|Innovating The Next Big Thing||June 19, 2013|
• Analyst Insights
• Enterprise Insights
• Network & Information Security
• Enterprise Mobility
• Remembering 9/11
Next Innovator Group
Feedjit Live Web Stats
• Ghost City
McAfee Blogs: Highlights From Black Hat Conference
Jul 29, 2012 – Toralv Dirro
Black Hat is over. The year’s biggest and probably most influential IT security conference again had a lot of interesting talks to offer, and of course also the most important part: Meeting with other people from the industry to share news, ideas (and beer). As for the talks, there wasn’t much earth-shattering this year. Aside from sessions on Apple’s view on security and improvements in Windows 8, the mobile talks were what got most of my attention.
Because mobile platforms have become so important, they have gotten the attention of cybercriminals. (Check the McAfee Threats Report for more information.) There is also a lot of interesting stuff going on. And a lot of mistakes being repeated. Again. An eye opener should be Collin Mulliner’s talk about scanning mobile IP ranges and seeing what kind of devices are there. The result is really scary. Apparently people do not realize that often when you’re online with a mobile device using GSM, GPRS, G3, etc. that the device is not only able to access the Internet. It is also accessible from the Internet. So putting up sensitive hardware without any access authorization is a bad idea. Bad as in “it could cause a power failure in the company” or “it may cause the plant to burn down.” To have your surveillance cameras exposed is not exactly ideal either.
Even more disturbing was Charlie Miller’s talk on near-field communications (NFC) on some mobile devices. He highlighted one major point of failure in the IT industry that is repeated over and over again. Say you have something that security wise is pretty solid. Meanwhile marketing and product management add an additional feature. That’s happened in the case of NFC on mobile devices, which would be great for authentication or payments. They just got “enhanced” with device-to-device communications. What’s wrong about that?
Instead of exposing just NFC-related apps, if you can send someone to a web page without his acknowledging it, your attack surface is suddenly the web browser and everything (multimedia, documents, Flash, etc.) related to it. During the session Georg Wicherski demonstrated such an attack nicely using a webkit exploit. Thus another good technology turns into a security hazard because of one too many additions. My obvious advice: Disable NFC on your phone until vendors came up with ways to secure it.
Time for Defcon
Now I have another three days of conference to attend: Defcon, which has run for 20 years. (That time is exceeded only by the Chaos Communication Congress, which will take place for the 29th time this year.) Defcon looks massive in the number of its sessions and attendance. (Some major talks, such as “FX” and Greg’s event on Sunday, for example, were not presented at Black Hat, instead exclusively at Defcon.) We’ll see what is going on there.
PS: Best hack at Black Hat? I met a woman at a vendor’s party who hacked her way into the VIP area. The vendor had given out different “coins,” one golden, another black, which was the VIP coin. After obtaining the normal gold coin, which wasn’t easy as she had no ticket for Black Hat to begin with, she simply painted the background black with a pen. Worked.
I gave her a new challenge: Gatecrash the VIP area of Defcon’s Freak Show, which McAfee will sponsor this year. Infected Mushroom will play. See you there!
» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...
Commentsblog comments powered by Disqus
Support This Site
• 6/17 McAfee Blogs: The Defense Department Lists Mobile Security as a Top Priority
• 6/17 McAfee Blogs: The Strategic Consumer
• 6/17 McAfee Blogs: Keeping Your Small Business Safe from Cyberattacks
• 6/17 McAfee Blogs: Exciting Times for SMBs at National Small Business Week!
• 6/17 McAfee Blogs: Why whitelisting is ready for Enterprise desktops
• 6/13 Gartner Says Cloud Office Systems Total 8 Percent of the Overall Office Market and Will Rise to 33 Percent by 2017
• 6/13 Gartner Says Worldwide External Controller-Based Disk Storage Market Grew 0.6 Percent in First Quarter of 2013
• 6/13 Faultline: Vodafone Kabel Deutschland talks confirmed, deal could be dusted in days
• 6/13 Faultline: Comcast sneaks in Homespot revolution as “Neighborhood Hotspots”
• 6/13 McAfee Blogs: Two Steps are Better Than One: Make a Hacker’s Job Harder with Two-step Verification
• 6/12 Gartner Announces Keynote Speakers for its Supply Chain Executive Conference 2013 in Australia
• 6/12 Gartner Says by 2019, 90 Percent of Organizations Will Have Personal Data on IT Systems They Don't Own or Control
• 6/12 iSuppli: Doing What It Does Best: Apple Reinvents Existing iPhones with iOS7 and Competitive Music Launch
• 6/12 McAfee Blogs: Moving up with McAfee Complete Endpoint Protection
• 6/12 McAfee Blogs: Can you answer these three smart business questions about authentication?
• 6/12 HP Security lab Blog: Top 10 things for security people to do at HP Discover 2013 - Las Vegas, NV
• 6/12 HP Security Lab Blog: HP introduces HAVEn to combat $4 billion cyber-theft in Big Data space
• 6/11 Gartner Says Worldwide Security Market to Grow 8.7 Percent in 2013
• 6/11 Gartner Says Less than 10 Percent of Enterprises Have a True Information Strategy
• 6/10 Ovum: Analyst view: Google to buy Waze
• 6/10 Ovum: Analyst view: Apple acknowledges the need for user interface refresh and is willing to do something pretty dramatic
• 6/10 Gartner Forecasts Indian Business Intelligence Software Revenue to Reach $113 Million In 2013
• 6/10 iSuppli: It’s a Tie: Bosch and STM Hold Joint Honors as No. 1 MEMS Suppliers for 2012
• 6/10 iSuppli: 1.3GW of PV Installations Eliminated by EU Anti-Dumping Duties in 2013; Double-Digit Global Growth Still Likely
• 6/10 Wireless Watch: Small Cell World Summit: industry poised to kickstart volume roll-outs
• 6/10 Wireless Watch: Cisco seeks leading role in wireless via small cells
• 6/10 McAfee Blogs: Syrian Crisis Reminds Us to Beware of ‘Charity’ Scams
• 6/9 Frontline Sentinel: Whistleblower (Edward Snowden) Behind the NSA Surveillance Speaks Out [Interview]
• 6/9 Slate: If the NSA Trusted Edward Snowden With Our Data, Why Should We Trust the NSA?
• 6/8 Gartner Says Business Analytics Will Be Central for Business Reinvention
• 6/8 Frontline Sentinel: Practical Tips to Improve Network Security with What You Already Have: Part 2 of 2
• 6/7 Gartner Says India Enterprise Software Market To Reach $3.92 Billion in 2013
• 6/7 iSuppli: Event Cinema Market Takes Off in Europe
• 6/7 McAfee Blogs: Koobface Count Correction
• 6/6 Ovum: Ovum announces winners of inaugural “BYOX Strategy” awards
• 6/6 Ovum: Analyst view: SFDC acquisition of ExactTarget is expensive, but offers significant product synergies
• 6/6 Gartner Says Worldwide Business Intelligence, CPM and Analytic Applications/Performance Management Software Market Grew Seven Percent in 2012
• 6/6 Faultline: Cloud browsers to gut the set top market – ActiveVideo leading the chase
• 6/6 Faultline: TiVo wins its biggest ever settlement - share price barely nods
• 6/6 Canalys: Canalys launches ‘Partner Program Analysis’ service - The latest addition to Canalys’ leading channels research offerings
• 6/6 McAfee Blogs: Forgo Pressure to ‘Share’ and Boost Your Privacy
• 6/6 McAfee Blogs: Summer Web Safety: A Cautionary Tale About The Internet
• 6/6 McAfee Blogs: Malicious Dating, Ad Services Plague Japanese Users
• 6/6 McAfee Blogs: Locking Down Desktops With McAfee’s Application Control
• 6/6 McAfee Blogs: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
• 6/6 HP Security Lab Blog: Combating professional security threats
• 6/5 Ovum: Ovum warns BYOD is here to stay and urges CIOs to respond with a clear strategy
• 6/5 What to Expect at Apple's WWDC
• 6/5 Gartner Says Organizations Must Treat Information as an Asset in its Own Right
• 6/5 Gartner Looks At The Impact of U.S. Visa Legislation on India Offshore Outsourcing in Upcoming Webinar