LAS VEGAS-Day two of briefings at the Black Hat security conference produced some interesting moments here in Las Vegas. The day began with a keynote from former National Security Agency (NSA) Director Ret. Gen. Michael Hayden, and included everything from mobile security to weaknesses in HTTPS.
Without further ado, here are some highlights from the final day of this edition of Black Hat.
Hayden, who also served as director for the Central Intelligence Agency (CIA), highlighted the complexities of cyber-war and the need for the United States to get more involved with other nations in conversations about fighting cyber-attacks.
Weaknesses in HTTPS:
Researchers Josh Sokol and Robert “RSnake” Hansen talked about 24 vulnerabilities in HTTPS that could be used via man-in-the-middle attacks to potentially hijack browser sessions. While Hansen told members of the media “the world is not crashing,” he also said fixing the issue would require changes to SSL protection, such as additional junk code that would make it take longer for an attacker to take advantage of the issue. The duo also recommended better tab isolation and sandboxing as solutions.
Researchers from Lookout Mobile Security highlighted some of the dangers emerging due to the explosive growth of mobile applications. Urging users to be vigilant about the apps they are downloading, Lookout noted suspicious wallpaper applications in the Google Android marketplace from a developer known as “jackeey,wallpaper” (who has since reportedly changed his name to “callmejack” since the research was released) that pulled several pieces of data and transmitted them to a remote server. The data included the device’s phone number, subscriber identifier and the current voicemail number on the phone.
Researcher Craig Heffner demonstrated how many consumer routers could be exploited through DNS rebinding to gain access to the router’s internal-facing administrative interface. According to eSecurity Planet, Heffner, who works with security consultancy firm Seismic, urged users to change their firewall rules to prevent an external IP from rebinding with internal ones, and to disable the http admin interface of their routers if possible.