Security Watch

Keeping Track of patches and hacks in the IT security world.

What's on Tap at Black Hat

As Chuck D, an expert wise enough to retain his own personal security force (S1W) at all times, once famously said: "Here we go again!" It seems like the year flies by between the end and the beginning of the annual Black Hat security conference these days. I guess that means

As Chuck D, an expert wise enough to retain his own personal security force (S1W) at all times, once famously said: "Here we go again!"

It seems like the year flies by between the end and the beginning of the annual Black Hat security conference these days. I guess that means that I'm getting older and life is passing me by faster, but it also likely has something to do with all the compelling security research that has been getting published year-round these last few years.

Anyway, here we are again on the cusp of another week of stunning, entertaining and unusual hacking presentations as the training session of the 2008 show is already under way in Vegas and the Black Hat briefings wait on deck for tomorrow.

With attendance reportedly nearing the 5,000-person mark, the show undoubtedly continues to grow in its reach and influence. And even though some observers lament that Black Hat has lost some of its edginess since being acquired by tech publishing house CMP several years ago, all one needs to look at are some YouTube videos of that Dateline producer being chased out of the 2007 sister Defcon conference to appreciate that while the crowd has grown more corporate, the shows are still very unique and relevant. And fun -- and funny, if you're not the one being pilloried!

So, without further ado, here's a rundown of some of the best of what this year's Black Hat show has scheduled, along with some random observations.

Day One: Aug. 6, 2008

8-8:50 a.m.: This is always a fun time, with lots of people standing around shoulder to shoulder in confusing lines stepping on each other and trying to figure out what the hell is going on. Apparently this year there has been some effort to spread things out and reduce the potential fire hazard. Mooo.

8:50-9 a.m.: Welcome address from Jeff Moss, which is always enjoyable and altogether too short in comparison with some other programs. Hopefully no need for anyone to shout "burn the witch" during these proceedings at either show this year, though, that did sound fun.

9-9:50 a.m.: Keynote by Ian Angell, a professor from the London School of Economics. Fun side game: Count how many people fall asleep or play Warcraft during the entire speech, and try to guess how long it will take before someone tries to light a ciggy inside the hall.

9:50 Break. Mooooo!

At 10, the different research tracks get under way. This year's selection includes Root Kits (less painful than root canal, maybe), Zero Day (which is really every day), Applications (in)Security, Bots and Malware (Wall-E t-shirt not included), Deep Knowledge (read as: Good luck understanding this, nontechies), The Network (aka Cisco and security), Over the Air (see new Wall of Sheep for hapless victims), and Reverse Engineering (Devin Hester is not briefing this year, alas).

Most interesting name of the opening lot goes to "Bad Sushi: Beating Phishers

at Their Own Game," delivered by Nitesh Dhanjani and Billy K Rios on the Bots and Malware track. Bad sushi is just bad, even in Vegas. Think Binion's buffet rather than Nobu.

As much as I like the concept of Nate Lawson's "Highway to Hell: Hacking Toll Systems" at 11:15 after coffee service (Moooo!), I'd probably defer to Jared DeMott's AppSec A-Z, or Dan Kaminsky's "Black Ops 2008: It's The End of the Cache As We Know It" (DNS flaws not included).

Then it's lunch time. Won't even bother with making animal noises, as you can imagine what this looks and sounds like, except it's worse than you think.

At 1:45, I'll give the nod to Chris Hoff's "The Four Horsemen of the Virtualization Security Apocalypse," though Yuriy Bulygin's "Insane Detection of Insane Rootkits" sounds fun. Because isn't insane anything fun? Well, maybe not Insane Clown Posse.

Then at 3:15 there's "Xploiting Google Gadgets: Gmalware and Beyond," delivered by RSnake Hansen, and Jesse D'Aguanno's "iRK - Crafting OS X Kernel Rootkits," which is sure to be both irksome and edifying.

At 4:45, when most attendees will be sitting in the hallway checking e-mail, grooming their elaborate facial hair or adjusting their utilikilts, further adding to the confusion and mayhem, there's the "Meet the Feds" panel (disclose a vulnerability that the government asked you not to and meet them even sooner!) and Paul Royal's "Alternative Medicine: The Malware Analyst's Blue Pill," because what would be a Black Hat without a Blue Pill, right? Feeling green yet?

At 5 p.m. everyone who hasn't already started can and will begin drinking, there's the official reception and poker tourney upstairs on the 4th floor, and the second annual Pwnie Awards, which celebrate the year's finest hacks.

As for Day 2: Aug. 7

At 8:50 we get another 10 hurried minutes of Jeff Moss.

9 a.m. keynote goes to Rod Beckström, Director of the National Cyber Security Center (and who is clearly a big Motley Crue fan).

Back into the sessions at 10, how can one resist the charming sound of "Satan Is on My Friends List: Attacking Social Networks," delivered by Shawn Moyer and Nathan Hamiel (with Satan classified as anyone who posts bad pics of you on a MySpace or Facebook profile without your permission).

Chet Hosmer's 20-minute "Metamorphic/Polymorphic Malware DNA" would appear to pack a lot into little space somehow.

At 11:15, Billy Hoffman gets to do his annual song and dance on J-Script and Web 2.0 technologies in "Circumventing Automated JavaScript Analysis Tools."

After lunch at 1:15, Microsoft starts feeling the heat as "Attacking the Vista Heap" with Ben Hawkes and Su Yong Kim's "Vista and ActiveX Controls" both get underway.

At 3:15, 50 Cent fans and aspiring malware moguls rejoice at Jeremiah Grossman's "Get Rich or Die Trying - Making Money on the Web, the Black Hat Way," (which does not involve any members of G-Unit, unless Grossman has significantly changed his MO), and how could any Black Hat attendee not be interested in "How to Impress Girls with Browser Memory Protection Bypasses," with Alexander Sotirov and Mark Dowd (Tip 1 -- never try to impress girls with browser security tricks).

Then at 4:45, there's David Litchfield's "Oracle Forensics," (no, Larry Ellison is not dead and his corpse will not be present -- at least, we don't think he's scheduled to speak) and "Methods for Understanding Targeted Attacks with Office Documents," delivered by Bruce Dang.

Chuck D said "Dang!" a lot too.

Then it's on to Defcon and Goatse. Wheeee!

See you there.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to