Black Hat AnnouncementsBlack Hat Digital Self Defense. Black Hat provides cutting edge content in the information and computer security field. Keep up to date with Black Hat presentations, announcements, and free content.
https://www.blackhat.com/
Black Hat Briefings and Training News(c)2009 Black Haten-usWed, 10 Mar 2010 08:30:14 -0800[email protected] (Jeff Moss)Wed, 10 Mar 2010 08:27:14 -0800[email protected] (Jeff Moss)FeedForAll Mac v2.1 (2.1.0.1); http://www.FeedForAll.com/https://www.blackhat.com/podcast/blackhat-podcast-logo.pngBlack Hat Announcements
https://www.blackhat.com/
Black Hat RSS1616Black Hat USA 2010 Training: Pentesting with Backtrack by Offensive SecurityThis intense four day hands on course is taught by the creators of Backtrack. The course has sold out by June with double digit waitlist every year that we have offered the course. This will be our third year and it is 25% full in the first week of registration. If you are interested in taking the course, register by April 1 to get the best pricing. And a guaranteed seat.
https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_OFF-PenTestBackTrack.html
526D4442-6699-421B-A5E2-66DAD1824F18-79998-0002177746B1090D-FFAWed, 10 Mar 2010 08:30:10 -0800Black Hat USA 2010 Training: Application Security: For Hackers and DevelopersBy the end of this course, you will be able to: research and develop an exploit from scratch by auditing code or fuzzing an application, reverse engineering the issue, and developing a exploit for the vulnerability you discovered. This knowledge will help developers produce better code, and will help security researchers or malware analysts in their daily tasks
https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_cs-as.html
68EB9606-F269-440E-A37E-68B6765DAE66-79998-0001D4C645C216CA-FFATue, 09 Mar 2010 12:03:47 -0800Black Hat USA 2010 Training: Assaulting IPSLearn to be become a skilled and knowledgeable IPS tester.
https://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_cstb-ips.html
DC67DEC4-BF71-4CF2-91A0-A09F752760C1-77936-0001C935B57E5198-FFATue, 09 Mar 2010 08:31:11 -0800Free Black Hat March Webcast - Pen Testing the Web with Firefox by Michael Schearer ("theprez98")To register for this month's webcast visit: <a href="https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html" target="blank">https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html</a><br>
https://www.blackhat.com/html/webcast/webcast-2010_auditassess.html%0Attp://www.blackhat.com/html/webcast/webcast-2010_auditassess.html
9C0ECE29-B2BE-477A-AFF4-9B6FE57BC341-21818-000084AB52FDE127-FFAThu, 04 Mar 2010 14:57:25 -0800Black Hat USA 2010 Registration Now Open!The Super Early Bird Rate closes on April 1.
https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
A87BCE11-2B27-4C8C-B7AF-6B02643860ED-18104-000070C7C774E93D-FFAWed, 03 Mar 2010 11:24:48 -0800Black Hat USA 2010 Call for Papers Closes May 1Call for Papers for US 2010 is now open. Submit early since we had over 400 submissions last year for 90 speaking slots.
https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html
AAFCB2AC-AA4C-4955-BC06-160FD42FDBD4-18104-000070B5B06FE894-FFAWed, 03 Mar 2010 11:24:14 -0800Black Hat Europe 2010 Call for Papers Closes March 1We have just completed our first round of selections for Europe (to be posted by the end of the week). If you are interested in presenting in Barcelona, best to get those submissions in!
https://www.blackhat.com/html/bh-eu-10/registration/bh-eu-10-cfp.html
8E85B1D1-7D42-464C-B9B6-C194078C7DCC-10967-00049BF2DB13E81A-FFATue, 16 Feb 2010 10:10:12 -0800Feb 18 WebcastSign up for the Feb 18th Webcast, receive EUR 150 off Black Hat Europe 2010 Briefings Registration.
http://bit.ly/dpOSf6
1E518AE9-B305-4A27-B6A0-4EBD1D4F2CD6-65545-0004400A76F6196B-FFAThu, 11 Feb 2010 13:27:07 -0800Black Hat DC 2010 - News - Security chip that does encryption in PCs hackedChris Tarnovsky's DC 2010 presentation has been written up by the <a href="http://tiny.cc/rPPwL">Associated Press</a>.
https://www.blackhat.com/html/bh-dc-10/bh-dc-10-archives.html#Tarnovsky
366E453F-9EED-4E25-8DE1-E2CF8307791C-65472-00039F8FE3C0613B-FFATue, 09 Feb 2010 12:32:08 -0800Black Hat DC KeynoteWe would like to announce that Gregory Schaffer, U.S. Department of Homeland Security (DHS) Secretary Janet Napolitano appointed Greg Schaffer as Assistant Secretary for Cybersecurity and Communications
https://www.blackhat.com/html/bh-dc-10/bh-dc-10-keynote.html
E26F8AB6-8D44-4B01-92C3-ED616A1DC02E-66903-00016D3CE3272F6C-FFAThu, 21 Jan 2010 07:04:29 -0800Black Hat Europe 2010 Registration Now OpenRegistration for Black Hat Europe 2010 Briefings & Training is now open. The Super Early rate closes on February 1.
https://www.blackhat.com/html/bh-eu-10/registration/bh-eu-10-registration.html
418B282D-B869-49A6-BADE-7479B8C8A054-75093-00019DC4EF75D396-FFAWed, 20 Jan 2010 08:20:53 -0800Black Hat DC Reminder: Regular registration rate ends January 15Register early to save $500 from the onsite rate.
https://www.blackhat.com/html/bh-dc-10/registration/bh-dc-10-registration.html
D61D3619-6341-4245-AAA2-E1AD7753DEFA-21155-00009ADA635D1EB2-FFAThu, 07 Jan 2010 12:03:38 -0800Black Hat DC 2010 Hotel - Group Rate ExtendedBlack Hat DC 2010 will be held at the Hyatt Regency Crystal City. The Group Rate has been extended to January 18. Last year we sold out. Reserve early and have the convenience of staying at the venue hotel.
https://www.blackhat.com/html/dc2010/dc2010-venue.html
A5FAE72F-F6F5-419B-8C45-66027B819EC0-21031-00009A4FB0B38047-FFAThu, 07 Jan 2010 11:52:54 -0800Official Announcement: Black Hat Abu Dhabi 2010Black Hat is proud to announce its first ever event in Abu Dhabi. The event will host top-tier public and private sector security professionals from the Middle-East region as well as industry researchers and underground hackers from around the world to dissect the latest in information security. For more information visit <a href="https://www.blackhat.com">www.blackhat.com.</a>
https://www.blackhat.com
259E0095-1637-4D7E-BD69-457B97FFC8B2-16359-00006E291FBC3C90-FFAWed, 16 Dec 2009 12:56:13 -0800Black Hat DC 2010 Early Bird RegistrationSave $200 by registering by December 15!
https://www.blackhat.com/html/bh-dc-10/registration/bh-dc-10-registration.html
05037A48-BB7E-423E-A241-114A6D9BEB3C-737-00000E2B2B062C20-FFAMon, 14 Dec 2009 13:50:48 -0800Visit the Black Hat booth during the Dec 9th virtual event and have access to all 2009 Black Hat event presentations.If you missed a chance to see one of the Black Hat presentations from our 2009 events, visit the Black Hat boot at the Dec 9th virtual event. You will have access to view all of the recorded presentations from DC, EU and USA 2009. <a href="http://tiny.cc/6K8rn " target="blank">Register now!</a>
https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001916&K=2MLJ
C372ADCB-FADB-4FF0-9254-5BB4564F3207-57267-000190C153A20174-FFATue, 08 Dec 2009 15:07:43 -0800Register for the Dec 9th Virtual Event & Save $250 for Black Hat DC 2010 Briefings Black Hat and Dark Reading are hosting their first-ever joint virtual event, exploring the security landscape for the next ten years – and how you can prepare for what lies ahead - today. In addition, Black Hat will host its annual DC event and as a special offer, if you register for the free upcoming virtual event on Dec 9th you will receive a $250 discount* to Briefings. Visit the <a href="https://www.blackhat.com/html/virtual2009/virtual2009-promo.html">promo page</a> to learn more.
https://www.blackhat.com/html/virtual2009/virtual2009-promo.html
D9D4A7BE-AE7C-41A2-81A5-D84C2433F135-55038-00018289FE675BAE-FFATue, 08 Dec 2009 10:54:09 -0800Black Hat DC 2010 Hotel - Group Rate AvailableBlack Hat DC 2010 will be held at the Hyatt Regency Crystal City. The Group Rate closes on January 7. Last year we sold out. Reserve early and have the convenience of staying at the venue hotel.
https://www.blackhat.com/html/dc2010/dc2010-venue.html
B1EC944C-7DA8-4F3C-A81A-C6821A5047B6-54918-000181CB0876682C-FFATue, 08 Dec 2009 10:38:51 -0800Black Hat & Dark Reading Virtual Event December 9th - IT Security The Next DecadeInformationWeek’s Dark Reading and Black Hat come together for their first-ever joint security <a href="https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001916&K=2MLJ">virtual event</a>, exploring the security landscape for the next ten years – and how you can prepare for what lies ahead - today.
https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001916&K=2MLJ
CC7DF448-CE38-4CD6-8212-BBF4BA36EBEA-78733-0001B1CECBDC7C66-FFAThu, 03 Dec 2009 10:03:58 -0800Black Hat DC 2010 Briefings Call for Papers - Last Day to SubmitDeadline for submissions is today, December 1.
https://www.blackhat.com/html/bh-dc-10/bh-dc-10-cfp.html
E3BC133E-5726-4471-A065-1D9487B675FC-62315-000157A2454DBD0B-FFATue, 01 Dec 2009 11:46:32 -0800Black Hat DC 2010 Speakers Selected - Round 1First round of Black Hat DC 2010 speakers have been selected.<br>
<br>
We have a second round that should be coming through in the next week or so... which leaves very few slots (less than 10) left...<br />
<br />
If you have great research and want a chance to present, please complete the <a href="https://www.blackhat.com/html/dc2010/registration/dc2010-cfp.html" target="blank">Call for Papers application</a> ASAP since that closes on December 1 although it may close earlier if we fill the remaining slots before then.
https://www.blackhat.com/html/dc2010/dc2010-briefings.html
E4ED2F6A-C255-11DE-9A18-000A95C50A24-37526-0000088B1B4AD1AB-FFAFri, 13 Nov 2009 11:44:39 -0800Black Hat Webcast #14 - New Frontiers in Forensics w/Matthieu SuicheThursday, Oct 29th Time: 1:00 pm PT/4:00 pm ET Register at<br />
http://bit.ly/XXiuG<br />
<br />
Physical memory is definitely a goldmine of information and its analysis is<br />
part of several practices including troubleshooting, incident response,<br />
forensics investigation, etc. This webcast aims at explaining one major<br />
point and step: Why using Microsoft Crash Dump file format is way more<br />
efficient than a common raw dump under a Windows machine for forensics<br />
analysis.<br />
http://bit.ly/XXiuG
9212D222-BCF1-11DE-AEF7-000A95C50A24-6877-0000049176CA93D8-FFAMon, 19 Oct 2009 13:57:09 -0700Black Hat Webcast No. 13 - Privacy/AnonymityThe September webcast will focus on Privacy/Anonymity featuring Matt Wood's work on Veiled: a browser-based darknet project. Veiled is a proof of concept that allows anyone to join from any platform which has a web browser whether a PC or an iPhone. This presentation will discuss and demonstrate the Veiled darknet and look at the technical implementation and challenges of such features, we also explore some interesting properties of browser-based darknets.<br /><br />
Wednesday, September 30, 2009, 1:00 pm Pacific/4:00 pm Eastern<br />
<br />
http://bit.ly/4dL39t
EB838DCC-A47F-11DE-91CC-000A95C50A24-20394-00000268694A8D72-FFAFri, 18 Sep 2009 11:27:44 -0700Black Hat DC 2010 Briefings Call for Papers Now OpenThe Call for Papers for DC 2010 is now open. Deadline for submissions is December 1.
https://www.blackhat.com/html/bh-dc-10/bh-dc-10-cfp.html
70F8AAE0-97DE-11DE-A07E-000A95C50A24-782-000000574B332083-FFAWed, 02 Sep 2009 09:35:11 -0700Black Hat Webcast #12: USA 2009 Wrap-Up - Today - Thursday, Aug 27<![CDATA[Get one on one access with some of the hottest presenters from the most daring security event in the world.
Black Hat Webcast #12 is Thursday, August 27 at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.
Webcast participants:
Zane Lackey and Luis Miras: Attacking SMS
David Dewey: The Language of Trust, Exploiting Trust Relationships in Active Content
Moxie Marlinspike: More Tricks For Defeating SSL
Alex Stamos: Cloud Computing Models and Vulnerabilities, Raining on the Trendy New Parade
]]>
https://www.blackhat.com/html/webinars/usa09-wrapup.html
FDA01EB4-931B-11DE-BB21-000A95C50A24-4128-0000019A5DB31FEF-FFAThu, 27 Aug 2009 08:15:13 -0700Black Hat Webcast #12: USA 2009 Wrap-Up - Thursday, Aug 27<![CDATA[There is still time to register for our free webcast. Black Hat Webcast #12 is Thursday, August 27th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.
Webcast participants:
Zane Lackey and Luis Miras: Attacking SMS
David Dewey: The Language of Trust, Exploiting Trust Relationships in Active Content
Moxie Marlinspike: More Tricks For Defeating SSL
Alex Stamos: Cloud Computing Models and Vulnerabilities, Raining on the Trendy New Parade
]]>
https://www.blackhat.com/html/webinars/usa09-wrapup.html
CFFDF974-9274-11DE-948A-000A95C50A24-3456-0000015E4DB15263-FFAWed, 26 Aug 2009 12:17:38 -0700Black Hat Webcast #12: USA 2009 Wrap-Up - RescheduledThe August Webcast has been rescheduled to Thursday, August 27th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.<br />
<br />
https://www.blackhat.com/html/webinars/usa09-wrapup.html
64337660-8CE8-11DE-A56D-000A95C50A24-18326-000004197C3438BD-FFAWed, 19 Aug 2009 10:48:34 -0700Black Hat Webcast #12: USA 2009 Wrap-UpThe August Webcast is Thursday, August 20th at 1300 PST/16:00 EST and will be a wrap-up of Black Hat USA 2009 with some of the hot talks from the live event. Several of the speakers will discuss their work presented in Las Vegas and give you an opportunity to ask questions about their research.<br />
<br />
https://www.blackhat.com/html/webinars/usa09-wrapup.html
8C9B17BA-8CDF-11DE-A09A-000A95C50A24-18167-00000409300780F4-FFATue, 18 Aug 2009 10:03:56 -0700Black Hat USA 2009 Speaker Presentation Materials - Alexander Tereshkin and Rafal Wojtczuk<![CDATA[The following speakers have submitted updated presentation materials:
Introducing Ring -3 Rootkits by Alexander Tereshkin and Rafal Wojtczuk Attacking Intel® Bios by Alexander Tereshkin and Rafal Wojtczuk
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html
80E58492-8B3A-11DE-A8A5-000A95C50A24-15382-0000032D3ADAD1F9-FFAMon, 17 Aug 2009 14:51:02 -0700Black Hat USA 2009 Speaker Presentation Materials - Aug 12 - Added and Updated<![CDATA[The following speakers have submitted updated presentation materials:
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html
8BF1CC82-86A4-11DE-9DE8-000A95C50A24-4590-0000016AEC0BD869-FFATue, 11 Aug 2009 13:38:51 -0700Black Hat USA 2009 Speaker Materials Now OnlineSpeaker materials - slides, whitepapers and tools are now available for download. <br />
Content will be updated as we will posted as we receive them.
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html
2F6C0416-7C70-11DE-A1D1-000A95C50A24-15684-0000053CA87E5C63-FFAWed, 29 Jul 2009 11:58:58 -0700Black Hat USA 2009 Onsite Registration Now OpenOnsite Registration now open.
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
7C0DF066-7970-11DE-B8F9-000A95C50A24-6883-00000302178E3523-FFASat, 25 Jul 2009 16:12:09 -0700Black Hat Online Registration Closes in 24 hoursReminder! Online Registration closes on July 22 and turns over to Onsite Rates thereafter.
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
514E8B96-7606-11DE-B907-000A95C50A24-50678-0000056B8F7A89C5-FFATue, 21 Jul 2009 07:54:09 -0700Black Hat Online Registration Closes on July 22Reminder! Online Registration closes on July 22 and turns over to Onsite Rates thereafter.
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
76732526-7309-11DE-AAEE-000A95C50A24-23850-000002A82C5AD3F4-FFAFri, 17 Jul 2009 12:40:28 -0700Black Hat Breakouts Schedule<![CDATA[The Black Hat Breakout Schedule is now online!
We still have a few slots available for delegates who would like to hold a session.
Working on an open source project? Want to hash out your latest research with other like-minded researchers? Want to get other people in the community interested and participating in your project?
This year, we are pleased to offer those who are working on collaborative projects a chance to have a meet-up at Black Hat USA 2009. We can provide a room set up with a projector and screen so that people who are already attending the Black Hat Briefings can gather to discuss projects in depth. This space is set aside for those who are looking for a quiet, informal space for an hour to present and discuss their in-progress research topics.
Please email [email protected] if you are interested in hosting a breakout session.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
0BB59B7A-7268-11DE-8951-000A95C50A24-19538-000002358DA3182F-FFAThu, 16 Jul 2009 17:26:45 -0700Academic Pass Applications Closes TodaySelected
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
FB41D004-709D-11DE-A637-000A95C50A24-689-0000001E8F140CEE-FFAThu, 16 Jul 2009 17:22:48 -0700Black Hat BreakoutsWorking on an open source project? Want to hash out your latest research with other like-minded researchers? Want to get other people in the community interested and participating in your project?<br>
<br>
This year, we are pleased to offer those who are working on collaborative projects a chance to have a meet-up at Black Hat USA 2009. We can provide a room set up with a projector and screen so that people who are already attending the Black Hat Briefings can gather to discuss projects in depth. This space is set aside for those who are looking for a quiet, informal space for an hour to present and discuss their in-progress research topics.<br>
For more information, email <a href="mailto:cfp.blackhat.com">[email protected]</a>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
682A33AA-6D2E-11DE-9DE1-000A95C50A24-29096-0000033D89DCBA59-FFAFri, 10 Jul 2009 01:50:33 -0700Regular Registration Ends Tomorrow!
<p>The Regular Registration Deadline is July 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training.</p><br>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
5CC3C2FE-6583-11DE-A466-000A95C50A24-1518-00000027C71B6E96-FFATue, 30 Jun 2009 07:36:52 -0700USA 2009 Presentation Update: A 16 bit Rootkit and Second Generation Zigbee Chips by
Travis GoodspeedTravis Goodspeed promises a live demo and new vulnerability release for his presentation at USA 2009.
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Goodspeed
0E5B2B58-64F6-11DE-A2B2-000A95C50A24-9471-0000010CFC271675-FFAMon, 29 Jun 2009 14:47:03 -0700USA 2009 Day 2 Keynote AnnouncedRobert F. Lentz, Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance (CI&IA) in the Office of the Assistant Secretary of Defense, Networks and Information Integration/Chief Information Officer, will be the Day 2 Keynote at the USA 2009 Briefings. <br />
<br />
Mr. Lentz, as a Deputy Assistant Secretary of Defense in both the Bush and Obama administrations and the first Senior Information Assurance Official for the Department of Defense serving since Nov 2000 will provide his perspective and lessons learned over several decades working in the cyber security field. Mr. Lentz will outline his future vision and goals and those critical policy, technical and operational challenges facing us in this race to leverage the power of the internet.
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Lentz
D6C37904-647B-11DE-B281-000A95C50A24-6171-000000B58E8793E8-FFAMon, 29 Jun 2009 00:31:59 -0700Regular Registration Deadline Fast Approaching
<p>The Regular Registration Deadline is July 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training.</p><br>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
3F21423E-6471-11DE-ACF1-000A95C50A24-5471-000000A2088ABACA-FFASun, 28 Jun 2009 22:54:52 -0700USA 2009 Briefings Track: Metasploit<![CDATA[Newly announced tracke for Day 1, July 29:
Four Turbos, 20 minutes each:
Dino Dai Zovi: Macsploitation with Metasploit
Mike Kershaw: Kismet and MSF
Chris Gates: Breaking the "Unbreakable" Oracle with Metasploit
Dustin "I)ruid" Trammell: MSF & Telephony
Two 75 minute presentations:
Peter Silberman & Steve Davis: Metasploit Autopsy - Reconstructing the Crime Scene
Egypt: Using Guided Missiles in Drive-Bys - Automatic Browser Fingerprinting
One 120 minute presentation:
Val Smith, Colin Ames & David Kerb: MetaPhish
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
3D094064-5F62-11DE-A9A0-000A95C50A24-9044-000001B0AEF01BBD-FFAMon, 22 Jun 2009 12:32:20 -0700USA 2009 - Black Hat Post Webcast #11 Press<![CDATA[From SC Magazine - Friday, 19 June 2009
Black Hat topics include hacking parking meters, social networks
On the agenda this year at the 2009 Black Hat conference are topics ranging from the psychology of social networking to hacking parking meters.
Eager attendees got a taste of what's to come at the conference, to be held July 25 to 30 in Las Vegas, during a webcast Thursday in which selected speakers gave a preview of their talks.
Every registrant for today's June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!
The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST.
*Note that the discount is applicable for new registrations only.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
A77CE878-5BDF-11DE-87C1-000A95C50A24-404-0000001C1703E10A-FFAThu, 18 Jun 2009 01:12:59 -0700Webcast #11 - USA 2009 Sneak Peek - Register Now!<![CDATA[
Every registrant for the June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!
The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST.
*Note that the discount is applicable for new registrations only.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
8B28EE7C-5AC4-11DE-A60F-000A95C50A24-186-0000000332E8B501-FFATue, 16 Jun 2009 15:28:24 -0700Third Annual Pwnie Awards<![CDATA[The Pwnie Awards will return for the third consecutive year to the Black Hat USA
conference in Las Vegas. The award ceremony will take place during the Black Hat
reception on July 29, 2009 and the Pwnie organizers promise an extravagant show.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. Nominations are currently accepted in nine award categories:
* Best Server-Side Bug
* Best Client-Side Bug
* Mass 0wnage
* Most Innovative Research
* Lamest Vendor Response
* Most Overhyped Bug
* Best Song
* Most Epic FAIL
* Lifetime Achievement award for hackers over 30
The deadline for nominations is Wed, July 15. To submit a nomination,
visit the Pwnie Awards site at http://pwnie-awards.org/
For the latest updates, follow the Pwnie Awards on Twitter: http://twitter.com/PwnieAwards]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
3A898B94-5A8C-11DE-91BC-000A95C50A24-10939-00000233B09B3B28-FFATue, 16 Jun 2009 08:45:41 -0700USA 2009 Hotel Group Rate ExtendedThe Black Hat USA 2009 discounted <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html" target="blank">group rate</a> at Caesars Palace has been extended until July 3. Have the convenience of staying at the venue hotel, just an elevator ride away from the show floor. <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html" target="blank">Reserve now!</a>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html
7B79166E-56AA-11DE-8E61-000A95C50A24-2786-000000EB4E5F29C7-FFAThu, 11 Jun 2009 10:12:55 -0700Webcast #11 - USA 2009 Sneak Peek - Presenters Finalized<![CDATA[We have opened registration. for the upcoming Webcast. The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presentations for Black Hat USA 2009.
If you like what you see, you'll like another incentive we're attaching to this webcast even more: Every registrant for the June 18 webcast will receive a discount code* that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Register Now!
*Note that the discount is applicable for new registrations only.
The Legal / Management Track will feature: Computer Crime Year In Review: MySpace, MBTA, Boston College and More by Jennifer Granick Fighting Russian Cybercrime Mobsters: Report from the Trenches Dmitri Alperovitch Your Mind: Legal Status, Rights and Securing Yourself by Tiffany Rad & James Arien Economics and the Underground Economy by Cormac Herley & Dinei Florencio Beckstrom's Law: A Model for Valuing Networks and Security by Rod Beckstrom ]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
48504AD2-54F7-11DE-A095-000A95C50A24-947-0000003B32D4737E-FFATue, 09 Jun 2009 06:31:31 -0700Homeland Security Secretary Appoints Jeff Moss, Founder of Black Hat and DEFCON, to the Homeland Security Advisory Council. Jeff Moss to provide recommendations directly to Secretary Napolitano on Homeland Security issues.The complete <a href="https://www.blackhat.com/html/bh-about/press.html" target="blank">press release</a> is available for review from the <a href="https://www.blackhat.com/html/bh-about/press.html">Black Hat website</a>.
https://www.blackhat.com/html/bh-about/press.html
4A765CE4-5451-11DE-A7B8-000A95C50A24-6953-000001DDB1663DDA-FFAMon, 08 Jun 2009 20:48:07 -0700USA 2009 Briefings Track: Cloud/Virtualization<![CDATA[
The Cloud/Virtualization Track will feature: Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure by Christofer Hoff & Enno Rey SADE - Injecting agents in to VM guest OS by Matt Conover Clobbering the Cloud! by Haroon Meer, Marco Slaviero & Nick Arvanitis Cloudburst: Hacking 3D (and Breaking Out of VMware) by Kostya Kortchinsky Re-conceptualizing Security by Bruce Schneier
]]>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
02F3C77A-544D-11DE-A7B8-000A95C50A24-6953-000001D5CE3219B8-FFAMon, 08 Jun 2009 06:28:24 -0700USA 2009 Briefings Schedule Now Online
<p>USA 2009 Briefings <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html">schedule</a> is now online. </p><br>
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
91458856-53F3-11DE-A7B8-000A95C50A24-6953-000001A40C3E8F44-FFASun, 07 Jun 2009 23:17:10 -0700Webcast #10 - Mobility & Security - Audio Now Available<p>The audio for the May 21 Webcast on Mobility & Security is now <a href="https://www.blackhat.com/html/webinars/mobility_security.html">available.</a></p>
https://www.blackhat.com/html/webinars/mobility_security.html
0A4FE520-520F-11DE-906E-000A95C50A24-1489-000000E5E5DD1BEF-FFAFri, 05 Jun 2009 13:26:18 -0700Final USA 2009 Briefings Speakers Selected
<p >USA 2009 <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html"> speaker</a> selections has been finalized. The schedule will be published on Monday, June 8. </p><br />
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFRFri, 05 Jun 2009 12:42:57 -0700Webcast #11 - USA 2009 Sneak Peek - Registration Now Open<![CDATA[We have opened registration. for the upcoming Webcast. The Webcast will be held Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presentations for Black Hat USA 2009. Current participating speakers include Dino Dai Zovi who will be presenting on "Advanced Mac OS X Rootkits" and Nitesh Dhanjani who will be speaking on "Psychotronica: Exposure, Control, and Deceit".
Black Hat is pleased to offer to qualifying members of the academic community a discounted registration rate to Black Hat USA 2009. The Academic Pass includes gratis entry to DEFCON 17, held at the Riviera Hotel in the weekend immediately following Black Hat USA.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFMFri, 29 May 2009 12:18:03 -0700Webcast #11 - USA 2009 Sneak Peek<![CDATA[
The upcoming Webcast is Thursday, June 18 at 1300 PST/16:00 EST and will be a sneak peek at some of the presenations for Black Hat USA 2009. Several of the speakers will discuss their work and give you a taste of the live event. If you like what you see, you'll like another incentive we're attaching to this webcast even more: Every registrant for the June 18 webcast that attends the session will receive a code that can be redeemed for $250 off the price of registration for the USA 2009 Black Hat Briefings in Las Vegas. Registration for the Webcast will open June 1.
]]>
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFKFri, 29 May 2009 10:01:53 -0700Early Bird Registration Deadline Fast Approaching
<p >The Early Bird Registration Deadline is June 1. <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html"> Register Now</a> to take advantage of discounted rates for both Briefings and Training </p><br />
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFJThu, 28 May 2009 8:11:17 -0700Stay at the Official Venue Hotel
<p >Hotel guest rooms are still available at <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-venue.html">Caesars Palace</a>, the official venue hotel. In the past, the Black Hat block has sold out 6 weeks in advance. </p><br />
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFHThu, 28 May 2009 06:50:29 -0700Hacker Court Returns For Its Eigth Appearance
<p > <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#panel3">Hacker Court 2009: Pwning the economy in 138 chars or less</a> demonstrates legal issues in cyberspace. The Hacker Court mock trial series has always received rave reviews for its lively presentation. Not to be missed.</p><br />
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFGWed, 27 May 2009 09:45:48 -0700Hack Like You Mean It!
<p >SensePost has added a new course to their stable of offerings: <a href="https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-sp-PCI.html">Hacking by Numbers: PCI Edition</a>. This is a practical, technical course aimed at beginner penetration testers, that teaches method-based hacker thinking, skills and techniques, specifically focusing on the approach and priorities for penetration testing required by the PCI DSS standard. Register by June 1 to get the Early Bird pricing. </p><br />
https://www.blackhat.com/html/bh-usa-09/bh-us-09-main.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFFTue, 26 May 2009 13:33:17 -0700Three New and Unique Class Offerings<![CDATA[
]]>
https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-complete.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFETue, 26 May 2009 11:43:02 -0700Second Round of USA Speakers Online Now
<p >We've selected the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html">second round of Briefings Speakers for Black Hat USA 2009</a>. This year we'll be announcing them as selections are made, so it's a good idea to check back periodically. The list will grow until June 15, when we expect to have the final list compiled.</p><br />
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFDSat, 23 May 2009 00:00:01 -0700Black Hat USA 2009 Training Course Update - New Hacking by Numbers Cadet Online Edition<p>This year Black Hat is offering for the first time, a <a href="https://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-sp-cadet.html"> Hacking by Numbers Cadet Online Edition</a> hosted by SensePost. This is a self-paced introductory course for technical people with no previous experience in the world of hacking. To learn more courses offered by all our training partners at Black Hat USA visit us at <a href="https://www.blackhat.com/"> https://www.blackhat.com/.</a>
https://www.blackhat.com/.
9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFCFri, 22 May 2009 22:58:45 -0700Last chance - Register for Webcast #10: Mobility and Security. Win a Free Conference Pass to Black Hat USA 09<p>Our webcast on the topic of mobile security is this Thursday at 1pm PDT. There's still time to register and get yourself in the running for a free conference pass to Black Hat Briefings USA 2009. If you're interested, make sure to sign up for this free webcast.
http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D
9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFBWed, 20 May 2009 18:19:12 -0700First Round of USA Speakers Online Now
<p >We've selected the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html">first round of Briefings Speakers for Black Hat USA 2009</a>. This year we'll be announcing them as selections are made, so it's a good idea to check back periodically. The list will grow until June 15, when we expect to have the final list compiled.</p><br />
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html
ED4E3C78-596D-4197-AF16-31F5E855B9AE-29793-00020610F95E3BA0-FFAFri, 08 May 2009 10:28:49 -0700Follow Black Hat on Twitter and Win a Black Hat Track Jacket<p>The response was great the first time we did this, so we'll be giving away another Black Hat Track Jacket to a randomly selected Twitter follower on Monday. (Here's a <a href="html/images/blackhattrackjacket.jpg"> picture of the jacket</a>) If you're not already following us, join us at <a href="https://twitter.com/blackhatevents">https://twitter.com/blackhatevents</a><br />
<br />
We'll announce the winner on Twitter Monday at 3pm PDT. If you've got friends you think would like a Black Hat Track Jacket, spread the word.</p>
https://twitter.com/blackhatevents
EDDEEE06-0053-4F6A-8F44-C36FB8880A18-29793-0001F9779B4585A3-FFAThu, 07 May 2009 14:31:10 -0700Win a Free Conference Pass to Black Hat USA 09<p>Our webcast on May 21 will be a round table examining the present and future of security as it relates to the booming world of mobile computing devices. The new format is designed to be more interactive, so please join us and bring your best questions. We'll have some panelists from the research sphere and some from the vendor space and it should all make for a very lively and informative conversation.</p><br />
<p>We're going to be giving away a free conference pass to Black Hat Briefings USA 2009 to a randomly selected registrant to the May 21 webcast. If you're interested, make sure to <a href="http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D">sign up for this free webcast</a>. </p>
http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D
9C21F3B2-367E-4E3D-A180-BFE31BB2BD1E-12646-00018CFA1BB4F413-FFAThu, 30 Apr 2009 17:42:45 -0700USA 2009 Update: Early Registration Rate Extended to June 1The Early registration deadline for Black Hat USA 2009 has been extended from May 1 to June 1, giving interested registrants an extra month to avoid the 200 dollar price increase to our Regular rate. You can find out more about <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">Black Hat's registration rates, dates and information</a> on our website.
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
B4A85574-9C6E-453F-845B-279F8631390B-12646-000182A563E9188B-FFAThu, 30 Apr 2009 14:38:31 -0700USA 2009 CFP Updated: CFP Deadline Extended to May 5<![CDATA[
Good news for anyone struggling to get a submission into the Black Hat CFP system before the door closes -we've extended the deadline from May 1 to Tuesday May 5. If you've got the goods for a great Black Hat presentation, make sure to let us know before then. We're looking forward to your submissions.
For all the rules and regulations, you can visit our CFP FAQ section.
]]>
https://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html
BB28A3A7-893E-452A-9809-114AF51A6532-12646-00017932ACE82F41-FFAThu, 30 Apr 2009 12:11:27 -0700Registered for Black Hat USA 2009? Help us select this year's talks!<p>All paid registrants for Black Hat events get the opportunity to review and rate the submissions from the Black Hat CFP. It's a great way to take the pulse of the security research community and to help create the kind of Black Hat you want to attend. To learn more about our process, you can check out the<a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html"> Black Hat USA 2009 Call For Papers Crowdsourcing FAQ</a>. We hope you'll take a little time and help us out - your feedback is very important to us.</p>
http://blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html
83BDCDE3-D67A-4453-A42A-FF588AC04FE7-12646-0001406AA6F2F1EF-FFATue, 28 Apr 2009 13:34:57 -0700USA 2009 CFP Reminder: CFP Closes May 1<p>If you're thinking about submitting to the Black Hat USA 2009 Call for Papers, please bear in mind that the CFP closes on May 1 - only a few days away. If you have something great to share with the broader security community, get your idea in to us at <a href="https://cfp.blackhat.com">the Black Hat CFP site</a> right away. For all the rules and regulations, you can visit our <a href="http://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html">CFP FAQ section.</a></p>
http://blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html
251875C3-8D09-4017-9A00-5527A045E354-12646-00014059E5912398-FFATue, 28 Apr 2009 13:29:18 -0700Black Hat Europe Video-Charlie Miller and Vincenzo Iozzo: Fun and Games with Mac OSX and iPhone Payloads<p>Charlie Miller and Vincenzo Iozzo's <a href="https://media.blackhat.com/bh-europe-09/video/black-hat-europe-09-miller-iozzo-osx-iphone.m4v">presentation on Mac and iPhone payloads</a> was one of the most remarked-upon presentations at last week's Black Hat Europe event, and now it's available online for anyone who missed it. </p><br />
https://media.blackhat.com/bh-europe-09/video/black-hat-europe-09-miller-iozzo-osx-iphone.m4v
F64FF4B2-C7B4-4B23-AE55-23288146C45A-1356-0000383B512932A4-FFAMon, 20 Apr 2009 13:06:43 -0700Black Hat Webcast 10- Mobility and Security - May 21 1pm PDT<p class="black">Our next webcast will be a round table examining the present and future of security as it relates to the booming world of mobile computing devices, from traditional laptops and smartphones to the exploding world of netbooks. We'll have participation from both researchers and vendors and we're expecting a lively and valuable conversation. The new format is designed to be more interactive, so please join us and bring your best questions. You can <a href="http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D">register for this May 21 Webcast</a> online now.</p>
http://w.on24.com/r.htm?e=143110&s=1&k=A4D4664884F553531526F2CA7976DD9D
75B80358-3313-4287-B865-39918CB15466-1356-0000382EE4A77F28-FFAMon, 20 Apr 2009 13:05:55 -0700Black Hat Europe Update: Keynote Speaker Lord Erroll<![CDATA[
We're pleased to announce the addition of Lord Erroll as Keynote speaker for Black Hat Europe 2009. Lord Erroll, 60, is a cross-bench member of the British House of Lords and takes pride in “voting against stupid Government ideas whoever is in power.”
The topic of his keynote presentation will be “Privacy Protecting People or People Protecting Privacy”
This addition has changed the Briefings schedule a bit, so if you're attending please take a look at our Briefings schedule page for the latest updates
]]>
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Erroll
AEE2CBF6-A7A9-4E4C-A5E9-446A03EDD658-4971-000068F75B9C5F1E-FFAFri, 10 Apr 2009 15:34:18 -0700Follow Black Hat on Twitter, Win a Black Hat Track JacketWe're trying something new to get people following our Twitter feed - we'll be giving away a Black Hat Track Jacket to a randomly selected Twitter follower on Monday. If you're not already following us, join us at https://twitter.com/blackhatevents<br />
<br />
We'll announce the winner on Twitter Monday at 3pm PDT. If you've got friends you think would like a Black Hat Track Jacket, spread the word.
https://twitter.com/blackhatevents
8F663571-295B-4026-8CBC-8CE4782C949F-2337-000335B37C7B2F5C-FFAFri, 03 Apr 2009 14:30:29 -0700Black Hat Webcast 9 Audio Now Online<![CDATA[
We've posted the audio to this month's Black Hat Webcast previewing some of the exciting presentations from Black Hat Europe 2009.
]]>
https://media.blackhat.com/webinars/black-hat-webcast-9-march-2009-eupreview.m4b
A1E0E180-FD67-42E8-8C58-3EC67B009884-2337-0000FE352A50D0A2-FFATue, 24 Mar 2009 17:02:07 -0700Black Hat Speakers in the News: Prajakta Jagdale<![CDATA[In her talk at Black Hat DC 2009, HP's Prajakta Jagdale spoke of a new free tool for analyzing Adobe Flash applications for vulnerabilities The tool wasn't ready at that time, but it's been released today. To learn more about it, you can check out the slides or video from her presentation entitled “Blinded by Flash: Widespread Security Risks Flash Developers Don't See ” ]]>
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx
073F4194-C5B1-45FB-B03D-14DE35B83804-2337-0000FC9B8EC7D26F-FFATue, 24 Mar 2009 16:32:04 -0700Black Hat Speakers in the News: Joanna Rutkowska and Rafal Wojtczuk<p>Joanna Rutkowska and Rafal Wojtcuk <a href="http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html">released a paper and exploit code </a>on a privilege escalation attack on Intel CPUs that we're finding very interesting. You can find the details on the <a href="http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html">Invisble Things Blog. </p>
http://theinvisiblethings.blogspot.com/2009/03/attacking-smm-memory-via-intel-cpu.html
31BF957A-0928-4F58-A120-182989E5BE1E-2337-0000185B58D39CE3-FFAFri, 20 Mar 2009 11:27:57 -0700Video Update: Black Hat USA 2008You can <a href="https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html">check out a full lineup of presentations from Black Hat USA 2008</a> by visiting our archive page now. Audio and slides-only video to follow shortly. You can also <a href="http://blackhat.com/Black_Hat_USA_2008_Hi-res_.m4v_Feed.xml">subscribe to the Black Hat USA 08 hi-res .m4v feed</a> here.
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
BF4DB54F-BB55-4B09-B085-9F08B05D47E1-51585-000367B7958DF89F-FFATue, 17 Mar 2009 16:57:01 -0700Black Hat Webcast Reminder: Thursday, Mar 19 at 1pm PDTOur next webcast, which features a variety of hot topics from the Black Hat Europe roster, including Attacking Backbone Technology and In-Memory Execution on Mac OS X and iPhone is coming up this Thursday - you can <a href="http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9">register for the webcast online now</a>.
http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9
414F5CBE-620B-4F1C-B197-4DB4B4AF7CA5-51585-00035B15E7E27C77-FFATue, 17 Mar 2009 12:55:17 -0700Black Hat USA Registration Reminder: Super Early Bird Rate Ends March 15<p>You can <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">save $100 on the registration price of Black Hat USA 2009</a> by registering before Monday - the Super Early Bird rate expires midnight March 15. </p>
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
5F19D84C-9551-4747-BA45-B4E32E54D18D-22589-0001E12E30439A35-FFAThu, 12 Mar 2009 17:41:54 -0700Black Hat Webcast 8 Audio Online<![CDATA[
We've posted the audio to last month's Black Hat webcast on Rich Internet Application Security with Billy Hoffman from HP, Alex Stamos from iSec and Peleus Uhley from Adobe.
]]>
https://media.blackhat.com/webinars/black-hat-webcast-8-february-2009-ria.m4b
661F8909-D5CD-46A3-B713-B7BDD5F05BA5-5894-000140E75EF98759-FFATue, 10 Mar 2009 16:32:37 -0700Jeff Moss Interviews Dan Kaminsky: Part 2 of 2<p>Dan Kaminsky has been all over the news since his disclosure of a major DNS flaw at Black Hat USA 2008. At Black Hat DC, he talked about the state of DNS today and gave a strong endorsement to DNSSEC. This is part two of a two-part interview.</p><br />
<p>You can <a href="https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview2.m4v">download the video now</a> or you can <a href="http://www.youtube.com/watch?v=REwmyb7qebM">watch it on YouTube</a>.
https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview2.m4v
ADF561E2-E17B-41A0-A625-AA9FE392EA9E-5894-0000FCF6212AB6A6-FFATue, 10 Mar 2009 10:58:24 -0700Black Hat Free Webcast #9 - Black Hat Europe Preview<![CDATA[
Black Hat Europe is right around the corner - we'll be returning to Amsterdam April 14-17. We're very excited about the lineup of speakers we've put together, and this webcast will be a sort of sneak preview of what kind of presentations attendees will get to see at the live event.
Please join Black Hat Founder Jeff Moss for what we are sure will be an eye-opening look under the hood of Black Hat Europe 2009. You can register for the Black Hat webcast for free here.
Roberto Gassira' and Roberto Piccirillo
Hijacking Mobile Data Connections ]]>
http://w.on24.com/r.htm?e=137991&s=1&k=ED7856B67DCFAA2C6F18F92DC73ACBA9
607624E6-49EE-4445-9E1B-AE72BA3337C8-5894-0000E1FB0C194A24-FFAMon, 09 Mar 2009 12:00:04 -0700Black Hat Speakers in the News: Rod Beckstrom Leaves DHSBlack Hat USA 2008 Keynote speaker and head of the DHS National Cybersecurity Center resigned his post in the midst of widespread concern about national cybersecurity responsibility being transferred to the National Security Agency. You can read the <a href="http://blog.wired.com/defense/2009/03/breaking-cyber.html"> Danger Room blog posting from Wired Blogs</a> here.
http://blog.wired.com/defense/2009/03/breaking-cyber.html
8524DB96-055C-4467-BF82-6CB9E3B07BF1-2915-00021ED5958369E2-FFAFri, 06 Mar 2009 12:36:55 -0800Europe 09 Briefings Schedule Online NowWe now have the full <a href="https://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html">Briefings Schedule for Black Hat Europe 2009</a> online now. Please take a look.
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html
1B2918B7-7B3C-47A5-8F24-F3619A5639E7-2915-00021EC7D73BBCFA-FFAFri, 06 Mar 2009 12:35:45 -0800Jeff Moss Interviews Dan Kaminsky<p>Dan Kaminsky has been all over the news since his disclosure of a major DNS flaw at Black Hat USA 2008. At Black Hat DC, he talked about the state of DNS today and gave a strong endorsement to DNSSEC. This is part one of a two-part interview.</p><br />
<p>You can <a href="https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview.m4v">download the video now</a> or you can <a href="http://www.youtube.com/watch?v=-awuAm7moS8">watch it on YouTube</a>.
https://media.blackhat.com/bh-dc-09/video/Kaminsky/moss-kaminsky-interview.m4v
FA961C7E-94CE-4DB9-8DE0-0E9C602E3577-2915-00002C5A0757B6FC-FFAFri, 27 Feb 2009 12:02:10 -0800Jeff Moss interviews Duc NguyenDuc Nguyen gave a very impressive presentation on the weaknesses of the current facial recognition option in some very popular laptops, defeating the protection in a live demo. Black Hat founder Jeff Moss interviewed him</a> about the discovery and his the future of that technology and his firm's research.<br />
<br />
You can <a href="https://media.blackhat.com/bh-dc-09/video/Nguyen/moss-nguyen-interview.m4v">download the video right away</a> or in the next few hours you can <a href="http://www.youtube.com/watch?v=2pI0wl_YLww">watch it on YouTube</a>.
https://media.blackhat.com/bh-dc-09/video/Nguyen/moss-nguyen-interview.m4v
45807485-23F0-4E7A-B9D8-F84541418A5E-457-00001E3ACA8207F8-FFAMon, 23 Feb 2009 20:38:49 -0800New Blackpage Update from Vincenzo IozzoVincenzo Iozzo, who gave a popular OS X anti-forensics presentation at Black Hat DC 2009, contributed a <a href="html/blackpages/blackpages.html">Blackpage entry to clear up some issues with his presentation and his demo</a>. The <a href="https://media.blackhat.com/bh-dc-09/Iozzo/demo.avi">demo video he's created</a> is available online now.<br />
https://www.blackhat.com/html/blackpages/blackpages.html
E4BB2700-4466-49F9-9EF9-F4CE1BFE9EF2-457-00001E269BC35139-FFAThu, 26 Feb 2009 20:23:33 -0800Reminder - Last Chance to Register for Black Hat Free Webcast #8: Rich Internet Application SecurityRich Internet Application (RIA) frameworks are seeing an enormous growth in popularity - technologies like Ajax and Flash create nearly unlimited opportunities to expand and improve the web user experience. They also bring with them a host of new security risks. The popularity of these frameworks among application developers insures that we'll see more attacks and issues in the months and years ahead.</p><br />
<br />
Join Black Hat Founder and Director Jeff Moss and his guests Billy Hoffman of HP, Alex Stamos of iSec and Peleus Uhley of Adobe <span>1pm PST on February 26 </span>for a lively discussion of new issues and security implications in the world of Rich Internet Applications. You can <a href="http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4">register for the webcast online</a> now.
http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4
A02BB3CF-D302-4004-97FE-4D2C923A1454-457-000014DCAFAC1778-FFAMon, 23 Feb 2009 17:17:00 -0800Black Hat DC 2009 Video DVD Set Available from Source of KnowledgeFor those who weren't able to attend the event live, the videos of every session at Black Hat DC 2009 are available in several formats <a href="http://twosense.com/bhb-dc09/index.html">on Source of Knowledge's website</a>.
http://twosense.com/bhb-dc09/index.html
355C598F-5221-4CE6-96E8-F2638C7162A3-457-000014447773D614-FFAMon, 23 Feb 2009 17:04:56 -0800Winners announced in Jeremiah Grossman's Top 10 Web HacksThese new and innovative techniques were analyzed and ranked based upon their novelty, impact, and pervasiveness. To find out more about who the panel of judges (Rich Mogull, Chris Hoff, H D Moore, and Jeff Forristal) selected, you can check out <a href="http://bit.ly/IRrGV">Jeremiah Grossman's Blog</a>.
http://bit.ly/IRrGV
173D540C-2E34-4078-856C-E18E1DE3EF9E-457-0000052AB0D7189D-FFAMon, 23 Feb 2009 12:33:38 -0800Black Hat DC Press CoverageBlack Hat DC 2009 is drawing to a close, and we had a wealth of excellent talks. For those that couldn't be here with us, we've assembled a partial list of <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-press.html">Black Hat DC 2009 press coverage</a> to give you the flavor of the event. The page will grow as more stories roll in, so feel free to check back.<br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-press.html
E9644F4C-6884-48FE-8F1F-8B2869BFA7B2-830-00005A5BE8934851-FFAThu, 19 Feb 2009 19:46:49 -0500Paul B. Kurtz: DC 09 Keynote: The Move from Strategic Indecision to Leadership in CyberspaceThe <a href="https://media.blackhat.com/bh-dc-09/video/Kurtz/blackhat-dc-09-kurtz-keynote-slide.mov">keynote for Black Hat DC 2009</a> is available online now.
https://media.blackhat.com/bh-dc-09/video/Kurtz/blackhat-dc-09-kurtz-keynote-slide.mov
90258682-C138-4C00-AC74-0CFA19D53FB2-830-00005A8A394705AB-FFAMon, 23 Feb 2009 20:37:03 -0800Rafal Wojtczuk and Joanna Rutkowska's presentation: Attacking Intel® Trusted Execution TechnologyThe <a href="http://invisiblethingslab.com">Invisible Things Lab team </a> returned to Black Hat with brand new research on weaknesses in current TXT implementations and how they can be practically exploited. The <a href="https://media.blackhat.com/bh-dc-09/video/Wojtczuk_Rutkowska/blackhat-dc-09-Wojtczuk_Rukowska_Intel-TXT.mov">video is online</a> now.<br />
https://media.blackhat.com/bh-dc-09/video/Wojtczuk_Rutkowska/blackhat-dc-09-Wojtczuk_Rukowska_Intel-TXT.mov
45BE661A-492E-449D-B135-5A1D344AA58B-830-00004758DEE96412-FFAThu, 19 Feb 2009 19:47:54 -0500Moxie Marlinspike's Black Hat 2009 Presentation: New Techniques for Defeating SSL in PracticeOne of the best-received talks at Black Hat DC 2009 so far, Moxie Marlinspike's frankly disconcerting presentation regarding practical ways to beat the SSL underpinnings of "Secure" web commerce will definitely spark a lot of conversation. You can <a href="https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov">see the presentation</a> yourself online now.
https://media.blackhat.com/bh-dc-09/video/Marlinspike/blackhat-dc-09-marlinspike-slide.mov
3BC3736D-ED04-4791-B3B9-4407CF25D9CE-830-00003F7BFD581D37-FFAThu, 19 Feb 2009 11:33:16 -0500Interview with Black Hat DC speaker Moxie MarlinspikeBlack Hat founder Jeff Moss interviews Moxie Marlinspike, who showed his new tool SSLStrip and a host of new ways to beat the SSL protection that web commerce relies on this morning at Black Hat. You can <a href="https://media.blackhat.com/bh-dc-09/blackhat-dc-09-marlinspike-interview.m4v">download the video</a> or <a href="http://www.youtube.com/watch?v=Rvp0oPluuLE">watch it on YouTube </a>.
https://media.blackhat.com/bh-dc-09/blackhat-dc-09-marlinspike-interview.m4v
0810596D-4650-4ABD-8527-4335B93A7247-830-00003176BCE5DC03-FFAWed, 18 Feb 2009 23:10:39 -0500Presentations from DC 2009 Now OnlineYou can <a href="html/bh-dc-09/bh-dc-09-archives.html">see the powerpoints and whitepapers for DC 2009</a> online now.
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html
71CBFCAD-FF44-4CD8-8FDD-6A0BE57DFC06-830-0000157AC658E40E-FFAWed, 18 Feb 2009 12:35:33 -0500Adobe Researcher Joins Black Hat RIA Webcast<![CDATA[Peleus Uhley is a senior security researcher within the Secure Software Engineering team at Adobe, and he's joining our February 26th Webcast on the topic of Rich Internet Applications. If you have RIA security questions related to AIR and Flash, this will be a great place to get them answered. He'll be joining Billy Hoffman of HP and ALex Stamos of iSec for what promises to be a very interesting conversation. You can register for the webcast online now.
]]>
https://www.blackhat.com/html/webinars/ria.html
86D97FC2-3901-4BF5-9D5C-C285EDB4C4C4-1081-0000BE3BC5C04024-FFAMon, 16 Feb 2009 12:22:04 -0500Black Hat Europe Speaker Selection Continued:More Speakers Added to Europe LineupWe've added several more <a href="https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html">accepted BH Europe 09 speakers</a> to the website - please take a look at the lineup. We'll announce here when it's final.
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html
26C4B347-CB51-40D3-8BEB-13FE68525A1F-1081-0000BD439363C6C5-FFAMon, 16 Feb 2009 12:07:15 -0500Black Hat Europe Speaker Selection: First Group of Accepted Speakers OnlineNow that the Black Hat Europe CFP is closed, we have begun the speaker selection process. You can find the first group of <a href="html/bh-europe-09/bh-eu-09-speakers.html">accepted BH Europe 09 speakers</a> online now. Please keep an eye on that page, as we'll have some more speakers to announce very soon.
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html
BFB71335-35A0-479D-A00A-00E8BBAAA97B-1081-00001851ACC906F9-FFAFri, 06 Feb 2009 19:05:28 -0800Black Hat USA 2009 CFP OpenThe Black Hat <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfp.html">USA 2009 Call for Papers</a> is now open. We've also posted the <a href="https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfpFAQ.html">track listing for USA 2009</a> to help guide your submissions. If you have an infosec presentation the world needs to see, this is the opportunity to get it seen - please remember to submit early because the CFP will close once we have all the slots filled.<br />
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-cfp.htm
80B52FD3-B51A-434B-955F-DB4FDDAC35E1-27605-000233CFD986C804-FFATue, 03 Feb 2009 15:14:42 -0800Black Hat Webcast #8: Rich Internet Application SecurityRich Internet Application (RIA) frameworks are seeing an enormous growth in popularity - technologies like Ajax and Flash create nearly unlimited opportunities to expand and improve the web user experience. They also bring with them a host of new security risks. The popularity of these frameworks among application developers insures that we'll see more attacks and issues in the months and years ahead.<br />
<br />
Join Black Hat Founder and Director Jeff Moss and his guests Billy Hoffman of HP and Alex Stamos of iSec for a lively discussion of new issues and security implications in the world of Rich Internet Applications. You can <a href="http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4">register for the webcast online now.
http://w.on24.com/r.htm?e=134094&s=1&k=73DE9CC6CB22DB04BF585DE8232A2EF4
BBE735FD-41A1-4642-99A4-A6ED9C601530-27605-000222E7325A1FFA-FFAMon, 02 Feb 2009 18:45:52 -0800Black Hat USA 2009 Registration Open now - Super Early Bird rate in Effect.Black Hat USA will be returning to Caesars Palace in Las Vegas again this summer. The training sessions will be July 25-28 and the Briefings will be July 29-30. The <a href="https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html">super early bird registration rate of $1295</a> US is available now, and it's a savings of $100 US off the early bird rate that begins March 16.
https://www.blackhat.com/html/bh-registration/bh-registration-usa-09.html
8EBE57BB-64E3-42D4-B195-3690E8B75C2A-27605-00021600465A810D-FFATue, 03 Feb 2009 15:14:22 -0800Hyatt Regency Crystal City Sold out February 13 and 14Just a note for all those planning to arrive early for Black Hat DC, Rooms are still available from the 15th to the 20th, but Friday, February 13 and Saturday, February 14 are sold out at the <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html">Hyatt Regency Crystal City</a>. Please make your plans accordingly.
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html
A6A4F85A-9C35-42F4-B158-647CE575EB87-27605-00018DDA4CA18D39-FFAThu, 29 Jan 2009 10:54:49 -0800Black Hat DC Keynote: Paul B. Kurtz on "The Move from Strategic Indecision to Leadership in Cyberspace "We're very excited about DC Keynote speaker Paul B. Kurtz's selected topic. He will be speaking on the topic of "The Move from Strategic Indecision to Leadership in Cyberspace." Kurtz is a veteran of the NSC, the Home land Security Council, and the Cyber Security Industry Alliance, among others, and his presentation comes at a time when the incoming American administration has declared the cyber infrastructure a strategic asset and wants to give cybersecurity a Cabinet-level profile. Mr. Kurtz's full bio is on our <a href="http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Kurtz">DC 09 speakers page</a>.
http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Kurtz
94FEEFAA-C82F-4D6D-B222-BB00B32985EB-20937-0001783B7E85C916-FFAWed, 28 Jan 2009 12:56:59 -0800Win a Free Pass to Black Hat Vegas: Jeremiah Grossman's 3rd Annual Top 10 Web Hacking Techniques Contest<![CDATA[From Jeremiah Grossman's Blog..."It's time once again to create the Top Ten Web Hacking Techniques of the past year. Every year Web security produces a plethora of new and extremely clever hacking techniques (loosely defined, not specific incidents) ...
This year is special, because the researcher who places #1 will not only receive praise amongst his peers, but also receive one free pass to attend the BlackHat USA Briefings 2009! Over $1,000 (US) value. Generously sponsored by Black Hat. Winners will be chosen by a panel of judges (Rich Mogull, Chris Hoff, HD Moore, Jeff Forristal) on the basis of novelty, impact, and pervasiveness."
There are already over 40 candidates, so to enter a candidate or just check out the current field, you can visit Jeremiah's blog post.
]]>
http://bit.ly/k5gB
720F19E9-3791-42D8-BA0B-928E8FA5B84E-20937-000123F459C1E76B-FFATue, 27 Jan 2009 11:52:10 -0800Black Hat DC Group Rate Extended : Now Valid Until February 2<![CDATA[The Hyatt Regency Crystal City - home to Black Hat DC 2009 - has added a week to our group rate. This means you have an additional seven days to save on rooms at the hotel.
The simplest and most convenient way to reserve your room is to register online.
You may also call the hotel directly: +703-418-1234 or 1-800-233-1234 and use the Group Code: BLACK HAT, Tech Web or UBM
]]>
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-venue.html
C647E261-B8D5-4ADD-904C-45EE14EB54D4-15457-0000DDF38AABD960-FFAMon, 26 Jan 2009 13:44:23 -0800Audio Online for Black Hat Webcast 7 - OS X SecurityBlack Hat <a href="http://bit.ly/webcast7a">Webcast 7</a> on OS X Security with Jesse D'Aguanno and Tiller Beauchamp is online and available for download now. You can also watch the <a href="http://bit.ly/webcast">Web Sync version</a> that shows the slides along with the audio. <a href="mailto:[email protected]?subject=Webcast Feedback">Let us know what you think</a> about the webcasts and suggest new topics - we're always looking for good suggestions.
http://bit.ly/webcast7a
AA972A27-F146-47FE-8795-7CDC5FCDA313-1613-0000CDC0BA4392BC-FFAFri, 23 Jan 2009 18:05:36 -0800Black Hat Speakers in the News : Vincenzo Iozzo Reveals Stealthier Mac AttacksResearcher <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Iozzo">Vincenzo Iozzo</a> will be revealing a new way to inject hostile code into OS X machines at next month's <a href="https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html">Black Hat DC</a> event. <a href="http://bit.ly/TRyk">The Register</a> has a very interesting article to get you ready for his presentation.
http://bit.ly/TRyk
54B768FC-0713-4DFF-A079-269F88050AF2-1613-000054723FE82CDF-FFAWed, 21 Jan 2009 14:40:22 -0800Black Hat Speakers in the News: Jesse D'Aguanno and Tiller Beauchamp<![CDATA[
Black Hat webcast #7 on OS X security was covered in internetnews.com and the author has a pretty good synopsis of the events. If you want to revisit the presentations, you can check out the websync version of the webcast
or you can watch this space for the audio version that will be up next week.
]]>
http://bit.ly/YMF
0D72DC65-9557-4AD2-961B-F3DB2076C492-1613-000026693130F12E-FFASat, 17 Jan 2009 19:25:18 -0800Black Hat DC Rate ReminderBlack Hat DC's regular registration rate will end February 1, so register soon to save $200. You can register online here:<br />
<br />
https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.htm<br />
<br />
or learn more about the event here:<br />
<br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html
https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html
3AF57944-D0D1-41FF-AC72-577FD098E9F9-345-000001CF16B48F09-FFATue, 13 Jan 2009 02:05:45 -0800Reminder: Black Hat Webcast #7 - Mac OS X SecurityDon't forget to sign up for our free webcast with Jesse D'Aguanno and Tiller Beauchamp on OS X Security. The event is Thursday, January 15 at 1pm PST/4pm EST. To register now, go to
http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660<br />
<br />
It promises to be a very interesting presentation, and we're looking forward to your questions. We hope you'll join us.
http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660
ABFFC640-B42D-446C-A04F-7D9FF98EB986-345-0000010CE2AAD5E0-FFATue, 13 Jan 2009 01:43:32 -0800Black Hat Speakers in the News: Rafal Wojtczuk, Joanna Rutkowska and Intel Trusted Execution TechnologyRafal Wojtczuk and Joanna Rutkowska will be presenting the software they've created to compromise Intel's Trusted Exectuion Technology (formerly LaGrande) at Black Hat DC 2009. The announcement has made some big waves already, as evidenced by this piece in InfoWorld.<br />
<br />
http://www.infoworld.com/article/09/01/06/Researchers_hack_into_Intels_vPro_1.html<br />
<br />
You can read the abstract for their Black Hat presenation here.<br />
<br />
http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk
http://www.infoworld.com/article/09/01/06/Researchers_hack_into_Intels_vPro_1.html
F0DD2F23-561F-4162-8CC5-7B01DAE6B7D8-4669-000033D022EBCF40-FFAMon, 12 Jan 2009 23:54:03 -0800Black Hat Speakers in the News: DC Keynote Speaker Paul KurtzThere's an interesting article in Forbes online about the top candidates for the incoming administration's "Cyber Czar." Choice quote: "Paul Kurtz, currently a security consultant with Arlington, Va.-based Good Harbor Consulting, is the new administration's top choice for the post, according to several sources within Washington's cybersecurity community..." You can read the entire article here:<br />
<br />
http://www.forbes.com/technology/2008/12/18/cybersecurity-czar-obama-tech-security-cx_ag_1219cyberczar.html
http://www.forbes.com/technology/2008/12/18/cybersecurity-czar-obama-tech-security-cx_ag_1219cyberczar.html
7C35B71F-DE95-4085-AA44-AA87F73DFC0F-804-0000051152647B13-FFAFri, 09 Jan 2009 14:43:51 -0800Black Hat Free Webcast #7: OS X SecurityOur seventh installment of the Black Hat Webcast Series arrives next week with an in-depth and fascinating look into the world of Mac Security. As the Mac platform grows in popularity both with the general public and the enterprise, we’ve seen an increase both in attacks and reasearcher interest in the topic of OS X Security. <br /><br />
Black Hat Speaker Jesse D’Aguanno will be presenting on the topic of “Crafting OS X Kernel Rootkits – Fundamentals.” We’ll also have a presentation by Tiller Beauchamp of IOActive will be talking about Applied Reverse Engineering on OS X. It's sure to be a fascinating conversation. Bring your questions - the last 30 minutes or so will be a question-and-answer session. You can register online here:<br /><br />
http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660<br />
<br />
For more information about Black Hat's webcast series, including an archive of our previous webcasts in audio format you can go to https://www.blackhat.com/html/webinars/webinars-index.html<br /><br />
http://w.on24.com/r.htm?e=128064&s=1&k=3F843DBF6E877F085F4395413D3FD660
96B1F7DC-DF2D-463C-9E5D-A1CB17AF6749-6770-00041E899F6CA412-FFAThu, 08 Jan 2009 19:04:26 -0800Black Hat DC Speaker List CompleteWe have our speaker lineup for the Briefings almost entirely hammered out, just about a week ahead of schedule and we’re very pleased with the way it’s shaped up. You can take a look here:<br />
<br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
E02B456E-53E0-402A-A0F8-1132AE633FA3-6770-00041E3E9C561ECD-FFATue, 13 Jan 2009 01:40:15 -0800Black Hat Speakers in the News: Alexander Sotirov on Creating Rogue CA CertsToday, Alexander Sotirov and Jacob Applebaum presented a proof of concept showing an attacker can subvert browser certificate validation and read or alter data sent to secure websites. Read more about their MD5 collision presentation here on Sotirov's blog.
http://www.phreedom.org/research/rogue-c
36408651-90CF-4AF4-A7EF-4682BCD4D4EA-58183-0001E23F01F2363B-FFATue, 30 Dec 2008 10:06:25 -0800Black Hat Webcast #6 Audio Now OnlineYou can now listen David Litchfield's webcast presentation about his new Oracle database forensics tool orablock online here:<br />
<br /><br />
Bookmarkable audio version:<br />
https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b<br />
<br />
Web Sync Version<br />
<br />
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b
84D8DF37-DCA6-4869-BB38-C4154DAE8C91-6274-0001A9AD92E63637-FFATue, 23 Dec 2008 13:49:25 -0800A Few Early DC Speaker AnnouncementsWe usually wait until the CFP is closed before we start posting speakers, but we've accepted some speakers for our DC event early. We're pretty excited about how things are shaping up, so we're publishing the speakers page a little early. There will be a lot of changes to this page in the next few weeks, so keep checking back with us.<br />
<br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html
F21056EB-B8D7-4224-8A37-76A24D6FF955-6274-0001A6F4EB9D4667-FFATue, 23 Dec 2008 12:21:17 -0800Black Hat Facebook Fan PageLooking for another way to connect with Black Hat? We're experimenting with a Facebook Fan Page. We'd love to see your check it out, and maybe share something - photos, ideas, links to interesting information. Hope to see you there.<br />
<br />
http://www.facebook.com/pages/Black-Hat-Briefings/107691635153
http://www.facebook.com/pages/Black-Hat-Briefings/107691635153
FD8E3436-F716-48B0-BFD7-0FAEDC5DC6DB-6274-0001542F576C14D0-FFAMon, 22 Dec 2008 18:42:53 -0800Black Hat DC rate reminderBlack Hat DC's earlybird registration rate will end January 1, 2009. so consider registering soon for the best rate. You can register online here:<br />
<br />
https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html<br />
<br />
or learn more about the event here:<br />
<br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html
https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html
71B47291-FBB8-47B8-A1DF-F81B6A992102-2019-00001478BE7780CC-FFATue, 16 Dec 2008 13:21:19 -0800Reminder - Black Hat Free Webcast #6: Database Forensics with David LitchfieldDon't forget to sign up for your webcast with David Litchfield and his brand new Oracle database forensic tool, orablock. To register for free, follow this link:<br />
<br />
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981<br />
<br />
It promises to be a very interesting presentation, and we're looking forward to your questions. We hope you'll join us.
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
78E5D9D3-54D5-4899-AFE3-2D9BAB8A39F1-2019-000013D887B08A2C-FFATue, 16 Dec 2008 13:06:29 -0800Black Hat Japan 2008 Audio Now OnlineBookmarkable audio for all talks is now available in the Japan 08 archive. Lots of good stuff there - please enjoy. The archive link is <br />
<br />
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html<br />
<br />
The Keynote is enclosed with this entry, but there are lots of great presentations to check out.
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html
D09EC2A7-F443-4635-B129-DCEDC1ACD591-6306-0000698B45D0AF68-FFATue, 09 Dec 2008 21:10:02 -0800New Blackpage Entry from Jeff Moss: General Black Hat Update<![CDATA[Black Hat Japan was a big success. We had a strong field of presenters and the audience response was excellent. If you'd like to hear any of the talks you might have missed, the audio is available online now (in bookmarkable m4b format) here.
Now we're gearing up for Black Hat DC, February 16-19 at the Hyatt Regency Crystal City in Arlington Virginia. The event is divided into two sections, with two days of intense, hands-on Training Sessions followed by a two-day, four-track Briefings portion with a wide variety of exciting speakers and presentations. Black Hat DC is a unique information security event that places a special emphasis on the needs of security professionals who work in government service and infrastructure. We think this one will be our best DC event yet. We've got a large number of brand new trainings and even though the Black Hat DC Call for Papers doesn't close until January 1, but we've already confirmed some exciting Briefings presentations.
Crowd favorite Adam Laurie will return with a satellite-hacking presentation entitled "Satellite Hacking for Fun and Profit."
Database guru David Litchfield will present a powerful new database forensics tool in a presentation he's calling "The Forensic Investigation of a Compromised Oracle Database Server."
Andrew Lindell's contribution is entitled "Making Privacy-Preserving data Mining Practical with Smartcards."
In the hardware hacking area we have a very interesting presentation from Travis Goodspeed on reverse engineering and exploiting wireless sensors.
Our lineup of brand new training sessions includes a physical security training by Zac Franken and Adam Laurie entitled "RFID, Access Control and Biometric Systems", a Metasploit course called "Tactical Exploitation" by Metasploit creator HD Moore and a course on "Understanding and Deploying DNNSEC" by Paul Wouters and Patrick Nauber.
Another reminder is that Black Hat is still considering Briefings speaker applications for both Black Hat DC and Black Hat Europe, so if you have a strong, compelling and technical presentation to share, please let us know! To be considered for Black Hat DC, you'll need to have your work in our system by January 1. The deadline is February 1 for the Black Hat Europe CFP, the details for potential presenters are available online at https://cfp.blackhat.com.
As always, it's best to register early for the training of your choice to make sure there's a place for you - seats are limited. To learn more about all of our training courses, the training index is now live at https://www.blackhat.com/html/bh-dc-09/train-bh-dc-09-index.html
NEW FREE WEBCAST - Oracle Database Forensics
We're always looking for new ways to share with the community of Black Hat attendees. One result of these efforts is the Black Hat Webcast series. We started in July with a preview of the Black Hat USA event, but we've since had five of these monthly free web events and we're very pleased with the results. From Dan Kamisnky's DNS vuln to Jeremiah Grossman on clickjacking, we've brought researchers and experts together for valuable discussions and in-depth understanding of some of today's most interesting security issues.
Black Hat's webcast series continues with another powerful presentation from a popular Black Hat speaker. This month's presenter is David Litchfield of NGS software, speaking on Oracle database forensics, and he will be releasing a new tool called orablock which he describes this way:
"Orablock allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box."
Please join us to learn about Oracle DB forensics from one of the innovators of the field, as well as learn about his new tool and to get your questions answered. The webcast will be held on December 18 at 1pm PST. Registration is free and online at this link:
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
For more information about Black Hat's webcast series, including an archive of our previous webcasts in audio format you can vist our webcast index page.
https://www.blackat.com/html/webinars/webianr-index.html
You can also sign up to the webcast mailing list by sending an email to [email protected].
Thank you for supporting all of our 2008 events. It's been a great year for Black Hat and we're expecting even bigger things in 2009. Please keep sending in your comments and suggestions to us - it's great to have such an interested and vital community around our events and we truly value your feedback. Happy Holidays to all of you and we hope to see you in DC just few short months from now.
Jeff Moss]]>
https://www.blackhat.com/html/blackpages/blackpages.html
27FFEF52-DE6E-444A-83A4-20FDF9B025D3-6306-0000690313966A13-FFATue, 09 Dec 2008 21:04:42 -0800Black Hat Webcast #6: Database Forensics with David LitchfieldDatabase Security expert David Litchfield will join us to discuss his new paper "Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Examinations" and his new database forensics tool, orablock.<br />
<br />
You can learn more here:<br />
<br />
https://www.blackhat.com/html/webinars/orablock.html<br />
<br />
And you can register by following this link:<br />
<br />
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
ADCFEE3A-F152-4AF8-AE39-D13E1C72B219-278-00006D2B851324C2-FFAWed, 26 Nov 2008 12:52:25 -0800Black Hat Webcast #5 Now Onlinein case you missed Black Hat Webcast #5 : Clickjacking and Browser Security with Jeremiah Grossman, the archived version is now online in two formats.
<br />
You can listen to the audio here:<br /><br />
https://media.blackhat.com/webinars/black-hat-webcast-5-november-08-clickjacking.m4b
<br />
Or follow the slides in the live websync by following this link:<br />
<br />
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2
00093704-E7E5-49E1-A5E8-D6F7B7CEC52D-278-0000686CBAADA89A-FFAWed, 26 Nov 2008 12:17:43 -0800Black Hat Speakers in the News: IETF Ponders DNS ThreatTechworld.com has an interesting article about the IETF and their deliberations over the DNS vuln that dan Kaminsky presented at Black Hat USA 2008. <br />
<br />
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=107430 <br />
<br />
Choice Quote:"The DNS is a really old protocol and it is fundamental to the Internet. We're not talking about patching software. We're talking about patching a protocol. We want to make sure that whatever we do doesn't break the Internet."<br />
<br />
You can see Dan's presentation here:<br />
<br />
https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v
http://www.techworld.com/security/news/index.cfm?RSS&NewsID=107430
6D19BC69-4813-4DEC-868E-8A9114BB3A6C-278-00000144D0C6254F-FFAMon, 24 Nov 2008 12:39:26 -0800Black Hat Speakers in the News: Wysopal on ClickjackingBlack Hat speaker Chris Wysopal has some interesting comments on SecurityFocus about clickjacking - the subject of our most recent webcast. You can read his posting at this link:<br />
<br />
http://www.securityfocus.com/columnists/483<br />
<br />
Choice quote: “Clickjacking isn’t going to go away any time soon. Every browser or plug-in that can display a flexible user interface will need to be made more restrictive.”
http://www.securityfocus.com/columnists/483?ref=rss
6EDF6342-32C3-4DD1-B5D4-C505003FDDCD-18295-0002CB8D8DCF1953-FFASun, 23 Nov 2008 18:40:00 -0800Last chance to sign up for Black Hat Free Webcast #5: Clickjacking and Browser SecurityDon't miss your chance to get registered for the Black Hat Webcast #5: Clickjacking and Browser Security. The webcast will be tomorrow, November 20 at 1pm PST/4pm EST and will feature Jeremiah Grossman, co-discoverer of Clickjacking and CTO/Founder of WhiteHat Security and MIcrosoft's Eric Lawrence, Security Program Manager on the Internet Explorer 8.<br />
<br />
You can register for the webcast at <br />
<br />
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2<br />
<br />
We hope to see you there.<br />
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2
310EADA3-A34B-4B7F-9681-C63252B943AE-18295-000141180B3FAFC1-FFAWed, 19 Nov 2008 12:26:51 -0800CFPs open for Black Hat DC and Black Hat EuropeIf you're interested in submitting for Black Hat DC, please go to:<br /><br />
https://www.blackhat.com/html/bh-dc-09/bh-dc-09-cfp.html<br />
<br />
To learn the rules and get your paper into our system. If you're interested in Black Hat Europe, the link is<br />
<br />
https://www.blackhat.com/html/bh-europe-09/bh-eu-09-cfp.html
https://www.blackhat.com
92052A61-E592-4236-8B23-F7976833972A-11295-0000B543CFE1DE65-FFAWed, 12 Nov 2008 14:03:02 -0800Black Hat Webcast #5 ScheduledBlack Hat Webcast #5 will be on the subject of Clickjacking with co-discoverer of the issue Jeremiah Grossman. The free event will take place on Thursday, November 20 at 1pm PT/ 4pm ET. You can register here:<br />
<br />
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2
http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2
DFA0514C-FDC3-445F-936D-78F4776B6CD5-12250-00008868719E7867-FFAFri, 31 Oct 2008 11:42:44 -0700Black Hat Webcast 4 Available Online NowIf you missed this webcast, now is your chance to listen to this very informative, technical event. The event featured great audience questions and a stellar main presentation by Tony Kapela. If you want to view the web sync version, the link is here:<br />
<br />
http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277<br />
<br />
To listen to this webcast in mp3 format, the link is here:<br />
<br />
https://media.blackhat.com/webinars/blackhat-webcast-4-october-08-kapela.mp3
http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277
467763D9-B5A0-410F-A533-BE2C411D446C-70498-00066B431A4E3479-FFATue, 21 Oct 2008 11:27:38 -0700Black Hat Japan Presentations and Whitepapers OnlineYou can view them here <br />
<br />
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html
22FDFE1B-4C5C-4409-8522-26CAE0A5DCA1-38447-00031D14D6FD7CA9-FFAFri, 10 Oct 2008 17:02:14 -0700Black Hat Free Webcast #4 Thursday, Oct. 16 1pm PST: Trust Doesn't Scale: Practical Hijacking on the World's Largest NetworkIn this webcast, we take the amazing Kapela/Pilosov BGP hijacking presentation at DEFCON 16 as a starting point and look into the issues that relate to securing a world-wide trust-based network. If you missed it, they did
a lot more than just present a talk - they actually intercepted and rerouted all the traffic from the notorioulsy hostile DEFCON network as a proof of the concept. Not only did it work, but it was almost completely invisible to congoers. Anton Kapela presents, with Jeff Moss and a couple of special guests. To learn more, click here:<br />
<br />
https://www.blackhat.com/html/webinars/practicalhijacking.html<br />
<br />
We hope to see you there.
http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277
F256C6A6-5445-4E84-8057-DF5F95087A54-38447-0002C899A1F5701A-FFAThu, 09 Oct 2008 15:19:13 -0700Black Hat Japan 08 Online Registration Closes September 30<![CDATA[BH Japan 2008 Online Regsitration closes September 30th. If you wish to regsiter after that time you will need the Onsite Registration Form which can be found at this link:
Black Hat Registration
or faxed to Black Hat at +1 206 219 4143]]>
https://www.blackhat.com/html/bh-japan-08/bh-jp-08-reg-forms/OnsiteRegForm_BR.pdf
D26A3AFF-577B-4225-A989-007A747A4D98-9142-00013E84D64D341A-FFAMon, 29 Sep 2008 14:27:40 -0700Black Hat Free Webcast #3 - "How to Impress Girls with Browser Memory Protection Bypasses"Black Hat Webcast #3 is scheduled for 1pm PT on Thursday, September 18 and we're trying something new this time. We're bringing back one of our most popular talks for a live reprise. We'll have Alexander Sotirov and Mark Dowd to give their Vista security presentation and answer audience questions. Whether you missed it because you were in another talk, or because you weren't in Vegas at all, this is a great time to get up close and personal with our speakers and get some cutting-edge info about Vista.<br />
<br />
If you're interested in registering for this free webcast event, follow this link:<br />
<br />
http://w.on24.com/r.htm?e=117307&s=1&k=77CB8EE0B5BC4EC5AB070B8AB487B085
http://w.on24.com/r.htm?e=117307&s=1&k=77CB8EE0B5BC4EC5AB070B8AB487B085
B637148E-E972-4303-9B40-482116831884-997-0000499428A85CA9-FFAWed, 10 Sep 2008 14:53:17 -0700Black Hat Japan Briefings Schedule and Speakers OnlineYou can view the current speakers and schedule for BH Japan 08 by following these links:<br />
<br />
Speakers:<br />https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-speakers.html
<br />
<br />
Schedule:<br />
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-index.html#brisch01
<br />
<br />
Please continue checking the Black Hat Japan USA speakers and schedule pages for ongoing updates as the conference lineup is finalized.
https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-speakers.html
781009F9-696F-4183-B465-1C75C662B48A-997-00000C33A3255B5F-FFATue, 09 Sep 2008 20:16:44 -0700Beyond Document.Cookie - Another Presentation From BHUSA08 Now Online<![CDATA[Nathan McFeters, Jon Heasman and Rob Carter gave a very popular and heavily covered presentation this year that introduced the world to the term "gifar." It's fascinating information, and well presented. We hope that those of you who couldn't make it to the Vegas event will get a taste of the kind of presentations attendees get to see and attendees who weren't able to make it to the Beyond Document.Cookie will get their chance to see the presentation in full.
Standard Video Full Video mp3 Audio]]>
http://media.blackhat.com/bh-usa-08/audio/bh-us-08-McFeters/bh-us-08-McFeters.m4b
E993CA83-E935-436D-8369-13FA8EA35019-18467-00020AC161CDA0D5-FFATue, 23 Dec 2008 13:53:24 -0800AV Tokyo Following Black Hat JapanAV Tokyo, which used to be the "drinking party that follows Black Hat Japan" has grown into a one-day conference of its own. It's close, inexpensive and should be good fun. If you're interested in learning more, go to<br />
<br /><br />
http://en.avtokyo.org/
<br />
<br />
We hope to see you there.
http://en.avtokyo.org/
B7BE2316-786A-462F-8E5D-8C6A3DB0602F-2585-00004D6D87CED40E-FFAWed, 03 Sep 2008 20:13:52 -0700Dan Kaminsky's Black Hat Presentation Video and Audio Now Online<![CDATA[Dan Kaminsky's talk about the DNS flaw he discovered was probably enormously popular at BH USA 08 - we now make it available online for the benefit of the wider security community.
]]>
https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v
8138196C-6394-4FFD-A60C-706505F4565B-2618-0001647082E22F60-FFASun, 24 Aug 2008 23:38:27 -0700Black Hat USA 2008 Presentations Now OnlineWe've put the majority of the Black Hat USA 2008 slide presentations and White Papers online at <br />
<br /><br />
<a href="https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html">https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html</a><br />
<br /><br />
Keep your eye on this page for the rest of the presentations and video and audio.
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
2EC3C21F-65D2-45FE-9AE6-A1EFE81CE618-2618-000028F2974CFBEA-FFAWed, 20 Aug 2008 23:09:50 -0700Black Hat USA 2008 Flickr FeedYou can take a look at our official Flickr feed for USA 2008 here:<br />
<br />
<br />
http://flickr.com/photos/adunne/sets/72157606583937690/
http://flickr.com/photos/adunne/sets/72157606583937690/
2751D606-E8E3-464E-B186-06B1C9BD4371-11573-0000DEBFE188717C-FFAThu, 07 Aug 2008 12:08:56 -0700EFF Launches Coders' Rights Project at Black Hat Conference<![CDATA[The Electronic Frontier Foundation (EFF) today
launches its Coders' Rights Project -- a new initiative to
protect programmers and developers from legal threats
hampering their cutting-edge research.
In conjunction with the project's launch, EFF is staffing
an "EFF Is In" booth at Black Hat USA 2008 in Las Vegas on
August 6 and 7. At the booth, EFF attorneys will provide
legal information on reverse engineering, vulnerability
reporting, and copyright law, as well as patent, trade
secret, and free speech issues.
The rest of the release is here:
http://www.eff.org/press/archives/2008/08/05-0
]]>
http://www.eff.org/press/archives/2008/08/05-0%0Dhttp://www.eff.org/press/archives/2008/08/05-0
36300A47-A73D-43F7-B3A1-B6FD5AA749BD-6871-00009D58E99B1F5E-FFAWed, 06 Aug 2008 09:48:45 -0700Sign up to Black Hat USA 2008's Twitter Feed for Breaking NewsIf you're planning on attending Black Hat USA 2008, please consider signing up for the Twitter Feed. We'll use it (sparingly, of course) to bring you updates and breaking information as the show goes on. It can also be useful to meet other attendees and to twitter about whatever you're doing when the talks are done for the night. To sign up, go to <br />
<br />
https://twitter.com/BlackHatUSA2008
https://twitter.com/BlackHatUSA2008
10FAA3A1-1249-4460-BD42-20CDE0717C8A-491-0000586CBAD888FB-FFAMon, 04 Aug 2008 07:55:59 -0700Black Hat Speakers in the News: Nate McFeters, John Heasman and Rob Carter in InfoWorldHere's a link to a story in InfoWorld that deals with the subject of McFeters, Heasman and Carter's BH USA 2008 presentation, entitled The Internet is Broken. The researchers will demo software they've created that makes it possible to create files that look to a server like a standard graphic file but to a browser appear to be a Java Applet. This could enable attackers to run malicious Java code in the victim's browser. If you're in Vegas for Black Hat, they are speaking on August 7 at 3:15pm in the Florentine Ballroom. You can also hear their preview of this talk on <br />
Black Hat Webcast #1 here:<br />
<br />
<br />
http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=4CI
http://www.infoworld.com/article/08/08/01/A_photo_that_can_steal_your_online_credentials_1.html
FDF7154F-9066-41E1-A7BC-7F82ECC02F72-49400-0002E1339049F517-FFAFri, 01 Aug 2008 19:27:32 -0700Black Hat Webcast #2 with Dan Kaminsky is Now OnlineOur second webcast was very well attended and full of great information from Kaminsky about the DNS Vulnerability that's all over the news these days. If you weren't able to make it to the live event, you can catch up now online.<br />
<br />
To view a synced online replay, follow this link<br /><br />
https://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=114268<br />
<br />
To download the mp3, follow this link<br /><br />
https://www.blackhat.com/webinars/html/blackhat-webcast-2-july-08.mp3
https://www.blackhat.com/html/webinars/kaminsky-DNS.html
CA1D5F57-AC84-4E65-A537-FED68AF52F29-1730-00014D752A9D1ED5-FFAFri, 25 Jul 2008 20:45:03 -0700EFF Is IN at Black Hat 2008!
The EFF Is IN Booth is a public service provided at Black Hat USA 2008 in Las Vegas, Nevada from August 6 to August 8. At the EFF Is IN Booth, attorneys from the Electronic Frontier Foundation will be available to provide legal information on reverse engineering, vulnerability reporting, copyright law, patent, trade secret, free speech and other issues related to security research and reporting. We'll also be available to consult with individuals or companies who want more information about how the law might affect their current research and upcoming presentations.<br />
<br /><br />
The EFF Is IN Booth is a service of EFF's Coders' Rights Project. To make an appointment for a consultation, please email Alyssa Ralston, Development Assistant, at [email protected], or drop by the table at the conference. <br />
<br />
To learn more about the Electronic Frontier Foundation: http://www.eff.org
http://www.eff.org
A5982B80-73C8-4993-BBC7-A69AC949B33C-1730-000068196B1842C5-FFATue, 22 Jul 2008 19:29:43 -0700Pwnie Award Nominations Are OutAfter 134 submissions and what we assume were heavy and spirited deliberations, the list of Pwnie nominees is up. Take a look here<br />
<br />
http://pwnie-awards.org/2008/awards.html
http://pwnie-awards.org/2008/awards.html
6D2C723E-9A62-4205-A814-B6D01AFAF09B-1730-00001674112761C1-FFAMon, 21 Jul 2008 19:33:10 -0700Registration Now Open for BH Webcast number 2 With Dan KaminskyIt's all over the news: Dan Kaminsky found a major, fundamental flaw in DNS that renders practically any name server vulnerable. He'll be speaking in depth on this discovery in August at BH USA, but he's agreed to discuss it a few weeks early. Get your best questions ready - the webcast will be live Thursday, July 24 at 1pm PT/4pm ET.<br />
<br />
Join Dan Kaminsky, director of penetration testing for IOactive; Jerry Dixon, former director of the National Cyber Security Division at DHS; and other experts to discuss the largest synchronized security update in the history of the Internet. Dan will tell the story behind the discovery, and the process of creating and deploying the fix.<br />
<br />
Reserve your place by registering now at http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02
http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02
740FB1BA-21F5-42FF-B7C0-86F9EFE034B7-78980-0001D833C05E3AC6-FFATue, 15 Jul 2008 14:10:57 -0700Black Hat Speakers in the News: Dan Kaminsky Announces Massive, Multi-vendor DNS Issue<![CDATA[Dan Kaminsky announced today a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. Kaminsky also announced that he had been working for months with a large number of major vendors to create and coordinate today's release of a patch to deal with the vulnerability.
Dan will be elaborating much further on the discovery and the solution at Black Hat USA 2008 and in our second Black Hat webcast on June 24, 2008 at 1pm PT. To get on the subscription list for free registration information for Black Hat webcasts please send a mail to
[email protected]
To find out if you are vulnerable to this issue, you can use the DNS checker link on the top of Kaminsky's webpage at :
http://www.doxpara.com
To read the executive summary to the CERT advisory, you can go to
To get webcast and other breaking information from Black Hat on twitter, go to
http://www.twitter.com/BlackHatUSA 2008
]]>
https://media.blackhat.com/webinars/blackhat-kaminsky-dns-press-conference.mp3
D3EA75AA-2B50-44A7-8912-0C425F3DAC4D-15829-000B80FC1EF8BC98-FFATue, 08 Jul 2008 16:33:40 -0700Pwnie Awards Nominations Close July 14!<![CDATA[The Pwnie Awards ceremony will return to the BlackHat USA 2008 conference in
Las Vegas. Last year's inagural event was a lot of fun, and we hope it will
only get better. What should you expect from this year's ceremony? Exciting
new categories, an inspirational acceptance speech by the winner of the Lamest
Vendor Award and a special sing-along led by HD Moore!
The Pwnie Awards is an annual awards ceremony celebrating the achivements and
failures of security researchers and the wider security community. We're
currently accepting nominations in nine award categories, including two new
ones for this year:
* Best Server-Side Bug
* Best Client-Side Bug
* Mass 0wnage
* Most Innovative Research
* Lamest Vendor Response
* Most Overhyped Bug
* Best Song
* Most Epic FAIL (new for 2008)
* Lifetime Achievement award for hackers over 30 (new for 2008)
The deadline for nominations is Monday, July 14. To submit a nomination,
visit the Pwnie Awards site at http://pwnie-awards.org/]]>
http://pwnie-awards.org/
CEE1B7CA-74B4-45A6-9B6F-40DCF0B6D519-15829-000B77E9967A5D6F-FFATue, 08 Jul 2008 11:20:57 -0700Black Hat Japan 2008 Call for Papers Now OpenThe Black Hat Japan 2008 Call for Papers is now open. <br />
<br />
https://cfp.blackhat.com/<br />
<br />
Early submissions allow more time for review. Please note that the Black Hat Japan 2008 Call for Papers will close on September 1.
https://cfp.blackhat.com/
6CD44BE2-E7FF-43C6-83E2-26AD2E42F5D8-15829-000B3964781F4EE2-FFAMon, 07 Jul 2008 16:14:59 -0700Listen to Black Hat Webinar No. 1 NowOur first webcast is now online. If you couldn't be there live, this is your opportunity to preview some of the presentations going on at Black Hat USA 2008. <br />
<br />
The webcast audio is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3<br />
<br />
The powerpoint presentation is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3t<br />
<br />
If you'd like to be alerted about our next webcast, please sign up to our notification list at<br />
<br />
[email protected]
https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3
FFD47D55-2542-420A-AC65-2BB8385BB449-15829-0009B9E0902CA8F0-FFAWed, 02 Jul 2008 19:47:26 -0700Black Hat Webcast Mailing ListOur first webcast went very well - over 500 of you joined us. We're going to try to do these at least monthly from now on, so if you want to know when the next Black Hat webcast is happening, you can subscribe to our Webcast Mailing List by sending an email to [email protected].<br />
<br />
Another way to keep in touch with us is to join the Black hat Twitter feed - we'll announce all upcoming events and activities there. To subscribe, head on over to <br />
<br />
http://www.twitter.com/blackhatusa2008<br />
<br />
mailto:[email protected]8B3A6480-2A98-4C40-9446-D5413AB54937-15829-0009256EA0BD377B-FFAMon, 30 Jun 2008 21:55:41 -0700Black Hat Speakers in the News: Mark Dowd 'Obliterates" Vista SecurityThe headline is pretty sensationalistic, but we're always happy to see the tech press recognizing the importance of upcoming Black Hat talks. In an online article for ZDNet.com.au, Mark's talk is referenced and although Mark doesn't say anything nearly as inflammatory as the title, we encourage you to check out his talk at BH USA 2008, since obliteration of a major OS is bound to make some news.<br />
<br /><br />
http://www.zdnet.com.au/news/security/soa/Vista-security-to-be-obliterated-at-Black-Hat/0,130061744,339290040,00.htm
http://www.zdnet.com.au/news/security/soa/Vista-security-to-be-obliterated-at-Black-Hat/0,130061744,339290040,00.htm
08C3A9FB-5A13-43A5-AE04-4BC6023576CF-15829-000781BABBA3057E-FFAWed, 25 Jun 2008 13:57:22 -0700Regular Registration Rates Close July 1All prospective Black Hat attendees should keep in mind that the regular rates in place now will be ending on July 1. To take advantage of current prices, consider registering soon.
https://www.blackhat.com/html/bh-registration/bh-registration.html
59037A20-4473-46D2-8E57-D31936418680-15829-00076CD05D98B807-FFATue, 24 Jun 2008 17:13:51 -0700Last Chance to Register for Black Hat's First WebcastBlack Hat presents its first webcast on June 26 at 1pm pacific/ 4pm eastern. The subject is "The Forbidden Sneak Peek - Black Hat USA 2008" and we'll have some great speakers on hand to give you a look into some of the subjects they'll be presenting in August. We're planning to turn this into a regular event, so your participation and feedback are encouraged. It's free of charge - you can sign up at <br />
<br />
http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1<br />
<br />
if you'd like to subscribe to a mailing list that will alert you to upcoming Black Hat Webcast events, send an email to <br />
[email protected]
http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1
9CAA43AB-A91F-4769-A69F-A2C6E0356F76-15829-00076CD00E119D90-FFATue, 24 Jun 2008 17:06:14 -0700More Pwnie Awards NewsThe fine folks who bring you the Pwnie awards are currently accepting nominations in 9 award categories, including the ever-popular Pwnie for Most Overhyped Bug and Pwnie for Mass Ownage. Two of the
categories for this year are new: Pwnie for Most Epic FAIL and a Lifetime
Achievement Award for hackers over 30.
<br />
The nominations will be open until July 14 and the list of nominees will be
published shortly thereafter<br />
<br />
The Pwnie awards will be held at BH USA 08 - to learn more about their plans or to nominate someone yourself, head over to <br />
<br />
http://pwnie-awards.org/
http://pwnie-awards.org/
6A6BD584-76E0-4576-B649-68FB8CB4A94C-15829-0005F43A057E6E55-FFAThu, 19 Jun 2008 19:40:08 -0700Black Hat Webcast No. 1 Makes the O'Reilly Radar Blog<![CDATA[Jim Stodgill of the O'Reilly Radar Blog
has checked in with an exceptionally funny piece on the difference the Black Hat style and the style of other tech conferences. We're sure you'll get a chuckle of recognition out of the piece. A choice quote:
"Maybe I'm reading too much into this, but for what its worth, I've attended both Black Hat and O'Reilly conferences and can't recall Satan making a single appearance in an O'Reilly conference program."
At Black Hat HQ we loved the piece and we look forward to seeing him at the webcast.
]]>
http://radar.oreilly.com/archives/2008/06/satan-is-on-my-friends-list.html
C952F782-0B30-4111-9C02-F6A4F4F95461-35515-000419807A64EBE2-FFAFri, 13 Jun 2008 18:24:24 -0700Wall of Sheep Coming to Black HatEvery year at DEFCON, Riverside runs the Wall of Sheep - exposing the shame of attendees who log into the conference network as root. But in addition to embarrassment, Riverside's crew offers enlightenment - they're available in person to show you the setup that's sniffing out your mistakes and to educate you on the fine points of hardening your box for the rigors of public computing.<br />
<br />
This year, Black Hat attendees will have the same learning/shaming opportunities as the Wall makes its way to Black Hat for the first time. Compute accordingly.<br />
<br />
Here's a link to an old article in MAKE that lays it out for you.<br />
<br />
http://blog.makezine.com/archive/2005/07/_defcon_the_wall_of_sheep.html
http://blog.makezine.com/archive/2005/07/_defcon_the_wall_of_sheep.html
62912C42-5F9D-4CB6-B50A-CF32BC066E9B-7434-000320AB47AD006A-FFAThu, 12 Jun 2008 18:34:47 -0700Black Hat's First Webcast - Free Sneak Peek at BH USA 2008<![CDATA[Black Hat is presenting its very first webcast on June 26, 2008 at 1pm PST/4PM EST. It's scheduled for one hour followed by a Q and A period. The webcast will be presented free of charge and it will focus on previewing the BH USA 2008 event.
The event will be introduced and facilitated by BH Founder and Director Jeff Moss and will feature "teaser talks" - shortened versions of the full presentations lined up for Vegas - by several confirmed speakers who will each provide a brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in
August. Here's a small glimpse into the future:
Topic:Malware Detection through Network Flow Analysis
Presenter: Bruce Potter, Founder, Shmoo Group.
Mr. Potter has co-authored several books including "802.11 Security" and
"Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X
Security" by New Riders.
Topic:Nmap - Scanning the Internet
Presenter: Fyodor Vaskovich, founding member of the Honeynet projectand
co-author of the books "Know Your Enemy: Honeynets" and "Stealing the
Network: How to Own a Continent"
Topic: Satan is on My Friends List: Attacking Social Networks
Presenters: Shawn Moyer, CISO of Agura Digital Security and Nathan Hamiel,
Senior Consultant for Idea Information Security and founder of the Hexagon
Security Group.
We plan for this Webcast to be the first in a year-round series of online presentations that allow our speakers to present breaking research between
shows and provide the Black Hat community with another stream of fresh,
relevant, and usable security knowledge. We hope you'll join us for our first foray into webcasting and let us know what you think.]]>
https://www.blackhat.com/html/webinars/usa2008preview.html
F7D50E5D-71BE-4415-8F06-EF1A26C6CB0E-49910-0001A345F42FF2E5-FFAThu, 05 Jun 2008 17:48:50 -0700Black Hat USA Speaker Selection is Now CompleteThe BH USA 2208 speaker selection is finally complete. We're very pleased with the depth and variety of presentations we'll be able to bring to attendees this year and we hope you'll take a moment to check it out. This is the first event where we've had delegate input in the selection process and we think it's been a huge success. You can see the schedule for yourself at<br />
<br />
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html<br />
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html
8374115C-35CE-4B45-AD2D-0016B24BDD69-2905-000050BB65F1ACAD-FFAThu, 29 May 2008 18:51:00 -0700Certified Ethical Hacker (C|EH) Version 6 and ECSA/LPT Certification Preparation Open for Registration<![CDATA[The EC Council will be offering two classes at this year's Black Hat USA Training and both are available for online registration now. The classes are:
ECSA/LPT Certification Preparation - The ECSA course equips one with the knowledge and know-hows to become an EC-Council Licensed Penetration Tester.
and
Certified Ethical Hacker (C|EH) Version 6 -This course deals with Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
If certification in either of these areas interests you, please click on the course name to read further.
]]>
https://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-index.html#Certification
780C8170-F186-4F3C-B1B2-A395C02FAE46-86466-0003B090FD326E8E-FFATue, 27 May 2008 18:22:08 -0700Black Hat Twitter FeedWe've set up a <a href="http://www.twitter.com/BlackHatUSA2008">Twitter feed for Black Hat USA 2008</a> and we hope you'll take the time to follow us. As the show draws closer, we think it will be a great way to learn about new developments in the event, to schedule off-site meetups with other delegates and to stay connected with BH headquarters. Clicking the link in this post or on the main page at <a href="https://www.blackhat.com/index.html#twitter"> blackhat.com </a> will get you to the signup page. It takes only a minute, and will keep you in the loop as we round the corner to Black Hat.
http://www.twitter.com/BlackHatUSA2008
13C11826-70F9-4616-BBA9-86735CCF3753-35242-00021A1D3037C5F6-FFAThu, 22 May 2008 14:11:47 -0700Black Hat Briefings USA 2008 Schedule Filling Up!We've been working hard to get the schedule for this year's talks finalized and online, and several tracks are now filled. We're excited about the lineup - this is the first year that delegates have helped to shape the roster and we think the results are impressive. To take a look for yourself, go to:<br />
<br />
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html
844B8F92-964C-4B26-8DE3-E22A9BC73F25-48717-000198D3C298E031-FFAWed, 14 May 2008 18:22:01 -0700Black Hat Speakers in the News: Sherri Sparks and Shawn Shawn Embleton<![CDATA[Black Hat USA 2008 is still months away, but some of the presentation topics are already beginning to make news. Sherri Sparks and Shawn Embleton are scheduled to demonstrate a new type of rootkit that hides itself in System Management Mode, currently out of reach of the AV products.
The presentation is already sparking interest in places like Slashdot and PC World.
]]>
http://blackhat.com/html/bh-usa-08/bh-usa-08-speakers.html#Sparks
D2D6687C-C091-42FA-AEFC-633A3CC4DA48-22933-0000F81812DA6A39-FFAMon, 12 May 2008 16:18:16 -0700Black Hat USA 2008 Early Bird Registration Closes May 1If you want to take advantage of the Early Bird registration rates for Black Hat USA 2008, be sure to get registered before May 1. You can register online at <a href="https://commerce.blackhat.com/bh_usa_2008"> https://commerce.blackhat.com/bh_usa_2008
https://commerce.blackhat.com/bh_usa_2008
F53FC993-11F2-4C03-BB96-7F5E76DDA05F-50588-0001833D19A9A3A7-FFATue, 22 Apr 2008 13:21:54 -0700Black Hat USA CFP Closes May 1The Black Hat USA Call For Papers closes May 1, so be sure to get your submissions in on time. We are looking forward to a great roster of presentations, and we'll begin posting the accepted presentations as the submitters are notified. Please submit online at <a href="https://cfp.blackhat.com"> https://cfp.blackhat.com.</a><br />
<br />
For a tentative track listing to help guide submissions please visit <a href="https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html"> https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html</a>
https://cfp.blackhat.com
653BC136-9EBF-4DDD-9A32-7030119498BB-50588-0001805B673055DF-FFATue, 22 Apr 2008 13:24:19 -0700The Pwnie awards return to Black Hat USA
<br />
The Pwnie Awards ceremony will return to the Black Hat reception with an all new roster of "winners." The awards exist to celebrate/humiliate the creators of the most infamous pwnage events of the previous 12 months. Categories have included Best Server-side Bug, Mass 0wnage, Lamest Vendor Response and Most Overhyped Bug. The awards are independent of Black Hat, but we're pleased to provide a venue for them where so much of the security community is gathered. Last year's inaugural event was a lot of fun, and we hope it will grow in 2008. We hope to see you thereat what Linux.com is already calling "Black Hat's Oscars."<br />
<br />
Links: <br />
<br />
http://pwnie-awards.org/<br />
http://www.linux.com/feature/118378<br />
www.blackhat.com
http://pwnie-awards.org/
805925C5-DA7B-4DF5-B6D6-E03116BD6B9D-12450-00006714D20745B4-FFAFri, 11 Apr 2008 15:48:39 -0700Black Hat Speakers In the News: Matthew Lewis - "Biologger - A Biometric Keylogger"Black Hat Europe 2008 Speaker Matthew Lewis is getting a lot of media attention for his BH presentation entitled "Biologger - A Biometric Keylogger." The presentation included a demo showing how state-of-the-art biometric security systems can be compromised. To read his whitepaper, download his tool or see his presentation.<br />
<br />
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis
80547767-EDFA-44F2-B856-18819776E4B0-7867-00005CBEE4B2CE8F-FFAFri, 04 Apr 2008 17:52:22 -0700Presenations From Black Hat Europe 2008 Now OnlineThis year's Europe event has come to a successful close and we've put the presentations online for everyone who missed a briefing presentation or two, and everyone who couldn't make it to Amsterdam for the show. Watch this space for video and audio presentations when they go live.<br />
<br />
<br />
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html
11007BFC-790D-4495-A270-E6595ABD519C-35722-000120794A11A28F-FFASat, 29 Mar 2008 03:48:35 -0700New BlackPage Entry: CrowdSourcing the Black Hat CFPBeginning with Black Hat USA 2008, paid delegates will be able to view and rate CFP submissions. Register and help us create the Black Hat of your dreams. Learn more about how it will work in this BlackPage entry from Black Hat Director Jeff Moss.<br />
<br />
https://www.blackhat.com/html/blackpages/blackpages.html
https://www.blackhat.com/html/blackpages/blackpages.html
EFFADD49-62EE-4412-BC09-721334FC6020-51082-00019D20D241C1B7-FFAThu, 13 Mar 2008 21:26:20 -0700Black Hat Europe 08 Keynote Speaker Selected<![CDATA[The Black Hat Europe 08 has been finalized and we're proud to announce our Keynote Speaker, Ian Angell. Ian is Professor of Information Systems at the London School of Economics and he will present a talk entitled "The Complexity in Computer Security."
This presentation will be a theoretical talk on the complexity of computer security. He will discuss how a lack of understanding of the limitations of, and distinctions made by, computerization leads to systemic risk.
To read the abstract and bio for Ian's keynote, click here:
]]>
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Angell
8224B58D-3B5E-423E-8AE4-418A5A17E6E7-1479-00000EB396D6419C-FFAFri, 07 Mar 2008 17:12:26 -0800Black Hat Speakers in the News: Johhny Long on Forbes.comPast Black Hat speaker Johnny Long has been profiled on Forbes.com on the subject of No-Tech Hacking. The article is an interesting read and even contains some quotes from BH Director Jeff Moss. <br /><br />
<br />
The article is here:<br />
<br />
http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html
<br />
To learn more about Johnny Long, you can check out his site at<br />
<br />
http://johnny.ihackstuff.com/
http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html
300DE1CE-E464-4A76-8360-9AF2E23EB25E-21132-0000E4C36ED820D6-FFAFri, 29 Feb 2008 15:50:49 -0800Black Hat Speakers in the News: David Hulton, Steve and "Cracking GSM"<![CDATA[This year's Black Hat DC was full of newsworthy talks, but one that has gotten a lot of media attention was "Cracking GSM" by David Hulton and Steve.
They demonstrated that they could capture and decrypt GSM traffic (the most popular type of cellphone traffic) with astonishing speed. Their presentation is eye-opening and very worthy of your attention.
To see their slides, click here:
https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
To see their whitepaper, click here:
https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Whitepaper/bh-dc-08-steve-dhulton-WP.pdf
To see the actual talk, click here.
https://www.blackhat.com/html/featured_media/bh08-002-Stream-1.mov
]]>
https://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
00C877B9-3915-459D-8594-49FA08778F48-14178-0000B534F3F1EB0D-FFAThu, 28 Feb 2008 20:04:14 -0800Presentations from Black Hat DC 2008 OnlineWe're freshly back from the success of the Black Hat DC event, and we've begun the process of putting the presentations and white papers online. Check the link to get yourself up to date on the stellar lineup of presentations or to catch up on a talk you missed in DC. Keep your eyes on this space for audio and video very soon. <br />
<br />
<br />
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html
360F8052-C561-4AB9-B180-18781BD27F5F-6129-00007D1ED580916B-FFAThu, 28 Feb 2008 12:53:52 -0800Black Hat USA 2008 CFP Now Open!<br />
Papers and presentations are now being accepted for the Black Hat USA 2008 Briefings. <br />
<br />
This year's conference will be focused on deep technical information rather than policy and we're looking for groundbreaking work in a wide variety of topics. We've made the list of presentation tracks available online at https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html - please take a look and consider submitting your work.
<br />
Submit proposals by completing the submissions form on the CFP server at <br />
https://cfp.blackhat.com/.<br />
<br />
<br />
https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html
2C1ED248-730B-4635-8A77-EAB40F82D1C3-16028-00007AB9D3A41035-FFAWed, 06 Feb 2008 19:12:21 -0800Black Hat DC 08 Keynote Announced!<![CDATA[Black Hat DC 2008 is pleased to announce the selection of a keynote speaker. Please join us at the Westin DC City Center to hear Jerry Dixon, Infragard's National Member Alliance's Vice President for
Government Relations, Director of Analysis for Team Cymru, and former
Executive Director of the National Cyber Security Division (NCSD) & US-CERT,
of the Department of Homeland Security.
Jerry's Keynote is entitled "Quest for the Holy Grail" and the abstract follows:
"Online fraud has become pervasive and increasing at an alarming rate
affecting all organizations, private and public. This talk will provide
an overview of current trends affecting both government and private
sector companies, what enables online fraud, what are some of the
barriers, and suggestions for what organizations should be doing to
combat the problem.]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html
DDBF4D0E-979E-4887-9DD8-E4230D5E512F-6431-000032A8DC571652-FFATue, 05 Feb 2008 14:35:08 -0800Black Hat DC Speaker List Finalized.<![CDATA[
We have finished selecting speakers and our schedule is now full
Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.
We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.
If you didn't get selected for this show don't be discouraged, please consider submitting again. Our USA CFP opens February 5. Submit here: https://cfp.blackhat.com/
]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html
42E7A35B-2597-4F3F-9549-7B45CC46E4CE-6431-00003274E3BC4975-FFATue, 05 Feb 2008 14:26:22 -0800Black Hat DC 2008 Group rate extended.<![CDATA[Group room rates are now valid until February 1, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT
Rooms & Rates:
Single/Double: $219 per night single and double occupancy
Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1
]]>
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE
0637C742-D52D-4196-B39B-909404EF7389-4695-0000814A6B89C309-FFAMon, 28 Jan 2008 18:53:40 -0800Black Hat Europe 08, Moevenpick group rate ends soon.<![CDATA[Reserve your room now at the Moevenpick Hotel Amsterdam City Centre, group
rates will end February 19. The new Moevenpick Hotel Amsterdam City Centre
is located on the waters edge yet within walking distance from the old
center of Amsterdam and the Central Station.
All guestrooms, conference facilities and public areas are non-smoking,
including the Restaurant and Bar. Kindly note that there are no designated
smoking areas on site.
Excellent rooms: larger than average, with top of the bill facilities
(wired/free wireless LAN highspeed internet, breathtaking view over the
harbour or city) and other five star facilities.
The excellent location makes the hotel an exciting place to be. The
combination between the adjacent Passenger Terminal Amsterdam and
Muziekgebouw is unique and unsurpassed by anyone in Amsterdam. The area is
upcoming, trendy and holds a high cultural and creative allure.
To learn more about the venue please visit our venue page:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-venue.html
Moevenpick Hotel Amsterdam City Centre
Address: Piet Heinkade 11; 1019 BR Amsterdam; Netherlands
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239
email: [email protected]
Rates (Vaild for bookings made by February 19, 2008):
Business single/double:
EUR 155 per night (inclusive of 6% VAT and service charge and exclusive of
5% city tax). DOES NOT include the breakfast. Free Wireless is available
throughout the hotel. Rates are good for stays from 23-29 March 2008.]]>
https://www.trustinternational.com/mBooker/moevenpick/2B?LANGUAGE=en&i=Black%0DHat&property=TXL-MK-HKAMSHH
88379D93-7596-4F45-B6F6-FC2D46485B15-1877-00000CA7F4BB4AC9-FFAThu, 24 Jan 2008 19:51:31 -0800Black Hat DC Group Registration Rate Closing SOON!<![CDATA[Group room rates are valid until January 25, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT
Rooms & Rates:
Single/Double: $219 per night single and double occupancy
Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1
]]>
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE
29C9806D-848F-4499-BF49-4772C0897F00-8696-00005C7A3757DBF0-FFAFri, 25 Jan 2008 20:17:52 -0800Black Hat Europe 08,First round of speakers selected!<![CDATA[
We have made our first round of talk selections for our Black Hat Europe
2008 conference.
Our initial schedule is online now at:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html
Here is just a short list of some of the great presentations we have
scheduled:
Cracking GSM - David Hulton, Steve Hulton
Developments in Cisco IOS Forensics - Felix "FX" Lindner
CrackStation - Nick Breese
The Fundamentals of Physical Security- Deviant Ollam
Exposing Vulnerabilities in Media Software - David Thiel
Biologger - A Biometric Keylogger - Matthew Lewis
Malware on the Net - Behind the Scenes- Iftach Ian Amit
LDAP Injection & Blind LDAP Injection - Chema Alonso, Jose Parada Gimeno
Mobile phone spying tools - Jarno Niemela
TBD - David Litchfield
Hacking Second Life - Michael Thumann
Many more to come! Please check out our speakers page for a complete
list of speakers and for updates. There you will find abstracts for the
upcoming presentations and get some background information on the speakers.
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html
If you don't get selected for this show don't be discouraged, please
consider submitting again. Our Black Hat USA CFP will open February 1,
Submit now as we may close the cfp early if we receive enough quality talks.
Submit here: https://cfp.blackhat.com/
]]>
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html
F805B26E-5B88-461C-A731-917C716B3994-8696-00005C2ACD736A10-FFAThu, 24 Jan 2008 01:03:33 -0800Black Hat DC - Group Rate Ending Soon!<![CDATA[The Black Hat DC 2008 Group Rate at the Westin DC City Center will
close on Friday, January 25. The group rate is $219 and the hotel is
smoke-free.
To reserve your room, you may register online at:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE
You may also call the hotel directly: +202-429-1700 or 1-800-westin1
and use the Group Code: BLACK HAT
]]>
https://www.blackhat.com/html/bh-dc-08/bh-dc-08-venue.html
880AD221-1A04-4DE3-A766-EE4D3E46769C-500-000019779041F27B-FFAWed, 09 Jan 2008 14:27:27 -0800Black Hat Attendee LinkedIn groupBlack Hat has created a LinkedIn group for past attendees. For those of you unfamiliar with LinkedIn, it's a business-oriented social networking site located at www.linkedin.com. They're best known as a good way to get your resume into the right hands, but their functionality seems well-suited to finding the right person for a tough question or just keeping in touch as well. <br />
<br />
<br />
If you're interested in trying out this group please use the following link. Please note that if you are not already a member of LinkedIN it will ask you to join the site.<br />
<br />
We are always looking for ways to encourage the building of communities around Black Hat - it's our hope that our events can be the starting point for all kinds of new collaborations and conversations that last all through the year. If you have a favorite way of keeping connected that you think we should explore, please let us know.
http://www.linkedin.com/e/gis/37658/744A566F2D9D
3C96488E-5332-4C76-8A60-59D73C546205-5389-000031B2FB043F23-FFASat, 05 Jan 2008 16:52:43 -0800Black Hat USA 2007 Audio Podcast now liveBlack Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer audio of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.<br />
<br />
Registration info is available at www.blackhat.com.
https://www.blackhat.com/podcast/bh-usa-07-audio.rss
43D03AED-C650-4BF4-A60D-5C0D537BF213-26239-0000CC445A549F1D-FFAThu, 27 Dec 2007 20:56:44 -0800Black Hat USA 2007 Video Podcast now liveBlack Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer video of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.<br />
<br />
Registration info is available at www.blackhat.com.
https://www.blackhat.com/podcast/bh-usa-07-video.rss
EE1D0E3C-3D99-4264-A9A6-66B8D606AC7A-26239-0000CB97BBA2DB57-FFAThu, 27 Dec 2007 20:55:40 -0800'Electronic Jihad' Nothing hit our Radar.<![CDATA[
From the article at Security Focus:
Link: http://www.securityfocus.com/brief/625
"A Web site's call for a massive religious-fueled denial-of-service attack -- an "Electronic Jihad" -- failed to create even a blip of activity on Sunday.
Two weeks ago, a group sympathetic to the goals of militant Muslims reportedly called for support in attacking financial Web sites and services on Sunday, November 11, but the day came and went with no noticeable traffic spikes, security experts stated. Antivirus firm F-Secure and the Internet Storm Center, a network monitoring group, both reported that their analysis failed to detect any attack.
"Well, so far we haven't seen any activity," said Mikko Hyppönen, director of research for F-Secure, said on the company's blog. "And we're not holding our breath either."
This recent attention to Cyber warfare brings to mind a presentation delivered by Gadi Evron at our recent Black Hat Las Vegas talk."Estonia: Information Warfare and Strategic Lessons"
The talk was focused on discussing "The first Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. The talk is compelling and provides useful insight into the impacts of a cyber war as well as preventative measures. It seems increasingly relevant information to know when our ever expanding online lives are threatend with a 'Electronic Jihad'.
View his Abstract and Bio Here: https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Evron
Stay tuned to watch and listen to his presentation!
Article Link: http://www.securityfocus.com/brief/625
]]>
http://www.securityfocus.com/brief/625
[email protected] (Black Hat Announcements)Black Hat in the news114FCE39-1AE0-4B13-99AC-C43B66EDFBEAFri, 30 Nov 2007 13:33:02 -0800Black Hat Speakers: What are they up to now....<![CDATA[
A few of our Black Hat speakers have their own blogs we enjoy reading from time to time. We thought you might like hearing what they are up to all year round as well!
David Maynor a Veteran Black Hat speaker has his blog over at ERRATA SECURITY.
Lots of cool stuff in there, recent news updates, commentary and even polls on favorite hacker movies.
Check it out: http://erratasec.blogspot.com/
Jeremiah Grossman has an interesting blog and has according to him generated quite a following, putting it number one on Google search results for him! That's quite an accomplishment considering that the press is just as equally excited to interview him as we are to have him speak for us. There are a lot of cool articles in his blog, he's been busy.
Check it out: http://jeremiahgrossman.blogspot.com/
Also, Mikko Hypponen and the rest of the team at F-SECURE have their blog full of interesting commentary, updates and DEMOS!
Check it out: http://www.f-secure.com/weblog/
]]>
http://erratasec.blogspot.com/
[email protected] (Black Hat Announcements)Black Hat in the newsF6B090AA-4511-417D-AB6F-28167CCD6916Mon, 19 Nov 2007 09:40:07 -0800David Litchfield : Nearly half a million Database Servers unprotected!<![CDATA[
NGSSoftware has been busy this year between receiving multiple enterprise and tech awards, speaking at Black Hat, writing "The Web Application Hacker’s Handbook" and now announcing 492,000 database servers are online without firewall protection! We sometimes wonder between all the research and security advisories where do they fit in time to sleep?
>From the article by Ryan Naraine at ZDNet:
Link: http://blogs.zdnet.com/security/?p=663
"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.
Litchfield also spoke recently on Database Forensics at Black Hat USA 2007.
>From the Abstract:
"By delving into the guts of an Oracle database's data files and redo logs, this talk will examine where the evidence can be found in the event of a database compromise and show how to extract this information to show who did what, when. The presentation will begin with a demonstration of a complete compromise via a SQL injection attack in an Oracle web application server and then performing an autopsy. The talk will finish by introducing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.)."
Read the Full Bio and Abstract here:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Litchfield
Audio and Video coming soon:
https://www.blackhat.com/html/bh-multimedia-archives-index.html
Download his materials here:
https://www.blackhat.com/presentations/bh-usa-07/Litchfield/Presentation/bh-usa-07-litchfield.pdf
The Web Application Hacker’s Handbook: http://www.ngssoftware.com/press-releases/the-web-application-hackers-handbook-published/
]]>
http://blogs.zdnet.com/security/?p=663
[email protected] (Black Hat Announcements)Black Hat in the newsFA88D914-6B16-4358-B37B-E4EC00DFF181Mon, 19 Nov 2007 09:39:27 -0800Black Hat Europe 2008, CFP and Registration OPEN!Black Hat Europe 2008 Online Registration is now open. Follow the link to take advantage of the early bird rate and register on the web. You must complete the on-line registration form regardless of your payment method. Europe 2008 Briefings and Training will be held March 25-28, at the Möevenpick Hotel Amsterdam City Centre, the Netherlands. Online Registration early rates will close on January 1.<br />
<br />
Register here: https://www.blackhat.com/html/bh-registration/bh-registration.html#EU<br />
More Info Here: https://www.blackhat.com/html/bh-europe-08/bh-eu-08-main.html<br />
<br />
Submit your presentations to us at https://cfp.blackhat.com/ Call for Papers for both DC and Europe 2008 are now open. Call for Papers for Europe 2008 will close February 1.<br />
<br />
Also don't forget our next USA event is DC 2008 Briefings and Training. DC 2008 will be held February 18-21, at the Westin Washington DC City Center. Online Registration early rates will close January 1, Call for will close January 4. <br />
More Info: https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html<br />
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Black Hat announcements86217605-6FFC-48F4-BA99-7A7BC47569C7Mon, 19 Nov 2007 09:34:59 -0800More Common Sense from Bruce Schneier<![CDATA[
Frequent Black Hat speaker and security guru Bruce Schneier spoke Monday, November to the CIPS (Canadian Information Processing Society)
>From a speech that seems to have contained a fair amount of pessimism about the state of information security comes this concise and cogent analysis of the way forward in credit card and ATM security
Summarized in the Edmonton Journal entitled "Criminal hackers gaining advantage":
Some of the biggest improvements have come from government regulations forcing companies to make more disclosures to their customers, and make their data safer, Schneier said.
Credit card and ATM security improved in the U.S. when the onus was put on the companies to be responsible for money lost through fraud. In the U.K, the courts ruled customers had to prove they were not at fault, and so security did not improve. The U.K. has since reversed that stand.
"This is going to be a much bigger trend in future years as governments get more involved."
To learn more about Bruce Schneier, you can look here to read his bio and his talk abstract from this Black Hat USA 2007:
To read Bruce's informative and entertaining blog, follow this link:
http://www.schneier.com/blog/
]]>
http://www.canada.com/edmontonjournal/news/business/story.html?id=5fbafbaa-e7f2-484d-a2f1-7b5cbbbe9af4
[email protected] (Black Hat Announcements)Black Hat USA 2007B765F700-79D1-4921-9ED1-6E6264DCB10B-15773-000084FBB97ED944-FFAFri, 9 Nov 2007 14:52:35 -0800Black Hat DC 2008 Registration Now Open!Online registration for Black Hat DC 2008 is now open. Follow the link to take advantage of the early bird rate and register on the web.<br />
<br />
The Briefings and Trainings will be held February 18-21 at the Westin Washington DC City Center.
More about the venue is available here: <br />
http://blackhat.com/html/bh-dc-08/bh-dc-08-venue.html<br />
<br />
<br />You must complete the on-line registration form regardless of your payment method.<br />
Forms submitted via fax, email, telephone or snail mail will not be accepted. Early Bird Rate closes January 1, 2008.<br />
<br />
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Black Hat DC 2008B6001702-824C-4224-965E-9554288A9FE8Mon, 22 Oct 2007 14:58:39 -0700Black Hat 2007 Japan Keynote, Suguru Yamaguchi !<![CDATA[
We are very pleased to announce that our Keynote for Japan 2007 will be Mr. Suguru Yamaguchi, of Nara Institute of Science and Technology.
Mr. Yamaguchi will be speaking on "Emerging New Technologies for Information Security Management"
>From the Abstract:
Information systems are now taking the important role to support core competence components of businesses in various industries so that they requires more dependability and sustainability. New technologies for improvement to make information systems more dependable are emerging from R&D field to the actual operational environment, however still more development are expected. In this keynote session, the speaker presents new risk on information security coming up with information systems, then express his views and directions on technical solutions and technologies required.
Suguru Yamaguchi, Bio:
Suguru Yamaguchi was born in Shizuoka, Japan in 1964. He received the M.E. and D.E. degrees in computer science from Osaka University, Osaka, Japan, in 1988 and 1991, respectively. From 1990 to 1992 he was an Assistant Professor in Education Center for Information Processing, Osaka University. In 1992, he was moved to Information Technology Center, Nara Institute of Science and Technology, Nara, Japan, and served as an Associate Professor till 1993. From 1993 to 2000, he was with Graduate School of Information Science, Nara Institute of Sc ience and Technology, Nara, Japan, as an Associate Professor. In 2000, he was promoted to a Professor with the Graduate School of Information Science, Nara Institute of Science and Technology, Nara, Japan. During his work in Nara Institute of Science and Technology, he has been working very aggressively on research, education and management. Especially from 2002 to 2004, he served as Director of University Library, and devoted himself to i mprove and enhance the digital library system, which was the nation's first digital library system available for national universities, initially funded in 1995.His research interests include technologies for information sharing, multimedia communication over high-speed communication channels, large-scale distributed computing systems, network security and network management for the Internet. Since mid 1980's, he has been working very hard on development the Internet in Japan and Asia and Pacific region. He has been also a member of WIDE project, which is one of pioneer projects for the Internet development, since its creation in 1988. In the project, he has been conducting research on network security system, especially PKI infrastructure for wide area distributed computing environment.
In 2004, he was appointed to Advisor on Information Security, Cabinet Secretariat, Government of Japan. He has been deeply involved to design and implementation of basis of national policy on information security and establishment of National Information Security Center (NISC) in Cabinet Secretariat in 2005. Even though he is still working for his university, he didn't spare himself for this important task in the government. Because of tight relationship with government's information security policy, he was also appointed to Advisor for Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan.
With his contribution for Internet development and network security, he is involved and working with several organizations. Since 1992, he was working for JPCERT/CC, which is a first national CSIRT in Japan, and now serving as a member of its board of trustee. Since 2002, he has been a member of board of trustee of Japan Network Information Center (JPNIC), which is national Internet registry managing IP address and AS number allocations and registrations. For the Internet development in Asia and Pacific region, he is working so long for Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.
link:https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi
]]>
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi
[email protected] (Black Hat Announcements)Black Hat Japan 2007D00C0E21-024D-4DDE-A456-078D6D758344Wed, 3 Oct 2007 16:35:55 -0700Black Hat 2007 Japan Final Line-up!<![CDATA[
The final roster of speakers for Black Hat Japan 2007 is now available online.We're proud of the variety and depth represented by this lineup and look forward to seeing many of you in Tokyo later this month. Please keep in mind that Japan Registration closes on October 15th, and make your
arrangements accordingly.
The final roster of speakers for Black Hat Japan 2007 is now available online. View the detailed abstracts and bios here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html
Presentations Black Hat Japan 2007:
Brandon, Baker, Kick Ass Hypervisor
Billy Hoffman, The Little Hybrid Web Worm that Could
Halvar Flake, Automated Unpacking and Malware Classification
Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless Device Drivers in an Emulated Enviroment
Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework
Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)
David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP
Kanatoko, DNS Pinning and Socket API
Nguyen Anh Quynh, HiJacking Virtual Machine Execution
Jacob West, Secure Programming with Static Analysis
Nate McFeters, Billy K Rios, and Rob Carter, URI Use and Abuse
Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo To see the schedule for this year's briefings, check our
website here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html
Link: https://www.blackhat.com/html/bh-link/briefings.html
]]>
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Black HatJapan 2007F1CC1829-1952-4121-ABF1-5DF529A3DEEBWed, 3 Oct 2007 16:22:31 -0700Black Hat Japan Registration Closing soon!The Black Hat Japan Registration is closing soon!<br />
<br />
Japan Registration will close on October 15th. Register now to avoid waiting in the onsite registration line! <br />
<br />https://commerce.blackhat.com/japan-reg-07<br />
The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.<br /> More about the venue is available here: <br />
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html<br />
<br />
You must complete the on-line registration form regardless of your payment method.
Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.
<br />
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
[email protected] (Black Hat Announcements)Black Hat Japan 2007DACFD513-1B6F-4D9F-9BE8-4A181DED0847Fri, 28 Sep 2007 18:48:03 -0700De-Anonymizing TorDe-Anonymizing Tor
TOR has been all over the news lately - from embassy private data being pulled from an exit node, to an arrest of a node hoster. This blog post from the ha.ckers.org blog offers code that its creators say can be used to de-anonymize TOR users. The possibilities implied by this code were mentioned at Jeremiah Grossman and Robert Hansen's presentation at this year's Black Hat USA in Las Vegas.<br />
<br />
To see their presentation on JavaScript malware from this year's Black Hat USA:<br />
https://www.blackhat.com/presentation/bh-usa-07/Grossman/Presentation/bh-usa-07-grossman.pdf<br />
To read their whitepaper:<br />
https://www.blackhat.com/presentation/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman.pdf<br />
http://ha.ckers.org/blog/20070926/de-anonymizing-tor-and-detecting-proxies/
[email protected] (Black Hat Announcements)Black Hat in the news33B1F02D-5130-496C-BC13-336E1C2A8F33Fri, 28 Sep 2007 18:25:50 -0700Black Hat Speaker HD Moore Weighs In on the iPhone<![CDATA[
Black Hat Speaker HD Moore Weighs In on the iPhone
On the Metasploit blog, HD Moore breaks down the security researcher potential of the iPhone and gives a very insightful pro-and-con review of the phone's possibilities as " a root shell in my pocket."
Read his blog here:
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html
>From the article:
"Compare the iPhone (400Mhz*) with the Nokia n770 (233mhz) or the Nokia n800 (320Mhz) and the choice of a handheld hacking device is a no-brainer. The (mostly) working toolchain, large amounts of storage (8Gb), and ease of use make this a great candidate for almost any security researcher "on-the-go".
To see the presentation HD Moore made at this year's Black Hat USA:
https://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Whitepaper/bh-usa-07-moore_and_valsmith.pdf
To see the whitepaper from HD Moore's presentation at this year's Black Hat USA:
https://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Presentation/bh-usa-07-moore_and_valsmith-WP.pdf
]]>
http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html
[email protected] (Black Hat Announcements)Black Hat in the newsDFD2A446-0769-49E6-819E-7CE9716620A1Fri, 28 Sep 2007 18:15:07 -0700David Maynor Publishes Details of Apple Wi-Fi Attack<![CDATA[
At Black Hat USA 2006, David Maynor and Jon Ellch spoke on "Device Drivers"
and some may remember it caused a lot of speculation and conspiracy
theories. Now David Maynor has published details of the controversial Apple
Wi-Fi hack he disclosed last year.
>From Computerworld:
"By going public with the information, Maynor hopes to help other Apple
researchers with new documentation on things like Wi-Fi debugging and the
Mac OS X kernel core dumping facility. "There's a lot of interesting
information in the paper that, if you're doing vulnerability research on
Apple, you'd find useful."
Maynor will soon publish a second paper on Uniformed.org explaining how to
write software that will run on a compromised system, he said.
As for his detractors, who will say that this disclosure comes too late,
Maynor says he just doesn't care what they think. "Let them tear me apart
all they want but at the end of the day the technical merit of the paper
will stand on its own."
Read the full article here:
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16
Read the original Abstract here:
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch
Read the Details published by David Maynor here:
http://uninformed.org/?v=8&a=4
Video Presentation here:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp4
Audio Presentation here:
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp3
]]>
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16
[email protected] (Black Hat Announcements)Black Hat in the news3A73FB31-2C74-4F07-8F62-17D703E210DD-1115-000007590ABAC3F5-FFAWed, 19 Sep 2007 18:42:48 -0700Black Hat USA 2007 speaker Pedram Amini intereviewed about the Sulley Fuzzing frameworkSearchSecurity interviews Pedram Amini about the next-level fuzzing framework he unveiled at Black Hat USA 2007. To read the presentation from Black Hat and the whitepaper, follow the included links. Video available soon.<br />
<br />
https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/Amini-Portnoy-BHUS07.pdf<br />
<br />
https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/<br />
<br />
<br />
October 23-26, at Keio Plaza Hotel, Tokyo
http://searchsecurity.techtarget.com/qna/0,289202,sid14_gci1270939,00.html
[email protected] (Black Hat Announcements)Black Hat in the news1B9A7056-31E1-4E4C-A2C7-7CC426672C34-573-0000121469448DF9-FFAFri, 7 Sep 2007 16:49:41 -0700Black Hat Speaker Thomas Ptacek profiled on Dark ReadingInteresting article about Thomas that references the controversy between Thomas and fellow Black Hat USA 2007 Speaker Joanna Rutkowska. To read his Black Hat presentation, go to:<br />
<br />
https://www.blackhat.com/html/presentations/bh-usa-07/Ptacek_Goldsmith_and_Lawson/Presentation/bh-usa-07-ptacek_goldsmith_and_lawson.pdf<br />
<br />
In the interest of equal time, you can find Joanna's presentation at :<br />
<br />
htpp://www.blackhat.com/html/presentations/bh-usa-07/Rutkowska/Presentation/bh-usa-07-rutkowska.pdf<br />
<br />
http://www.darkreading.com/document.asp?doc_id=133243&WT.svl=news1_4
[email protected] (Black Hat Announcements)Black Hat in the newsDAF0501C-BF8F-4816-8058-E9B41527CFF2-573-0000117AA4656CF8-FFAFri, 7 Sep 2007 16:39:25 -0700Black Hat 2007 Japan Speakers have been selected<![CDATA[
We are proud to announce our speakers for Black Hat Japan!
Brandon, Baker, Kick Ass Hypervisor
Billy Hoffman, The Little Hybrid Web Worm that Could
Halvar Flake, Automated Unpacking and Malware Classification
Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless
Device Drivers in an Emulated Enviroment
Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework
Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)
David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP
Kanatoko, DNS Pinning and Socket API
Kenneth Geers, Greetz from room 101
Nguyen Anh Quynh, HiJacking Virtual Machine Execution
Jacob West, Secure Programming with Static Analysis
Greg Hartrell, Security Lessons from Xbox Live
Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo
]]>
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Japan 20072AC57711-9C9A-43BC-831D-117FF0BB9895-573-000010E0DE1BA71D-FFAFri, 7 Sep 2007 16:57:07 -0700Black Hat USA 2007 Media UpdatesPresentation Files and White Papers from Black Hat Briefings 2007 are live now on the Black Hat website. Please take a look. Stay tuned to the BH USA 2007 Archives page for the audio and video from the Briefings, available in the coming months.
https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html
[email protected] (Black Hat Announcements)Black Hat USA 20071492F89A-7FA8-4327-A3CE-09DFDA6EDEC4-7441-00005631C918830A-FFAMon, 27 Aug 2007 15:07:38 -0700New Trainings Added for Black Hat Japan<![CDATA[
The training lineup for Black Hat Japan has been updated to include four additional classes. The classes are:
Reverse Engineering with IDA Pro, taught by Chris Eagle Analyzing Software for Security for Security Vulnerabilities, taught by Halvar Flake Hacking by Numbers: Bootcamp, taught by Sensepost Exploits 101, taught by Allen Harper
Also, the class entitled "Web Application (In)Security" by NGS Software has been removed from the lineup.
Detailed information on all classes can be found at our website.
]]>
https://www.blackhat.com/html/bh-japan-07/train-bh-jp-07-en-index.html
[email protected] (Black Hat Announcements)Black Hat Japan 2007B2B25CBF-9D3D-4EDE-824A-D435CC53267E-6064-00004AF67AD4DCE4-FFAFri, 24 Aug 2007 13:31:23 -0700Imitation is the sincerest form of flattery!<![CDATA[A fellow Info Sec colleague, Nat Mokry, sent us these photos recently
and we got such a kick out of it we decided to pass it on. If you are
ever in Beijing check this place out.
The "B'05" Bar in Beijing.
Picture1:
https://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg
Picture 2:
https://www.blackhat.com/images/bh-usa-07/BlackHatBar2.jpg
If you have some more info on this Black Hat Bar please pass it on, I
for one am interested. If Jeff and I are ever in town we will surely
be patrons!
]]>
https://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg
[email protected] (Black Hat Announcements)Black Hat USA Announcements1A96FA87-6DB3-42E2-BF83-42EA8DD021B8Wed, 15 Aug 2007 19:12:39 -0700Charlie Miller, attacking OS X and the iPhone.<![CDATA[
From an article in Guardian Unlimited about a vulnerability announced by Charlie Miller of Independent Security Evaluators:
"...just weeks after Apple's iPhone was unleashed on American shoppers, researchers say they have discovered how to hack into it and steal personal information.
Experts at Independent Security Evaluators, a computer protection consultancy, claim to have found a way to gain complete access to the phone..."
Charlie Miller will be presenting his findings in a Black Hat Turbo Talk titled "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X. " Charlie's talk will be on August 2nd at 4:45 pm.
To learn more about Charlie Miller, you can look here to read his bio and his talk abstract:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Miller
To learn more about the controversy that's generated so much media attention, see Charlie's presentation live at Black Hat or later on Blackhat.com in our media archives.
]]>
http://www.guardian.co.uk/international/story/0,,2133154,00.html
[email protected] (Black Hat Announcements)Black Hat USA 2007A162CF38-13B8-4CD8-82A2-254D37867CF7Wed, 25 Jul 2007 16:01:54 -0700Black Hat Japan 2007 Registration OPEN!<![CDATA[
Japan 2007 Briefings and Training Registration is now OPEN!
The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo. More about the venue is available here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html
Online Registration is currently open!
You must complete the on-line registration form regardless of your payment method.
Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.
Call for Papers will close August 15, submit your papers now speaking slots are limited!
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html
Black Hat Japan 2007:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://commerce.blackhat.com/japan-reg-07
[email protected] (Black Hat Announcements)Black Hat Japan 2007BC86EFAC-47B7-47F2-91A0-40EA55EF61ECWed, 25 Jul 2007 16:09:47 -0700Black Hat Japan 2007 Training courses!<![CDATA[
Japan 2007 Briefings and Training Registration is now OPEN!Register now to assure a seat in the class of your choice!
https://www.blackhat.com/html/bh-registration/bh-registration.html#JP
Here is a list of current training classes available:
Infrastructure Attacktecs and Defentecs: Hacking Cisco Networks
Steve Dugan
Live Digital Investigation : Investigating the EnterpriseWetStone Technologies
You will need this course before you can take the IEM course. Earn NSA Certification.
Reverse Engineering on Windows: Application in Malicious Code Analysis
Pedram Amini and Ero Carrera
Reverse Engineering with IDA Pro
Chris Eagle
New for 2007
If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
Web Application (In)security
NGS Software
The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo. More about the venue is available here:
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html
]]>
https://commerce.blackhat.com/japan-reg-07
[email protected] (Black Hat Announcements)Black Hat Japan 200787891533-2950-4100-A3A1-A4839A2ECD19Wed, 25 Jul 2007 16:16:31 -0700Black Hat Japan 2007 Call for Papers!<br />
Papers and presentations are now being accepted for the Black Hat Japan 2007 Briefings. Papers and requests to speak will be received and reviewed from now until August 15, 2007.<br /><br />
Submit proposals by completing the submissions form on the CFP server at <br />
https://cfp.blackhat.com/.
<br /><br />
We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html
[email protected] (Black Hat Announcements)Black Hat Japan 2007AC03DD91-FEB8-4420-8B63-AEB2DE8AE449Wed, 25 Jul 2007 18:54:34 -0700C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For by Thomas Ptacek, MatasanoA piece on Security Focus by Thomas talking about what talks at Black Hat you need to see:<br /><br />
>From the article:<br />http://www.securityfocus.com/blogs/238<br />
<br />
C++ gives you a resizeable string, so you won’t write splitvt. But in 2007, code vulnerabilities don’t look like splitvt anymore, ever. We’ve moved on, through off-by-one errors into integer overflows and now uninitialized variables. On balance, the bug classes C++ introduces are way scarier than the ones it takes off the table.<br />
<br />
So, to kick off our series of posts about which Black Hat talks you should be going to this year, I’m going to recommend this one. Mark Dowd and John McDonald, on stage, talking about the ways C++ screws software security that you hadn't thought of before. "Recommend" is an understatement. If you get paid to find vulnerabilities in code, this is the most valuable talk at the conference this year.
http://www.securityfocus.com/blogs/238
[email protected] (Black Hat Announcements)Black Hat USA 200706864E65-D23C-4FC0-81A2-1DFEE8F4730DTue, 17 Jul 2007 13:16:49 -0700Black Page Update: Reverse Engineering<![CDATA[
From the Black Hat Black Page
Reverse engineering has become a staple of security research. Only a few years ago an arcane specialty, many factors such as the increase in malware and common dependence on closed-source software has increased the value and need for reverse engineering. If a newbie came to me for advice about preparing for future work in the security field, I would tell them to concentrate on reversing as a core skill.
For a couple years we have been focusing on reverse engineering content and trying to bring information for the newly initiated and expert. For a good dive into the realm of unpacking, Mark Vincent Yason brings "The Art of Unpacking." Mark's presentation will bring you up to date with
the state of packers and their defenses and arm you with techniques and tools to strip away the defenses. For a deeper look at some techniques and tools to defeat many packers and other armoring techniques, we have Danny Quist and Valsmith presenting "Covert Debugging: Circumventing Software Armoring Techniques" and Cody Pierce releasing and discussing "PyEmu: A multi-purpose scriptable x86 emulator." This should be some cool and useful content for anyone interested in reversing.
Link with:
"Covert Debugging: Circumventing Software Armoring Techniques" by Danny Quist and Valsmith
"The Art of Unpacking" by Mark Vincent Yason
"PyEmu: A multi-purpose scriptable x86 emulator" by Cody Pierce.html
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html
]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html
[email protected] (Black Hat Announcements)Black Hat USA 2007C6FBCA7C-D16F-4DB7-96CE-A3F201688CC2Fri, 6 Jul 2007 17:16:33 -0700Las Vegas concerts for Black Hat and DEFCON time frame<![CDATA[
From IrishMASMS on the DEF CON forums comes this helpful post:
Las Vegas concerts for Black Hat & DEFCON time frame
Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring.
Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino
Fri 07/27/07 Jonny Lang House Of Blues
Sat 07/28/07 Tesla House Of Blues
Sat 07/28/07 Rush MGM Grand Garden Arena
Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino
Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino
Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms
Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms
Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues
Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues
Sat 08/11/07 The Fixx The Club @ Cannery Casino
As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be shitty in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference.
HTH!
]]>
https://forum.defcon.org/showthread.php?t=8590
[email protected] (Black Hat Announcements)Black Hat USA 2007F5284589-BF4D-4706-AF10-22A69B122102Thu, 5 Jul 2007 17:18:36 -0700Black Hat USA pricing reminderJust a reminder to everyone of the upcoming late pricing changes:<br />
<br />
Registration: <br />
- Only credit card payments are accepted after July 1, 2007.<br />
- Online registration closes on July 20, 2007.<br />
- Onsite Registration rates apply after July 20, 2007. <br /><br />
https://commerce.blackhat.com/usa-reg-07
https://commerce.blackhat.com/usa-reg-07
[email protected] (Black Hat Announcements)Black Hat USA 20077D1B5288-0FC5-43FA-A396-4E6385E7C628Thu, 5 Jul 2007 15:32:52 -0700Black Page update: TPMKit reduxFrom the Black Page:<br />
<br />
Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" This talk was removed from the schedule at the request of the presenters. The topic generated quite a great deal of interest and its removal from the schedule without comment has generated some confusion and controversy.<br />
<br /><br />
Full article at<br />
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html
[email protected] (Black Hat Announcements)Black Hat USA 200733A5AEB9-0534-4460-8AD8-03177A85E1ADThu, 5 Jul 2007 15:30:29 -0700Hacking by Numbers Combat Training adds a weekend session.If you can't make it to Sensepost's Hacking by Numbers: Combat class on the week day of Black Hat USA you now have the option of attending a newly announced weekend class!<br />
<br />
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html
[email protected] (Black Hat Announcements)Black Hat USA 200743FE1249-B11E-456E-A784-92584E9DF091Thu, 5 Jul 2007 15:27:58 -0700Joe Grand's Hardware Hacking class now expandedJoe Grand's Hardware Hacking course has additional seats available! Previously sold out, Joe purchased more equipment to expand his training offerings. Swoop in now whaile there is more room.<br />
<br />
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html
[email protected] (Black Hat Announcements)Black Hat USA 200759A35ADE-0F0D-4984-A5A5-3A3580DAF786Thu, 5 Jul 2007 15:25:50 -0700On The BlackPage: C++<![CDATA[See the link below for more details, descriptions and commentary.
On The BlackPage: C++ by Dominique Brezinski
A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena.
This year is different. Several presentations bring C++ issues and techniques to the foreground: "Breaking C++ Applications" by Mark Dowd, John McDonald and Neel Mehta and "Reversing C++" by Paul Vincent Sabanal. I like it when an unintentional plan comes together.
Link: https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html ]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html
[email protected] (Black Hat Announcements)Black Hat USA 2007A51F425B-AF5E-4EC2-9EB7-613C65C9EACAFri, 15 Jun 2007 14:25:16 -0700OWASP and WASC Cocktail Party<![CDATA[
OWASP and WASC have joined hands to have a combined meetup at Blackhat USA 2007 in Las Vegas which was earlier planned as a WASC meetup. Breach Security has generously agreed to sponsor the event, so cocktails and appetizers will be served to all attendees. Since both the top webappsec organization hosting this event together, we are expecting a huge turnout of webappsec industry's followers. You are invited to join us for a drink and meet other like minded people from the industry.
The place is quickly filling up so please send in your RSVP ASAP.
Link: http://www.owasp.org
Invite: http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf
]]>
http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf
[email protected] (Black Hat Announcements)Black Hat USA 2007E14DC507-C47A-4A67-8C8E-57B650F04FA9Wed, 13 Jun 2007 14:42:03 -0700On The BlackPage: Timing<![CDATA[
. See the link below for more details, descriptions and commentary.
On The BlackPage: Timing by Dominique Brezinski
It is that time again: Black Hat in the hot LV summer. It always comes sooner than I expect. We have been working like mad to get the schedule together, which is basically done. One of the underlying themes this year is timing. I don't pick these things; it is really a reflection of the direction of research in our community. Another theme is nuance.
Timing attacks are not new. They have been part of the cryptanalyst's side-channel tool set for some time. In the last few years something caused researchers to start applying it beyond cryptographic operations. Maybe it was Boneh's remote timing attack against OpenSSL in 2003. I don't know. Whatever the reason, a number of researchers have started delivering results using timing as an attack vector. My prediction is that we are going to see a lot of things fall over based on timing attacks.
The research community's understanding of program control flow and its data dependencies is ever increasing. We are at a point where any user-supplied data in the address space should be suspect, because researchers are finding very subtle ways to direct program flow to user-supplied data. In many cases the vulnerabilities are based on unforeseen synchronicity and what were once minor programming mistakes.
A few of the presentations in the Zero Day Attack track highlight the themes of timing and nuance: "Understanding the Heap by Breaking It" by Justin Ferguson, "Timing Attacks for Recovering Private Entries From Database Engines" by Ariel Waissbein and Damian Saura and "Dangling Pointer" by Jonathan Afek. Also, Haroon Meer and Marco Slaviero will be presenting the aptly named "It's All About The Timing." I am excited to see what these guys pull out of the hat.
Link: https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132007.html
]]>
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132007.html
[email protected] (Black Hat Announcements)Black Hat USA 2007D2AB32CD-F589-4F6C-AF57-07FD1214717CWed, 13 Jun 2007 14:18:41 -0700Black Hat USA '07 Final Speakers Selected!<![CDATA[
We have finished selecting speakers and our schedule is now full!!
Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.
We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.
If you didn't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/
Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.
Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html
[email protected] (Black Hat Announcements)Black Hat USA 2007696BF930-5DC5-4E7D-9816-775D14CEEF9BTue, 5 Jun 2007 13:54:10 -0700Black Hat USA 2007 Regular Registration is now over<![CDATA[
Regular registration rate closed May 31, 2007. Late registration rate is now in effect and Online registration closes on July 20, 2007.
For training be sure register now to save your seat before it is too late! Check out the Training pages for more info!
Black Hat Training:
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
We have started our speaker selection for Black Hat Briefings, Check out or speaker page and schedule for updates! We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.
Black Hat Briefings:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register: https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted after June 30.
Registration Class Change Requests are not accepted after June 30.
]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
[email protected] (Black Hat Announcements)Black Hat USA 2007494BF749-3253-4C46-909A-046B20180A13Fri, 1 Jun 2007 17:32:56 -0700Black Hat USA 2007 2nd Round of Speakers Selected!<![CDATA[
We have made our second round of speaker selection. We only have a small handful of slots remaining and the competition is fierce.
Here is a short list of new talks:
Static Detection of Application Back doors by Chris Wysopal
Covert Debugging: Circumventing Software Armoring Techniques by Danny Quist and Valsmith
Breaking C++ Applications by Mark Dowd, John Mcdonald, and Neel Mehta
The Art of Unpacking by Mark Vincent Yason
Alexander Sotirov, Heap Feng Shui in JavaScript
Timing attacks for recovering private entries from database engines by Ariel Waissbein
Transparent weaknesses in VoIP by Peter Thermos
Dangling Pointer by Jonathan Afek
Also, Womans Executive Forum is back for a 2nd year!
A sample of a few more SPEAKERS have been selected, in no order:
Rohit Dhamankar and Rob King,
Alfredo Ortego
Yoriy Bolygin
Andrew Lindell
Jonathan Afek
Satyam Tyagi
Jim Hoalgand
Ezequiel Gutesman
Jerry Schneider
Jeff Morin
David Byrne
Stephan Chenetter and Moti Joseph
Paul Vincent Sabanal
Window Snyder
Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.
Keep in mind we are still reviewing a small handful of papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.
If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/
Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.
Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html
[email protected] (Black Hat Announcements)Black Hat USA 2007AA5DB130-BF0A-4101-BC05-D018CB32CEA2Fri, 1 Jun 2007 16:46:20 -0700Black Hat USA 2007 First round of speakers selected!<![CDATA[
We have made our first round of talk selections for our USA 2007, Las Vegas conference!
Our initial schedule is online now at:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html
This years tracks include;0-Day Attack and Defense,Application Security,Deep Knowledge,Forensics and Anti-Forensics,Hardware and Biometric Security,Policy,Management and the Law,Privacy and Anonymity,Turbo Talks,The Network,Detection and Evasion!
Here is just a short list of some of the great presentations we have scheduled:
Joel Eriksson and panel: Kernel Wars
Thomas H. Ptacek: Don't Tell Joanna, The Virtualized Rootkit Is Dead!
Dror-John Roecher: NACATTACK
John Heasman: Hacking the extensible Firmware Interface
David Maynor: Simple Solutions to Complex Problems from the Lazy Hacker’s Handbook: What Your Security Vendor Doesn't Want You to Know .
Also selected to speak will be:
Jennifer Granick
Greg Hoglund
Bruce Schneier
Phil Zimmermann
David Litchfield
Jon Callas
Tony Sager
Richard Clarke
Roger Dingledine
Jim Christie
With Many more to come! Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.
Keep in mind we are still reviewing papers and making our decisions, if you have not received status of your submission by June 1, please email nikita (at) blackhat (dot) com.
If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/
Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html
[email protected] (Black Hat Announcements)3880BC9A-06EE-4601-BBB0-BAABCEF3F781Wed, 23 May 2007 16:03:29 -0700USA '07 Regular Registration Rate Ends SOON!<![CDATA[
Regular registration rate closes May 31, 2007. Register now to save your
seat and save some dough! There are still plenty of class seats
available, plus a few new training courses! Check out the Training pages
for more info!
Black Hat Training:
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
We have started our speaker selection for Black Hat Briefings, Check out
or speaker page and schedule for updates! We have three very excellent
and experienced Keynote speakers for this years Black Hat Las Vegas.
Tony Sager and Richard A. Clarke will be speaking simultaneously on day
one and day two promises to be an stimulating address by Bruce Schneier.
Black Hat Briefings:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted
after June 30.
Registration Class Change Requests are not accepted after June 30.
]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
[email protected] (Black Hat Announcements)Black Hat USA 2007244233E7-F43C-4357-9809-6F0398CF36A7Tue, 22 May 2007 13:47:15 -0700Black Hat USA: Two New Training classes Announced!<![CDATA[
Regular registration rate closes May 31, 2007. Register now to save your
seat and save some dough!
Black Hat Registration:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
Side Channel Analysis and Countermeasures with Riscure
Url: https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jdh.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.
Overview: Side channel analysis is a technique to discover secrets such
as cryptographic keys and PINs from hardware and embedded software. This
is achieved by listening to and understanding the information that
(hardware) channels emit when processing information. This course
provides an understanding of the possibilities and impact of side
channel analysis and explains how you can protect against it through a
hands-on approach. Besides the necessary side channel theory, students
will perform exercises themselves in which they will, for instance,
break a DES key through power analysis. Further, in another exercise,
each student is challenged to devise their own countermeasures and the
effect of these is analyzed via a live data acquisition and analysis on
the code using side channel analysis equipment.
For a long time, Side Channel Analysis (SCA) terms such as Differential
Power Analysis (DPA), Timing attacks and Electro Magnetic Analysis (EMA)
have had the air of mythical powers to break any crypto system and
reveal every secret in a system. This course provides a practical
introduction into the world of side channel analysis. It shows the
basics and allows students to understand and experience what it means to
break a system with these types of attacks. At the same time this course
explores the countermeasures that are available to developers. Using
these, the side channel attack resistance of software on smart cards and
embedded systems will significantly improve. We examine source code
implementations on weaknesses and provide hands-on exercises to improve
these implementations. This will allow the student to develop a feel for
the possibilities and limitations for software-based countermeasures
against such attacks.
Building and Testing Secure Web Applications with Aspect Security.
Url: https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.
Training developers and software testers in application security offers
one of the highest returns on investment of any security investment by
eliminating vulnerabilities at the source. Aspect's Building and Testing
Secure Web Applications training raises developer awareness of
application security issues and provides examples of 'what to do' and
'what not to do.' The class is lead by an experienced application
security practitioner and is delivered in a very interactive manner.
This class includes hands-on exercises where the students get to perform
security analysis and testing on a live web application. This specially
designed environment includes deliberate flaws the students have to find
and diagnose. Students gain hands-on experience using freely available
web application security test tools to find and diagnose flaws and learn
to avoid them in their own code.
]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
[email protected] (Black Hat Announcements)Black Hat USA 20079B7BD12A-967C-4DF3-AA3F-373901249A15Tue, 22 May 2007 13:44:16 -0700Black Hat USA 2007 Keynote Speakers<![CDATA[
We have three very excellent and experienced Keynote speakers for this
years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be
speaking simultaneously on day one and day two promises to be an
stimulating address by Bruce Schneier.
Check out our Black Hat USA 07 page for updates!
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
Day 1 Keynote: Tony Sager
The NSA Information Assurance Directorate and the National Security
Community.
The Information Assurance Directorate (IAD) within the National Security
Agency (NSA) is charged in part with providing security guidance to the
national security community. Within the IAD, the Vulnerability Analysis
and Operations (VAO) Group identifies and analyzes vulnerabilities found
in the technology, information, and operations of the Department of
Defense (DoD) and our other federal customers.
This presentation will highlight some of the ways that the VAO Group is
translating vulnerability knowledge in cooperation with many partners,
into countermeasures and solutions that scale across the entire
community. This includes the development and release of security
guidance through the NSA public website (www.nsa.gov) and sponsorship of a number of community events
like the Cyber Defense Initiative and the Red Blue Symposium.
It also includes support for, or development of, open standards for
vulnerability information (like CVE, the standard naming scheme for
vulnerabilities); the creation of the extensible Configuration Checklist
Description Format (XCCDF) to automate the implementation and
measurement of security guidance; and joint sponsorship, with the
National Institute of Standards and Technology (NIST) and the Defense
Information Systems Agency (DISA), of the Information Security
Automation Program (ISAP), to help security professionals automate
security compliance and manage vulnerabilities.
The presentation will also discuss the cultural shift we have been making to
treat network security as a community problem, one that requires large
-scale openness and cooperation with security stake holders at all points
in the security supply chain - operators, suppliers, buyers, authorities
and practitioners.
Tony Sager, Chief, Vulnerability Analysis and Operations Group,
Information Assurance Directorate, National Security Agency Tony Sager
is the Chief of the Vulnerability Analysis and Operations (VAO) Group,
part of the Information Assurance Directorate at the National Security
Agency. The mission of the VAO organization is to identify,
characterize, and put into operational context vulnerabilities found in
the technology, information, and operations of the DoD and the national
security community and to help the community identify countermeasures
and solutions. This group is known for its work developing and releasing
security configuration guides to provide customers with the best options
for securing widely used products.
The VAO Group also helps to
shape the development of security standards for vulnerability naming and
identification, such as the Open Vulnerability and Assessment Language
(OVAL), partnering with National Institute for Standards and technology
(NIST) on the Information Security Automation Program (ISAP), developing
the eXtensible configuration checklist description format (XCCDF), and
for hosting the annual Cyber Defense Exercise and the Red Blue
Symposium. Mr. Sager is active in the public network security community,
as a member of the CVE (Common Vulnerabilities and Exposures) Senior
Advisory Council and the Strategic Advisory Council for The Center for
Internet Security. He is in his 29th year with the National Security
Agency, all of which he has spent in the computer and network security
field.
ADDITIONAL Day 1 Keynote: Richard A. Clarke
A Story About Digital Security in 2017.
Richard A. Clarke is a former U.S. government official who specialized
in intelligence, cyber security and counter-terrorism. Until his
retirement in January 2003, Mr. Clarke was a member of the Senior
Executive Service. He served as an advisor to four U.S. presidents from
1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George
W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on
the U.S. National Security Council for both the latter part of the
Clinton Administration and early part of the George W. Bush
Administration through the time of the 9/11 terrorist attacks.
Clarke came to widespread public attention for his role as
counter-terrorism czar in the Clinton and Bush Administrations when in
March of 2004 he appeared on the 60 Minutes television news magazine,
his memoir about his service in government, Against All Enemies was
released, and he testified before the 9/11 Commission. In all three
instances, Clarke was sharply critical of the Bush Administration's
attitude toward counter-terrorism before the 9/11 terrorist attacks and
the decision to go to war with Iraq.
Richard Clarke is currently Chairman of Good Harbor Consulting, a
strategic planning and corporate risk management firm, an on-air
consultant for ABC News, and a contributor to GoodHarborReport.com, an
online community discussing homeland security, defense, and politics. He
also recently published his first novel, The Scorpion's Gate, in 2005;
and a second, Breakpoint, in 2007.
Day 2 Keynote: Bruce Schneier
The Psychology of Security.
Security is both a feeling and a reality. You can feel secure
without actually being secure, and you can be secure even though you
don't feel secure. In the industry, we tend to discount the feeling
in favor of the reality, but the difference between the two is
important. It explains why we have so much security theater that
doesn't work, and why so many smart security solutions go
unimplemented. Two different fields -- behavioral economics and the
psychology of decision making -- shed light on how we perceive
security, risk, and cost. Learn how perception of risk matters and,
perhaps more importantly, learn how to design security systems that
will actually get used.
Bruce Schneier is an internationally renowned security technologist
and CTO of BT Counterpane, referred to by The Economist as a
"security guru." He is the author of eight books -- including the
best sellers "Beyond Fear: Thinking Sensibly about Security in an
Uncertain World," "Secrets and Lies," and "Applied Cryptography" --
and hundreds of articles and academic papers. His influential
newsletter, Crypto-Gram, and blog "Schneier on Security," are read by
over 250,000 people. He is a prolific writer and lecturer, a
frequent guest on television and radio, has testified before
Congress, and is regularly quoted in the press on issues surrounding
security and privacy.
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html
[email protected] (Black Hat Announcements)Black Hat USA 20073902FF3A-78FF-4322-BBB1-29E22050CC42Fri, 18 May 2007 18:38:52 -0700Black Hat USA 2007 Call for Papers is now Closed!The Black Hat USA 2007 Call for Papers is now closed!<br />
<br />
If you have submitted a presentation, please be patient, the reviewers are working away as fast as they can. We expect to notify everyone in the next two weeks of their acceptance or rejection as a speaker this year. Best of luck, and thank you all for your incredible support!
<br />
Black Hat USA 2007:
<br />
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
<br />
<br />
Register online at:
<br />
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
<br />
<br />
Hotel Reservations now open.
<br />
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
[email protected] (Black Hat Announcements)Black Hat USA 2007016B750B-5FE4-4E99-B738-1C7EC7C89916Mon, 14 May 2007 20:38:07 -0700Audio from Black Hat USA'02 now on-line!Black Hat USA 2002 was held July 31-August 1 in Las Vegas at Caesars Palace. Two days with eight tracks of speaking. The Keynote was Richard Clarke speaking on "National Strategy for Securing Cyberspace"
<br />
<br />
A post convention wrap up can be found here:https://www.blackhat.com/html/bh-usa-02/bh-usa-02-index.html
<br />
<br />
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2002.html#USA-2002 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
<br />
<br />
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo
https://www.blackhat.com/podcast/bh-usa-02-audio.rss
[email protected] (Black Hat Announcements)Black Hat USA 200223A876A9-9A7B-4FE7-B0EC-D945AABE607CTue, 8 May 2007 19:27:28 -0700Audio from Black Hat Europe '07 now on-line!The Black Hat Europe briefings was held March 27-30 at the Moevenpick Amsterdam Centre Hotel over two days, four different tracks.
<br />
<br />
Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure), spoke on "How can the Security Researcher Community Work Better for the Common Good."<br />
A post convention wrap up can be found here: https://www.blackhat.com/html/bh-europe-07/bh-eu-07-index.html
<br />
<br />
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html#eu_07 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
<br />
<br />
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo
https://www.blackhat.com/podcast/bh-eu-07-audio.rss
[email protected] (Black Hat Announcements)Black Hat Europe 20073F1913B5-D60E-4335-B886-2A98E4326E40Tue, 8 May 2007 17:53:28 -0700Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away"<![CDATA[
Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away"
Most of you may have heard from various web posts about Chris Paget's RFID talk at Black Hat D.C. this past February. After receiving a letter from HID and several hours of intense negotiation Paget's talk was on and off. Ultimately, Paget modified his original talk and in addition included a special presentation from Nicole A. Ozer, Technology & Civil Liberties Policy Director at ACLU of Northern California. Her presentation was titled: Rights "Chipped" Away: RFID and Identification Documents. Both presentations are included in the media as well as a Q&A session with Paget that follows.
Audio is here:
http://media.blackhat.com/bh-dc-07/audio/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp3
Video is here:
http://media.blackhat.com/bh-dc-07/video/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp4
More Black Hat DC Audio will be coming soon!
Chris wrote us a short blog entry on his presentation prior to HID's Objection.
"It's fairly well-known that RFID is an insecure technology. Most people know that RFID tags can be cloned, but without knowing how - at best,
most people use expensive dedicated equipment, having been scared off by the voodoo involved with anything Radio Frequency. After demonstrating an RFID-based smart bomb on Seattle-based KOMO news I decided to take things a step further, and see just how small an RFID cloner needed to be; I surprised even myself. Two small chips and a handful of passive components later (about 5 dollars of parts in all) I had a working cloner for HID RFID access badges, and had completely busted the myth that Radio Frequency IDentification is hard to work with. This presentation will allow you to do the same thing - in one short talk I'll teach you everything you need to know in order to build and
understand an RFID cloner; covering everything from Magnetic Fields to Manchester Encoding, with plenty of theory and background info along the way. If you're considering implementing, hacking, or even using an RFID system, this presentation will give you everything you need to
understand exactly how vulnerable these systems are, how to mess with them yourself, and how to have some electronic fun along the way." -
Chris Paget
Paget's modified slide deck can be found here:
https://www.blackhat.com/presentations/bh-dc-07/Paget/Presentation/bh-dc-07-paget.pdf
Ozer's Presentation is here:
https://www.blackhat.com/presentations/bh-dc-07/ACLU/Presentation/bh-dc-ozer-ACLU.pdf
To read more news on Paget's Black Hat Talk:
http://www.google.com/search?hl=en&q=Paget%2BBlack+Hat
HID's Letter to IOActive, Courtesy of wired:
http://blog.wired.com/27bstroke6/files/hid_ltr_to_ioactive_0221071.pdf
]]>
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html#Paget
[email protected] (Black Hat Announcements)Black Hat USA 20072F720B35-89E0-4311-BFC6-D71CD0F6655FFri, 4 May 2007 12:52:27 -0700Japan Spring Training, Early Registration rate Closing!<![CDATA[
Japan Spring Training, Early Registration rate is closing May 1,2007.
Register now to assure a seat in the class of your choice. There are currently two ways to register: Online registrations for inside Japan and Paper registrations for outside of Japan. Early registration rate close May 1, 2007. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered for each class.
Black Hat Japan Spring Training 2007
Keio Plaza Hotel Tokyo * 28-29 May 2007:
All Training sessions are taught in English. Simultaneous translation from English to Japanese will be available for all courses.
*Live Digital Investigation- Investigating the Enterprise by WetStone Technologies."Live" enterprise investigation training.
*NSA InfoSec Assessment Methodology Course (IAM) - Level 1by Security Horizon. You will need this course before you can take the IEM course. Earn NSA Certification.
*Reverse Engineering on Windows: Application in Malicious Code Analysis by Pedram Amini & Ero Carrera. Learn to reverse engineer real-world virus samples to better combat them.
Dates to Remember!
* Regular registration rate closes May 24, 2007.
* Only cash payments are accepted after May 24, 2007.
* Onsite Registration rates apply after May 24, 2007.
* Registration Cancellations, requests for refunds, and Registration Class Change Requests are not accepted after May 2.
]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#JP_SPR07
[email protected] (Black Hat Announcements)Black Hat Japan 200753F03F2E-E03A-461C-99C7-63BB948F5F9CFri, 27 Apr 2007 14:47:11 -0700Black Hat USA 2007 Call for Papers EXTENSION!<![CDATA[
The Black Hat USA 2007 Call for Papers is now being extended until May 14,2007.
After several Requests we have decided to extend the deadline by two weeks. We believe this will be a fair opportunity to review all the submissions and see what you have to offer. So If you were worried about meeting the deadline this should give you a little more time to get together your best stuff.
We have expanded from 9 tracks to 11 this year and are looking forward to the added content. Please check out the description page to learn more about these tracks and to ensure you submit to the appropriate track.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp-tracks.html
For more information on this years call for papers:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
How to Submit:
Submit proposals by completing the submissions form on the CFP server at https://cfp.blackhat.com/ Submissions are due no later than May 14, 2007.
This is a new submissions process this year so we have a helpful how to guide available at: https://www.blackhat.com/html/bh-cfp/bh-cfp-howto.html. There you will find a step by step walk through to help you with registering and using the CFP application system. You will use this system to submit presentation proposals for future Black Hat events. You must create an account to use the system. Once you have signed up and confirmed your email address, you will be able to submit proposals, upload supporting files and modify aspects of your submissions at any time.
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
[email protected] (Black Hat Announcements)Black Hat USA 2007A8FC07F4-926E-483F-A321-ECC563FE3A0EFri, 27 Apr 2007 14:08:06 -0700Past Black Hat Speaker hijacks MacBook Pro for $10,000 bounty!<![CDATA[
Read an Interview with Dino Dai Zovi here: http://blogs.zdnet.com/security/?p=176
>From the Article:
"Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines aDino Dai Zovire impenetrable."
Dai Zovi is a previous Black Hat Speaker. He spoke with us at the 2006 USA conference on Hardware Virtualization-Based Rootkits: "Hardware Virtualization-Based Rootkits"
Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the IntelR Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also present useful capabilities to rootkit authors. On VT-capable hardware, an attacker may install a rootkit "hypervisor" that transparently runs the original operating system in a VM. The rootkit would be loaded in physical memory pages that are inaccessible to the running OS and can mediate device access to hide blocks on disk. This presentation will describe how VT-x can be used by rootkit authors, demonstrate a rootkit based on these techniques, and begin to explore how such rootkits may be detected.
See his Presentation Slides here:
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf
WATCH HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp4
LISTEN TO HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp3
]]>
http://blogs.zdnet.com/security/?p=174
[email protected] (Black Hat Announcements)Black Hat in the News568B766A-525A-4C08-8586-DDB8A64D48BDThu, 26 Apr 2007 17:45:50 -0700Call For Papers for Japan 2007 will open May 1st!<![CDATA[
The Call For Papers will open for Black Hat Japan 2007 Briefings on May 1,2007.
Submit proposals by completing the submissions form on the CFP server at:
https://cfp.blackhat.com/
Papers and requests to speak will be received and reviewed from May 1until August 20, 2007.
We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.
Black Hat Japan 2007 Briefings and Training
Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
]]>
https://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
[email protected] (Black Hat Announcements)Black Hat Japan 2007125BB3CA-C6FB-4965-9BC2-6A28ABE2D2AAFri, 20 Apr 2007 14:29:11 -0700Black Hat USA 2007 New Training Classes Added<![CDATA[
In the build up for the big Black Hat Briefings and Training this summer we have added some new training classes.
Check out the three new classes we just added to the roster for US 2007, Register now to reserve your seat!.
Incident Response: Black Hat Edition by Mandiant
As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-md-ir.html
Understanding Stealth Malware by Joanna Rutkowska and Alexander Tereshkin
The course will provide attendees with an in-depth understanding of how advanced stealth malware works, how it interacts with the operating system, underlying hardware and network. Attendees will have a chance to run, analyze and experiment with several previously unpublished samples of proof-of-concept rootkits, similar to Deepdoor, FireWalk, Blue Pill and others. The malware samples will be created from scratch (and in a slightly different way) exclusively for the use during the training, as the original implementations can not be used due to NDA restrictions.
Simpler stealth malware will also be briefly covered as well as approaches to its detection, so that participants get a clear understanding what advantages the more sophisticated malware offers to attackers.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jrk.html
Building and Testing Secure Web Applications by Aspect Security
Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of 'what to do' and 'what not to do.' The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.
https://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html
]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
[email protected] (Black Hat Announcements)Black Hat USA 2007A261CF49-3F5D-4763-A68A-339507FC990CFri, 20 Apr 2007 14:22:24 -0700Black Hat Europe 2007 online registration closing Soon!<![CDATA[
Online registration will close Sunday March 18, 2007.
Act now, save some money and avoid the lines at on site registration.
All press must pre-register:
https://commerce.blackhat.com/stores/europe-reg-07/press_info
Black Hat Europe 2007 Briefings and Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam. There will be 4 different tracks, over 2 days comprised of over 20+ internationally renown security professionals speaking.
This years Keynote will be Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure). Black Hat Europe 2007 Briefings Speakers, topic titles, presentation abstracts and speaker biographies may be found here.
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-schedule.html
See our current training courses offered visit us at:
https://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-index.html
A Few Dates to remember:
# Regular Registration rate closed on February 25, 2007.
# Only credit card payments will be accepted after February 25, 2007.
# Online registration closes March 18, 2007.
# Onsite registration rates begin March 19, 2007.
To view the registration terms and conditions please visit:
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-reg-terms.html
]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 20075D78D83F-62B1-4C5B-800B-CFDC8C724BC3Wed, 14 Mar 2007 17:08:58 -0700Black Hat USA 2007 Training Classes now open!<![CDATA[
Black Hat USA 2007 Training Classes now open!
Please see the following link for a complete list of classes being offered this year.
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
Highlights include over 35 training classes including two new four day sessions. Below is a sample of what to expect:
- The nuts and bolts of the Metasploit Framework: Metasploit 3.0 Internals by Matt Miller, aka skape.
- Web Application (In)security by NGS Software. If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
- TCP/IP Weapons School: Black Hat Edition by Richard Bejtlich, TaoSecurity. Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.
- Ultimate Hacking: Wireless Edition by Foundstone. Knowledge is power and you do not want the hackers to know more about your wireless networks than you do.
- Hands-On Hardware Hacking and Reverse Engineering Techniques: Black Hat Edition by Joe Grand. This course is the first of its kind and focuses entirely on hardware hacking.
- ROOTKIT: Advanced 2nd Generation Digital Weaponry by Greg Hoglund and Jamie Butler. Advanced class developed and taught by the creators of rootkit.com
- Advanced Malware Deobfuscation by Jason Geffner & Scott Lambert. No Source? No Symbols? No Problem.
- Hacking by Numbers: Combat Grading by SensePost. Advanced level. The world’s first objective technical grading system for hackers and penetration testers.
Black Hat Briefings and Trainings USA 2007:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
Hotel Reservations now open.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html
]]>
https://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html
[email protected] (Black Hat Announcements)Black Hat USA 2007D27A8B22-A296-4206-9A06-145C8C231F21Wed, 7 Mar 2007 14:57:15 -0800Black Hat Europe 2007 Hotel rate extended.We have extended the Group Rate at the Movenpick until the end of this week (March 9).<br />
<br />
If you plan to stay at the hotel, now is the last minute for you reserve at the Black Hat conference rate, currently EUR 145,00 per night plus taxes.<br />
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-venue.html
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 2007366CF0CE-4590-4B34-83AD-844AE80729A2Wed, 7 Mar 2007 14:45:39 -0800Online registration for Black Hat DC 2007 has closedOnline registration for Black Hat DC 2007 has now closed.<br />
<br />
On site registration for training will take place Monday, February 26, 08:00 - 12:00.<br />
<br />
On site registration for the Briefings will begin Tuesday, February 27, 16:00 - 18:00 until Thursday, March 1, 08:00 - 12:00.
<br />
<br />
To view the full schedule please visit:
<br />
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-schedule.html
<br />
<br />
To view the registration terms and conditions please visit:
<br />
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-reg-terms.html
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-index.html
[email protected] (Black Hat Announcements)Black Hat Briefings DC 2007BEC26F09-7E0A-4FDF-B232-EEEB30DC216CTue, 20 Feb 2007 16:27:12 -0800Black Hat USA 2007 Call for Papers is now open!<![CDATA[
The Black Hat USA 2007 Call for Papers is now open!
Don't hesitate to submit your presentations for consideration. This year we have expanded from 9 tracks to 11 and are looking to expand the depth and breath of content. The Deep Knowledge track will now span both days of Black Hat.
The Black Hat USA 2007 Briefings tracks will include:
Track 1: √ò-Day Attack
Track 2: √ò-Day Defense
Track 3: Application Security
Track 4: Deep Knowledge
Track 5: Forensics and Anti-Forensics
Track 6: Hardware and Biometric Security
Track 7: Policy, Management and the Law
Track 8: Privacy and Anonymity
Track 9: Turbo Talks
Track 10: The Network
Track 11: Detection and Evasion
Please check out the description page to learn more about these tracks and to ensure you submit to the appropriate track.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp-tracks.html
Submit proposals by completing the submissions form on the CFP server at:
https://cfp.blackhat.com/
Submissions are due no later than May 1, 2007. The Black Hat Briefings will be August 1-2 in Las Vegas.
There is a new submissions process this year so we have a helpful how to guide available at:
https://www.blackhat.com/html/bh-cfp/bh-cfp-howto.html.
There you will find a step by step walk through to help you with registering and using the CFP application system. Use this system to submit presentation proposals for future Black Hat events by creating an account. Once your account email address is confirmed you will be able to submit proposals, upload supporting files and modify aspects of your submissions, and add or remove co-presenters at any time.
For more information on this years call for papers please visit:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
Black Hat USA 2007:
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
Early bird registration online at:
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
Hotel Reservations now open.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html
]]>
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
[email protected] (Black Hat Announcements)Black Hat USA 200795E353C6-8324-4571-90FA-E5901799E04ATue, 20 Feb 2007 13:43:44 -0800Black Hat Europe 2007 Speakers Now Selected!<![CDATA[
We have made our selections for Black Hat Europe 2007! There will be four different tracks over two days comprised of over 20+ internationally renown security professionals speaking. Making our decisions were difficult as we had many excellent submissions to consider.
Keep them coming, If you didn't get selected for this show don't be discouraged, please consider submitting again. Our call for papers for USA 2007 has just begun.
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html
This years tracks include; Hardware/Below The OS, Infrastructure and IDS, Attack and Defence and Application Security. Here is just a short list of some of the great presentations we have scheduled:
RFIDIOts!!! - Practical RFID hacking (without soldering irons) by Adam Laurie
SCTPscan - Finding Entry Points to SS7 Networks & Telecommunication Backbones by Philippe Langlois
Wi-Fi Advanced Fuzzing by Laurent Butti
ScarabMon - Automating Web Application Penetration Tests by Jonathan Wilkins
Please check out our speakers page for a complete list of speakers and for updates.
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at the show.
]]>
https://www.blackhat.com/html/bh-europe-07/bh-eu-07-schedule.html
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 2007D6B50C37-3544-425F-AADA-6A13E3FD2E9DTue, 20 Feb 2007 13:34:34 -0800Hacking Exposed VoIP<![CDATA[
Looks like David Endler and Mark Collier have been busy and their book "Hacking Exposed VoIP" came out this December.
We knew it would be a hit and It looks like others are in agreement with us. Lawrence M. Walsh posted a short review on the book online.
>From the Article:
"For ambitious VoIP practitioners who want to know the fabric of VoIP security, this is your book. It covers everything from voice-network enumeration to eavesdropping techniques, spam and phishing threats."
On their website http://www.hackingvoip.com/ they have sample chapters and some tools and downloads which may be of interest.
>From the site:
"Security Tools - Here you can download the security tools we wrote and demonstrated in the book.
VoIP "Google Hacking" Database - This is a listing of Google Hacking terms for VoIP phones and servers which goes along with Chapter 1.
VoIP Voicemail Database - This is a collection of default sound files of popular voicemail systems to assist in properly identifying the vendor. This goes along with Chapter 1."
We have the audio and video for their talk "Hacking VoIP Exposed" which was given at our 2006 Las Vegas Show, available to download now.
Check out our BlackPage on VoIP Security and see what they had to say.
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132006.html
Video Download:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V2-Endler_and_Collier-Hacking_VOIP.mp4
]]>
http://www.ddj.com/dept/security/196902423
[email protected] (Black Hat Announcements)Black Hat in the news28AFF7BC-5635-4F20-871E-2FFB391A0939Mon, 22 Jan 2007 17:05:02 -0800New Black Hat Europe 2007 Training classes<![CDATA[
Check out our New training classes, here's a short list of some of the new classes available:
- Metasploit 3.0 Internals with Matt Miller, aka skape: The nuts and bolts of the Metasploit Framework taught by one of its creators!
Web Application (In)security with NGS Software: If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
- Advanced Asp.Net Exploits and Countermeasures with IOActive
- Advanced level: Push Asp.Net to the limit. See how Asp.Net applications and environments can be exploited by skilled attackers, and how those same techniques can be used to protect the targeted assets.
For a complete list of training classes available visit us online at
https://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-index.html
]]>
https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 2007D13CE1B9-E7A7-4D4B-ADBD-00DCF6F9E475Mon, 22 Jan 2007 14:54:25 -0800Black Hat Europe 2007 Briefings and Training UpdateBlack Hat Europe 2007 Briefings & Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam.<br />
There will be 4 different tracks, over 2 days comprised of renown information and computer security professionals.<br />
<br />
Register Now! Regular Registration rate closes February 18, 2007<br />
- Regular Registration rate closes on February 25, 2007.<br />
- Only credit card payments will be accepted after February 25, 2007.<br />
- Online registration closes March 18, 2007.<br />
- Onsite registration rates begin March 19, 2007.<br />
<br />
https://www.blackhat.com/html/bh-registration/bh-registration.html#Europe
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 20077D891261-BE1E-4ED1-8288-7ED07E04E19EMon, 22 Jan 2007 14:50:17 -0800Black Hat Europe 2007 CFP Closing Soon!<![CDATA[
We have recieved some great presentations this year and have made our first round of selections.
A sample of this years speakers include:
RFIDIOts!!! - Practical RFID hacking (without soldering irons) by Adam Laurie
Kicking Down the Cross Domain Door (One XSS at a Time) by Billy K Rios
Heap Feng Shui in JavaScript by Alexander Sotirov
GS and ASLR in Windows Vista by Ollie Whitehouse
Topic titles, presentation abstracts and speaker biographies may be found at https://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html
This will be updated from now until speaker selection is complete.
Call for Papers closes February 1st, however we strongly suggest that you submit earlier than later. We will close the CFP early if we receive enough quality submissions to fill the slots.
Please submit using the new on-line system at: https://cfp.blackhat.com/
]]>
https://cfp.blackhat.com/
[email protected] (Black Hat Announcements)Black Hat Briefings Amsterdam 2007726E18EC-E59A-4521-ACAC-75577DB4DD0FMon, 22 Jan 2007 14:47:13 -0800Black Hat Briefings DC speakers now selected .<![CDATA[
The Black Hat Briefings DC '07 speakers have been selected. We received many presentations this year and have picked the best of the bunch.
This year our focus was on the operational aspects of information security and we hope you like our selections as much as we do. There will be 4 different tracks, over 2 days comprised of renown information and computer security professionals.
Briefings: February 28-March 1st
Tracks include: Hardware and Below the OS, Forensics and Incident Response, Affecting the Enterprise, Software Security and Binary Analysis
A sample of our 23 speakers include:
Software Virtualization Based Rootkits by Sun Bin
Agile Incident Response: Operating Through Ongoing Confrontation by Kevin Mandia
GS and ASLR in Windows Vista by Ollie Whitehouse
Network Admission Control issues by Ofir Arkin
Practical 10 Minute Security Audit by Cesar Cerrudo.
Please check out our speakers page for a complete list of speakers and for updates. www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at the show.
To register visit us online at: https://www.blackhat.com/html/bh-registration/bh-registration.html#DC
Regular Registration rate closes February 18, 2007
Don't forget about our training.
A sample of a few new and updated courses:
Ultimate Hacking: Black Hat Edition by Foundstone
The definitive training regimen for assessing and securing your networks.
Reverse Engineering on Windows: Application in Malicious Code Analysis with Pedram Amini and Ero Carrera
Learn to reverse engineer real-world virus samples.
Breakable: Secure Your Oracle Servers By Breaking Into Them with David Litchfield and Mark Litchfield
Delves deeply into Oracle server security and complements the Advanced Database Security Assessment Course
All training classes are limited to ensure each student receives individual attention. Register early before classes fill up and to receive the best discounts.
Black Hat DC Training 2007
Sheraton Crystal City - February 26-March 1
Training : February 26-27
Briefings: February 28-March 1
]]>
https://www.blackhat.com/html/bh-dc-07/bh-dc-07-speakers.html
[email protected] (Black Hat Announcements)Black Hat Briefings DC 20073BD80614-D2F9-49F8-BEBE-925CA58C1139Fri, 19 Jan 2007 17:47:39 -0800Audio from Black Hat Japan '04 now on-line!Past speeches and talks from the Black Hat Briefings computer security conferences.<br>
<br />
The Black Hat Briefings in Japan 2004 was held October 14-15 in Tokyo at the at the Tokyo International Exchange Center. Two days, two tracks. Raisuke Miyawaki was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br>
<br />
A post convention wrap up can be found at https://www.blackhat.com/html/bh-asia-04/bh-jp-04-index.html<br>
<br />
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2004.html#Asia-2004 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
<br />
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br><br />
<br />
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format.
https://www.blackhat.com/podcast/bh-japan-04-audio.rss
[email protected] (Black Hat Announcements)Black Hat Japan 0428203664-3AD5-4394-816D-6DD660BA609DFri, 19 Jan 2007 17:40:28 -0800Audio from Black Hat Japan '05 now on-line!Past speeches and talks from the Black Hat Briefings computer security conferences.<br>
The Black Hat Briefings in Japan 2005 was held October 17-18 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Katsuya Uchida was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br>
<br />
A post convention wrap up can be found at https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-index.html <br>
<br />
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2005.html#AS_2005 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
<br /><br />
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br><br />
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format.
https://www.blackhat.com/podcast/bh-japan-05-audio.rss
[email protected] (Black Hat Announcements)Black Hat Japan 05E873CB34-598E-4C2B-887D-4BDA75132E5CFri, 19 Jan 2007 17:40:31 -0800Audio from Black Hat Japan '06 now on-line!Past speeches and talks from the Black Hat Briefings computer security conferences.<br>
<br>
The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages.<br />
<br />
A post convention wrap up can be found at https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-index.html <br>
<br />
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!<br />
<br />
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br>
<br />
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format.
https://www.blackhat.com/podcast/bh-japan-06-audio.rss
[email protected] (Black Hat Announcements)Black Hat Japan 06555C07EE-875B-428E-A8B8-7A363E85E2D4Fri, 19 Jan 2007 17:40:33 -0800Five Hackers Who Left a Mark on 2006 by Ryan Naraine at eWeekSeveral people on the list spoke at Black Hat, H.D., Johnny Cache, David Maynor, and Joanna Rutkowska<br />
<br />
>From the beginning of the article:<br />
<br />
"In the security year that was 2006, zero-day attacks and exploits dominated the headlines.
<br />
However, the year will be best remembered for the work of members of the hacking, er, security research community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.<br />
<br />
In no particular order, here's my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007"
http://www.eweek.com/article2/0,1895,2078362,00.asp
[email protected] (Black Hat Announcements)Black Hat in the news161795CE-C146-483C-87A9-51B9B996E61FWed, 3 Jan 2007 16:05:57 -0800Audio from Black Hat USA '06 now on-line!<br />
The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary.
<br />
A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html<br>
<br>
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br>
<br>
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!!<br />
<br />
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format.
https://www.blackhat.com/podcast/bh-usa-06-audio.rss
[email protected] (Black Hat Announcements)Black Hat USA 0621147169-C85F-4BAE-A973-2F53C0A84166Fri, 29 Dec 2006 18:27:00 -0800Video from Black Hat USA '06 now on-line!The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary.
<br />
A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html<br>
<br>
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br>
<br>
If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!!<br />
<br />
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 audio and .mp4 h.264 192k video format.
https://www.blackhat.com/podcast/bh-usa-06-video.rss
[email protected] (Black Hat Announcements)Black Hat USA 0662A40867-A9E3-4571-9734-D8890EDD6A2FFri, 29 Dec 2006 18:26:12 -0800Black Hat DC 2007 Call for Papers is Closing soon!<![CDATA[
The Black Hat D.C. 2007 Call for Papers will be closing soon. The Submission review process has begun, and the first round of selections and rejections should be coming out shortly after CFP closes. You have until January 5, 2007 to submit.
As a reminder for Black Hat DC there will be a focus on operations aspects of information security.We would like presenters to think about offensive and defensive computer security operations and application of your expertise and research in this context. Instead of technology on its own, we would like you to contemplate its application in an operational process. The operational context can be defensive or offense, large enterprise or distributed organized criminal group, military or civilian. This directive is not hard and fast, but we recognize a need for continuity and differentiation for the DC conference and thinking in terms of operational applicability will steer content in a direction meaningful to the target audience.
Topics that lend themselves to this would be:
- Deploying zero day attacks to maximum effect
- Tracking of bot nets and analyzing their structure
- Automated detection of system anomalies
Topics that don't reflect this focus:
- How to install a patch management system
- Why updating your AUP is a good thing.
Black Hat has always focused on the practical, applied uses of information and computer security. Your audience is looking to learn the latest trends, the latest techniques to either attack or defend their networks. Think practical and applied over pure research or policy development.
Speakers may submit more than one proposal, but each proposal must be a separate submission. Submit using the online submission system at https://cfp.blackhat.com/.
Good Luck!
Also, Some date to remember:
# Early Registration will close December 31, 2006.
# Only credit card payments will be accepted after February 1, 2007.
# Online registration closes February 18, 2007.
# On-site Registration rates begin February 19, 2007.
]]>
https://cfp.blackhat.com/
[email protected] (Black Hat Announcements)Black Hat Briefings DC 2007D6C1F3C0-26B7-436F-A491-F3D8D3E13EB8Fri, 29 Dec 2006 17:23:44 -0800Black Hat USA '06 Audio and Video now on-line!<![CDATA[
The Black Hat Briefings USA 2006 held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary.
A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo.
If you want to get a better idea of the presentation materials go to:
https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format.
Also check here to download:
https://www.blackhat.com/podcast/bh-usa-06-audio.rss
https://www.blackhat.com/podcast/bh-usa-06-video.rss
]]>
https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2006
[email protected] (Black Hat Announcements)Black Hat USA 20068E53EA02-77FF-4D8C-87BE-97623AB712C0Tue, 26 Dec 2006 14:54:18 -0800Happy Holidays! USA 2007 Registration Open!We at Black Hat would like to wish you the best this Holiday season!<br />
<br />
We hope you have plenty of family, food and fun to go around. If you get bored you can always gather the family around the warm glow of your flat screen to watch the ghosts of presentations past. There is no better gift than that.<br />
<br />
Unless of course your loved one registers you for the USA 2007 show, in warm sunny Las Vegas!<br />
<br />
Early bird registration online at:<br />
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA (Prices Vary )
<br />
<br />
Hotel Reservations now open.<br />
https://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html
https://www.blackhat.com/html/bh-registration/bh-registration.html#USA
[email protected] (Black Hat Announcements)Black Hat Briefings USA 2007ADF7494A-4F0A-443B-BCF6-3A2076B7AEF4Fri, 22 Dec 2006 17:09:26 -0800Black Hat DC CFP Details<![CDATA[
Interested in submitting to Black Hat DC? Here are some guidelines and suggestions.
Black Hat DC this year will focus on the operational aspects of information security, both defensive and offensive. By ‘operational’ we mean techniques, technologies, and code that are used as part of an ongoing cycle for securing the information systems of an organization. It could be applied to the offensive initiatives of a group such as a pen test team or vulnerability researchers.
We are not looking for how-tos, pure research, or pure policy presentations. We are looking for innovations that can be applied to information security operations by real people in real organizations.
Here are a few example topics that are good fits:
-Automating detection and remediation of important threats.
-Methods to deploy zero-day attacks for maximum effect and minimal exposure.
-Integrating binary analysis into the patch management cycle to optimize the decision-to-deploy process.
-Exposing vulnerabilities in little known systems that introduce novel attack vectors, from SCADA, WiFi, RFID, or machine BIOS.
-Determining security activities that are ongoing cycles that can be optimized for strategic gain. You would include specific examples with in-depth discussion of the technical solutions and results.
And a few examples of topics that do not reflect our focus for Black Hat DC:
-Why updating your AUP is a good thing.
-How to install (anything)
-In-depth review of a specific tool
If you have questions about a topic as it applies, just drop us an email.
Black Hat has always focused on the practical, applied uses of information and computer security. Your audience is looking to learn the latest trends, as well as the latest techniques to either attack or defend their networks.
]]>
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Black Hat Briefings DC 2007A2D68C1C-E2ED-435E-8817-B6B38D0F638DWed, 29 Nov 2006 18:21:27 -0800Black Hat Europe 2007 Call For Papers is openBlack Hat Europe 2007 Briefings & Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam.<br />
<br />
If you want to submit to the Call for Papers please note Black Hat does not accept product or vendor related pitches, or voodoo. If your talk is a veiled advertisement for a new product or service your company is offering, please do not submit. If your talk relies on voodoo techniques or tools you are not willing to share, then you should rethink the benefit the audience will get from sitting through your presentation.
<br />
We strongly suggest that you submit earlier than later, since we will close the CFP early if we receive enough quality submissions to fill the slots. Please submit using the new on-line system at: https://cfp.blackhat.com/
https://cfp.blackhat.com/
5D0D01C5-0547-4F1A-B5E8-55E0643AFA24Fri, 17 Nov 2006 15:58:47 -0800Black Hat Japan 2006 Presentations now online!Black Hat Japan 2006 Presentations are now available online!<br />
https://www.blackhat.com/html/bh-media-archives/bh-archives-2006.html#AS_2006<br />
Presentation topics available include:Anti-Forensic Rootkits, The Art and Science of Writing Secure Code,
Hacking Intranet Websites from the Outside,Breaking AJAX Web Applications, Subverting Vista Kernel and more!<br />
<br />
View more speaker info: https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-speakers.html<br />
<br />
We Also have the presentation material from USA 2006 show online, and we Anticipate we will have audio and video of the presentations available for download within the next few months.<br />
To view the USA media archives and more: https://www.blackhat.com/html/bh-multimedia-archives-index.html
https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-speakers.html
[email protected] (Black Hat Announcements)Black Hat Briefings Japan 2006F4FA2392-EF25-435B-9601-618BAFC55029Tue, 10 Oct 2006 17:21:07 -0700Black Hat DC Registration and CFP open!<![CDATA[
Black Hat would like to announce that online registration and the Call for Papers for Black Hat DC is now open!
Black Hat DC 2007 Briefings & Training will be February 26 to March 1, held at the Sheraton Crystal City hotel in Arlington Virginia.
Register early and take advantage of our early bird special and save when you register for the Briefings before January 1st.
Papers and requests to speak will be received and reviewed from October 1, 2006 until January 1, 2007. We strongly suggest that you submit earlier than later, since we will close the CFP early if we receive enough quality submissions to fill the slots.
Please submit using the online system at https://cfp.blackhat.com/
If you want to submit to the Call for Papers please note:
Black Hat does not accept product or vendor related pitches. If your talk is a veiled advertisement for a new product or service your company is offering, please do not submit.
Black Hat is launching its new electronic CFP submissions server with this announcement. You will be able to upload your submissions, make changes, select your co-presenters, etc. This system will allow you to submit multiple presentations as well as be able to change your info should you need to. This new submission and review process will enable the future possibility of peer review and online information exchange. For now we are looking forward to seeing your submissions and would like to hear any feedback you have on this new submissions process.
Topic Focus for Black Hat DC 2007:
We would like presenters to think about offensive and defensive computer security operations and the application of your expertise and research. Think about its application in an operational process that can be defensive or offense, large enterprise or distributed organized criminal group, military or civilian. This is not a requirement to submit, but we want some differentiation for the DC conference. Thinking in terms of operational applicability will steer content in a direction we hope the DC audience will appreciate.
Dates to Remember:
https://cfp.blackhat.com/
Call for Papers closes: January 1st, 2007.
https://www.blackhat.com/html/bh-registration/bh-registration.html#DC
Early Bird registration rate ends December 31st.
Regular registration rate ends Feb 18th.
More information regarding speaker requirements and our guidelines for this years submissions available at https://www.blackhat.com/
]]>
https://www.blackhat.com/html/bh-link/briefings.html
[email protected] (Black Hat Announcements)Black Hat Briefings DC 2007916A1A80-9FF5-4C3E-AD17-C544437F3E01Wed, 11 Oct 2006 10:05:44 -0700Black Hat Briefings Japan speakers now selected.The Black Hat Briefings Japan '06 speakers have been selected. We received many presentations this year and we have chosen a broad sampling of topics facing security professionals today, with an emphasis on issues facing the Asian Pacific region. The schedule is on line now and available on our Black Hat Japan site in both English and Japanese.<br />
<br />
There will be 2 tracks, over 2 days comprised of renowned information and computer security professionals. We have a wide selection of topics this year from "Catching Malware" to "Subverting Vista Kernel"
<br />
Speakers include:
Alex Stamos and Zane Lackey - Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0
Jeremiah Grossman - Hacking Intranet websites from the outside: Malware just got a lot more dangerous
Dan Moniz - Six Degrees of XSSploitation
Paul Bohm - Taming Bugs: The art and science of writing secure code
Joanna Rutkowska - Subverting Vista Kernel For Fun And Profit
Kenneth Geers & Alexander Eisen - IPv6 World Update Strategy & Tactics
Heikki Kortti - Input Attack Trees
Mr. Sugiura - Winny P2P security
Darren Bilby - Low Down and Dirty: Anti-Forensic Rootkits
Thorsten Holz and Georg Wicherski - Catching Malware to Detect, Track and Mitigate Botnets
Yuji Hoshizawa - TBD
Scott Stender - Attacking Internationalized Software
<br />
Please check out our speakers page for updates. There you will find Abstracts for the upcoming presentations and get some background information on the speakers. We look forward to seeing you at Tokyo, Keio Plaza Hotel, October 3-6th, 2006. More information is available on our Black Hat Japan site.<br />
<br />
To register visit us online at: https://www.blackhat.com/html/bh-registration/bh-registration.html#Japan. Act fast our early bird discount will end September 15th. We look forward to seeing you at Tokyo, Keio Plaza Hotel, October 3-6th, 2006. More information on this years venue is available at https://www.blackhat.com/html/bh-japan-06/bh-jp-06-en-venue.html .
https://www.blackhat.com/html/bh-japan-06/bh-jp-06-main.html
[email protected] (Black Hat Announcements)Black Hat Briefings Japan 2006BEC7823F-2AD8-477C-B22D-FC350D23EF47Wed, 6 Sep 2006 14:20:57 -0700Researchers hack Wi-Fi driver to breach laptop - by By Robert McMillan, IDG<br>
One of many flaws found allowed them to take over a laptop by exploiting a bug in an 802.11 wireless driver. The hack will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems and Jon Ellch, a student at the U.S. Naval postgraduate school in Monterey, California.<br>
<br>
"This would be the digital equivalent of a drive-by shooting," said Maynor. The victim would not even need to connect to a network for the attack to work, he said."
http://www.infoworld.com/article/06/06/21/79536_HNwifibreach_1.html
[email protected] (Black Hat Announcements)Black Hat in the news6E3B68FC-A407-4BF1-B5B9-1778594AAADEFri, 23 Jun 2006 13:08:00 -0700Black Page update: Forensics by Dominique Brezinski, Chuck Willis, Dr. Neal Krawetz, Johnny Long and Kevin MandiaThe BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community. The June 20, 2006 page highlights the Forensics and incident response and adversary identification topics we will be seeing at our upcoming conference. <br>
<br>
"I am so relieved. It has finally happened: the forensic field is transitioning from techniques that satisfy the needs of law enforcement to techniques that satisfy the needs of everyone else. "
https://www.blackhat.com/html/bh-blackpage/bh-blackpage.html
[email protected] (Black Hat Announcements)Black Hat USA 067D2749EC-2AE6-4EA5-B71F-DE1A3AB00F45Fri, 23 Jun 2006 13:06:21 -0700Black Page update: VoIP Security by Dominique Brezinski, Doug Mohney, David Endler, Hendrik Scholz, Jay SchulmanThe BlackPage highlights breaking security research submitted by leading corporate professionals, government experts, and members of the underground hacking community.The June 13, 2006 page highlights the number of voice-service related presentations we will be seeing at our upcoming conference.<br>
<br>
"However, the security impacts of prevalent and cheap voice services over IP networks go far beyond device, protocol and server weaknesses. With voice communication comes social engineering, so this year we have presentations demonstrating VoIP phishing, voice analytics used to defend against social engineering attacks, and the more traditional exploitation of technology weaknesses."
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132006.html
[email protected] (Black Hat Announcements)Black Hat USA 06E6BBBDDB-D386-4A96-AFDE-F88604ACC1BBFri, 23 Jun 2006 13:04:13 -0700Audio from Black Hat USA '05 now on-line!Past speeches and talks from the Black Hat Briefings computer security conferences.<br>
<br>
The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace.<br>
A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html<br>
<br>
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br>
<br>
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp3 cbr 64k audio format. If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2005 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!
https://www.blackhat.com/podcast/bh-usa-05-audio.rss
[email protected] (Black Hat Announcements)Black Hat USA 05BB3F0BB4-5BB1-4F79-835A-DE488D2C0F67Mon, 12 Jun 2006 19:25:33 -0700Video from Black Hat USA '05 now on-line!The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace.<br><br>
A post convention wrap up can be found at https://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html<br>
<br>
Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo<br>
<br>
Video, audio and supporting materials from past conferences will be posted here, starting with the newest and working our way back to the oldest with new content added as available! Past speeches and talks from Black Hat in an iPod friendly .mp4 h.264 192k video format. If you want to get a better idea of the presentation materials go to https://www.blackhat.com/html/bh-media-archives/bh-multi-media-archives.html#USA-2005 and download them. Put up the pdfs in one window while watching the talks in the other. Almost as good as being there!
https://www.blackhat.com/podcast/bh-usa-05-video.rss
[email protected] (Black Hat Announcements)Black Hat USA 0510C3E6C1-6D74-4411-8C43-01E3212385D9Mon, 12 Jun 2006 19:23:06 -0700From the MSRC Blog: Microsoft presenting at the Black Hat security conference in Las Vegas.I was asked by a reported to comment on this, so I went and read it. Microsoft has some nice things to say about Black Hat.. who would have thought the their security world would have changed so much in a few short years?<br>
<br>
>From the article:<br>
<br>
"he cool part is that we will be the first software vendor to present an entire Black Hat Briefing track on a pre-release product, specifically to gather security researcher feedback. We submitted several presentations to the Black Hat event organizers and, based on the technical merit and interest to the audience, they were accepted. Day two of the Black Hat event in Las Vegas will feature deeply technical presentations on security features and functionality in Windows Vista. There’s a total of five presentations, and of course Microsoft researchers and architects will be there to actively participate in the event..."
http://blogs.technet.com/msrc/archive/2006/06/09/434600.aspx
[email protected] (Black Hat Announcements)Black Hat in the news23FFB860-EB86-4353-8D4C-7B976FBE7BE0Mon, 12 Jun 2006 15:34:06 -0700BlueBag PC sniffs out Bluetooth Flaws - by Robert McMillanOver at infoworld, an article about BlueBag, a custom Bluetooth sniffing set up created by Stefano Zanero (A long time Black Hat contributor) and his company.<br>
<br>
If you make it to Black Hat this summer you can see it in action during their presentation.<br>
<br>
"If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag..."
http://www.infoworld.com/article/06/06/07/79045_HNbluebag_1.html
[email protected] (Black Hat Announcements)Black Hat in the news1DF9944D-AACB-43B0-9782-89D770FC5F7AFri, 9 Jun 2006 17:52:06 -0700Black Hat USA 2006 Speakers Selection Complete!The Black Hat USA 2006 Speaker selection process is now complete.<br>
<br>
This years Briefings will be the largest ever in terms of content. Even with an additional two track of content per day we were overwhelmed with submissions. In the end there were over twenty submissions we would have liked to accept, but simply had no room.<br>
<br>
Curious about who was selected, and what they are presenting on? Check out the speakers page below.<br>
The quality and quantity of submissions was at an all time hight this year. Even with an added two tracks of content there was not nearly enough room to accept all the presentation we wanted to.<br>
<br>
To those who made it, congratulations! Please work hard to impress the audience.<br>
To those who didn't please know that most submissions were up to our standards, but lack of room and subject matter overlap were the main reasons for rejection. Don't give up!
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html
[email protected] (Black Hat Announcements)Black Hat USA 06D6DFC204-1512-488A-8A94-B981FE2FB1F0Thu, 1 Jun 2006 11:58:20 -0700Black Hat USA 2006 Call for Papers has closed!The Black Hat USA 2006 Call for Papers has now closed. Speaker selection has begun, and the first round of selections and rejections should be complete by the end of the week.
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-schedule.html
[email protected] (Black Hat Announcements)Black Hat USA 068F64CB18-DC2A-4E35-85B3-0048FDD36474Mon, 8 May 2006 13:43:28 -0700RAIDE Rootkit Elimination Tool Hits BetaRyan Naraine writes for eWeek about Peter Silberman and Jamie Buttler's RAIDE tool that was released at Black Hat Amsterdam. From the article 'Spurred on by the ongoing cat-and-mouse game between malicious hackers and existing anti-rootkit scanners, a pair of security researchers have teamed up on a new tool that promises a solution to the threat from stealthy malware.'
http://www.eweek.com/article2/0,1895,1938948,00.asp
[email protected] (Black Hat Announcements)Black Hat in the newsE32CD34F-CC8F-4A98-81D8-57CECA7782C9Fri, 17 Mar 2006 08:00:00 -0700Web 2.0 Meets Virus 2.0Black Hat presenter Billy Hoffman, a researcher at SPI Dynamics, discusses the possibility of advanced Ajax based worms. In one scenario discussed, if an online stock broker site was breached, it could not only impact thousands of users on a site, but could potentially impact the stock market as a whole. These threats are more than theoretical, as the recent infection of MySpace has shown.
http://technology.guardian.co.uk/weekly/story/0,,1726234,00.html
[email protected] (Black Hat Announcements)Black Hat in the news7E2273ED-3E38-40D4-A397-9B37E99601E2Sat, 4 Mar 2006 07:00:00 -0700Black Hat presenter finds Microsoft fingerprint reader insecure. Shocker!Microsoft sells a fingerprint reader designed to logs into web sites without remembering passwords. Despite this, Microsoft explicately states that the device should not be used to protect sensative information. Mikko Kiviharju, a finnish researcher, discovered that Microsoft chose turn off the encryption that is supported by the OEM, Digital Persona. What baffles the Black Hat team is the statement from Digital Persona's CTO - 'The fact that they turned the encryption off, I would argue, does not in a practical sense open up any security holes'. Then why include it as a feature?
http://www.pcworld.com/resource/article/0,aid,124978,pg,1,RSS,RSS,00.asp
[email protected] (Black Hat Announcements)Black Hat in the news10E0884E-4DA2-4BA8-9460-A16C223F7EE4Fri, 3 Mar 2006 11:00:00 -0700Black Hat Europe 2006 Online registration closedOnline registration for Black hat Europe 2006 has closed. On site registration for training will take place Tuesday, 28 February 2006, 16:00 - 21:00. On site registration for the Briefings will be Wednesday, 01 March 2006, 16:00 - 18:00. Follow the link for more the full schedule.
https://www.blackhat.com/html/bh-europe-06/bh-eu-06-schedule.html
[email protected] (Black Hat Announcements)Black Hat Europe 065D3DDD8A-FED0-475F-BB69-9C4D25FBA7A5Fri, 17 Feb 2006 18:00:00 -0700Black Hat USA 2006 Call for Papers Opens!The Black Hat USA 2006 Call for Papers is now open. Don't hesitate to submit your presentations for consideration. Unleash you best kung-fu for the greatest chance of being selected. For complete details follow the link.
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-cfp.html
[email protected] (Black Hat Announcements)Black Hat USA 06D2456FA5-50B5-49AA-8D8D-007BD8BEB030Thu, 2 Feb 2006 16:05:00 -0700Black Hat Europe 2006 Early Bird Registration ClosingBlack Hat Europe early bird rate is about to end. There are 6 days left of a $200 USD discount on registration for Black Hat Europe Briefings and Trainings 2006. Black Hat Europe takes place February 28-March 3, 2006 at the Grand Hotel Krasnapolsky, Amsterdam, NL. Register now and save!
https://www.blackhat.com/html/bh-registration/bh-registration.html#eu
[email protected] (Black Hat Announcements)Black Hat Europe 064AFAAD32-EBC2-4745-BC2A-6740139FB0EDThu, 2 Feb 2006 16:00:00 -0700Comprehensive Black Hat Federal 2006 review by noted security author Richard BejtlichIn an extensive five-part review author Richard Bejtlich discusses each presentation he attended and interactions he had at Black Hat Federal 06. Richard has trained at a previous Black Hat, was a contributor to 'hacking exposed' and the author of 'The Tao of Network Security Monitoring: Beyond Intrusion Detection'.
http://taosecurity.blogspot.com/#113839241238734087
[email protected] (Black Hat Announcements)Black Hat in the news1CA40AEF-8FF2-4755-BC8D-9B8C9DD0A1E6Tue, 31 Jan 2006 17:25:00 -0700Adversary characterization highlighted at Black Hat Federal 06Parker and Devost show that it is not enough to take technical countermeasures to defend yourself it's necessary to understand who may be attacking you. Parker literally wrote the book on adversary characterization, and Government Computer News takes a look at his latest research.
http://www.gcn.com/vol1_no1/daily-updates/38107-1.html
[email protected] (Black Hat Announcements)Black Hat in the newsAD404833-E31E-4A74-872C-9355E3E35444Tue, 31 Jan 2006 17:15:00 -0700BIOS Rootkit research explored at Black Hat Federal 06As rootkit technology continues to advance, researcher John Heasman investigates the potential for BIOS rootkits. He concludes that this is an attack-vector that could have devastating consequences. John is working on a toolkit to detect these attacks.
http://www.gcn.com/vol1_no1/daily-updates/38102-1.html
[email protected] (Black Hat Announcements)Black Hat in the news2A0F516F-597B-4C89-B7F8-CB8F96D83EC5Tue, 31 Jan 2006 17:10:00 -0700Washington Post reviews Black Hat Federal 06 BriefingsBrian Krebs of the Washington Post provides a summary of many of the groundbreaking presentations at the Black Hat Federal 2006 Briefings.
http://blogs.washingtonpost.com/securityfix/2006/01/a_letter_from_b.html
[email protected] (Black Hat Announcements)Black Hat in the news79D527C3-78AB-47FD-A718-A9FDFDD8D9ACTue, 31 Jan 2006 17:05:00 -0700Litchfield's Oracle 'Breakable' presentation stirs disclosure debate.David Litchfield presented the Black Hat Federal audience with a '0-day' Oracle vulnerability, as well as risk mitigation techniques after Oracle neglected to address the problem in their latest patch. This SecurityFocus article discusses the growing frustration in the security community regarding Oracles apparent lack of commitment to building healthy relationships with independent researchers.
http://www.securityfocus.com/brief/118
[email protected] (Black Hat Announcements)Black Hat in the newsFB7493E4-99E0-4BD1-95DA-514497EAB03FTue, 31 Jan 2006 17:00:00 -0700Black Hat Europe 2006 Briefings Speakers SelectedSpeakers for Black Hat Europe 2006 Briefings have been selected. Selections include 'Skeletons in Microsoft's Closet - Silently Fixed Vulnerabilities' by Steve Manzuik and Andre Protas, 'RAIDE: Rootkit Analysis Identification Elimination' by Peter Silberman and Jamie Butler, and 'Exploiting Embedded Systems' by Barnaby Jack. This is the sixth Briefings in Europe since our first Briefings in 2000. Black Hat Europe 2006 Briefings and Trainings take place in Amsterdam, 28 February - March 2006. Visit www.blackhat.com for to register or for further information.
https://www.blackhat.com/html/bh-europe-06/bh-eu-06-speakers.html
[email protected] (Black Hat Announcements)Black Hat Europe 0633A11454-C8BF-4257-BA25-DA11077DC980Mon, 12 Dec 2005 08:00:00 -0700PC World's Winners and Losers of 2005In a round-up of the highlights in technology this year, PC World lists Cisco as a 'Loser' for it's censorship attempts at Black Hat USA 2005. Juniper is shown as the 'Winner', having hired researcher and Black Hat speaker Michael Lynn.
http://abcnews.go.com/Technology/PCWorld/story?id=1444676
[email protected] (Black Hat Announcements)Black Hat in the newsC3AD3760-30FE-4BE8-BF77-A4098749B6B9Thu, 29 Dec 2005 17:00:00 -0700Black Hat Federal 2006 speakers selection now completeThe Black Hat Federal 2006 CFP is closed, and speakers have been selected and are now on-line! The Federal show is highlighing some great presentations on technical attack, defense, root kit advancements and forensics. Something for every security ninja in the new year.
https://www.blackhat.com/html/bh-federal-06/bh-fed-06-speakers.html
[email protected] (Black Hat Announcements)Black Hat Federal 06BAE2408B-2A2B-4E98-8EBD-7D9E9E005239Fri, 23 Dec 2005 17:00:00 -0700CNET highlights Anti-Anti Virus Research, Black Hat SpeakerAt Black Hat USA 2005, reporter Robert Vamosi spoke with Black Hat Speaker Alex Wheeler regarding the state of vulnerabilities in Anti-virus software. According to Robert, only one vendor - F-Secure took the threat seriously enough to determine that patches were warranted. Keep an eye on vulnerabilities in security related software - vulnerability researchers are starting to have them in their sights.
http://cnet.com.au/software/security/0,39029558,40058961,00.htm
[email protected] (Black Hat Announcements)Black Hat in the news88E80103-390F-48F1-9561-E1D81F5A5EDFTue, 20 Dec 2005 12:00:00 -0700BlackPage update: Kevin MandiaKevin Mandia, a world recognized leader of incident response research, points out that a responder must have skills at least that of the attacker. One of the challenges to IR is discovering there is an incident to begin with. If we only look for known attacks, we will only find the moderately skilled attackers, leaving us exposed to the truly skilled adversaries.
https://www.blackhat.com/html/bh-blackpage/bh-blackpage.html
[email protected] (Black Hat Announcements)Black Hat BlackPage4973BBAC-1AC7-4462-910E-051A406F5831Thu, 8 Dec 2005 11:50:00 -0700New training class added to Black Hat EuropeLaurent Oudot is offering a new class Live Hacking on Honeypots for our Amsterdam conference. Overview: Few years after the birth of those valuable solutions to delude attackers, Honeypots have become a new key to improve the security of IT infrastructures. This 2 days comprehensive course is geared to teach you almost anything about honeypots technologies: theory, value, goals, conception, design, architectures, etc. Practical periods will allow students to switch their role from whitehat to blackhat, with live hacking on dedicated honeypots!
https://www.blackhat.com/html/bh-europe-06/train-bh-eu-06-lo2.html
[email protected] (Black Hat Announcements)Black Hat Europe 062F7988B7-6E64-4B05-9FEA-FC9AADAC3266Mon, 5 Dec 2005 10:00:00 -0700Jennifer Granick writes about disclosure post ciscogate is "Dark Cloud Hovers Over Black Hat" wired.comFrom the article "Last week Black Hat, the Vegas security conference that was at the center of the Ciscogate controversy last summer, was purchased by CMP Media. The sale has the internet hens clucking about whether ownership by a larger, wealthier corporation will protect Black Hat from future legal challenges, or make it more susceptible to pressure from companies wanting to control vulnerability disclosures. The more worrisome question is why Black Hat and other purveyors of security information must worry so much about what they disclose. For better or worse, the settlement I negotiated with Cisco in its case against researcher Michael Lynn kept some important legal issues from reaching a courtroom, and these unsettled questions cast a long shadow over security research today.
http://www.wired.com/news/privacy/0,1848,69655,00.html
[email protected] (Black Hat Announcements)Black Hat in the newsB42FCDC4-DB3A-49A0-83D5-E986C91EFD06Wed, 23 Nov 2005 10:00:00 -0700Saumil Shah and Dave Cole "Adware Spyware" AudioThe Business:Timeline - how did we get into this mess? The Technology: Technical overview of different types of programs (taxonomy). Looking ahead: Market polarization, bad get worse, good get better (more white, less grey). Exploiting Adware.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Shah
[email protected] (Black Hat Announcements)Black Hat Japan 05DE75895C-5B9A-4399-9A28-5259B5E640AEFri, 18 Nov 2005 14:30:00 -0700Satoru Koyama "Botnet survey result: Our security depends on your security" Audio (Japanese)Many of the various attacking mechanism such as spam email, DDoS that are attacking the internet as whole in recent years can be attributed to Botnets. However there is not much information on these Botnets yet. Telecom ISAC-Japan and JPCERT/CC conducted a detailed investigation regarding botnet activity. This session will cover what was found during the investigation and the current state of the massive amount of infected users and sub-species of botnets.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Koyama
[email protected] (Black Hat Announcements)Black Hat Japan 05838DEF20-2020-45A9-84FE-65ED01A55B57Thu, 17 Nov 2005 20:00:00 -0700[Announcement] Black Hat acquired by CMPFrom the announcement "CMP Media, a marketing solutions company serving the technology, healthcare and entertainment markets, announced today that it has acquired Black Hat Inc., a producer of information security conferences and training that includes Black Hat Briefings and Conferences. Jeff Moss, founder and owner, will continue to run Black Hat and will join CMP Media as Director of Black Hat. Combining CMP's current portfolio of Computer Security Institute (CSI), Secure Enterprise magazine and the Security Pipeline website with Black Hat, will position CMP Media as the strongest platform in the computer security media market. . . This move will enable Black Hat to take advantage of growth opportunities we couldn't pursue as a small company, such as international expansion, while enabling me to keep doing what I love the most -- working with speakers and building the conference programs," Jeff Moss added.
http://biz.yahoo.com/prnews/051115/nytu206.html
[email protected] (Black Hat Announcements)Black Hat in the news48E40C26-42A1-4F4C-9643-0C2BF6B02EC4Tue, 15 Nov 2005 18:30:00 -0700Michael Sutton and Adam Greene "The Art of File Format Fuzzing" AudioIn September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#sutton
[email protected] (Black Hat Announcements)Black Hat Japan 05857F2BEB-E056-4074-8BE8-F8D9C3ED59A1Tue, 15 Nov 2005 18:00:00 -0700Kenneth Geers "Hacking in a Foreign Language: A Network Security Guide to Russia (and Beyond)" AudioHas your network ever been hacked, and all you have to show for your investigative efforts is an IP address belonging to an ISP in Irkutsk? Are you tired of receiving e-mails from Citibank that resolve to Muscovite IP addresses? Would you like to hack the Kremlin? Or do you think that the Kremlin has probably owned you first? Maybe you just think that Anna Kournikova is hot. If the answer to any of the above questions is yes, then you need an introduction to the Gulag Archipelago of the Internet, the Cyberia of interconnected networks, Russia. . .
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#geers
[email protected] (Black Hat Announcements)Black Hat Japan 059DBA5436-8EFB-43F4-93D1-6A647E5CE683Fri, 11 Nov 2005 20:00:00 -0700Jeremiah Grossman "Phishing with Super Bait" AudioThe use of phishing/cross-site scripting (XSS) hybrid attacks for financial gain is spreading. It's imperative that security professionals familiarize themselves with these new threats to protect their websites and confidential corporate information. This isn't just another presentation about phishing scams or cross-site scripting. We're all very familiar with each of those issues. Instead, we'll discuss the potential impact when the two are combined to form new attack techniques. Phishers are beginning to exploit these techniques, creating new phishing attacks that are virtually impervious to conventional security measures. Secure sockets layer (SSL), blacklists, token-based authentication, browser same-origin policy, and monitoring / take-down services offer little protection. Even eyeballing the authenticity of a URL is unlikely to help.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#grossman
[email protected] (Black Hat Announcements)Black Hat Japan 0573C90831-29BF-4374-B516-D761A1694BBDFri, 11 Nov 2005 17:00:00 -0700BlackPage update Implications of the Lynn Cisco Research, and Moving ForwardJeff Moss updates the BlackPage with his thoughts about ISS/Cisco vs. Mike Lynn/Black Hat. From the article "This update to the BlackPage will catch us up with what has happened in the ISS and Cisco vs. Mike Lynn and Black Hat case, and I hope to set the record straight. I have also asked for comment from other security experts, and that will be included as separate BlackPage entries."
https://www.blackhat.com/html/bh-blackpage/bh-blackpage-11092005.html
[email protected] (Black Hat Announcements)Black Hat in the newsC67946B6-B401-4CD4-9D65-18EEE9AA6A50Wed, 9 Nov 2005 13:00:00 -0700Sherri Sparks and Jamie Butler "Shadow Walker: Raising The Bar For Rootkit Detection" AudioLast year at Black Hat, we introduced the rootkit FU. FU took an unprecented approach to hiding not previously seen before in a Windows rootkit. Rather than patching code or modifying function pointers in well known operating system structures like the system call table, FU demonstrated that is was possible to control the execution path indirectly by modifying private kernel objects in memory. This technique was coined DKOM, or Direct Kernel Object Manipulation. The difficulty in detecting this form of attack caused concern for anti-malware developers. This year, FU teams up with Shadow Walker to raise the bar for rootkit detectors once again. In this talk we will explore the idea of memory subversion. We demonstrate that is not only possible to hide a rootkit driver in memory, but that it is possible to do so with a minimal performance impact. The application (threat) of this attack extends beyond rootkits. As bug hunters turn toward kernel level exploits, we can extrapolate its application to worms and other forms of malware. Memory scanners beware the axiom, "vidre est credere." Let us just say that it does not hold the same way that it used to.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Butler
[email protected] (Black Hat Announcements)Black Hat Japan 053E643E41-F1A1-4571-B2E9-70868000980ATue, 8 Nov 2005 16:00:00 -0700Hideaki Ihara "Forensics in Japan" Audio (Japanese)In forensic research it is imperative to search for Japanese language strings. However many of the tools used in forensic research are being developed outside of Japan, and therefore not tuned for the Japanese language. In Japan there is research being done on using character encoding for anti-forensic countermeasures, and therefore character encoding and Japanese are significant issues for Japanese agents. This session will cover the various issues on Japanese when using popular forensic tools and other technical issues for future considerations.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Ihara
[email protected] (Black Hat Announcements)Black Hat Japan 057290D592-FA56-46C1-8060-7FAE5E1D4041Tue, 8 Nov 2005 14:00:00 -0700Jeff Moss Interviewed about Ciscogate wired.comFrom the article "The legal wrangling finally ended this week, and the FBI case against Lynn has closed. Lynn spoke with Wired News in July to tell his side of the story. Now Black Hat founder Jeff Moss talks about what happened from his perspective and why companies continue to repeat the mistakes of their predecessors in trying to suppress the full disclosure of security bugs and punish security researchers."
http://www.wired.com/news/privacy/0,1848,69488,00.html?tw=wn_tophead_5
[email protected] (Black Hat Announcements)Black Hat in the newsAECAD8F2-15EA-4A6E-A7AA-31FDB9629689Mon, 7 Nov 2005 19:00:00 -0700Ejovi Nuwere "The Art of SIP fuzzing and Vulnerabilities Found in VoIP" AudioThis presentation will cover SIP and VoIP related automated fuzzing techniques. Using real world vulnerabilities and audit engagements we will give a technical understanding of this emerging technology and its common attack vectors. The techniques discussed in this talk will not only be limited to SIP but will apply to methodical audit approaches for fuzzing text based protocols which can be more complex then fuzzing binary protocols.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Nuwere
[email protected] (Black Hat Announcements)Black Hat Japan 05E7BD9291-BC9C-49E1-8507-F5E2C7D8EA45Mon, 7 Nov 2005 06:00:00 -0700Dominique Brezinski "A Paranoid Perspective of an Interpreted Language" AudioInterpreted, dynamically-typed, and object-oriented languages like Ruby and Python are very good for many programming task in my opinion. Such languages have many benefits from rapid, easy development to increased security against memory allocation and manipulation related vulnerabilities. However, choice of programming language alone does not guarantee the resulting software written in the language will be free of security vulnerabilities, which is an obvious point, but the sources of the potential vulnerabilities may not be obvious at all.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Brezinski
[email protected] (Black Hat Announcements)Black Hat Japan 0533D3FF37-2D74-4305-A5C1-C5CA4F1BEBD3Mon, 7 Nov 2005 05:00:00 -0700David Maynor "Architecture Flaws in Common Security Tools" AudioLook at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepted encoding schemes to launch attacks right through most security tools? Come and see what hackers know; if you rely on these products to keep you safe, you can't afford not to.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#maynor
[email protected] (Black Hat Announcements)Black Hat Japan 053F8C1202-FD0F-4C6A-8B07-A7AAE8DB0EC0Sat, 5 Nov 2005 06:00:00 -0700Chris Hurley (Roamer) "Identifying and Responding to Wireless Attacks" Audio on-lineThis presentation details the methods attackers utilize to gain access to wireless networks and their attached resources. Examples of the traffic that typifies each attack are shown and discussed, providing attendees with the knowledge too identify each attack. Defensive measures that can be taken in real time to counter the attack are then presented.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Hurley
[email protected] (Black Hat Announcements)Black Hat Japan 052A159F44-8F7E-485A-90F0-AE288404D1ADFri, 4 Nov 2005 09:00:00 -0700Dan Kaminsky "Black Ops Of TCP/IP 2005" Audio on-lineOur networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed.
https://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html#Kaminsky
[email protected] (Black Hat Announcements)Black Hat Japan 05BD0BF018-EB85-451A-9A33-E43BF213CE06Fri, 4 Nov 2005 06:00:00 -0700Black Hat Briefings and Training Federal Registration now openBlack Hat Federal 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 22 presentations. There will be 11 Trainings classes, with new offerings such as Saumil Shah's "The Exploit Laboratory - Buffer Overflows For Beginners," and Matt Hargett's "Binary Static Analysis: From the Inside-Out." Class sizes for all trainings are limited to ensure each student receives individual attention. Register early before classes fill up and to receive an early discount.
https://www.blackhat.com/html/bh-registration/bh-registration.html#Fed
Black Hat Federal 0670D9BA9C-A635-453C-AF7F-F48734C9DCF0Thu, 3 Nov 2005 05:00:00 -0700Black Hat Briefings and Training Europe Registration now openBlack Hat Europe 2006 Briefings and Trainings registration is now open. The Briefings offer two tracks over two days with 25 presentations. There will be 10 Training classes with new offerings and an updated SensePost class "Hacking by Numbers: Combat Edition." Due to limited class size, many of our classes fill up quickly. Register early to ensure training availability and to take advantage of our early bird registration discount.
https://www.blackhat.com/html/bh-registration/bh-registration.html#eu
Black Hat Europe 0641D52942-7D57-4A8B-8C29-251FDD852EFBThu, 3 Nov 2005 05:00:00 -0700Black Hat in '10 Infamous Moments In Security Research'InformationWeek has a top 10 Infamous Moments In Security Research artice, David Litchfield and Black Hat are listed as #1 for David's work on an SQL problem that turned into the slammer worm. You will notice that Mike Lynn is mentioned as #3, but it is not revealed that he presented this research at Black Hat as well, nor the ISS and Cisco lawsuits against Black Hat mentioned. But not to worry, Davaid Litchfield is also in position #6 with his Oracle PLSQL gateway vulnerability.
http://www.informationweek.com/security/showArticle.jhtml?articleID=185301327
[email protected] (Black Hat Announcements)Black Hat in the newsF9CFEA15-D83C-4C46-A119-767DD0EECDDCMon, 17 Apr 2006 23:35:58 -0700