black

If there's one thing that the Black Hat 2007 conference in Las Vegas taught CNET Senior Editor Robert Vamosi, it's that criminals hackers, forgers, and malware chefs are getting more creative in their villainy, not less.

While stocking up on quality security software is an advisable method for keeping your distance from boogie-man code, the antivirus and removal applications are a lot more effective when used correctly. Some programs, such as Hijack This and CCleaner, benefit from deeper instruction; that's where CNET Download.com's security center steps in. Here you'll find guides for getting started … Read more

LAS VEGAS--This year's Black Hat was pretty much summed up in a prescient keynote by Richard Clarke, the nation's former cyber security czar who is now a novelist and chairman of Good Harbor Consulting. Clarke said "we're building more and more of our economy on cyberspace 1.0, yet we have secured very little of cyberspace 1.0." The apparent speed gained in Ajax (Asynchronous JavaScript and XML), which is technology that divides processing tasks between the Web server (Web site) and the Web client (browser), has opened Web 2.0 to some old-school attacks. … Read more

An NBC reporter learned the hard (and embarrassing) way that Defcon 15, a conference of underground hackers who also happen to be security experts, is not the place to go undercover with a hidden camera.

George Ou, who blogs for CNET News.com's sister site ZDNet, has written a detailed account of the drama that unfolded Friday at the Las Vegas conference when staff members announced the "spot the undercover reporter" game. Staffers had apparently learned that a Dateline NBC producer hoping to catch someone confessing to a hacking crime was there as a regular attendee after … Read more

LAS VEGAS--Robert Graham of Errata Security on Thursday showed how reverse engineering your security application can uncover a treasure trove of zero-day vulnerabilities. He also demonstrated a new man-in-the-middle attack scenario that affects several popular Web 2.0 sites. He did so in a talk at Black Hat titled "The Lazy Hacker's Guide to TCB (Taking Care of Business)."

David Maynor who is no stranger to controversy at Black Hat was scheduled to speak alongside Graham, but Maynor was called away at 4 a.m. by a client in need. Errata CEO Graham presented the talk solo. … Read more

LAS VEGAS--Thursday morning at Black Hat, Window Snyder and Mike Shaver of Mozilla released new tools for testing their browser, Firefox, and other popular browsers, such as Microsoft Internet Explorer, Apple Safari and Opera. The tools include a protocol fuzzer by Michael Eddington, and a Javascript fuzzer by Jesse Ruderman. Fuzzing is a method by which researchers randomly simulate common conditions under which most browsers fail.

In an interview before the presentation, Snyder said that Firefox enjoys a community of users in the millions worldwide. Of these, there are about 10,000 users who regularly download what are called nightly … Read more

LAS VEGAS--Thursday morning at Black Hat, Window Snyder and Mike Shaver of Mozilla released new tools for testing their browser, Firefox, and other popular browsers, such as Microsoft Internet Explorer, Apple Safari and Opera. The tools include a protocol fuzzer by Michael Eddington, and a Javascript fuzzer by Jesse Ruderman. Fuzzing is a method by which researchers randomly simulate common conditions under which most browsers fail.

In an interview before the presentation, Snyder said that Firefox enjoys a community of users in the millions worldwide. Of these, there are about 10,000 users who regularly download what are called nightly … Read more

LAS VEGAS--Bruce Schneier, CTO of BT Counterpane, has been talking about the psychology of security for some time now. In his keynote address to Black Hat on Thursday morning, Schneier said that one simply cannot quantify security because it's also emotional. How we feel about security in a given situation can affect how secure we really are.

Schneier says we're all security consumers; as humans, we're constantly deciding how much time, money and effort we spend to feel secure. All animals do this. A rabbit faced with a predator has to decide whether to keep eating or … Read more

LAS VEGAS--Want to build a Web site with all the latest Ajax technology? Or how about "Ajaxifying" an existing application? Bryan Sullivan, Senior Research Engineer for SPI Labs, and Billy Hoffman, SPI Labs' team leader, did just that during their talk "Premature Ajax-ulation" Wednesday afternoon at Black Hat. The two said that often developers see only the code that works, and not how someone else may come along and exploit it.

To demonstrate, Sullivan and Hoffman built a mock travel Web site, Hacker Travel.com.

"We're actually using examples that we find from popular … Read more

This is my eighth Black Hat, and boy has it grown, especially in the last two years. When I first attended Black Hat back in 2000, the conference had just moved into Caesar's Palace and, with its four session tracks, fit neatly into a small conference area off the main lobby. Back in 2000, there were no vendors. Lunch was served in patio lounge.

Flash forward to today where more than 4,000 confirmed attendees sprawl over two floors, attending 10 session tracks, making their way among the more than 40 vendor stalls. And lunch is now served mess-hall … Read more