The Black Hat DC 2010 convention is underway, and here on InfosecEvents we are reporting key issues from the many Black Hat Briefings given throughout this two-day information security event. Be sure to check back here for our reports, links to important information, some killer tools, and more. On-site check-in for #BlackHatDC opened 8 a.m. EST, Tuesday, February 2, at the Hyatt Regency Crystal City in Arlington, Virginia. Day one opened with Black Hat founder Jeff Moss, introducing Keynote speaker Gregory Schaffer, from DHS. Gregory Schaffer is the Assistant Secretary for Cybersecurity and Communications (CS&C) at the U.S. Department of Homeland Security (DHS).
Organized similar to last year’s event, the Black Hat DC 2010 schedule shows the first day’s three tracks: Application Security, The Big Picture, and Hardware. The three tracks for day 2 include: Application Security, Forensics and Privacy, and Metasploit. Day 2, February 3, of Black Hat DC 2010 opens at 9 a.m. with “An Uninvited Guest (Who Won’t Go Home).” During this presentation, Bill Blunden (MCSE, MCITP: Enterprise Administrator) addresses “battle-tested” forensic tools used to analyze storage devices. At InfosecEvents we are exited to learn more about the latest rootkit methods deployed against Windows platforms.
Black Hat, produced by TechWeb, is the world’s leading information security event. Black Hat DC 2010 hosts over 500 security experts from the public and private sector as well as underground hackers from around the world. Stay informed as we report on new vulnerabilities and new tools involving Adobe, Apache, Microsoft, Google, and Twitter.
Joseph Menn – Hacking Russia
Joseph Menn, author and Financial Times correspondent, was at the event to launch his recently published book, “Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet” During his formal presentation at this years’ Black Hat convention, “Hacking Russia: Inside An Unprecedented Prosecution of Organized Cybercrime,” Joself Menn took the audience on a trail of intrigue, describing the Russian cyber-mob and La Cosa Nostra’s fight for supremacy over the global hacker underground; an underground determined to steal financial data from consumers and defense secrets from governments.
Chris Tarnovsky – Hacking the Smartcard Chip
During break everyone was still talking about Chris Tarnovsky’s briefing “Hacking the Smartcard Chip,” an in-depth hack of the Trusted Platform Module (TPM); involving a mix of hardware and software (60 percent hardware and 40 percent software). Christopher Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of security relative to semiconductors. Once identified, Flylogic offers reports explaining in detail report of how the electronic chip under study can be compromised. DarkReading.com captured the presentation on a post called Researcher Cracks Security Of Widely Used Computer Chip.
Blogposts and Tools:
- From Richard Bejtlich’s blog TaoSecurity: Black Hat Briefings Justify Supporting Retrospective Security Analysis. Richard remarks, “Having left the talks [Black Hat Briefings], I have a set of techniques for which I can now mine my logs and related data sources for evidence of past attacks.”
- Microsoft releases free SDL tools at Black Hat DC via ComputerWeekly.com. The tools are the latest public releases of elements of Microsoft’s Security Development Lifecycle (SDL) program.
Day’s Closing Comments
Today’s Black Hat DC 2010 conference was fantastic! We’re really looking forward to what’s in store at tomorrows Black Hat Briefings. Be sure to check back with us at InfosecEvents for more Black Hat reports coming soon.