02:00 PM
Marilyn Cohodas
Marilyn Cohodas
Connect Directly

LIVE From Las Vegas: Dark Reading Radio at Black Hat

If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.

Over the last few weeks Dark Reading editors have peppered you with stories about the glories of Black Hat past and sneak previews of what's to come when security professionals from around the globe convene for the 17th annual Black Hat USA 2014.

Can't make the trip? Not to worry. Dark Reading has a created a virtual alternative. We've commandeered space at the Mandalay Bay for a temporary radio studio where we will broadcast four live episodes of Dark Reading complete with audio interviews and live text chats with our guests.

Here's the schedule, so be sure to bookmark the date and time:

Wednesday, August 6
The State of Cloud Security, 1:00 p.m. ET (10:00 a.m. PT)

Our guest, Jim Reavis, co-founder and executive director of the Cloud Security Alliance, will preview the latest CSA research report on the current state of global cloud adoption, security barriers in the cloud, and offer some predictions on the direction of the cloud market based on his interactions with global enterprises.

Jim is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. He has served as an international board member of the Information Systems Security Association and was co-founder of the Alliance for Enterprise Security Risk Management.

Airport Security: Can A Weapon Get Past TSA? 8:00 p.m. ET (5:00 p.m. PT)
Join us as for a recap of Billy Rios's Black Hat presentation on how a variety of airport security systems actually work, and where their weaknesses are. We'll discuss modern airport security procedures, how these devices are used to detect threats, and findings about some bugs he's discovered.

Billy studies emerging threats with a focus on embedded devices, Industrial Control Systems (ICS), and Critical Infrastructure (CI). Before Qualys, Billy was a technical lead at Google where he led the frontline response for externally reported security issues and incidents. Prior to Google, he was the security program manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company's response for several high-profile incidents, including the response for Operation Aurora. Before Microsoft, he worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Thursday, August 7
Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT)
Just as one should never bring a knife to a gun fight, a network defender should not rely on tired maxims such as "perimeter defense" and "defense in depth." Today's adversaries are well past that. Tom Cross, director of security research at Lancope will share the highlights of his Black Hat talk, "The Library of Sparta," the playbook nation-state adversaries are using to target and attack your organizations, and the new approaches you must use to defeat them.

Tom works on advancing the state-of-the-art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He was previously manager of X-Force Research at IBM Internet Security Systems. He has spoken at numerous security conferences, including Black Hat, DEF CON, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT)
Every Android application has its own unique identity, typically inherited from the corporate developer's identity. The Bluebox Security research team recently discovered a new vulnerability in Android, which allows these identities to be copied and used for nefarious purposes. Fresh from his Black Hat presentation, Jeff Forristal will walk through the technical root cause of this responsibly disclosed vulnerability and explain why it's a problem and how an attacker could create an exploit for it.

Jeff is a security technology professional with over a decade of experience in the security industry. He has written multiple features and cover-story articles for Network Computing and Secure Enterprise magazines; he is also a contributing author to multiple books. Under the pseudonym "Rain Forest Puppy," Jeff has been recognized as an industry expert in web application security and was responsible for the first publicized responsible security disclosure policy (2000), the first publicized recognition of SQL injection (Phrack, 1998), and the first intelligent open source web application scanner (Whisker, 1999).

If you can't make the live session, you can revisit the broadcast from our Dark Reading Radio archives. We'll also be prerecording a number of Black Hat speaker interviews from the show, which we will rebroadcast with accompanying live text chats in the coming weeks. So stay tuned!

As always, if you have any questions or comments about the upcoming Dark Reading Radio @Black Hat shows, please post them in the comments and we will bring them to the broadcasts in Las Vegas.

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 3:10:45 PM
Re: Don't Miss Thursday's Dark Reading Radio @ Black Hat
Next up today --  Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 7:27:07 AM
Don't Miss Thursday's Dark Reading Radio @ Black Hat
We've already had two great radio shows at Black Hat so far this week. So don't miss our upcoming broadcasts today: 

Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT) with Tom Cross,director of security research at Lancope.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.

And maybe some surprise guests....
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio