Check here regularly as reporters from SearchSecurity.com
and Information Security
magazine post the latest news and
tidbits from Black Hat 2006 in Las Vegas. Featured
article | |
Hackers have knack for beating NAC
systems
Black Hat: Network access control systems are widely used by
enterprises to remediate client access to internal networks, but
experts say many NAC systems can be easily bypassed.
| Additional coverage of Black Hat
2006 | |
Black Hat notebook: Flying under the radar
First details on a security vendor in stealth mode, security pros
have keen interest in Windows Vista and a new problem looms for
BlackBerrys.
Spyware war may be a losing effort, experts say
Black Hat: Spyware is a top concern among security professionals,
but experts say there may be no technology that can stop its
spread. Instead, the spyware battle may need to be waged on a
different front.
RSS, Atom feeds ripe for attack
Black Hat: A researcher demonstrates how RSS and Atom feeds can
spread the payload of a zero-day attack. His advice? Subscribe to
feeds with care.
Ajax threats worry researchers
Black Hat: While it makes smooth Web applications like Google Maps
possible, the rush to adopt Ajax may fuel haphazard development and
a feeding frenzy among hackers.
Vendors reject preferential knowledge sharing
Black Hat: While Cisco continues to investigate a potential PIX
firewall flaw, it and other vendors say sharing security
information quickly and indiscriminately is always the best
policy.
 | | | | | In my opinion, database security
is riddled with holes and it's the biggest problem we face in IT
today.
David Litchfield,
on database problems being pervasive throughout the industry
Read the story here |
| | | | | |
| |
|
Old attack vectors are back in style
Black Hat: Like hip-huggers and tweed, once-popular attack methods
like ciphertext manipulation are finding new life as hackers look
to cut through well-worn Web applications.
Cisco coping with more Black Hat revelations
Black Hat: Speakers have revealed a Cisco CallManager Express flaw
and a proof-of-concept exploit. However, Cisco was notified in
advance and had been investigating.
Possible Cisco zero-day threat, exploit revealed
: Details of an
alleged flaw related to SIP and PIX appliances, briefly mentioned
in a Wednesday presentation, are being kept under wraps as Cisco
and US-CERT investigate.
Wireless cards make notebooks easy targets for
hackers
Black Hat: Experts say flawed wireless cards are an industry-wide
notebook security problem, thanks to weak device drivers and
vendors who ship products without proper testing.
Litchfield: Database security is IT's biggest
problem
Black Hat: Database security guru David Litchfield unveils 20-plus
IBM Informix flaws that attackers could exploit to create malicious
files, gain DBA-level privileges and access sensitive data.
Feds court infosec pros in fight against
cybercrime
Black Hat: Federal law enforcement officials hope a more
cooperative and less territorial approach will help convince
private sector organizations to join the fight against
cybercrime.
Brief: Moore releases flaw-finding tool
On the eve of Black Hat, Metasploit Project founder H.D. Moore has
released a new tool for finding vulnerabilities in Internet
Explorer ActiveX controls, and an updated version of the Metasploit
Framework.
Black Hat preview: Spotlight on Vista, new
exploits
Researchers will pick apart Windows Vista and shine a light on
security holes affecting NAC, VoIP, Web applications and databases
at this year's Black Hat USA 2006 gathering.
Cisco may get more unwanted attention at Black Hat
Fifteen new exploits will be detailed at this year's conference,
and two of them target NAC and VoIP vulnerabilities in products
from Cisco and other vendors (third item).
Would 'Blue Pill' create a matrix for PCs?
This week in Security Blog Log: A researcher creates fake reality
for Windows Vista's anti-malware sensors and plans to show it off
at Black Hat. Not all bloggers are impressed.
| Highlights from Black Hat 2005 | |
Security researcher causes furor by releasing flaw in Cisco
Systems IOS
Security researcher Michael Lynn caused quite an opening day buzz
at the Black Hat Briefings security conference when he released a
potential vulnerability in Cisco Systems' routers that could, if
exploited to its potential by a malicious attacker, bring down the
entire Internet.
End-users in an uproar over Cisco/ISS suit
Attendees at Black Hat had plenty to say in the wake of Cisco
Systems Inc.'s announcement that it issued cease and desist orders
to conference organizers and security researcher Michael Lynn, who
presented his findings on a serious Cisco IOS flaw patched months
ago.
Cisco, Black Hat litigation comes to a close
A litigation nightmare that began Wednesday for security researcher
Michael Lynn and Black Hat Briefings organizers came to an end one
day later when an agreement was reached Thursday afternoon with
Cisco Systems and ISS.
Should Michael Lynn have kept his mouth shut?
One can only imagine what raced through Michael Lynn's mind the
moment before he saved or sacrificed our nation's critical
infrastructure, depending on your take of the researcher's
controversial Black Hat Briefings presentation.
Information Security magazine interview: Jennifer Granick
on 'Ciscogate'
The attorney for Michael Lynn still has plenty to say about
responsible vulnerability disclosure.