Jeff Moss, founder and director of Black Hat, on Thursday moderated the first-ever Black Hat Webinar, previewing five presentations to be given at the security conference in Las Vegas in August.
Moss said he was pleased that more than 1,000 people attended and admitted they were "expecting maybe a few hundred." Black Hat has already implemented RSS feeds, Twitter, and even a LinkedIn group.
"The Webinars will be much more than that," Moss said. In the future, he hinted, Black Hat will publish an editorial calendar, with a new Webinar at least once a month. Moss said that if successful, future Webinars might also include online training.
During the one-hour broadcast, speakers gave 10-minute previews of five presentations expected during the Black Hat briefings in Las Vegas, which will take place August 6-7.
Bruce Potter, founder of the Shmoo Group, talked about "malware detection through network flow analysis." He said he will be releasing some software at the conference. He argued that network administrators can examine data flowing both ways on the network to help identify where the attacker is coming from. Software expected in August includes an updated version of Psyche that will have an Ajax-based interface.
Fyodor Vaskovich, founding member of the Honeynet project, talked about "Nmap--Scanning the Internet." The author of NMAP recently scanned the entire Internet--the WorldScan Project--and will present his results. This allows him to verify and refute various assumptions about which ports to use for scanning. Also, he said, it forces him to improve NMAP.
He gave a few examples of a NMAP scripting engine, fixed-rate packet sending, enhanced version detection, and improvements to performance and accuracy.
Shawn Moyer, CISO of Agura Digital Security, and Nathan Hamiel, senior consultant for Idea Information Security and founder of the Hexagon Security Group, previewed their talk "Satan is on My Friends List: Attacking Social Networks." They said they're not just talking about worm attacks such as Samy back in 2005. They're talking about user-generated applications and content--are they creating new attack surfaces? They will also have demonstrations and screen captures to share in August.
Nathan McFeters and John Heasman talked about "Beyond document.cookie." In August they'll be joined by Rob Carter in talking about Web 2.0 same-origin policy attacks and other Web 2.0 vulnerabilities.
Steve Reavey, Katie Moussouris, and Steve Adegbite, all of Microsoft, talked about "Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World" or the shorter title "Has Microsoft lost its mind?" Among other things, they said they will talk about how Microsoft approaches a security update within Office, from vulnerability disclosure to patch. Microsoft will also be hosting a two-day "Defending the Flag" training just prior to the public part of Black Hat on August 2 and 3, and again on August 4 and 5, to show administrators how to attack Microsoft products to gain insight to how their networks are secured.
After a short question-and-answer period, Moss said the next Webinar will be held "in about a month" and offered an e-mail address (email@example.com) to subscribe for updates.