Vulnerabilities / Threats
7/22/2014
08:20 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Previous
1 of 7
Next

The parties, the meet-and-greets with industry friends, and electricity of like minds converging in Vegas summertime heat may provide the glitz and allure of the annual Black Hat security convention, but it is the research that fuels this conference's staying power.

The intellectual heart and soul of Black Hat, the briefing sessions always stir up fresh controversy and food for thought within the security research community and beyond. Whether it's been hacked ATMs spewing money from the podium, demonstrations of enterprise financial systems completely compromised, or any number of exposed vulnerabilities that have left vendors in a tizzy, Black Hat has always offered a venue for controversial research to take center stage.

This year will likely prove no different, with plenty of speakers gearing up for some powerful talks in just a couple of week. Here are some of our picks for those pieces of research most likely to set tongues wagging.

Learn How To Control Every Room At A Luxury Hotel Remotely: The Dangers Of Insecure Home Automation Deployment
(Source: Starwood Resorts)
The Speaker: Jesus Molina, independent security researcher
The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

(Source: Starwood Resorts)

The Speaker: Jesus Molina, independent security researcher

The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/31/2014 | 8:18:02 AM
Re: Dates and Times
This will be my first Black Hat & I'm psyched! Any session recommendations from seasoned show veterans or security pros who would like to attend but can't?  Complete BH briefing list is here
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
7/31/2014 | 1:09:50 AM
Re: Dates and Times
It never ceases to amaze me what these speakers can hack. I have seen them make money come out of ATMs, stop a pacemaker, and blow up a computer over a remote connection. It looks like they will have another batch of surprises for us this year!
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
7/28/2014 | 12:24:12 PM
Re: Dates and Times
Thanks for this! For me, I am interested to hear about the shortcomings of TLS and 48 secrets of cryptographers.

Should be interesting!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/25/2014 | 10:09:53 AM
Re: Dates and Times
Here is the schedule for Black Hat and also a list of speakers. The Dark Reading editorial team is also planning a series of radio shows based on a few of the more popular Black Hat sessions. So stay tuned. We'll keep you posted on the what, when and where. There will also be a lot of live coverage from the show. So keep Dark Reading open in your browser Aug. 2-7.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:15:36 AM
Re: Tip of the iceberg
Agreed, this is only the material that people are willing to share.  Imagine what people are not willing to share...
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:13:58 AM
Re: Dates and Times
Not sure when the material will be released but when it is you can find it here:

https://www.blackhat.com/html/archives.html
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
7/23/2014 | 11:56:51 AM
Tip of the iceberg
As impressive as all of this is, it has to be just the tip of the iceberg compared to what some truly nefarious black hats out there can do. 
CraigB159
50%
50%
CraigB159,
User Rank: Apprentice
7/23/2014 | 9:51:05 AM
Re: Dates and Times
Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html It includes a link to his white paper on the topic.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/23/2014 | 9:32:27 AM
Re: Dates and Times
I have one of those :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 9:04:35 AM
Re: Dates and Times
The google glass demo will surely be an eye-opener. :-)
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.