..................................................................................................................
Black Hat: The Largest Hacker Conference 2010 Best 5 Takeaways
Black Hat, the largest and most visible hacker conference, is winding down in Las Vegas. It always brings a series of shocks and this year didn't disappoint. What did we learn this year?
1. Your money isn't safe - Researcher Barnaby Jack demonstrated how to hack automated teller machines (ATMs). He did it both by physically opening the machine and installing malware on it and by compromising it over the network. It turns out these machines, or at least some of them, aren't all that aggressively secured.
2. Your cell phone isn't safe - It was a bad week for mobile security. Project Carmen Sandiego showed that you don't have to be a phone company or government to find out who's using a particular cell phone number or where they are located. The security company Lookout revealed that Android wallpaper applications are needlessly gathering personal data. For years mobile malware has been just over the horizon, but it seems to be closer than ever to being a real problem. F-Secure's Mikko Hypponen was quoted as saying "Eventually, virus writers will realize it is easier to make money by infecting phones than it is by infecting computers."
3. Your electric service isn't safe - Jonathan Pollet, founder of Red Tiger Security, told Black Hat attendees of the weaknesses in Supervisory Control And Data Acquisition (SCADA) systems used in utilities like power companies to manage and monitor equipment. SCADA vendors and users are way behind IT generally when it comes to security. Vulnerabilities go for long times unpatched. Unnecessary software, like chat clients, are used on critical systems, which are sometimes connected to the Internet. Pollet also warned of the weak security state of "smart meters" being rolled out all over the country.
4. Your home router isn't safe - A new trick found by researcher Craig Heffner makes it easier for attackers to gain usable access to your home network. Hacking into the router can be done in many ways, but once you're in it's hard to get an address on the internal network. Heffner showed a Javascript hack that allows an attacker to use DNS Rebiding to gain an internal address. There are mitigating measures you can take, but they're complex or inconvenient.
5. Black Hat itself isn't safe - For the first time this year, Black Hat made their sessions available through a video feed, using a 3rd party service, for a $395 fee. One subscriber realized that it was easy to trick the service into providing the videos for free. It's not a good thing to show weakness like this to the Black Hat crowd.
There was some good news at the show. To add on to their recent announcement of a sandbox architecture for Reader for Windows, Adobe announced that it will be joining in Microsoft's MAPP program to provide advance notice to security vendors of vulnerability disclosures. This should help users to protect themselves better.
####################################################
----------------------------------------------------------------------------------
..........................................................................................................