Tangled Web Blog

Black Hat 2010 - Anticipation Mounts

As speakers and hackers gather in Vegas for the 2010 Black Hat conference, there are many topics on people’s minds.

In much of the pre-show articles, there has been talk about cloud security, a topic that seems to resonate throughout security conferences this year (see previous post on RSA 2010). There is also discussion on wireless security, particularly as it pertains to mobile devices. This is most definitely an area of increasing importance as IDC forecasted that the mobile workforce would exceed one billion by the end of 2010, potentially bringing to light new security implications for enterprise networks.

Most prominently over the last few days has been discussion of the vulnerability within WPA2, currently the strongest form of WiFi encryption and authentication. The vulnerability, identified as “Hole 196," lends itself to man-in-the-middle attacks.

We can also expect to hear about:

login security issues with Twitter and Digg and timing attacks,
DNS rebinding that uses “Jedi-mind tricks” to enable JavaScript-based malware to penetrate private home networks,
VPN security and management issues regarding out-of-date software and configuration issues, and
thoughts regarding a rewards system for researchers from Microsoft’s Security Response Center (MSRC).

It appears, however, that the most highly anticipated session surrounds Barnaby Jack’s research into ATM vulnerabilities. As some may recall, this talk was canceled last year due to pressure from ATM vendors. Similarly, this year, a session entitled “The Chinese Cyber Army: An Archaeological Study from 2001 to 2010” was canceled due to outside pressures.

On a fun note, Black Hat attendees will also be participating in the Pwnie Awards, which recognize extreme excellence and incompetence in the field of information security. Some categories include Best-Server-Side Bug, Best Client-Side Bug, Most Overhyped Bug and Lamest Vendor Response.

For those of you preparing to head out to Vegas later this week for the array of speaking sessions, take the Black Hat Challenge. What one session would you attend?