Attacks/Breaches
8/1/2014
02:00 PM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

LIVE From Las Vegas: Dark Reading Radio at Black Hat

If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.

Over the last few weeks Dark Reading editors have peppered you with stories about the glories of Black Hat past and sneak previews of what's to come when security professionals from around the globe convene for the 17th annual Black Hat USA 2014.

Can't make the trip? Not to worry. Dark Reading has a created a virtual alternative. We've commandeered space at the Mandalay Bay for a temporary radio studio where we will broadcast four live episodes of Dark Reading complete with audio interviews and live text chats with our guests.

Here's the schedule, so be sure to bookmark the date and time:

Wednesday, August 6
The State of Cloud Security, 1:00 p.m. ET (10:00 a.m. PT)

Our guest, Jim Reavis, co-founder and executive director of the Cloud Security Alliance, will preview the latest CSA research report on the current state of global cloud adoption, security barriers in the cloud, and offer some predictions on the direction of the cloud market based on his interactions with global enterprises.

Jim is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. He has served as an international board member of the Information Systems Security Association and was co-founder of the Alliance for Enterprise Security Risk Management.

Airport Security: Can A Weapon Get Past TSA? 8:00 p.m. ET (5:00 p.m. PT)
Join us as for a recap of Billy Rios's Black Hat presentation on how a variety of airport security systems actually work, and where their weaknesses are. We'll discuss modern airport security procedures, how these devices are used to detect threats, and findings about some bugs he's discovered.

Billy studies emerging threats with a focus on embedded devices, Industrial Control Systems (ICS), and Critical Infrastructure (CI). Before Qualys, Billy was a technical lead at Google where he led the frontline response for externally reported security issues and incidents. Prior to Google, he was the security program manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company's response for several high-profile incidents, including the response for Operation Aurora. Before Microsoft, he worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Thursday, August 7
Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT)
Just as one should never bring a knife to a gun fight, a network defender should not rely on tired maxims such as "perimeter defense" and "defense in depth." Today's adversaries are well past that. Tom Cross, director of security research at Lancope will share the highlights of his Black Hat talk, "The Library of Sparta," the playbook nation-state adversaries are using to target and attack your organizations, and the new approaches you must use to defeat them.

Tom works on advancing the state-of-the-art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He was previously manager of X-Force Research at IBM Internet Security Systems. He has spoken at numerous security conferences, including Black Hat, DEF CON, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT)
Every Android application has its own unique identity, typically inherited from the corporate developer's identity. The Bluebox Security research team recently discovered a new vulnerability in Android, which allows these identities to be copied and used for nefarious purposes. Fresh from his Black Hat presentation, Jeff Forristal will walk through the technical root cause of this responsibly disclosed vulnerability and explain why it's a problem and how an attacker could create an exploit for it.

Jeff is a security technology professional with over a decade of experience in the security industry. He has written multiple features and cover-story articles for Network Computing and Secure Enterprise magazines; he is also a contributing author to multiple books. Under the pseudonym "Rain Forest Puppy," Jeff has been recognized as an industry expert in web application security and was responsible for the first publicized responsible security disclosure policy (2000), the first publicized recognition of SQL injection (Phrack, 1998), and the first intelligent open source web application scanner (Whisker, 1999).

If you can't make the live session, you can revisit the broadcast from our Dark Reading Radio archives. We'll also be prerecording a number of Black Hat speaker interviews from the show, which we will rebroadcast with accompanying live text chats in the coming weeks. So stay tuned!

As always, if you have any questions or comments about the upcoming Dark Reading Radio @Black Hat shows, please post them in the comments and we will bring them to the broadcasts in Las Vegas.

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 3:10:45 PM
Re: Don't Miss Thursday's Dark Reading Radio @ Black Hat
Next up today --  Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 7:27:07 AM
Don't Miss Thursday's Dark Reading Radio @ Black Hat
We've already had two great radio shows at Black Hat so far this week. So don't miss our upcoming broadcasts today: 

Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT) with Tom Cross,director of security research at Lancope.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.

And maybe some surprise guests....
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.