CONTACT INFO

SCHWARTZ HOMEPAGE

TANGLED WEB

Tangled Web Blog

Black Hat 2010 Sessions - Day 1

Today is the first day of the 2010 Black Hat Conference speaking sessions. Among the line-up of anticipated talks surrounding wireless security (specifically that of WPA2), mobile device security and ATM vulnerabilities, there is a slew of additional sessions that are bound to make some noise.

One of the noise makers is likely to be the session exploring how to intercept cell phone calls. Some interesting rumors of lawsuits caused eyes and ears to turn toward AT&T, but the company cleared the air, saying it will not interfere with the demonstration.

Although often passed up for obtaining credit card information, counterfeit checks are not a thing of the past. Although you may find yourself having flashbacks to the movie “Catch Me If You Can,” a discussion on how Russian hackers obtained images of checks from a number of retailers and other businesses is a high-tech version of the old story. A quick summary: Russian hackers found a way to utilize technology to make this low-tech crime even more dangerous. They have not yet been caught.

There will also be exploration into weaknesses of SSL, used by websites to protect data. One session on this topic will explore how to attack storage mechanisms to tamper with a SSL session. Another SSL presentation will focus on results of a study that analyzed SSL use to document configuration errors, which weakened thousands of websites.

There will also be discussion surrounding web application security, particularly as it applies third-party code, which includes such items as widgets, applications and advertising modules, all of which are very popular on web applications. These applications are meant to provide additional functionality for the user, but security implications across a variety of industries—including healthcare and finance—could result in infected users.

SEO has been a topic of growing importance for many companies over the past few years. With this in mind, it only makes sense that hackers want to jump on the bandwagon and will utilize SEO to push out malware. Taking a look ahead to DefCon, researchers will show just how important SEO has become to the “malware pushers.”

Check back in tomorrow for a recap of the Day 1 sessions and what we can expect for Day 2.

Tags: ATM vulnerabilities, Black Hat, counterfeit checks, DefCon, malware, mobile security, SEO, weaknesses of SSL, web application security, WPA2

Posted by Kristin Forte Allaben on July 28, 2010 at 9:09 AM

Share |
blog comments powered by Disqus

Author Profiles

Shweta Agarwal - Bio
Kristin Forte Allaben - Bio
Dave Bowker - Bio
Deepika Bharadwa - Bio
Tiffany Darmetko - Bio
Matt Grant - Bio
Bill Keeler - Bio
Katerina Korfias - Bio
Ross Levanto - Bio
Bryan Scanlon - Bio
Nicole Solera - Bio

Feeds

Recent Posts

The Pulse

Client Blogs

Categories

Archive