black

Why buy the Lordship when you can just choose the title from the drop-down? Also on the show today, Black Hat 2008 shatters our faith in all that is technology (just like it does every year), and we engage in a lively discussion about the relative crappiness of the applications on the App Store, as well as the moral ramifications of Apple being able to nuke those crappy applications remotely.

Times Online: 'Fakeproof' e-passport is cloned in minutes http://www.timesonline.co.uk/tol/news/uk/crime/article4467106.ece

Black Hat: DNS … Read more

LAS VEGAS--The security issues we face today in cyberspace are the same ones the country faced during the American Civil War when Abe Lincoln was relying on telegraph transmissions to help keep the country united, a top U.S. cybersecurity official said in a keynote speech at the Black Hat security conference here Thursday.

Lincoln was obsessed with reading telegrams that delivered updates from the battlefield, using them to learn about the military strategies and to offer feedback, said Rod Beckstrom, director of the National Cyber Security Center in the Department of Homeland Security.

"If he were alive today … Read more

LAS VEGAS--On Wednesday, Joe Stewart, director of malware research for SecureWorks, presented his work on protocols and encryption used by the Storm worm botnet at Black Hat 2008.

He said as far as botnets go, Storm is not particularly sophisticated, nor is it our No. 1 threat. Yet while other botnets come and go, Storm remains amazingly resilient, in part because the Trojan horse it uses to infect systems changes its packing code every 10 minutes, and, once installed, the bot uses fast flux to change the IP addresses for its command and control servers.

None of this surprising, it'… Read more

LAS VEGAS--Speaking before a packed audience, researcher Dan Kaminsky explained the urgency in having everyone patch their systems: virtually everything we do on the Internet involves a Domain Name System request and therefore is vulnerable.

Expectations were running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always … Read more

Security researcher Dan Kaminsky has offered more details about a fundamental flaw in the Domain Name System and the extent of the vulnerability.

In a presentation at the Black Hat security conference in Las Vegas on Wednesday, Kaminsky gave details of how a successful DNS cache poisoning attack could be launched by taking advantage of the flaw.

Kaminsky explained that transaction IDs, which are supposed to prevent "bad guys" from assigning their own IP address numbers to any domain, are ineffective as security measures. An attacker could flood a DNS server with multiple, slightly varied requests for a … Read more

LAS VEGAS--Transitions between presidential administrations are typically influence-peddling, power-consolidating, appointee-vetting exercises run by Washington insiders. Perhaps that's why the quintessential Washington think tank, the Center for Strategic and International Studies, is trying to insert itself into the process.

The private organization, which has close ties to the U.S. military and counts Henry Kissinger on its payroll, has gathered about 35 people and awarded them the official-sounding title of "Commission on Cyber Security for the 44th Presidency." Adding to the formality are some closed-to-the-public meetings and ex-officio members from federal agencies, congressional offices, and the nebulous "… Read more

LAS VEGAS--Electronic toll systems like FasTrak and E-ZPass may be convenient for drivers, but they are rife with privacy risks, a security expert said Wednesday at the Black Hat 2008 security conference.

Strangers with the right transponder reader walking through a parking lot can steal the ID number off the transponders that are visible through the windshield, put the data on their devices and pass through bridge and other tolls for free, with the victim paying the bill, according to Nate Lawson, principal of security consultancy Root Labs.

The transponder ID, which lacks encryption, could be wiped and switched with … Read more

LAS VEGAS--On the eve of this year's Black Hat Briefings here, officials disputed a researcher's claim that his talk had to be canceled. They say the talk never even existed.

Last Thursday, researcher Charles Edge told Brian Krebs of The Washington Post that a talk on a previously disclosed flaw within the encryption for Apple FileVault had to be canceled because of a signed agreement with Apple.

The story had the individuals at Black Hat who handle the Call for Papers--the process by which a researcher submits a … Read more

LAS VEGAS--This year marks my ninth year of attending Black Hat in Las Vegas. From a small gathering of security professionals in 2000 to an uberconference in 2008, Black Hat has scaled well. And the transition from private company to corporate-owned also appears smooth. But hardly anyone's here yet.

On Tuesday, there are only a thousand or so attendees of the 30-some training sessions. Already I've noticed a few minor changes from last year.

The press room is now on the third floor, away from the maddening crowds. This may or may not work since almost all the … Read more