Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Black Hat, Back with the Hackers



 By: Lisa Vaas
2007-02-21
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Black Hat, Back with the Hackers
  2. ' More Presenters '

Rate This Article:
Poor Best
Black Hat, Back with the Hackers
( Page 1 of 2 )

Opinion: Vista's not headlining this time at the hackers' confab, but maybe, just maybe, we'll see a challenge to snap the encryption on Vista's hardware chip.Whats in store for Black Hat Feb. 28-March 1?

Weve got digital forensics—will Jim Christy, forensics expert to the DOD, challenge attendees to break the encryption of the hardware encryption chip used by Vista? Maybe—stay tuned, because he tells me theres definitely going to be some kind of challenge!

Then weve got new and better ways to snap your favorite database into itty-bitty pieces, including NGSS David Litchfield presenting on Advanced Oracle Attack Techniques.

David tells me were going to be hearing about new Oracle attacks that didnt even make it to his most recent book, "The Oracle Hackers Handbook." That includes such sins as advanced PL SQL injection, exploitation, cursor snarfing, defeating virtual private databases and indirect privilege escalation.

For all you data seepage fans, theres Errata, with CEO Robert Graham set to show use of a tool theyve cooked up to pick up all the supposedly trivial data youre seeping wirelessly or even wiredly—along with how it can be used for corporate espionage and other fun hobbies.

Meanwhile, Dr. Jose Nazario, Senior Security Engineer at Arbor Networks, is going to share lessons learned from trailing botnet attacks. All this and more, more, more!

But before we delve into the details I shamelessly weaseled out of presenters, heres the conference lineup you can see for yourself. Now, this isnt the big Vegas Black Hat in July—this is the smaller DC one (Arlington, Va., actually), focused on government and enterprise issues.

Resource Library:
That means weve moved away from pure Vista, pure rich-sponsor Microsoft, back to the basics: hardware/sub-OS, enterprise impact, software security and binary analysis, and forensics (thats what Jim Christys doing, with the opening keynote, "Cyber Crime and the Power of Digital Forensics."

You might remember that the last big Black Hat was pre-Vista, and it was more or less pure Vista.

This time around well see much fewer pure Vista sessions, one exception being Symantec Research Scientist Ollie Whitehouses two-part session on GS (a compiler option introduced in Visual Studio 2002, used in some binaries in Windows Vista 32-bit as a defensive mechanism) and ASLR (Address Space Layout Randomization) in Vista.

The second section deals with ASLR implementation in Vista, about which Symantec promises "some surprising results." That sounds a bit too tantalizing to pass up, so stay tuned to Security Watch to hear what those surprising results might be.

I chatted with Jim Christy—the director of Futures Exploration for the Defense Cyber Crime Center, responsible for the research and development and test and evaluation of forensic and investigative tools for the DOD Law Enforcement and Counterintelligence organizations—about his keynote.

His presentation will be similar to his last Black Hat presentation, as he tries to get across how ubiquitous digital forensics are today, as well as how desperately we need law enforcement professionals trained in the techniques of digital forensics—techniques that are now recognized and regulated internationally.

Hes also after the private sector to come up with better tools to struggle through the oceans of data people like him encounter during investigations into child porn, phishing, computer intrusion and just about any flavor of crime nowadays.

That gets us back to his challenges. And back to Vista. During his last presentation, Christy threw out this challenge to the audience: Come up with a way to read data over a CD thats been physically broken into pieces. To date, the center has received solutions from 11 teams. This year hell throw out another challenge. He hasnt figured out what that will be yet, but Vista and hard drive encryption could be the theme.

"Vista is a major challenge for security purposes," he told me. "Now, it matches your data to the motherboard on the computer. Theres a chip on board that will do hardware encryption. For law enforcement, it will change how we do forensics. If a hard drive is encrypted and we get a dead box … it will remain dead unless you have the key to get into it. … Were being told by government agencies and Microsoft that you cant break the encryption. Obviously, thats going to be one of our challenges. We want somebody to break that puppy for us."

Errata CEO Graham, for his part, is looking to drill into some enterprise skulls how seemingly trivial information can be used quite satisfactorily by hackers. This is data seepage were talking about: the exposure of data that seems innocent. That differs from data leakage: i.e., sensitive information that companies know they dont want to have stray away.

A recent example of data seepage is how reporters found out about the Iraq war before it happened. Namely, they managed to extract information about the rate of pizza delivery from workers at pizza shops near the Pentagon. Lots of intense meetings, lots of pizzas.

An example of digital data seepage closer to enterprises hearts would be this scenario: Your CEO is in the airport lounge. She was previously logged in to the companys network. When she sits down for a drink, her chatty laptop starts looking for access points so that it can reconnect.

A hacker with the right tools could find out where shes been, physically, by looking at the access points shes trying to connect to. An eavesdropper could map the corporate network and within moments build up a complete picture of who this person is by monitoring the wireless network, Graham told me.

The answer? It isnt a question of a silver-bullet security product, nor is it a question of user behavior modification. The problem is that activities such as reconnects are happening automatically, Graham said, with users being unaware of whats happening.

"Its more a tradeoff," Graham told me. "You have the ease of use of the laptop, with things happening automatically, versus making the laptop harder to use."

Graham will be demonstrating how the data eavesdropping can be done, and hell be showing just how much eavesdroppers can find out.

Next Page: More presenters.





  Reader Comments: Black Hat, Back with the Hackers
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}r㶲s\@♵M푦dKbY^fI*%Bc"){eoВ/㩱%lh|GgoD.0 8ܢd;|9|@D%SjNAM3g{ھl es_gp,mg h{=Dm@~5{ r!&~>KE!e$oqX}؁䛿S=2t3ݛ6BT Kd/B(?cs?C=~'_h@a5w0vK]K_CUVekVClvi!rs!gߎz$nPr&N7w#25NRZB[4HeCc7`wXS.PVf̴;gu[gc=ױ}ǣ!&$fF=~0[QM+.l5ZJpaO,ӇqtRpce[7'0ml_j| sqDfjd1KU ozcns txz`:v8,2踖þɲn gmdMydkjtUP)^0my-Ӟ6Q9n~ߍj۟]*eUӻj_\H CK -%ZA;OoY\u?./-N6Nַ߈ QT"*rpE4f‰EUC$vߔM-~k~:CF,[sAT4 行ĠK`W:kQ=k>_rܶ9ސfcCR=BgCj`BmiqeUo~nvO|gl M GiT%5fEu}Jr,Neo_.K`HmDi[ܺʑ\ yǛ3ReQ oȱo>0@|Ӡdq, ߱n\S;G`hGo_[ ZR E/<@'D57kSfIr(,eg{j MH:Ƃ5Ŧ]`)edFS$%/^P%P샖_΢[2jFTwIQa#aẍ_,ʹcc^IRe6\}yprvwܬu"*մޅ-~4ҢKsIi5I{Nk@*჎(>hƋMr_>iI70i\+Gݺ~NnXŞ* Q߭C0CGA 6]LR}b;>t9 PhS0<xwLMσ-JCˋƠ` VPC9N@FܧP}MrA}6g`sDoiC1QB?Ԇ!~9.b&A/tSt=JIA }At"BђF 4  gsX"C"'' [AX;.VKŤ\*1=Ri !Kg Rsvn KŔ=*%nqR%a 3ʬ$&vϏhbB|#'"Xr`Y \h+|i)lc l[6؛Ţri*|:IoBk<6G&,a8Bdp=A&)C K,tt?\ 7!v<9=% t0h3Vh9L) ./| ` SnRM ݜ6,hJ"+p5(Bk?fx Q6`]2':rgtGnmؠ9@7ÚLGQ+ow7 =3q ؇CUT3_H<2_O#i[}7MK% hB=Ss&A|5i!3'Xe onUg plTo-V,~%fsP*oWuR@_F&ۊx A-ژ WZڄ"JMP>L2Cɣ($mU2L686pc>7l{`(`R55) KAUKUbګY3wld xAqFFݐ`ADLl5Kթw글4=";zu@nztqӱ3 ?`ǟG(a!w1JkX$ M=̔:Y[ ~2.|N +e@m\:b暺8_, {guaWjHKWs  4 ıLBYaX88l];(k 2qÝa&9~ L>AS-cfDیsǙXT&/Ał4 ֚p̈́Ouo4'8o'<Ӏ!ak"A4b6RU.(L,:j1-[ Hg [Qzo3C zA$zmK& GGsݧ==1g *3@9~2T+BZ= qQT*߬Ps1)'@S$f|`g<ڗ_ޝoh`1gr8 _0t*rȵ`s|eLFjAB;<R)hᮣ\pR "(8~0~Ɋ`3 خ crFmhv~:N(k8ΓeO#c#lʂt!WMUm#Xݙ `1}jDa#CP`f0%+ #m6QJc8M!vV;+jZS~I1H%[S'sGŵRCȮcfj>F5*jAe߯yYb^ LjB:GdH>#`Кv*47w Ԫ6 h)6YS!bW hĞeeS7etjC鳰0%Zȓ3;pi-u QB< 6|o D >RWo鸙 Ĩ/hyUM+%Ff038ڃϣ epv=[9,3?{談*dx{ zНt;'n_LWEnRD71PUL xg4sfDcK6VNL&vxm"Y;"^_ 9{$2ÄsqS))rL*H+ů 3ˁ#_.ITz[RUe@4yH3k 9 =EЋqc<UL:خOl8oy U8e3 S`e3˕2~g^`. JU-~ txAcEihhkc򑤟ȕO?"⣨j6 J \u/Zha~%36J-ܛ`,@N|GO] 2I$̸y0ŗ!%Kg O@lXC=B.SnIo.WZx\[ XLh;}X^5eX$fPNV*ӪV$,< 7Cwd',-LGI4^:&.2O%ss< ⿁On{ܝ9ЍFHΝrQӊ 5`JR'0阆cĵ) rZ: #ɢ\' WeR8]q,g( ,O$%,t=ǣۻmpI74!,dd˙](bof\ц.[g0V@ɁtnG4nWKߧ ?wL.W-)^{-y2#NԸl_$'d0 szj܄'6b7L`jX&IEyD#S5CKiWa@ ձtoN,8;XKR!}&>CmP7q4eVyy~ïnUk~ $*`AQ1@kNF4۽ƧHvZfp6"BtX 1ue}E/c)%Q\(,:48Q%l67 FWE'k+ u{--'2}m1џ.W` eIdakf+6IGҽ< $ubS`݃.[s30i!ܨ2 7?xKP .Mu?nRo4 jGYk.NEm{-~G0 cl9Ga(1G|$z`ea#ݒ:h<5K2)!MOp|Lh'IZV6X(4%!44QҌObCYA*C' һn\mpVPt._xvIssyx4*i(5~q*AB|$Hy0ΓJg+y-)EC^}+ IN48=Na.Oz/uϏm_wg=z@(O$ ؑq eީӊN|u +ɅNo͗W>0k{R̵j 2aє{@ف9^kgtFS<3m~`'6<Up")5Xfx>VAΈvY?{xXL7mb4'~4>/@ W{$ ^޼=6oQP]9Yz$AC~oN~䄜71n;~[o5e's7+۽tNiimơ8-J}~l/It6Djy[a{wCWȪ̙Szۋ~g#S^q:-< &iuoǥ4LZQ>]bwP{_zŞYiIu9/s\-"nZZ⽸|W90.=y$/Av} ,D>?G{oD:*p&޸:4Gd(΀{,SX+`Y;aNz1(}'I(8L&*~<ۃp6`p1OxZ{]+~Jb%EL@[NVdeCg0fbY[w:SH SuքggK3nO KbA-,9+c ¬A0x#^Hg)!2=M1d2ំ ;[՛Ez6y-"iXUBj^˲H\uڙ85H40␚&$I+ R1D&6I0D&WAo/?IN-QN"b´1Ћ| ,<,]:9x ie1w*0 /D# ؁ OF8D'Zdbh1Xy$+oK4ŗ'P;\ׁ?mXMS _X7% xZފh,"`Sڅ0X_쌄pX'ȘRzqr"a7ܔZ]L/ H}X(ImX *uY$pY(*jVBV0;hVhk#@`g`w *pՔŵtI'$aJx> ="jFlà J}奬vO;g&sf昏G`E>ّ%ݳ<:`8#=M@"8.d6kk?`wE^wnk@=3l0N9>Fѡqo$ f"?*^طp}ۚ_CHwÃҍmĥA:m׿>i1[U2n A /ԟ+\iPG?ѫQo>%Aw  _? !v}_A2ꉇ@Եy o|}yl;pXJsc_Py4[[PeUjqjkN3O.+ w#z8O{$|o,st0m5pXΪ0Gx;w8\}o^h\W7'˙8Pȟr䞅täj_g˫^nGnoʸi .quSnz1!_-Gon0)Hً7:e4 h~Ld62]^IIͽ=ڶ/h `|F0-c l s)(U-~]&U6e#{tJVY,eeYy3v;Ճz ƗY'6$ [IHgs;wfP;EX1̭-)^dnNÌ'V*^Nh=yW`WA|`߱1 ז 8iQOE| ɫ^_VBOƗy\ '[U>-b1E+l@.]h 3}LC=}p,ZL w!^9{<;cT<%'0-0ܕĤAI҂B4삥ĨWxn"9HЕXWԖkfk#F+r"Z"'"KIH^X0!pD]dbɠ#c{$p#(4o&F20bS,^4J711ǜSDr\cZJӂ,w)]do=05֘0HtL'f=-s..;˼^3ZNpxu!]~B<{! }(W' #n%YVmIr .kh>a<{ )?kUeqb+ZAkb<ҁ9+qܒ:iz 0F_g|B'`߄l>FS).Mo Arj$Ǘp N@`m¼܏@BSx㷭Gd.$1qUq5`G:$nXV{+$νOg-<&-cWld"$@_޺m~Fzh/Uw[7= d{P^H{u.a vT*0 ΢w:ڀ (]Afx=fn0Oғ]5:xxd|U/~m#k^bʑf,3nTk|sSDDT2OaH9P=SAbX"!cR1Q(pxi|wV`nOKZ‚ 5" 2kpb3H'RHf u]`}(|춯#D[/d 6C;b<1c|>O{$vW@ĀdVt]\P"@J>S|??&~e KHbyu~VK X`,2E<CepY<>swe~rkt6{fI5KqfldaQ(b:M u?}ǮS%nKM b$!%H$bcx=9aacndxFCa]N͑/#~|aP8\  +z+U'I]U@)p!xW`ǪZJ`Wt'x2n?W5.4!W)WPh r#cvFCd$ڟ,\q}}uoHݴZwzӾWuٽCL֚_ԝniYu}Ӿg&hT楾xQ(;OFYi1;eNq*gg.ͅdUh,Y.3U94dG_1}4ex#UüzUzu7 |KOA~ټizZ6Z[NA|vuQSȐ:|jQ p7@Q`1D?rM0p4ħeOW\=4[E%eFPsFPkF l.?m62ʻP(GJo.oS(?\~99<v~\nfF9?ϴ2ʡeO/e|vNt`w~' >ී৓1g'>;@ DG(Q~dwQ{1W?Wsw1]7]? ͐/@q _gsA?=/c=/c}~_6A_cV9c>>foʁ~o3ڿh6N272q S*R~A/2ȋ+OY射:(? yVV<^`]fkx.rf e{);[?[OBX\jzr+^fim4v+iAư[/6^c/K^浽I<"xEq\+gل@CX{#uO'NW4CﹺKd^ WsU}ӉzZ>Ś/JYy<* t!=}3cT %/ܻ Gz‰nQ"/L`yY`fEY}@' @8_Ew9a׀nדpK|` U75i*py[~|^gA7gn"B8Cw_aɠ1zI?'O!4 D LA(z<}K=sބ]:;Ѝ21Fr|(VT+[-WJr=wDDG1Q5YUdJ.'jeTL3DAzg l]{ۦJ̾ZCO3CX)x}̺lk %.t> (luy5%2 hӓ80~.H+n {<o>HZ~nuV\kV+,+6(|6bRFՏSG[[z0&YAŊr2&Fd}#x=+N7"4Σ̯HܝS,, -V  P3xX: g[=Ǚې&۵]ݍ:S'/Հ`;4}v%c vԡ:D[T`/c?Jwi yF˟4a&ngLi?|]c 6{Nzzgo 1J)1x_BDOv֤>Cquw$>x*8]vu$$}9= zLᝳZoTù(頲;wlFvq!hX9VX#e yF>;ul>:ĝHzݭ}#K^'(z)̸>IϐR1Y9%)^[#|/Ljg_7 BF3qK:![31Q)jkI/?mwI3軱Wx&%}YQ v.ymFʪv\L^T~7(V\w|7(6؋|%OG ϻ9eD'g ߅/nSC>X6%ɿعiUhHm;:it[S,[@# e`1v4`eh)Yձ]w O ngcx w3.1ee|nHHU֧f2{:з57d([| ӽE^?Fq:h /Asl2qV43@FWD0;"ZYm"sE%X,8/ uf6[ƝMQh| 9-Bux [=] D peӵy2 WVc]R>E+ ]'[ۧ3й?-{/e;]G,{QFbFA#q-E6d֌֎Mӝo3a-dcˤ_ ō)