Black Hat 2010 - Day One Roundup

Black Hat 2010

Las Vegas, NV. Black Hat 2010 – The Tech Herald is in Las Vegas this week, covering one of the largest security gatherings of the summer. Here is where you will find a recap of day one.

Adobe joins MAPP program

Adobe and Microsoft announced today that, before the year is out, security vendors enrolled in the Microsoft Active Protections Program (MAPP) program will start getting vulnerability information from the electronic document vendor.

Instead of developing a similar program, Adobe took an easier route, and said that it will start sending detailed vulnerability information to all 65 partners enrolled in MAPP. The plan is expected to start in the fall.

Microsoft also released EMET, a free tool offering security mitigations to older Microsoft platforms and applications. EMET helps block targeted attacks against unfixed vulnerabilities, according to Microsoft. The tool will be available in August.

Apple fixes Safari issue before Grossman's talk

WhiteHat Security CTO Jeremiah Grossman is set to give a talk at Black Hat tomorrow on practical attacks against the auto-complete functions used by major Web browsers. Safari was one of those included on the list of vulnerable applications, but Apple fixed the flaw before the talk in an update for Safari that addressed 14 other problems. While some argue that the fix is shady, it's actually a smart tactic, and one many vendors have used in the past.

Grossman discovered an attack against the data stored in the Address Book Card. A malicious website could create form fields corresponding to the data used in the Address Book Card and run a JavaScript application that will simulate keystrokes from A-Z and pull the data. In addition to Safari, Grossman will cover problems with Internet Explorer and Firefox.

Jackpotted ATMs

We missed this talk, due to scheduling conflicts and an interview. However, it was all the buzz in the halls after it was over. Barnaby Jack, the director of security research at IOActive Labs, demonstrated a physical attack and a remote attack on two ATMs. While one attack required him to open an ATM and use a Malware-laced USB drive to gain control, a second attack allowed him to remotely jack the money machine.

For more information, a great write up of the attacks can be found here.

SSL is broken? No, not really.

“SSL is broken, and while it's great to see things are going better now it's a long way down the line.”

Those were the words of Black Hat founder Jeff Moss during the keynote this morning. His address centered on the current state of Internet security for both businesses and consumers.

We spoke to a few people, who agreed Moss he had some valid points, but aside from the known 'Man-in-the-Middle' attacks, and the MD5 attacks on SSL, which can be mitigated, it wasn't clear what exactly is broken on SSL this time around.

An interesting side note to the scary and often mistaken claims that SSL is broken, is that a majority of SSL issues are caused by the users themselves when they improperly implement SSL. Details of these types of problems will be addressed in a talk by Qualys.

Another boost to SSL will be the implementation of DNSSEC, which will boost the proof of identity that comes from EVSSL. When DNSSEC is completely deployed, it will provide websites with a way to use stronger DNS to prove they are who they say they are. This will enable not just browsers, but any Internet-based application to check the ID issued by DNSSEC to confirm that the site is what it reports it to be.

In a standing room only talk on Tuesday, Dan Kaminsky introduced his vision for Domain Key Infrastructure, which will ultimately be “one of the biggest things that we've seen infrastructure change-wise that will make the Internet a safer place.”

It's not going to make changes overnight, he said, but “this stuff is powerful.”

We'll stick with the DNSSEC and SSL story as it develops.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.