For those looking for information about the latest exploits, vulnerabilities and information protection strategies, the first day of briefings at this year’s Black Hat conference in Las Vegas was no disappointment. Jeff Moss, founder and director of Black Hat, started the day out with this question: What security problems have we fundamentally solved? In an era of targeted malware attacks, botnets and the like, the question has few answers-if any.
At its core, Black Hat is about demonstrating that. With that in mind, here are some of the highlights from the first day:
DHS on Cyber-Security:
Jane Holl Lute, deputy secretary of the U.S. Department of Homeland Security (DHS), spoke about how cyber-war “destroys lives” while physical war takes them. She said it is important not to look at either kind of war as inevitable, and that it was impossible to come up with an effective strategy without discussion and collaboration. Some of her remarks, however, were not exactly crowd pleasers, as some attendees questioned whether the agency could be trusted to handle cyber-security effectively.
Greg Hoglund, chief executive of HBGary, released an open-source malware fingerprinting tool called “Fingerprint” to help organizations trace attacks back to their authors. The tool, he explained, looks for unique artifacts in code left by malware authors that can be analyzed and used to identify the creator. Read moreon that here.
Securing the country’s critical infrastructure was at front-of-mind for several researchers at today’s conference. Among them was Jonathan Pollet, principal consultant for Red Tiger Security, who gave a talk titled “Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters.” In it, he highlighted a number of security concerns facing today’s critical infrastructure today, such as companies running Windows 95.
Barnaby Jack, director of research at IOActive, gave the talk he should have given last year. In 2009, it was pulled. Now he came back, and reportedly brought the house down with demonstrations of how stand-alone automated teller machines (ATMs) could be made to cough up money.