Vulnerabilities / Threats

7/22/2014
08:20 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Previous
1 of 7
Next

The parties, the meet-and-greets with industry friends, and electricity of like minds converging in Vegas summertime heat may provide the glitz and allure of the annual Black Hat security convention, but it is the research that fuels this conference's staying power.

The intellectual heart and soul of Black Hat, the briefing sessions always stir up fresh controversy and food for thought within the security research community and beyond. Whether it's been hacked ATMs spewing money from the podium, demonstrations of enterprise financial systems completely compromised, or any number of exposed vulnerabilities that have left vendors in a tizzy, Black Hat has always offered a venue for controversial research to take center stage.

This year will likely prove no different, with plenty of speakers gearing up for some powerful talks in just a couple of week. Here are some of our picks for those pieces of research most likely to set tongues wagging.

Learn How To Control Every Room At A Luxury Hotel Remotely: The Dangers Of Insecure Home Automation Deployment
(Source: Starwood Resorts)
The Speaker: Jesus Molina, independent security researcher
The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

(Source: Starwood Resorts)

The Speaker: Jesus Molina, independent security researcher

The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/31/2014 | 8:18:02 AM
Re: Dates and Times
This will be my first Black Hat & I'm psyched! Any session recommendations from seasoned show veterans or security pros who would like to attend but can't?  Complete BH briefing list is here
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
7/31/2014 | 1:09:50 AM
Re: Dates and Times
It never ceases to amaze me what these speakers can hack. I have seen them make money come out of ATMs, stop a pacemaker, and blow up a computer over a remote connection. It looks like they will have another batch of surprises for us this year!
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
7/28/2014 | 12:24:12 PM
Re: Dates and Times
Thanks for this! For me, I am interested to hear about the shortcomings of TLS and 48 secrets of cryptographers.

Should be interesting!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/25/2014 | 10:09:53 AM
Re: Dates and Times
Here is the schedule for Black Hat and also a list of speakers. The Dark Reading editorial team is also planning a series of radio shows based on a few of the more popular Black Hat sessions. So stay tuned. We'll keep you posted on the what, when and where. There will also be a lot of live coverage from the show. So keep Dark Reading open in your browser Aug. 2-7.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:15:36 AM
Re: Tip of the iceberg
Agreed, this is only the material that people are willing to share.  Imagine what people are not willing to share...
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:13:58 AM
Re: Dates and Times
Not sure when the material will be released but when it is you can find it here:

https://www.blackhat.com/html/archives.html
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/23/2014 | 11:56:51 AM
Tip of the iceberg
As impressive as all of this is, it has to be just the tip of the iceberg compared to what some truly nefarious black hats out there can do. 
CraigB159
50%
50%
CraigB159,
User Rank: Apprentice
7/23/2014 | 9:51:05 AM
Re: Dates and Times
Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html It includes a link to his white paper on the topic.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/23/2014 | 9:32:27 AM
Re: Dates and Times
I have one of those :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 9:04:35 AM
Re: Dates and Times
The google glass demo will surely be an eye-opener. :-)
Page 1 / 2   >   >>
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.