Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Black Hat: Security Threats Aplenty
Black Hat Expo Reveals IT Security Threats Aplenty
Black Hat Expo Reveals IT Security Threats Aplenty
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
This year's Black Hat information security conference in Las Vegas set an attendance record -- and brought attention to a host of severe security threats. Presentations ranged from how any USB device could be hacked and creating fake Web sites, to the discoveries that Russian hackers had amassed 1.2 billion logins and that 2 billion smartphones were vulnerable to hijacking.

Dan Geer, the chief information security officer for In-Q-Tel, an Arlington, Virginia-based non-profit venture capital firm, focused on public policy recommendations for information security in his keynote address.

Geer said a mandatory reporting system for significant security vulnerabilities should be created, similar to the system the federal Centers for Disease Control and Prevention has for pandemic outbreaks. He also said software developers should legally liable for their source code, and the government should compensate people who discover security flaws.

Geer supported a recent European Union court finding that individuals have the "right to be forgotten." "There is something important about being able to reinvent ourselves," he said at a press conference following his keynote.

New Year, New Threats

Attendance at Black Hat grew from 7,500 last year to a record 8,000 this year, forcing the conference to relocate from Caesar's Palace to the more spacious Mandalay Bay Convention Center, with attendees from 91 countries. The conference, which wrapped up Thursday, was the 17th such meeting since its launch in 1997.

Researchers presented their latest findings on the newest threats and vulnerabilities to information security. This year's conference touched not only on security for Web sites and personal computers, but also on the increasing number of devices and infrastructure being connected through the Internet. Researchers from Qualys, for example, demonstrated that airport scanners used by the U.S. Transportation Security Administration could be attacked through backdoor accounts embedded in the agency's firmware.

Berlin-based security firm Security Research Labs demonstrated that the firmware that controls USB functions could be used by hackers to take control of computers. The finding could represent an entirely new class of attack for which there are no current defenses. The flaw allows hackers to reprogram a USB device's firmware with malicious code, allowing them to gain access to PCs connected to the infected device, and issue their own commands. Unauthorized users could use the flaw to install malware, access files, or issue commands.

Another major vulnerability revealed at Black Hat affects the HTTPS protocol, which uses encryption to help users browse the Web securely. The so-called Cookie Cutter attack detailed at the conference allows hackers to steal users' cookies and impersonate Web sites hosted by Akamai, including popular sites such as CNN, LinkedIn and the National Security Agency (NSA).

Researchers Mathew Solnik and Marc Blanchou, meanwhile, demonstrated that 2 billion mobile devices around the world are vulnerable to remote hijacking by malicious attackers, thanks to secret management control software installed on the devices by manufacturers at the behest of telecoms.

Passwords, the perennial whipping-boy of the Internet, came in for even more abuse this year as a Chinese/American research team was able to show how algorithms could extract passwords by analyzing video of users' finger movements while accessing their accounts.


One of the bigger themes from this year's Black Hat was the danger presented not by individual hackers operating alone and for their own benefit, but by governments with the money and resources to surveil, control and attack the information systems of their own citizens.

Over a year after the revelations of ex-NSA contractor Edward Snowden, government agencies continued to generate a significant amount of the heat in the information security sector. The Tor network, a system for browsing the Internet anonymously, was revealed to be vulnerable to attacks designed to eliminate user anonymity.

In one of Black Hat's most dramatic story lines, Alexander Volynkin, the Carnegie Mellon researcher who discovered the flaw, abruptly canceled his presentation that would have divulged more details, at his employer's insistence. Tor discovered it was the victim of an extensive attack designed to divulge the user details of its network. Although the identity of the attacker is unknown, an article by reporter Glenn Greenwald had previously disclosed that the NSA had attacked the Tor network.

But the Russian underworld proved that governments have not yet cornered the market on terrifying online behavior. A group of a dozen or so criminals operating out of southern Russia without apparent government connections were reported to have amassed a database of more than 1.2 billion login and password combinations, according to U.S. security firm Hold Security.

Image credit: BlackHat/Artist's concept.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.