The professional security crowd meets annually for the Black Hat conference in Las Vegas, and this year's confab features ATM hacking and insecure electric meter reading, along with the latest in securing users from software vendors like Mozilla and Qualys.
Mozilla Security Program Manager Brandon Sterne demonstrated on Wednesday how this ostensibly dull code, which is part of Firefox 4's new Content Security Policy, will make the next-generation browser safer.
Invincea adds hardware virtualizatrion to the sandbox
Security vendor Invincea demonstrated its hardware-based virtualization sandbox on Wednesday, as indicated by the red border in this screenshot.
The program is currently limited to enterprise clients using Internet Explorer and Adobe Reader, but the company has plans to make the software available to home users and expand its reach to include other browsers such as Firefox.
At the Black Hat security conference on Thursday researcher Robert "RSnake" Hansen brings more bad news for the much beleaguered SSL (Secure Sockets Layer), which is designed to secure communications over the Internet. The CEO and founder of consulting firm SecTheory, Hansen and others have discovered 24 new issues with how SSL is implemented. While "the sky is not falling," the problems could be devastating for e-commerce, Hansen said.
Attorney Tiffany Rad, the president of technology, law, and business development firm ELCnetworks, spoke on Thursday about what she called the "chilling" effect the DMCA is having on free speech, and how using TOR and offshore data centers can help create subpoena-resistant (but not subpoena-proof) jurisdictions.
Nerdcore rapper David Martinjak, aka "int eighty" from the group Dual Core, on stage with guest rapper "Dr. Raid" at the Electronic Frontier Foundation's pre-Defcon, post-Black Hat fundraiser Thursday night.