The Black Hat Security Conference got off to a fast start with two reporters from a security magazine kicked out for trying to hack the pressroom systems. In other highlights at the Black Hat conference, Dan Kaminsky outlined how to hack DNS, serious holes in Google Gadgets were discussed and Cisco vulnerabilities were on the agenda.
Day one of the Black Hat Security Conference in Las Vegas got off to a hot start with details about DNS and e-mail flaws, Google gaffes, and Cisco vulnerabilities. And some French reporters were kicked out for trying to hack the pressroom facilities.
The Black Hat conference is the premiere conference for the latest in security news and tools. Nearly 7,000 attendees are listening to presentations on phishing, hacking and malware, and many are taking comprehensive training on the latest security tools and techniques to protect their networks.
Kaminsky Details DNS Flaw
Dan Kaminsky gave an in-depth briefing of the much-reported DNS flaw he discovered, with some startling new wrinkles.
First and foremost, Kaminsky estimated that only 70 percent of Fortune 500 servers have rolled out a DNS patch. Despite the fact that many servers are still exposed, Kaminsky ran through a detailed laundry list of ways to exploit the flaw before a standing-room only crowd. He may have been pushing laggards to fix the problem by releasing details.
By listening to his presentation, a hacker would have a road map to develop multiple exploits. Kaminsky also spoke in detail on how patches prevent such attacks.
Google Gadgets Vulnerable
Next up for security woes was Google's Gadgets. According to conference presenters Tom Stracener and Robert "RSnake" Hansen, Google's popular desktop gizmos are a gaping security hole waiting to be exploited. Gadgets run a variety of small tasks, such as a desktop calendar, news-feed windows, or the latest crossword puzzle.
Stracener and Hansen highlighted some scenarios.
First, a malicious Google gadget could be added to users' desktops without their knowledge, monitoring activities and collecting sensitive information.
A malicious gadget could also be used to collect account information, trigger other malicious gadgets and send users to bogus sites to fill out forms with sensitive information.
They also demonstrated JavaScript hacks of Google gadgets, underscoring their vulnerability. The duo warned that as businesses deploy desktop gadgets, significant business data could be at risk.
When Reporters Hack
InfoWorld reported that reporters from a French security magazine, Global Security Mag, were tossed out of the Black Hat conference after an apparent reporter-led hack of the pressroom facilities. Apparently the French journalists were attempting to snoop on their rivals to determine what stories they were filing.
According to a later report, the victim was a reporter working for eWeek. His password was intercepted by the French journalists using a well-known hacking technique on the unsecured portion of the LAN in the pressroom.
After the incident, eWeek had to reset its online story-filing passwords to protect its system.
Sphere: Related Content
Monday, August 25, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment