Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Black Hat Results

With the formal side of Black Hat USA winding down and DefCon starting to warm up, many attendees are beginning to discuss their impressions of the conference and the material presented at it. All of the presentations and whitepapers have now been made available online across a number of sites allowing those who were unable to attend the conference the opportunity to review and analyse the material presented.

Richard Bejtlich, of TaoSecurity, found the conference to be a worthwhile endeavour, but posted the following warning about the state of Defensive Information Security measures, which could be regarded as an admission that the current state of reactive Information Security products and tactics are not much more than snake oil. Richard found that what was being presented highlighted the ineffectiveness of current defensive measures against the attack methods and capabilities being introduced on a continuous basis.

Even if users and administrators are running completely patched, configured and locked down systems, then it is still possible to be completely compromised based on the current and emerging attack methodologies. Coverage by the ISC of a dynamically obfuscated JavaScript based attack demonstrates this in a practical manner. Even if the eventual payload of the attack is well known to anti-malware vendors, the distribution and attack method mean that each attack appears unique to monitoring and filtering software.

This leads into the second major point raised by Richard, that even detecting the current attack methods in any level of 'real time' is becoming impossible. With developers and security professionals struggling to just keep up with the state of attack and vulnerability development, if they are even following it, the development and maintenance of techniques and tools to effectively counter them is simply not possible.

Richard's final point is probably the most important - that "There is no way to get 'ahead of the threat'".

Some have not been as impressed by the research and results being presented at the conference, though if the information being presented is only 'sooo 10 minutes ago', then the conference is remaining relatively relevant. Sometimes people forget that not everyone is busily engaged in tracking and analysing the absolute latest in emerging Information Security threats and trends. At least one of the training providers found it useful to be brought up to speed on what is considered current with some of the other areas of Information Security that they don't specialise in, so it appears that the overall situation isn't as bad as it is made out to be. Sure, it is many of the same people repeating the same material already in circulation, but that is true of much of the Information Security conference circuit.

Even though the anticipated drama of the Blue Pill / Anti-Blue Pill rootkit face off never eventuated due to conditions not being met prior to the conference (during the conference, Joanna Rutkowska admitted that there was at least one method that effectively detected Blue Pill on a routine basis), there was still a level of drama present when an undercover journalist was uncovered and run out of the conference. The reporter, from NBC's Dateline program, was attempting to expose collusion between federal agents and hackers (the malicious kind).

A favourite section of Black Hat is the 'Spot the Fed' competition / panel, which was changed at the last minute to 'Spot the undercover reporter' after conference organisers were made aware of her presence. Provided that they follow some basic ground rules, reporters and traditional media are permitted to attend and report on Black Hat, something which the NBC reporter failed to adhere to. Before conference attendees were able to come to a decision about ejecting the reporter, she left of her own accord - pursued by credentialled media attending the conference.

4 August 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.