Attacks/Breaches
8/1/2014
02:00 PM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

LIVE From Las Vegas: Dark Reading Radio at Black Hat

If you can't physically be at Black Hat USA 2014, Dark Reading offers a virtual alternative where you can engage with presenters and attendees about hot show topics and trends.

Over the last few weeks Dark Reading editors have peppered you with stories about the glories of Black Hat past and sneak previews of what's to come when security professionals from around the globe convene for the 17th annual Black Hat USA 2014.

Can't make the trip? Not to worry. Dark Reading has a created a virtual alternative. We've commandeered space at the Mandalay Bay for a temporary radio studio where we will broadcast four live episodes of Dark Reading complete with audio interviews and live text chats with our guests.

Here's the schedule, so be sure to bookmark the date and time:

Wednesday, August 6
The State of Cloud Security, 1:00 p.m. ET (10:00 a.m. PT)

Our guest, Jim Reavis, co-founder and executive director of the Cloud Security Alliance, will preview the latest CSA research report on the current state of global cloud adoption, security barriers in the cloud, and offer some predictions on the direction of the cloud market based on his interactions with global enterprises.

Jim is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. He has served as an international board member of the Information Systems Security Association and was co-founder of the Alliance for Enterprise Security Risk Management.

Airport Security: Can A Weapon Get Past TSA? 8:00 p.m. ET (5:00 p.m. PT)
Join us as for a recap of Billy Rios's Black Hat presentation on how a variety of airport security systems actually work, and where their weaknesses are. We'll discuss modern airport security procedures, how these devices are used to detect threats, and findings about some bugs he's discovered.

Billy studies emerging threats with a focus on embedded devices, Industrial Control Systems (ICS), and Critical Infrastructure (CI). Before Qualys, Billy was a technical lead at Google where he led the frontline response for externally reported security issues and incidents. Prior to Google, he was the security program manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company's response for several high-profile incidents, including the response for Operation Aurora. Before Microsoft, he worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Thursday, August 7
Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT)
Just as one should never bring a knife to a gun fight, a network defender should not rely on tired maxims such as "perimeter defense" and "defense in depth." Today's adversaries are well past that. Tom Cross, director of security research at Lancope will share the highlights of his Black Hat talk, "The Library of Sparta," the playbook nation-state adversaries are using to target and attack your organizations, and the new approaches you must use to defeat them.

Tom works on advancing the state-of-the-art in network behavioral anomaly detection with netflow. He has over a decade of experience as a computer security researcher and thought leader. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has published papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He was previously manager of X-Force Research at IBM Internet Security Systems. He has spoken at numerous security conferences, including Black Hat, DEF CON, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT)
Every Android application has its own unique identity, typically inherited from the corporate developer's identity. The Bluebox Security research team recently discovered a new vulnerability in Android, which allows these identities to be copied and used for nefarious purposes. Fresh from his Black Hat presentation, Jeff Forristal will walk through the technical root cause of this responsibly disclosed vulnerability and explain why it's a problem and how an attacker could create an exploit for it.

Jeff is a security technology professional with over a decade of experience in the security industry. He has written multiple features and cover-story articles for Network Computing and Secure Enterprise magazines; he is also a contributing author to multiple books. Under the pseudonym "Rain Forest Puppy," Jeff has been recognized as an industry expert in web application security and was responsible for the first publicized responsible security disclosure policy (2000), the first publicized recognition of SQL injection (Phrack, 1998), and the first intelligent open source web application scanner (Whisker, 1999).

If you can't make the live session, you can revisit the broadcast from our Dark Reading Radio archives. We'll also be prerecording a number of Black Hat speaker interviews from the show, which we will rebroadcast with accompanying live text chats in the coming weeks. So stay tuned!

As always, if you have any questions or comments about the upcoming Dark Reading Radio @Black Hat shows, please post them in the comments and we will bring them to the broadcasts in Las Vegas.

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 3:10:45 PM
Re: Don't Miss Thursday's Dark Reading Radio @ Black Hat
Next up today --  Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/7/2014 | 7:27:07 AM
Don't Miss Thursday's Dark Reading Radio @ Black Hat
We've already had two great radio shows at Black Hat so far this week. So don't miss our upcoming broadcasts today: 

Military Strategies & Cyber Security 1:00 p.m. ET (10:00 a.m. PT) with Tom Cross,director of security research at Lancope.

Android's Fake ID Vulnerability, 7:00 p.m. ET (4:00 p.m. PT) with Jeff Forristal  of Blue Box Security.

And maybe some surprise guests....
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.