Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Black Hat with a Vista twist
CNet ^ | 1 August 2006 | Joris Evers

Posted on 08/01/2006 10:41:56 AM PDT by ShadowAce

The annual security conference traditionally focuses on hunting for bugs and attacking computer systems. At the 2006 event this week, however, an entire track will be devoted to the security--rather than the insecurity--of Windows Vista and Internet Explorer 7. The series of sessions will be hosted by Microsoft, a major sponsor of the event this year.

It's an unprecedented and comprehensive first-look at the security in Vista and its associated Web browser, Black Hat Director Jeff Moss said in an interview Monday. "Even if attendees are not getting three different ways to hack into IE 7, they get the back story," he said.

Microsoft says it is the first in the history of Black Hat Briefings to present an entire track on a prerelease product. It has talked up Vista as its most secure operating system ever, and has said that security was the No. 1 investment in IE 7.

It's a sign of development at the event, which brings together the hacker and corporate worlds for two days of talks in Las Vegas. The tenth Black Hat promises to be special, Moss said. "It is the largest show ever in terms of size and attendees," he said. Moss sold rights to the conference to technology publisher CMP Media in November, but he still runs the event.

Black Hat has been around since 1997. The event has traditionally focused on exposing flaws in software and on sharing hacker tools. "We always tried to be more practical--watch a talk, go home and do something," Moss said. "We try to stay away from the purely academic area."

This year's confab is expected to draw about 3,000 people, a mix of security professionals, underground hackers, federal agents and vendors. It will be followed by the DefCon, a gathering infamous for its hacker activity.

"We really seem to reach critical mass this year," Moss said. "Every year, it has always been incremental growth, primarily through word of mouth. This year, we grew over 20 percent, and that has never happened before." Moss attributes the increase in registrations to the high profile of the event as well as to a rising interest in security.

Uneasy bedfellows
Microsoft is not the only major technology company with a big presence at Black Hat. Cisco Systems has signed on as a "Platinum Sponsor," alongside Microsoft and consultancy firm Ernst & Young. Last year, Cisco drew the ire of many Black Hat and DefCon attendees when it sued a security researcher and conference organizers after a session on router security.

The legal action followed a presentation by researcher Michael Lynn, who demonstrated he could gain control of a Cisco router by exploiting a known security flaw in Cisco's Internetwork Operating System. The operating system had until then been perceived as impervious to such attacks.

Cisco and Internet Security Systems--Lynn's employer--had agreed to pull the presentation, but Lynn quit his job and gave the talk anyway. Cisco and ISS sued Lynn after his presentation, and hackers rallied behind the researcher.

This year, Cisco is playing nice. In addition to its sponsorship, the company is sending Chief Security Officer John Stewart to talk about relationships between vendors and security researchers. The networking giant is also throwing a party for Black Hat attendees at Pure, the night club at Caesars Palace.

Still, Black Hat wouldn't be Black Hat without the usual exposure of security flaws and release of details of new hacker techniques. Researchers are slated to demonstrate 25 new tools and outline 15 new exploits at the event, according to organizers.

Special attention is going to security risks associated with Web 2.0, which covers more-advanced Web sites that use programming techniques such as AJAX and JavaScript. Also on the calendar are presentations on rootkits, security in voice services and, as in previous years, database security.

In the networking area, one technology to be scrutinized is network admission control (NAC). Ofir Arkin, chief technology officer at Insightix, plans to disclose weaknesses in NAC systems, which are designed to restrict access to a network according to identity or the security status of a computer. Cisco and Microsoft are two major NAC players.

"These flaws allow the complete bypass of each and every network access control mechanism currently offered on the market," according to the Black Hat calendar.

Some of the presentations are generating buzz, and some presenters have changed or quit jobs to be able to present, Moss said. He doesn't expect there to be any legal wrangling. But, then again, "I didn't know I was going to get sued last year," Moss said.

Black Hat takes place Wednesday and Thursday, then DefCon runs Friday through Sunday.


TOPICS:
KEYWORDS: bestofgoldeneagle; hugh; security; series; vista; windows
Navigation: use the links below to view more comments.
first 1-2021-4041-48 next last

1 posted on 08/01/2006 10:41:57 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

2 posted on 08/01/2006 10:42:13 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

Insanity.


3 posted on 08/01/2006 11:08:34 AM PDT by D-fendr
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

DefCon...heh heh...oh, the memories...Jeff is an old friend of mine...


4 posted on 08/01/2006 11:08:34 AM PDT by TampaDude (If you're not part of the solution, you're part of the PROBLEM!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Microsoft needs the hackers to tell Microsoft about security flaws first instead of them open-sourcing exploit code directly to the internet. This is their attempt to build relationships, and co-opt or undermine the black hat conference if nothing else.


5 posted on 08/01/2006 11:13:55 AM PDT by Golden Eagle (Buy American. While you still can.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I like this move by Microsoft and, despite all the smack that gets talked about hackers here, I think the hacker community will really help them tighten down IE..


6 posted on 08/01/2006 11:53:33 AM PDT by N3WBI3 ("I can kill you with my brain" - River Tam)
[ Post Reply | Private Reply | To 2 | View Replies]

To: N3WBI3; Golden Eagle
...I think the hacker community will really help them tighten down IE..

That was really my point about posting this article. I'm hoping that MS will now start to take security (and the methods for finding leaks) seriously. THis move indicates they are finally starting to learn from the people who can do this better than they can in-house.

7 posted on 08/01/2006 12:01:18 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 6 | View Replies]

To: ShadowAce

LOL Shadow, GE, and me all agreeing on the same post....


8 posted on 08/01/2006 1:41:39 PM PDT by N3WBI3 ("I can kill you with my brain" - River Tam)
[ Post Reply | Private Reply | To 7 | View Replies]

To: N3WBI3

did hell just freeze over? what just happened?


9 posted on 08/01/2006 2:05:06 PM PDT by postaldave (McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: postaldave; N3WBI3; ShadowAce; Golden Eagle; MikefromOhio

Must be.

GE actually has made a valid point...

This one's a keeper


10 posted on 08/01/2006 2:38:57 PM PDT by rzeznikj at stout (ASCII and ye shall receive... (II Computers 3:14))
[ Post Reply | Private Reply | To 9 | View Replies]

To: rzeznikj at stout; postaldave; N3WBI3; ShadowAce; Golden Eagle

It was 100 outside earlier....

Now it's a balmy 15 below zero....

Thanks guys.....


<< time to go scrape my car windows >>


11 posted on 08/01/2006 2:43:58 PM PDT by MikefromOhio
[ Post Reply | Private Reply | To 10 | View Replies]

To: MikefromOhio

LOL


12 posted on 08/01/2006 2:45:04 PM PDT by rzeznikj at stout (ASCII and ye shall receive... (II Computers 3:14))
[ Post Reply | Private Reply | To 11 | View Replies]

To: Irish_Thatcherite

Hell hath froze over!!


13 posted on 08/01/2006 2:45:58 PM PDT by rzeznikj at stout (ASCII and ye shall receive... (II Computers 3:14))
[ Post Reply | Private Reply | To 10 | View Replies]

To: rzeznikj at stout

It has gotten cooler and less humid over here... coincidence? ;)


14 posted on 08/01/2006 2:51:28 PM PDT by Irish_Thatcherite (A vote for Bertie Ahern is a vote for Gerry Adams!|The IRA are actually terrorists, any questions?)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Irish_Thatcherite

African monkeys are at a loss in understanding the new weather patterns.


15 posted on 08/01/2006 2:54:59 PM PDT by postaldave (McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: rzeznikj at stout; postaldave; N3WBI3; ShadowAce; Golden Eagle

see what you people caused. oh the poor monkeys.


16 posted on 08/01/2006 2:56:08 PM PDT by postaldave (McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: postaldave; Swordmaker

In the words of one of Swordmaker's taglines: AIEEEEEEEE!! 8^)


17 posted on 08/01/2006 2:59:02 PM PDT by rzeznikj at stout (ASCII and ye shall receive... (II Computers 3:14))
[ Post Reply | Private Reply | To 16 | View Replies]

To: postaldave

18 posted on 08/01/2006 2:59:12 PM PDT by postaldave (McCain & Bush, you traitorous !#!$!!s. you two are no different then ted kennedy.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: postaldave

"Global Warming types out of work."


19 posted on 08/01/2006 3:11:43 PM PDT by Irish_Thatcherite (A vote for Bertie Ahern is a vote for Gerry Adams!|The IRA are actually terrorists, any questions?)
[ Post Reply | Private Reply | To 15 | View Replies]

To: JRios1968; antiRepublicrat; zeugma

Hey, it finally happened...8^)


20 posted on 08/01/2006 3:27:27 PM PDT by rzeznikj at stout (ASCII and ye shall receive... (II Computers 3:14))
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-48 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson