![Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference - podcast cover](https://assets.metacast.app/images/podcast/artwork/UonCU19r)
Technology vendors, security researchers, and customers - all sides of the vulnerability disclosure debate agree that working together rather than apart is the best way to secure our information. But how? This working group will bring all parties together in one room to address the issues and develop a beneficial working relationship extending beyond the conference.
Looking for instant gratification from the latest client side attack? Your search may be over when you see the data that can be harvested from popular web browser caches. This discussion will focus on what web application programmers are NOT doing to prevent data like credit card and social security numbers from being cached. It will explore what popular websites are not disabling these features and what tools an attacker can use to gather this information from a compromised machine. A general o...
If you give a thousand programmers the same task and the same tools, chances are a lot of the resulting programs will break on the same input. Writing secure code isn't just about avoiding bugs. Programming is as much about People as it is about Code and Techniques. This talk will look deeper, beyond the common bug classes, and provide explanations for why programmers are prone to making certain mistakes. New strategies for taming common bug sources will be presented. Among these are TypedString...
Have you ever walked into your local Global Mega Super Tech Store and wondered how cheaply you could build a device that could play your digital music, display pictures, and listen to your neighbor's wireless network? Project Cowbird is part of an on-going research project to chart the various predators and prey within the information security landscape into a pseudo-ecology. Project Cowbird demonstrates the reuse of a $30 wireless media adapter as a kismet server. The small form factor of the d...
In the past couple years there have been major advances in the field of rootkit technology, from Jamie Butler and Sherri Sparks' Shadow Walker, to FU. Rootkit technology is growing at an exponential rate and is becoming an everyday problem. Spyware and BotNets for example are using rootkits to hide their presence. During the same time, there have been few public advances in the rootkit detection field since the conception of VICE. The detection that is out there only meets half the need because ...
Radio Frequency Identification (RFID) malware, first introduced in my paper 'Is Your Cat Infected with a Computer Virus?', has raised a great deal of controversy since it was first presented at the IEEE PerCom conference on March 15, 2006. The subject received an avalanche of (often overzealous) press coverage, which triggered a flurry of both positive and negative reactions from the RFID industry and consumers. Happily, once people started seriously thinking about RFID security issues, the ensu...
Worms traditionally propagate by exploiting a vulnerability in an OS or an underlying service. 2005 saw the release in the wild of the first worms that propagate by exploiting vulnerabilities in web applications served by simple http daemons. With the near ubiquity of W3C compliant web browsers and advances in dynamic content generation and client-side technologies like AJAX, major players like Google, Yahoo, and Microsoft are creating powerful application accessible only through web browsers. T...
The known topics for this year include: 1. The Worldwide SSL Analysis-There's a major flaw in the way many, many SSL devices operate. I'll discuss how widespread this flaw is, as well as announce results from this worldwide SSL scan. 2. Syntax Highlighting...on Hexdumps. Reverse Engineering efforts often require looking at hex dumps-without much context for whats being looked at. I will discuss a "bridge" position between AI and manual operation in which compression code is used to automatically...
Runtime packers are a widely-used technique in malware today. Virtually every Win32 malware added to the WildList as well as ad- and spyware is packed with one or another runtime packer. Not only can they turn older malware into new threats again, but they might also prevent AV vendors from using more generic approaches and therefore requiring more work, which possibly generates more errors or broken updates, unless the product is able to handle all the different runtime packers out there. Yet, ...
Web apps continue to be the soft, white underbelly of most corporate IT environments. While the optimal path is to fix your code, it's not always an option, especially for closed-source, black-box web apps or apps hosted on servers that you can't harden directly. If you have an app in your data center that your CIO thinks is the greatest thing since Microsoft Golf, but is really the HTTP equivalent of a big flashing "own me" sign, this talk is for you. We'll walk through the process of configuri...
Reverse Engineering has come a long way-what used to be practiced behind closed doors is now a mainstream occupation practiced throughout the security industry. Compilers and languages are changing, and the reverse engineer has to adapt: Nowadays, understanding C and the target platform assembly language is not sufficient any more. Too many reverse engineers shy away from analyzing C++ code and run into trouble dealing with heavily optimized executables. This talk will list common challenges tha...
As one of the pioneers of partnerships for the FBI, Dan Larkin of the FBI’s Cyber Division will outline how the FBI has taken this concept from rhetoric to reality over the past 5 years. This presentation will explore how the mantra "make it personal" has aided the FBI in forging exceptional alliances with key stake holders from industry, academia and law enforcement both domestically and abroad. This presentation will also outline how such collaborations have helped to proactively advance the f...
In this day and age, forensics evidence lurks everywhere. This talk takes attendees on a brisk walk through the modern technological landscape in search of hidden digital data. Some hiding places are more obvious than others, but far too many devices are overlooked in a modern forensics investigation. As we touch on each device, we'll talk about the possibilities for the forensic investigator, and take a surprising and fun look at the nooks and crannies of many devices considered commonplace in ...
It's late. You've been assigned the unenviable task of evaluating the security of this obtuse application suite. 2006! Why doesn't everything just use SSL as its transport? No time for excuses. Deadlines loom, and you need to figure this out. And when you do figure it out, write your own fuzzer client. This sucks. (pdb) module add MyAction pdb-ruby.so cifs-ruby.rb (pdb) rule add MyRule dst port 445 (pdb) rule action MyRule MyAction (pdb) rule list MyRule: dst port 445 Action 0: debugger Action 1...
Every application, from a small blog written in PHP to an enterprise-class database, receives raw bytes, interprets these bytes as data, and uses the information to drive the behavior of the system. Internationalization support, which stretches from character representation to units of measurement, affects the middle stage: interpretation. Some software developers understand that interpreting data is an incredibly difficult task and implement their systems appropriately. The rest write, at best,...
PL/SQL is the flagship language used inside the Oracle database for many years and through many versions to allow customers to implement their business rules and logic. Oracle has recognized that it is necessary for customers to protect their intellectual property coded in PL/SQL and has provided the wrap program. The wrapping mechanism has been cracked some years ago and there are unwrapping tools in the black hat community. Oracle has beefed up the wrapping mechanism in Oracle 10g to in part c...
This talk provides an overview of new RFID technologies used for dual-interface cards (credit cards, ticketing and passports), and RFID tags with encryption and security features. Problems and attacks to these security features are discussed and attacks to these features are presented. After dealing with the tags, an overview to the rest of an RFID-implementation, middleware and backend database and the results of special attacks to this infrastructure are given. Is it possible that your cat is ...
Tony Chor will discuss Microsoft’s security engineering methodology and how it is being applied to the development of Internet Explorer 7. He will detail key vulnerabilities and attacks this methodology revealed as well as how the new version of IE will mitigate those threats with unique features such as the Phishing Filter and Protected Mode. Rob Franco lives to make browsing safer for internet users. Rob led Security improvements in Internet Explorer for Windows Server 2003, Windows XP SP2, an...
The VoIP Security Essentials presentation will introduce the audience to voice over IP (VoIP) technology. The practical uses of VoIP will be discussed along with the advantages and disadvantages of VoIP technology as it is today. Key implementation issues will be addressed to ensure product selection for VoIP technology will integrate into the organization’s current infrastructure. The presentation will look at some of the latest VoIP security issues that have surfaced and the vendor/industry re...
This talk will go in-depth into methods for breaking crypto faster using FPGAs. FPGA's are chips that have millions of gates that can be programmed and connected arbitrarily to perform any sort of task. Their inherent structure provides a perfect environment for running a variety of crypto algorithms and do so at speeds much faster than a conventional PC. A handful of new FPGA crypto projects will be presented and will demonstrate how many algorithms can be broken much faster than people really ...
Ajax can mean different things to different people. To a user, Ajax means smooth web applications like Google Maps or Outlook Web Access. To a developer, Ajax provides methods to enrich a user's experience with a web application by reducing latency and offloading complex tasks on the client. To an information architect, Ajax means fundamentally changing the design of web applications so they span both client and server. To the security professional, Ajax makes life difficult by increasing the at...
This presentation prepares attackers and defenders to perform automated testing of some popular Windows® interprocess communication mechanisms. The testing will focus on binary win32 applications, and will not require source code or symbols for the applications being tested. Attendees will be briefly introduced to several types of named securable Windows communication objects, including Named Pipes and Shared Sections (named Mutexes, Semaphores and Events and will also be included but to a lesse...
VoIP applications went mainstream, although the underlying protocols are still undergoing constant development. The SIP protocol being the main driver behind this has been analyzed, fuzzed and put to the test before, but interoperability weaknesses still yield a large field for attacks. This presentation gives a short introduction to the SIP protocol and the threats it exposes; enough to understand the issues described. A SIP stack fingerprinting tool will be released during the talk which allow...
Online games are very popular and represent some of the most complex multi-user applications in the world. World of Warcraft® takes center stage with over 5 million players worldwide. In these persistent worlds, your property (think gold and magic swords), is virtual-it exists only as a record in a database. Yet, over $600 million real dollars were spent in 2005 buying and selling these virtual items. Entire warehouses in China are full of sweatshop‚ workers who make a few dollars a month to "fa...
In the first half of this session, Paul Simmonds will present on behalf of the Jericho Forum taking participants through the initial problem statement and what people need to go away and start implementing. Topics will include: 1. De-perimeterization - the business imperative 2. From protocols to accessing the web - the technical issues 3. What should be implemented today - current and near term solutions 4. Planning for tomorrow - future solutions and roadmap The second half on this session wil...
The OODA Loop theory was conceived by Col John Boyd, AF fighter pilot. He believed that a pilot in a lethal engagement that could Observe, Orient, Decide, and Act (OODA) before his adversary had a better chance to survive. He considered air combat an art rather than a science. John Boyd proved air combat could be codified; for every maneuver there is a series of counter maneuvers and there is a counter to every counter. Today, successful fighter pilots study every option open to their adversary ...
Voice analytics-once the stuff of science fiction and Echelon speculation-is now commercially available and is being used by call centers processing hundreds of thousands of calls per day to authenticate identity, spot key words and phrases, and even detect when a caller is angry or frustrated. It is also being used by large financial institutions for fraud prevention. These same tools can be applied to detect and deter social engineering attacks. This presentation will discuss the current off-t...
Rootkit technology has exploded recently, especially in the realm of remote command and control vectors. This talk will cover the evolution of rootkit techniques over the years. It will explore the interaction between corporations, the open source community, and the underground. A detailed analysis of how different rootkits are implemented will be covered. Based on this analysis, the presentation concludes with a discussion of detection methods. James Butler has almost a decade of experience res...
In the last 3 years, Bluetooth has gone from geeky protocol to an integral part of our daily life. From cars to phones to laptops to printers, Bluetooth is everywhere. And while the state of the art with respect to Bluetooth attack has been progressing, Bluetooth defense has been lagging. For many vendors, the solution to securing Bluetooth is to simply "turn it off." There are very few tools and techniques that can be used today to secure a Bluetooth interface without resorting to such extreme ...
Technologies emerge on a regular basis with new promises of better security. This is more or less true. However we know there are still weaknesses and that 100% security is not realistic. Therefore the real need when deploying a new security device is to know its limits. IPS are part of those new technologies. They are oversold by marketing speeches and promises of an absolute security. Guess what? This is not exactly the truth.... The purpose of this speech is not to discredit IPS but to help i...
