Black Hat, DEF CON Put Spotlight on Major Security Issues, Hacks

by Sean Michael Kerner

For the past 16 years, the Black Hat Security conference has been held at Caesars Palace. That will change in 2014, as organizers have scheduled to hold the conference at the Mandalay Bay Resort and Casino.

The head of the NSA, General Keith Alexander, used the Black Hat keynote podium as the medium to defend and explain his organization’s activities, including PRISM. He was heckled at the end of his keynote by an individual who told him to “read the Constitution.” Alexander promptly replied, “I have, and so should you.”

Brian Muirhead, the chief engineer of the NASA Jet Propulsion Lab delivered the Day Two keynote at Black Hat. He advised attendees to “take risks, but do not fail.”

With the NSA Chief at Black Hat, lots of attendees had differing views on his arch-nemesis, former contractor Edward Snowden. One Black Hat exhibitor FileTrek ran a poll to see if people thought he was a hero or a villain. On the last day of the event, the poll was an even 50-50.

Ed Snowden didn’t just show up as a cardboard cut-out on the Black Hat show floor, he also won the award for epic 0wnage at the annual Pwnie Awards for the top hacking achievements of the year.

Lance James, chief scientist at security firm Vigilant detailed the shadowy world of booters, DDoS attackers for hire, who took the site of his friend, security blogger Brian Krebs, offline.

At the DEF CON conference, several USB “free chargers” for mobile devices were deployed. The deployment came just a day after researchers revealed new USB-powered attacks against mobile devices. Such attacks can infect an Apple iOS device through USB chargers, and there is no patch yet.

Among the interesting devices to emerge at DEF CON was the WiFi Pineapple MarkIV penetration-testing device. One researcher even cut out the innards of a book in order to hide his Pineapple for conducting stealthy WiFi research.

A highlight of DEF CON for many years, the Wall of Sheep publicly shames attendees that send their username/password information, unencrypted and in the clear.

href=”https://www.eweek.com/blogs/security-watch/def-con-reminds-us-of-the-importance-of-physical-security.html/” target=”_blank”>tamper-evident mechanisms.

It’s not all hacking and listening to people talk at DEF CON. A big part of the event is always the people aspect and hanging out in the Chill Out room listening to techno beat music.