For those looking for information about the latest exploits, vulnerabilities
and information protection strategies, the first day of briefings at this
year's Black Hat conference in Las Vegas
was no disappointment. Jeff Moss, founder and director of Black Hat, started
the day out with this question: What security problems have we
fundamentally solved? In an era of targeted malware attacks, botnets and
the like, the question has few answers—if any.
At its core, Black Hat is about
demonstrating that. With that in mind, here are some of the highlights from the
first day:
DHS on Cyber-Security:
Jane Holl Lute, deputy secretary of the U.S. Department of Homeland Security
(DHS), spoke about how cyber-war "destroys lives" while physical war
takes them. She said it is important not to look at either kind of war as
inevitable, and that it was impossible to come up with an effective strategy
without discussion and collaboration. Some of her remarks, however, were not
exactly crowd pleasers, as some attendees questioned whether the agency could
be trusted to handle cyber-security effectively.
Malware Forensics:
Greg Hoglund, chief executive of HBGary, released an open-source malware
fingerprinting tool called "Fingerprint" to help organizations
trace attacks back to their authors. The tool, he explained, looks for unique
artifacts in code left by malware authors that can be analyzed and used to
identify the creator. Read more
on that here.
SCADA Security:
Securing the country's critical infrastructure was at front-of-mind for
several researchers at today's conference. Among them was Jonathan Pollet,
principal consultant for Red Tiger Security, who gave a talk titled "Electricity
for Free? The Dirty Underbelly of SCADA and Smart Meters." In it, he
highlighted a number of security
concerns facing today's critical infrastructure today, such as
companies running Windows 95.
ATM Jacking:
Barnaby Jack, director of research at IOActive, gave the talk he should have
given last year. In 2009, it was pulled. Now he came back, and reportedly
brought the house down with demonstrations of how stand-alone automated teller
machines (ATMs) could be made to cough up money.
VIPRE Enterprise Premium combines high-performance antivirus, antispyware, and a client firewall into a single agent so you get comprehensive endpoint malware protection with low system resource usage.
(Sponsor)
(Sponsor)
(Sponsor)
