Black Hat's guide to what's hot at the con

Powered by SC Magazine
 

More than 500 talks culled to 80.

The annual Black Hat security conference, which kicks off in Las Vegas later this month, is full of sessions showcasing the latest research on vulnerabilities and defenses.

With more than 80 presentations, the conference can be overwhelming, so the organisers on Thursday highlighted some of the more interesting talks being planned for this year.

Black Hat is about creating conversations that challenge the security industry to look at things differently, Robert Richardson, the conference's editorial director, said during a webinar.

The event is "committed to putting things out there that [are] going to ruffle some feathers," he said.

This year will be no different, as the Black Hat Review Board evaluated more than 500 submitted proposals to select the 80 sessions that would be presented over a two-day period, July 25 and 26.

Most of the presentations are grouped into five tracks: mobile, defense, application security, "breaking things," and malware. Each of the track chairpeople highlighted some of the presentations that will be part of the conference this year.

One of the talks generating some excitement is InGuardian's Don Weber's, titled "Looking into the Eye of the Meter," said Stefano Zanero, an Italian researcher and chair of the malware track.

Weber is expected to discuss how criminals would be able to harvest various kinds of information from smart meters.

They are becoming ubiquitous, and the session will centre on the insecurity of embedded devices that are being installed in front of every home and connected to a network.

Weber was scheduled to present the talk earlier this year at ShmooCon 2012 in Washington, D.C., but pulled it at the last minute in response to requests from a smart grid vendor and several utilities.

The track called "Breaking Things" will include some of the most "cutting-edge research that is not being done elsewhere," said Chris Rohlf, independent security consultant and chair of the track.

He spotlighted research by Fermin Serna, a Google engineer, who will be focusing on address space layout randomization (ASLR) in his talk about information leak vulnerabilities.

Rohlf also listed "PinPadPwn," a talk by security researchers Rafael Vega and "Nils" that will cover PIN-pad terminal exploits. The talk will highlight how these portals are readily available, but seriously vulnerable to attack.

Another session related to payment systems that is expected to generate a lot of interest is the near-frequency communications talk by well-known Apple researcher Charlie Miller, as part of the mobile track, said Vincenzo Iozzo, an independent security researcher from Italy.

Miller will focus on how sensitive information can be lifted from mobile devices.

Mobile has generated significant interest, Iozzo said, and the selected talks will be taking an in-depth look at what can happen to devices like smartphones and tablets beyond what is generally discussed.

While Apple's session on iOS version 6 security is creating buzz because it will be the first time that Apple publicly has discussed security in-depth, Iozzo, the chair of the mobile track, said he wasn't sure "if there will be groundbreaking elements" disclosed.

Three talks selected for the application security track feature HTML5 in some way, said Nathan Hamiel, principal consultant at FishNet Security and chair of the track. This reflects the popularity of the new web standard and increased interest in mobile development, Hamiel said. Shreeraj Shah of Blueinfy Solutions will be presenting the top 10 threats in HTML5 applications.

Hamiel also highlighted the session on web exploit toolkits by Jason Jones, a researcher at HP DVLabs, calling it a "good primer" for people don't often think about how these popular, and often commercially available, frameworks are used.  

As for the malware track, Zanero said the selected papers either focused on techniques virus writers use to avoid detection, or methods researchers can leverage to better analyse malicious code.

A researcher named Rodrigo Branco will be examining how large-scale malware in the wild already use various tools to avoid being studied, Zanero said.

The defense track is a little different from all the other tracks because the focus is on getting security professionals to think about defense in a different, game-changing way, said Shawn Moyer, a security researcher from Accuvant Labs and chair of the track.

He highlighted the "Control Alt Hack" talk, which is based on a card game designed by Microsoft's Adam Shostack and two students from University of Washington to make the players to think about security.

The conference this year is scheduled for July 21 to July 26, with the first half of the show devoted to training sessions. The briefings are scheduled for July 25 and July 26. A full program guide is here.

Unlike last year, there won't be a way to view the sessions remotely during the conference via Uplink, Richardson. Recordings and slide presentations will be available afterwards, as usual.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Black Hat's guide to what's hot at the con
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  23%
 
Westpac
  19%
TOTAL VOTES: 1516

Vote