LAS VEGAS -- A few leftover bits and bytes from the insanity and
inanity that is Black Hat USA 2006.
At Black Hat, everyone's in 'stealth mode'
Black Hat always has had its share of attendees looking to remain
anonymous: mainly reformed and not-so-reformed crackers and the
federal agents trying to track them down (while wearing khakis and
FBI polo shirts, of course). This year there were a number of
representatives from security startups still in stealth mode
prowling the grounds at Caesars Palace and testing the water for
their new projects. Perhaps the most interesting of these is
Veracode Inc., a company started by a handful of former @stake
veterans, including Chris Wysopal, Chris Eng and "DilDog," the
coder behind the Back Orifice 2000 remote administration tool.
Veracode plans to launch early next year and will be focusing on
binary analysis, a specialty of Wysopal, who helped write the
consultancy's SmartRisk Analyzer tool before
Symantec Corp. bought @stake in 2004. Eng gave a talk at Black
Hat on tried-and-true ways to break Web applications, and Wysopal
was around all week as well.
Fire when ready
Researchers and crackers are gearing up for the release of Windows
Vista, which is due to ship to consumers this fall, although that
date -- as all Microsoft ship dates are -- is subject to change.
Symantec did a quick survey of Black Hat attendees and found that
55% of them are planning to take a close look at Vista's security
in the next year. If the attendance at the conference's Vista talks
is any indication, the bet is that number is closer to 95% and that
it'll be about 48 hours from the time Vista hits Best Buy to the
release of the first vulnerability advisory. Symantec and others
already have been busying themselves with finding problems in beta
builds, and given the size and complexity of the Vista code base,
there are likely plenty of avenues for researchers to explore.
Redmond south?Speaking of Microsoft, the Redmond crowd was in full force at
the show, and not just the guys from the Microsoft Security
Response Center. A passel of Windows engineers showed up this year,
in addition to the normal contingent from the MSRC, to show the
flag and talk to the attendees about Vista security. They were
mixing with the crowd during the Vista talks and soliciting
feedback on the presentations and the security concepts built into
the new OS. Jeff Moss, Black Hat's founder, joked during his
opening speech that he'd heard a lot of complaints about Microsoft
"buying" a track at the conference. "Microsoft didn't buy a track,"
he assured the crowd, though he did jokingly reference CMP Media
LLC's November purchase of Black Hat. "We sold our souls already
and you can't sell your soul twice in one year. There's a
clause."
We have to make our money back somehow
One of the great things about Black Hat has always been the
relative lack of vendor influence. Sure, there were always a few
booths set up in the lobby outside the meeting rooms, but most of
the vendors seemed more interested in giving away the coolest
t-shirts or getting the most people at their parties than pitching
their wares. That changed this year, as everyone expected it would,
now that the conference is owned by a media conglomerate. Along
with a three or four-fold increase in the number of vendor booths,
the organizers also added a lounge where attendees could relax
between sessions and drink $5.25 bottles of water. Still, the
content was widely considered to be as good as ever and the
sessions even ran mostly on time, which was a rarity in the old
days. And there is still the view of the Caesars pool…which they'll
probably find a way to charge for by next year.
'CrackBerrys' get cracked
Attackers aren't spending all of their time on Vista. Some of them
also are thinking about ways to exploit devices such as
BlackBerrys. Jesse D'Aguanno, a consultant with Praetorian Global,
unveiled BBProxy at Black Hat, a hacking program he created that
takes advantage of the trust relationship between a BlackBerry and
an enterprise's internal server to hijack a network connection.
Intrusion detection systems (IDS) deployed at the network perimeter
would be useless against this type of exploit, he said, because the
data tunnel between the BlackBerry and the server is encrypted.
BBProxy must be installed on a BlackBerry or sent to one as an
emailed Trojan horse. Once installed, the program causes the
BlackBerry to call back to the attacker's system in the background,
opening a communications channel between a company's internal
network and the attacker. D'Aguanno plans to release BBProxy for
download sometime in the next week.
Senior News Writer Bill Brenner contributed to this
report.