Vulnerabilities / Threats
7/22/2014
08:20 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Previous
1 of 7
Next

The parties, the meet-and-greets with industry friends, and electricity of like minds converging in Vegas summertime heat may provide the glitz and allure of the annual Black Hat security convention, but it is the research that fuels this conference's staying power.

The intellectual heart and soul of Black Hat, the briefing sessions always stir up fresh controversy and food for thought within the security research community and beyond. Whether it's been hacked ATMs spewing money from the podium, demonstrations of enterprise financial systems completely compromised, or any number of exposed vulnerabilities that have left vendors in a tizzy, Black Hat has always offered a venue for controversial research to take center stage.

This year will likely prove no different, with plenty of speakers gearing up for some powerful talks in just a couple of week. Here are some of our picks for those pieces of research most likely to set tongues wagging.

Learn How To Control Every Room At A Luxury Hotel Remotely: The Dangers Of Insecure Home Automation Deployment
(Source: Starwood Resorts)
The Speaker: Jesus Molina, independent security researcher
The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

(Source: Starwood Resorts)

The Speaker: Jesus Molina, independent security researcher

The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/31/2014 | 8:18:02 AM
Re: Dates and Times
This will be my first Black Hat & I'm psyched! Any session recommendations from seasoned show veterans or security pros who would like to attend but can't?  Complete BH briefing list is here
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
7/31/2014 | 1:09:50 AM
Re: Dates and Times
It never ceases to amaze me what these speakers can hack. I have seen them make money come out of ATMs, stop a pacemaker, and blow up a computer over a remote connection. It looks like they will have another batch of surprises for us this year!
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
7/28/2014 | 12:24:12 PM
Re: Dates and Times
Thanks for this! For me, I am interested to hear about the shortcomings of TLS and 48 secrets of cryptographers.

Should be interesting!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/25/2014 | 10:09:53 AM
Re: Dates and Times
Here is the schedule for Black Hat and also a list of speakers. The Dark Reading editorial team is also planning a series of radio shows based on a few of the more popular Black Hat sessions. So stay tuned. We'll keep you posted on the what, when and where. There will also be a lot of live coverage from the show. So keep Dark Reading open in your browser Aug. 2-7.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:15:36 AM
Re: Tip of the iceberg
Agreed, this is only the material that people are willing to share.  Imagine what people are not willing to share...
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:13:58 AM
Re: Dates and Times
Not sure when the material will be released but when it is you can find it here:

https://www.blackhat.com/html/archives.html
Whoopty
50%
50%
Whoopty,
User Rank: Moderator
7/23/2014 | 11:56:51 AM
Tip of the iceberg
As impressive as all of this is, it has to be just the tip of the iceberg compared to what some truly nefarious black hats out there can do. 
CraigB159
50%
50%
CraigB159,
User Rank: Apprentice
7/23/2014 | 9:51:05 AM
Re: Dates and Times
Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html It includes a link to his white paper on the topic.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/23/2014 | 9:32:27 AM
Re: Dates and Times
I have one of those :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 9:04:35 AM
Re: Dates and Times
The google glass demo will surely be an eye-opener. :-)
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

CVE-2014-8711
Published: 2014-11-22
Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?