[ISN] Black Hat 2008 Aftermath

From: InfoSec News <alerts_at_private>
Date: Wed, 20 Aug 2008 06:37:09 -0500 (CDT)

By Keith Jones and Brian Dykstra
Special to Law.com
August 20, 2008

As always, the 2008 Black Hat security conference in Las Vegas, N.V., 
was full of cutting-edge computer security research, the latest in 
computer security vulnerabilities, and more than a little controversy.

Since the beginning of the Black Hat conference 15 years ago, the show 
has always been a place for the elite of the computer security industry 
to release their latest work on what is known as "zero-day exploits."  
A zero day or "0-day" exploit is a previously unknown computer security 
vulnerability that is released before vendors like Microsoft have a 
chance to release a security fix.  There were fewer zero-day exploit 
presentations this year than we have seen in the recent past, but the 
ones that were presented were big.

The most popular presentation at Black Hat 2008 was on the Internetwide 
DNS vulnerability discovered by Dan Kaminsky, director of penetration 
testing for IOActive.  Over 2,000 attendees packed into an 800-person 
capacity room to hear Mr. Kaminsky tell the intriguing story of how he 
had been working on a nonsecurity related, Web-caching project for a 
friend at Wikipedia.  Dan was looking into how Domain Name Servers 
(DNS), the computers on the Internet that convert computer names (like 
www.law.com) to IP addresses (and vice versa).  Looking for ways to 
improve performance, he stumbled upon a "DNS cache poisoning" 


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Wed Aug 20 2008 - 04:37:09 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 20 2008 - 04:44:14 PDT