The professional security crowd meets annually for the Black Hat conference in Las Vegas, and this year's confab features ATM hacking and insecure electric meter reading, along with the latest in securing users from software vendors like Mozilla and Qualys.
Jonathan Pollet, founder of Red Tiger Security, tells Black Hat attendees on Wednesday that security issues arising from modernizing critical infrastructure systems are creating a "ticking time bomb."
Mozilla Security Program Manager Brandon Sterne demonstrated on Wednesday how this ostensibly dull code, which is part of Firefox 4's new Content Security Policy, will make the next-generation browser safer.
Former Deputy Director of National Intelligence Gen. Michael Hayden addresses questions about cybersecurity on an international level at a press conference Thursday morning.
Invincea adds hardware virtualizatrion to the sandbox
Security vendor Invincea demonstrated its hardware-based virtualization sandbox on Wednesday, as indicated by the red border in this screenshot.
The program is currently limited to enterprise clients using Internet Explorer and Adobe Reader, but the company has plans to make the software available to home users and expand its reach to include other browsers such as Firefox.
At the Black Hat security conference on Thursday researcher Robert "RSnake" Hansen brings more bad news for the much beleaguered SSL (Secure Sockets Layer), which is designed to secure communications over the Internet. The CEO and founder of consulting firm SecTheory, Hansen and others have discovered 24 new issues with how SSL is implemented. While "the sky is not falling," the problems could be devastating for e-commerce, Hansen said.
Crypto expert Karsten Nohl released a tool that people can use to test whether their mobile phones can be snooped on and hopes the move will spur telecom providers to patch their GSM networks.
Attorney Tiffany Rad, the president of technology, law, and business development firm ELCnetworks, spoke on Thursday about what she called the "chilling" effect the DMCA is having on free speech, and how using TOR and offshore data centers can help create subpoena-resistant (but not subpoena-proof) jurisdictions.
Nerdcore rapper David Martinjak, aka "int eighty" from the group Dual Core, on stage with guest rapper "Dr. Raid" at the Electronic Frontier Foundation's pre-Defcon, post-Black Hat fundraiser Thursday night.
