Browsing Category: Black Hat

Categories: Black Hat, Mobile Security

LAS VEGAS–An odd thing happened at Black Hat on Thursday: an Apple security official gave a talk. Seats began filling early, 20 minutes before the talk began, and expectations were high, with many people wondering how much the speaker would reveal about the inner workings of iOS security. And then the talk began and it was fairly clear that the answer to that question was, not much.

Read more...

LAS VEGAS–The Black Hat conference is now officially an adolescent, and like most in that age group, it has gone through some growing pains in its life. Once criticized for giving too much of a platform for offensive research, and then, after its sale a few years ago to a media conglomerate, dinged for being too corporate, Black Hat now seems to have settled into a nice, comfortable spot with high-quality research and talks from top government officials.

Read more...

The annual Black Hat Briefings hacker conference got off to a rocky start Sunday after thousands of registered attendees received a fishy smelling “account password reset” e-mail that contained a suspicious URL. But a message from conference organizers hours later said the errant e-mail was no phishing attack, but merely an “abuse of functionality” by a bored Black Hat volunteer.

Read more...

Categories: Black Hat, Vulnerabilities

By Andrew Storms[img_assist|nid=2543|title=|desc=|link=none|align=left|width=100|height=100]No doubt breaking things is fun. I remember back when I was 10 years old when
I took apart a squirrel cage fan, flipped some wires and so forth, and then
attempted to plug it back in. Good thing my mom stopped me seconds before I
was about to get a literal jolt of reality. These days, I still keep that
same inquisitive and maniacal mentality. Yes, I was the guy wearing an
assortment of makezine t-shirts at Black Hat, but I also often wore collared
shirts and a belt. Because I keep a foot in both of these worlds, I¹d
like to propose an adjustment to the security community.

Read more...

Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easter egg program buried in the code that runs industrial machinery around the globe.  

Read more...

The world moves fast, but much of the world of vulnerability research and exploitation has been stuck in stasis for the last few years. Much of the focus has been on memory-corruption vulnerabilities, application-level bugs and using Java and Flash to get around exploit mitigations and other protections. But that seems to be changing now, if the topics and depth of research at this week’s Black Hat conference are any evidence.

Read more...