LAS VEGAS -- The hacker community will dissect the security of
Windows Vista, databases, Web applications and technologies like
NAC (network admission control) and VoIP (voice over IP) at this
year's Black Hat USA 2006 gathering, which starts Wednesday.
Microsoft hopes to convince attendees that Windows Vista is the
most secure operating system ever, with an entire track of
presentations scheduled on the subject. Security researchers will
also unveil
15 new exploits, including two targeting NAC and VoIP
vulnerabilities in products from Cisco Systems Inc. and other
vendors. Database security, particularly regarding Oracle Corp.,
will also come under scrutiny.
Also at Black Hat, which will be held at Caesars Palace:
- Jeremiah Grossman, founder and CTO of Santa Clara, Calif.-based
WhiteHat Security Inc., will give a presentation demonstrating how
invisible JavaScript exploit code can be used to spy on Web site
visits, hijack cookies and record keyboard strokes.
- Researchers from Atlanta, Ga.-based SPI Dynamics Inc. will
offer presentations called "Zero Day Subscriptions: Using RSS and
Atom Feeds as Attack Delivery Systems," and "AJAX (in)Security."
AJAX, which stands for Asynchronous JavaScript and XML, has become
a popular interactive Web design method.
- Joanna Rutkowska, a security researcher for Singapore-based IT
security firm COSEINC, will give a presentation on "Blue Pill,"
technology she said could be used to create
"100% undetectable malware." Rutkowska
has said that Blue Pill is important because it demonstrates
how hardware virtualization technology could become a major
security threat in the coming years, when more people will use
processors with hardware virtualization support.
- On the
Oracle security front, Alexander Kornbrust, database security
researcher and business director at German firm
Red-Database-Security GmbH, will offer a presentation on Oracle
rootkits. Plus Pete Finnigan, author of Oracle Security Step By
Step and keeper of a popular blog
on the subject of Oracle security, will speak on the security
weaknesses of PL/SQL, the flagship language used inside the Oracle
database.
David Litchfield, managing director at UK-based Next Generation
Security Software Ltd., has unveiled
mountains of Oracle flaws at past Black Hat appearances. He
will be presenting again this year, though details of this year's
presentation
were not immediately available.
This year's Black Hat is expected to have a different flavor
from recent years for a few reasons. For starters, this will be
Microsoft's first appearance at the hacker-oriented gathering.
Microsoft security program manager Stephen Toulouse said recently
that the idea is to provide deeply technical presentations on
Windows Vista security to the hacker community and demonstrate
how it's the most secure operating system Microsoft has ever
developed.
John Lambert, group manager in Microsoft's Security Engineering
and Communications Group, will also be on hand to discuss the
security engineering process behind Vista. Specifically, he will
show how Vista's engineering process differs from that of Windows
XP, and he'll display new features designed to blunt
memory-overwrite flaws.
Some attendees may be curious to learn whether the tone of the
event will be different from previous years, since the conference
is now organized by CMP Media LLC. Black Hat Briefings Director and
Founder Jeff Moss sold it to CMP last year.
In a statement, Moss also noted that this is the first year
entire tracks will be focused on topics such as databases, VoIP,
rootkits, Microsoft and forums.
Last year's confab was dominated by the controversy caused by
researcher
Michael Lynn's Black Hat demonstration of a Cisco router
exploit. Lynn isn't scheduled as a presenter at this year's
proceedings, which take place Aug. 2 and 3, but Cisco's products
may be under the microscope again as researchers discuss the
weaknesses in NAC and VoIP.
Black Hat and Cisco
settled a lawsuit about the Lynn affair after conference
organizers promised not to proliferate Lynn's findings. A Cisco
lawsuit regarding any potential disclosures at this week's
conference is considered unlikely because the NAC and VoIP exploits
being featured are said to be related to underlying technologies
used in many products, not just those offered by Cisco.
This year's conference is expected to attract more than 3,000
technically advanced computer security experts, bringing together a
unique mix of federal agents, corporate security professionals and
the best underground hackers, CMP said in a press release.
"Highlights include new rootkit tools, new VoIP exploits, a
dozen high-level feds, exciting zero-days, new contests, and some
secret golden eggs," Moss said.