Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 8 MINUTES AGO.
You are here: Home / Data Security / Black Hat Gets Details, Boots Hackers
Black Hat Hears Security Details as Reporters Booted
Black Hat Hears Security Details as Reporters Booted
By Steve Bosak / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
08
2008
Day one of the Black Hat Security Conference in Las Vegas got off to a hot start with details about DNS and e-mail flaws, Google gaffes, and Cisco vulnerabilities. And some French reporters were kicked out for trying to hack the pressroom facilities.

The Black Hat conference is the premiere conference for the latest in security news and tools. Nearly 7,000 attendees are listening to presentations on phishing, hacking and malware, and many are taking comprehensive training on the latest security tools and techniques to protect their networks.

Kaminsky Details DNS Flaw

Dan Kaminsky gave an in-depth briefing of the much-reported DNS flaw he discovered, with some startling new wrinkles.

First and foremost, Kaminsky estimated that only 70 percent of Fortune 500 servers have rolled out a DNS patch. Despite the fact that many servers are still exposed, Kaminsky ran through a detailed laundry list of ways to exploit the flaw before a standing-room only crowd. He may have been pushing laggards to fix the problem by releasing details.

By listening to his presentation, a hacker would have a road map to develop multiple exploits. Kaminsky also spoke in detail on how patches prevent such attacks.

Google Gadgets Vulnerable

Next up for security woes was Google's Gadgets. According to conference presenters Tom Stracener and Robert "RSnake" Hansen, Google's popular desktop gizmos are a gaping security hole waiting to be exploited. Gadgets run a variety of small tasks, such as a desktop calendar, news-feed windows, or the latest crossword puzzle.

Stracener and Hansen highlighted some scenarios.

First, a malicious Google gadget could be added to users' desktops without their knowledge, monitoring activities and collecting sensitive information.

A malicious gadget could also be used to collect account information, trigger other malicious gadgets and send users to bogus sites to fill out forms with sensitive information.

They also demonstrated JavaScript hacks of Google gadgets, underscoring their vulnerability. The duo warned that as businesses deploy desktop gadgets, significant business data could be at risk.

When Reporters Hack

InfoWorld reported that reporters from a French security magazine, Global Security Mag, were tossed out of the Black Hat conference after an apparent reporter-led hack of the pressroom facilities. Apparently the French journalists were attempting to snoop on their rivals to determine what stories they were filing.

According to a later report, the victim was a reporter working for eWeek. His password was intercepted by the French journalists using a well-known hacking technique on the unsecured portion of the LAN in the pressroom.

After the incident, eWeek had to reset its online story-filing passwords to protect its system.

Cisco IOS Discussion

Scheduled for Friday evening was a presentation by Gyan Chawdhary and Varun Uppal with a discussion of virus attacks to Cisco Systems network switches and routers.

The talk planned to document current vulnerabilities and research for individuals to develop Cisco IOS investigation code and debugging environments, thereby taking IOS security into their own hands rather than relying on vendors.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.