It’s time for Black Hat once again

Corporate security in the high desert

THIS WEEK WE celebrated the 40th anniversary of putting people on the moon. Next week we’ll hear how San Francisco’s parking meters are hackable, have we really moved forward technologically?

Hackable parking meters are one of the topics at CMP Media’s Black Hat conference, held annually in Las Vegas. This annual summer ritual, followed by the hacker convention Defcon, is starting to stir up it’s annual buzz in the computer security community, somthing it usually does. Black Hat in Vegas is sort of like the fall hurricane season – always there, sometimes more scary than usual, but sometimes a bit of a whimper. Just like hurricane season, you can’t exactly tell in advance what will happen, no matter what the experts say.

Black Hat is the quintessential computer security conference – it’s all about describing engineering flaws in modern civilization by celebrating the process of breaking things. There’s a bit of gladiator spectacle, a bit of embarrassment for companies that get caught shipping dodgy kit, and a bit of engineering challenge. In the process a lot of important security topics get discussed, and sometimes the lawyers get in the way. This is definitely a Las Vegas event. While we may be to shocked at whatever inflammatory hacker sound bite makes it to CNN, we should definitely not be shocked if true security problems are exposed by the presentations.

The fear of sound bites obviously impresses some people. Juniper, network hardware vendor and current employer of Black Hat bad boy Michael Lynn, made news recently when they suppressed a planned presentation on ATM flaws Sometimes the research that doesn’t make it into the conference is the scariest, especially if the bad guys know and the public doesn’t.

Among this year’s announced presentations are some interesting new developments in the security arms race including one on anti-forensics root kits. These are very useful for blocking an investigator from tracking you even if they’re using the most modern forensic tool kits for post-attack analysis. There are also some un-surprising, to a hacker, presentations, like one on vulnerabilities in embedded systems. Hopefully this will not be a rehash of the last 10 years worth of embedded web server exploits, but as is always the case, you can’t tell until you hear the presentation. There will be plenty to debate when the subject comes to social networking and how unsafe it is to twitter your opinions of the Starbucks queue you’re standing in right now.

It should be fun, if the Internet doesn’t melt in the following few days. S|A

The following two tabs change content below.