Black Hat D.C. wraps up

Attendees at Black Hat D.C 2008 learn about vulnerabilities in hardware and wireless systems.

Breaking things--that's what the very bright and super curious do; they look beyond the obvious to see what's truly lurking beneath the surface. On Wednesday and Thursday, attendees at Black Hat D.C. 2008 got a window into the latest research being done on Web applications, wireless, and embedded technologies.

On Wednesday, researchers David Hulton and "Steve" showed how with about $1,000 with of equipment they can decrypt A5/1 cellular GSM traffic in less than a hour. Following that, Adam Laurie reprised his popular RFIDiots talk from last year's Black Hat briefings with a new program that allows him to read the data off smart credit cards "hands free."

Perhaps the best new presentation at Black Hat D.C. 2008 took place in the early afternoon. In "Bad sushi: Beating phishers at their own game" researchers Nitesh Dhanjani and Billy Rios relentlessly tracked down the origins of several online phishing sites to reveal, not super-smart ninja hackers, but sloppy coders who cut and paste and even steal from one another. Following that, David Litchfield, a substitute for a canceled talk on VoIP, presented on new Oracle vulnerabilities. Finishing the day was Neal Krawetz, who expanded his talk from Black Hat Las Vegas on image analysis, this time including his research into the veracity of Osama bin Laden's beard in a recent video.

Wednesday night included a social. There was also a speaker from the Washington, D.C.-based Spy Museum with stories of real-life spies.

On Thursday, Tiller Beauchamp and David Weston gave a presentation on DTrace, a security research application that is now available within Mac OS X Leopard and coming soon to various distributions of Linux. Following that, Zac Franken reprised his previous talk on biometric and token-based access control systems with new information on work access cards. After lunch, talks included Chris Wysopal on classification and detection of backdoors, Jason Larson on SCADA security, and Jon Oberheide on exploiting virtual machine migrations.

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Last minute back to school shopping?

    Whether you're looking for headphones to study with or music-streaming gear, CNET rounds up a shopping guide just for you.