Vulnerabilities / Threats

7/22/2014
08:20 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Previous
1 of 7
Next

The parties, the meet-and-greets with industry friends, and electricity of like minds converging in Vegas summertime heat may provide the glitz and allure of the annual Black Hat security convention, but it is the research that fuels this conference's staying power.

The intellectual heart and soul of Black Hat, the briefing sessions always stir up fresh controversy and food for thought within the security research community and beyond. Whether it's been hacked ATMs spewing money from the podium, demonstrations of enterprise financial systems completely compromised, or any number of exposed vulnerabilities that have left vendors in a tizzy, Black Hat has always offered a venue for controversial research to take center stage.

This year will likely prove no different, with plenty of speakers gearing up for some powerful talks in just a couple of week. Here are some of our picks for those pieces of research most likely to set tongues wagging.

Learn How To Control Every Room At A Luxury Hotel Remotely: The Dangers Of Insecure Home Automation Deployment
(Source: Starwood Resorts)
The Speaker: Jesus Molina, independent security researcher
The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

(Source: Starwood Resorts)

The Speaker: Jesus Molina, independent security researcher

The Research: Molina walks through research he did during recent stays at the St. Regis Shenzhen in China that led him to completely and remotely compromise the home automation protocols used in luxury hotels to control heat, lighting, blinds, and more within guest rooms. He'll walk the audience through his reverse engineering of the protocol and how he was able to use that knowledge to compromise nearly every appliance within the hotel.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/31/2014 | 8:18:02 AM
Re: Dates and Times
This will be my first Black Hat & I'm psyched! Any session recommendations from seasoned show veterans or security pros who would like to attend but can't?  Complete BH briefing list is here
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
7/31/2014 | 1:09:50 AM
Re: Dates and Times
It never ceases to amaze me what these speakers can hack. I have seen them make money come out of ATMs, stop a pacemaker, and blow up a computer over a remote connection. It looks like they will have another batch of surprises for us this year!
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
7/28/2014 | 12:24:12 PM
Re: Dates and Times
Thanks for this! For me, I am interested to hear about the shortcomings of TLS and 48 secrets of cryptographers.

Should be interesting!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/25/2014 | 10:09:53 AM
Re: Dates and Times
Here is the schedule for Black Hat and also a list of speakers. The Dark Reading editorial team is also planning a series of radio shows based on a few of the more popular Black Hat sessions. So stay tuned. We'll keep you posted on the what, when and where. There will also be a lot of live coverage from the show. So keep Dark Reading open in your browser Aug. 2-7.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:15:36 AM
Re: Tip of the iceberg
Agreed, this is only the material that people are willing to share.  Imagine what people are not willing to share...
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
7/24/2014 | 11:13:58 AM
Re: Dates and Times
Not sure when the material will be released but when it is you can find it here:

https://www.blackhat.com/html/archives.html
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
7/23/2014 | 11:56:51 AM
Tip of the iceberg
As impressive as all of this is, it has to be just the tip of the iceberg compared to what some truly nefarious black hats out there can do. 
CraigB159
50%
50%
CraigB159,
User Rank: Apprentice
7/23/2014 | 9:51:05 AM
Re: Dates and Times
Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html It includes a link to his white paper on the topic.
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
7/23/2014 | 9:32:27 AM
Re: Dates and Times
I have one of those :)
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
7/23/2014 | 9:04:35 AM
Re: Dates and Times
The google glass demo will surely be an eye-opener. :-)
Page 1 / 2   >   >>
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...