Black Hat USA and DefCon: Finding Security Risks in All the Things
The annual hacker gatherings will bring out new research in car, payment and internet protocol security.No week in the information security calendar is quite like this one, with the annual Black Hat USA and DefCon security conferences descending on Las Vegas. The mythos of the two security conferences runs deep across more than two decades as the places where new research is revealed and zero-day exploits are announced, and the 2016 events are no exception. While the focus of Black Hat USA, which has its briefings on Aug. 3 and 4 at the Mandalay Bay Resort and Casino, is largely on new issues, the event kicks off with a keynote address from security researcher Dan Kaminsky that will likely reminisce about one of the largest issues ever revealed at a Black Hat event. In 2008, Kaminsky dominated the Black Hat headlines by detailing a flaw in the Domain Name System (DNS) that has since become known simply as the "Kaminsky Flaw." The Kaminsky Flaw is one that was thought to be critical to the foundation of the internet as we know it, and could have enabled the widespread disruption of traffic. At Black Hat USA 2016, Kaminsky is talking about the hidden architecture of the internet and how it is at risk today. "Essentially, I'd like to provide a model for comprehending the internet as it stands that prevents harm to it while providing the useful resources to promote its continued operation," the abstract for Kaminsky's session states.
Kaminsky won't be the only person at Black Hat talking about core internet protocols and the risks they pose, as there are multiple talks on DNS and HTTPS security. Security researcher Erik Wu from startup Acalvio, for example, is giving a talk titled "Dark Side of the DNS Force" that will discuss DNS-based attacks.