or allow other malicious code into a system.

“We used to have one or two rootkit talks,” Moss said. “Now we could 
fill a whole track.”

Rootkits do not yet get a track to themselves this year, but reverse 
engineering does, and so does fuzzing. This year the reverse engineering 
track offers several presentations focusing on security issues specific 
to the C++ code development language, a relatively new area of study, 
although much application development is being done today in C++.

Fuzzing, or fuzz testing, is a software testing technique in which 
random data — or fuzz — is imported into a program and then watched for 
failures or other problems. Fuzzing has been around as a way to detect 
programming flaws since 1989 and is a simple and cost-effective method 
for evaluating software, but it is not a formal process. Research has 
been going on for several years to make fuzzing less random and more 
precise and scientific.

Moss said he was surprised by the continued work on fuzzing techniques. 
After four or five years of interest he believed it probably had reached 
the end of its life cycle, but this year he received so many submissions 
on it that it was given a track to itself.

“That surprised us,” he said. “We thought that was a mature field.”

One field definitely not yet mature is Vista. At Black Hat’s federal 
briefings near Washington earlier this year there were presentations on 
the new operating system’s features and functionality, but little about 
vulnerabilities. In the submissions for this week’s briefings there 
probably were fewer than five on Vista compared with more than three 
dozen on browser vulnerabilities.

“It’s not ripe yet,” Moss said. “By next year there will be a lot more.”

A lot of the vulnerability research on the new operating system probably 
was interrupted by attention that was directed at Service Pack 2 for 
Windows XP, a major update of the previous Microsoft desktop OS that 
made significant improvements in security. There will be more 
information about Vista “as people unlearn the way the world works under 
XP and learn the way it works under Vista,” Moss said.

One presentation touching on Vista, “Breaking the Legend of Trusted 
Computing and Vista BitLocker,” was unexpectedly pulled from the Black 
Hat Briefings schedule in June. According to Black Hat, Nitin and Vipin 
Kumar of NV Labs decided to pull the presentation themselves, for 
undisclosed reasons. The briefings have generated controversy in the 
past when threatened legal action has blocked or attempted to block 
presentations. Black Hat said there was no external pressure to pull 
this talk and that the decision was the Kumars’.

If you are interested in more esoteric security subjects, such as 
interrogation techniques and lock picking, you will have to attend Black 
Hat’s sister conference, DefCon. Both DefCon and Black Hat were founded 
by Moss, who sold the more commercial Black Hat to CMP Media in late 
2005. He remains as director of the briefings.

“I own DefCon,” Moss said. “That’s my other show.” DefCon was and 
remains an enthusiast’s show, created before computer security became a 
profession. Moss started the Black Hat Briefings in 1997 when a market 
developed for security expertise. Black Hat is “more professional, not 
like a hobby show,” providing practitioners with practical information 
on how to do their jobs.

“The two feed off each other,” but remain distinct, Moss said. “I don’t 
think people would be lining up at Black Hat to see how to pick locks.”

DefCon is profitable but not wildly so, Moss said. But he feels no 
pressure to expand or change it. “I’ve made my money selling the (Black 
Hat) business, so I don’t need to make money from DefCon.”



_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Aug 02 2007 - 03:21:04 PDT