Network Security News

Black Hat cybersecurity convo to reveal plenty of hacks

Wednesday, July 22, 2009

This year's highly-anticipated gathering of web security researchers and ethical hackers, Black Hat USA 2009, kicks off this weekend in Las Vegas. Researchers will present evidence of newly discovered web vulnerabilities and discuss the implications of the underground cybercrime economy and globalized threats for cybersecurity.

Some of the issues researchers will spotlight at the convention include the security of the electrical grid, hacker rootkits for exploiting Mac OS X and the technology behind darknets - private, peer-to-peer networks that can be used to share data securely, for good or ill.

Mike Zusman, principal consultant at Intrepidus Group, will present on a browser design flaw that allows an attacker to steal data from websites with Extended Validation Secure Sockets Layer (SSL) certificates, which are supposed to guarantee an encrypted connection.

Zusman and another researcher have devised a new attack, called SSL Rebinding, which exploits this flaw to steal sensitive data as it leaves the browser.

Hackers will also recognize the most-overblown security bug and most epic fail with their Pwnie awards. Nominees for "Most Epic FAIL" included StrongWebmail CEO Darren Berkovitz, who issued a challenge to hackers to break into his StrongWebmail email account.

Berkovitz was taken down by security researchers who used a man-in-the-middle attack to infiltrate his web browser when he logged on. He offered a prize of $10,000.
ADNFCR-1765-ID-19276845-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now