|
|
|
 |
|
|
|
DATE: September 18, 2008
LIVE EVENT: ATCA, AMC & MicroTCA
LOCATION: The Westin Waltham Boston, ...
More Information |
|
|
|
|
|
|
|
|
| Dark Reading TV |
|
 |
|
Kaminsky on DNS - 8/7/2008 9:00:00 AM
Security researcher Dan Kaminsky unveiled his much-anticipated DNS vulnerability discovery at Black Hat 2008. He talks to site editor Tim Wilson about the nature of that vulnerability -- essentially the notion that a hacker can now try to compromise the delegation system of DNS servers repeatedly, thereby increasing his or her chance of success. Kaminsky also talks about the work done by him and the community behind the scenes to fix this flaw before it was publicly revealed. |
 |
|
Black Hat 2008 Keynoter Ian Angell - 8/7/2008 9:00:00 AM
Black Hat keynoter Ian Angell talks about the dangers of thinking that technology can solve everything, pointing to the example of the DNA database as a solution for fighting crime. Systems get overloaded, grow in complexity, and evolve. |
 |
|
Root Labs's Nate Lawson - 8/7/2008 9:00:00 AM
Root Labs's Nate Lawson found some major security and privacy implications with how FastTrak has been implemented. He opened up a transponder, found that there was a lot of undocumented behavior, and it lacked encryption. California Highway Officials have mostly been silent about this, despite Lawson's offer to help them fix the system -- for free! Lawson also revealed he has developed a 'kill switch' that you can enable for the tolls, but disable to protect your privacy. |
 |
|
Phishing the Phishers - 8/7/2008 9:00:00 AM
Security researchers Nitesh Dhanjani and Billy Rios set about to infiltrate the phishing ecosystem and found that there is no honor among them and a general lack of sophistication. For example, they found there is plenty of phisher-on-phisher crime, in which they are stealing information from each other. |
 |
|
Dan Kaminsky, Director - Penetration Testing, IOActive - 8/27/2007 4:15:00 PM
Researcher Dan Kaminsky turns his focus to vulnerabilities in Web 2.0 applications, but notes that many of today's most dangerous flaws have been around for years. In this interview, Kaminsky talks about new flaws, old flaws, and how he he has developed an unusual new technology that mixes music and IT security. |
 |
|
Adam Laurie, Freelance Security Consultant, http://rfidiot.org - 8/27/2007 3:15:00 PM
RFID expert Adam Laurie outlines the vulnerabilities inherent in the wireless technology, the exploits under development by black hats, and some common-sense advice on how to avoid the threats associated with RFID identification.
|
 |
|
Jim Christy, Director - Futures Exploration, Dept of Defense - 8/27/2007 3:00:00 PM
Jim Christy, director of futures exploration for the U.S. Department of Defense, talks about threats, preparedness, and his role in the newest "Die Hard" movie. On behalf of law enforcement, Christy also appeals to black hats to stop trying to beat law enforcement -- and join it instead. |
 |
|
Johnny Long, Computer Sciences Group - 8/27/2007 2:45:00 PM
Penetration tester and vulnerability researcher Johnny Long discusses methods for breaking through corporate defenses without having a hacker's credentials. Long takes viewers on a ride through old and new tactics, including dumpster diving, shoulder surfing, tailgating, and Google hunting. |
 |
|
The Great Rootkit Debate - 8/27/2007 4:30:00 AM
Researcher Tom Ptacek says he has tools that will detect any rootkit. Researcher Joanna Rutkowska says she's developed a rootkit that can't be detected by any security tool. Who's right -- and how will the answer affect the security research community? Check out this video, in which both experts offer their perspectives on this hot debate. |
 |
|
Richard Clarke, Chairman, Good Harbor Consulting - 8/27/2007 4:15:00 AM
Security and military expert Richard Clarke offers a real-life picture of threats currently in play against key elements of U.S. infrastructure and federal government defenses. Terrorists and rival nation-states present a real danger to U.S. defenses, Clarke warns -- a danger that many government agencies aren't prepared for. |
 |
|
Black Hat 2007 - 8/6/2007 3:55:00 PM
"Hats divide generally into three classes: offensive hats, defensive hats, and shrapnel." - Katharine Whitehorn. DRTV's round-up of goings-on in Las Vegas at Black Hat 2007, including a special report by undercover reporter 'Ac!d Crash' - that's not a real tattoo... |
 |
|
Graham Melville, Director of Product Marketing, Nokia - 12/1/2006 9:00:00 AM
With highly mobile devices, data that's often in transit, and a variety of end points that need to be secured, enterprises need the best management overview they can get. Nokia's Graham Melville explains the "contextualization" of security management information -- like how you weed out the false-positives from the information you need to act on. In the end, striking the right balance between useability and security will be the challenge -- and reward -- for enterprise IT professionals. |
|
 |
|
Steve Stasiukonis, VP & Founder, Secure Network Technologies - 12/1/2006 8:59:00 AM
It's easy for IT staff to get hyper-focused on the multitude of external threats that they overlook the negligence or malfeasnace that their own itnernal suers can wreak on the network. These come in the form of thumb drives, iPods, and even smarthpones that can carry away proporietary data, or perhaps worse, introduce malware across the enterprise. Some may respond by disabling USB ports on desktops, but controlling, managing, and monitoring them is the smarter way to go, Stasiukonis contends. |
|
 |
|
John Greiner, CTO, Legal Services of New York City - 12/1/2006 8:58:00 AM
Life at a nonprofit like Legal Services of New York requires an artful balance between keeping internal users secure and operational, without dipping into funds that might otherwise be used to hire more attorneys. While Greiner likes the promise of automating security functions like remote access and firewall management, the technology hasn't kept pace with his hopes. But he points to the growth of "knowledge management" workers in the legal industry as a means to bolster wider use of IT and security technology among law firms and service organizations. |
|
 |
|
Joseph Foran, Director of IT, FSW - 12/1/2006 8:57:00 AM
While the potential of network administration control (NAC) is both sizeable and attractive, truly useful implementations are about two years away. NAC's ability to integrate intrusion detection systems (IDS) in particular would go a long way to reducing the reams of data these must-have security systems generate on a daily basis, Foran tells DRTV. He also points to the "driving force" of HIPAA and other privacy- and security-related legislation as exerting a positive influence on the quality of services provided by FSW, a non-profit human services agency. |
|
 |
|
Lockdown: Securing Today's Enterprise Data - 11/28/2006 1:05:00 PM
As threats become increasingly more sophisticated, data security touches every aspect of systems, networks, and end devices. CMP leading editors and analysts peeled back the layers to identify enterprises' biggest challenges and what their options are to remedy them. This conference also looked at external threats that come from hackers, viruses, and phishers, as well as the growing internal risks from negligence or malice. |
 |
|
Cam Cullen, VP, Product Management, Reef Point - 8/3/2006
Security ramifications for voice over IP still not completely clear, says Reef Point’s Cam Cullen; carriers still need to take the proper precautions to protect their core networks as SIP security evolves and matures. And the proliferation of WiFi and mesh wireless networks means they’re also like to become targets for hacker attacks. |
 |
|
Simon Szykman, Director, National Coordination Office, NITRD - 8/3/2006
The U.S. government is looking at multiple areas to fund technology research and development -- detection of attacks, better authentication, and improved security for wireless, next-generation converged nets, and future architectures for the public Internet. Szykman also explains why the government has allocated more than a third of its R&D budget for 2007 to high-end supercomputing. |
 |
|
Kevin Simmons, Director, Technology Support, SkyWest Airlines - 8/3/2006
IT security’s a big enough challenge, but security management gets really interesting when you throw physical security into the mix at every airport in which SkyWest operates. Keith Simmons’ biggest security concerns? Viruses that can hop his firewalls, laptop users who might get a little lazy where security’s concerned, and keeping “dirty” devices separate from the “clean” ones. |
 |
|
Richard Stiennon, Chief Research Analyst, IT Harvest - 8/3/2006
Compliance regulations that require user privacy, secure records storage, or disclosure of potential data losses will continue to drive security management and security spending, says Richard Stiennon, Chief Research Analyst at IT Harvest. Find out why he’s predicting a widescale, distributed denial-of-service against a major stock exchange or financial services company in the not too distant future. |
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
| ENTERPRISE VULNERABILITIES |
|
|
|
Vulnerability: polypager polypager
Published: 2008-08-07
Severity: HIGH
Description: sql injection
vulnerability in polypager
1.0 rc2 and earlier allows
remote attackers to execute
arbitrary sql commands via
the nr parameter to the
default uri.
|
|
|
|
Vulnerability: polypager polypager
Published: 2008-08-07
Severity: MEDIUM
Description: cross-site
scripting (xss)
vulnerability in polypager
1.0 rc2 and earlier allows
remote attackers to inject
arbitrary web script or html
via the nr parameter to the
default uri.
|
|
|
|
Vulnerability: mpfm mask_php_file_manager
Published: 2008-08-07
Severity: HIGH
Description: unspecified
vulnerability in mask php
file manager (mpfm) before
2.3 has unknown impact and
remote attack vectors
related to "manipulation of
cookies."
|
|
|
|
Vulnerability: WebGUI plain_black_webgui
Published: 2008-08-07
Severity: MEDIUM
Description: rssfromparent
in plain black webgui before
7.5.13 does not restrict
view access to collaboration
system (cs) rss feeds, which
allows remote attackers to
obtain sensitive information
(cs data).
|
|
|
|
Vulnerability: bestpractical request_tracker
Published: 2008-08-07
Severity: HIGH
Description: unspecified
vulnerability in best
practical solutions rt 3.0.0
through 3.6.6 allows remote
authenticated users to cause
a denial of service (cpu or
memory consumption) via
unspecified vectors related
to the devel::stacktrace
module for perl.
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright © 2008 United Business Media Limited - All rights reserved.
|
|
|
|
|
|
|
| Companies |
3Com (16), Aventail (7), CA (18), Check Point (29), Cisco (149), Enterasys (5), F-Secure (9), F5 (5), HP (18), IBM (127), Intel (6), ISS (37), Juniper (36), Alcatel-Lucent (2), McAfee (170), Microsoft (1170), NetIQ (2), Nokia (3), Nortel (6), Oracle (44), Qualys (2), RSA (64), Secure Computing (19), Sun (11), Symantec (290), Trend Micro (29), VeriSign (35)
|
| Application and Perimeter Security |
802.11x (46), Anomaly detection (75), Anti-spam (146), Application quality assurance (30), Application scanning (148), Auditing (27), AVDL (1), Buffer overflows (106), CERT (11), Consultants (234), Cross-site scripting (177), CVE (7), Database encryption (56), Digital vaults (8), DOS (204), EAP/LEAP (1), Email gateways (235), Encryption (132), Filtering (54), Firewalls (317), FIRST (1), HIPAA (109), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), IDS (172), IDS (15), IM (82), IPS (274), ISO 17799 (8), Key management (70), Least-privilege user (54), License management (32), Malware (1367), NAC (289), Network IDS (34), NIST (18), OWASP (14), OWASP (11), Patch management (316), PCI (212), Penetration testing (228), Phishing (679), PKI (49), Rootkits (106), SAML (2), Software metering (4), Source-code auditing (83), SOX (93), SSL (185), Systems integrators (8), VPNs (257), Vulnerability assessment (806), Web App Security Consortium (8), Web App Security Consortium (18), Web application firewall (94), Web services security (625), WLANs (348), Worms (282), WPA (17), XML (27)
|
| Desktop Security |
Anti-spam (146), Antivirus (375), Application Security (1100), Attacks / Exploits / Threats (2872), Authentication (960), Browser security (735), Digital certificates (72), Digital signatures (50), Disk encryption (61), DRM (57), Encryption (628), File/folder encryption (39), Identity management (380), IM (82), Malware (1367), Messaging Security (516), PGP (5), Phishing (679), Rootkits (106), S/MIME (2), Security Administration / Management (1737), Social engineering (358), Spam (724), Spyware (271), Tokens (72), Trojans (368), User privacy (1559), Viruses (387), VOIP security (129), Vulnerabilities (3140), Vulnerability Management (420), Worms (282)
|
| Discovery and management |
Anomaly detection (75), Application scanning (148), AVDL (1), Black Hat (132), COBIT (8), Consultants (234), Content filtering (181), CVE (7), End-user monitoring (278), Filtering (54), FISMA (20), HIPAA (109), Host intrusion prevention (106), Host-based IDS (45), IDS (15), IDS (172), IPS (274), ISACA (1), ISO 17799 (8), Log aggregation (58), Network IDS (34), OWASP (14), OWASP (11), PCI (212), Penetration testing (228), Penetration testing (208), SAML (2), SIM/SEM (211), Source-code auditing (83), SOX (93), Vulnerability assessment (806), Vulnerability management (861), Web App Security Consortium (8)
|
| Host security |
802.11x (46), Application quality assurance (30), Authentication (960), Backup security (67), Biometrics (163), Buffer overflows (106), Digital certificates (72), Disk encryption (61), Encryption (628), End-user monitoring (278), HIPAA (109), Host anti-spam (80), Host anti-spyware (104), Host antivirus (114), Host intrusion prevention (106), Host Protection (516), Host-based IDS (45), Host/server configuration (16), Host/server encryption (9), Host/server patching (10), IDS (15), IEEE (4), ISO 17799 (8), Least-privilege user (54), License management (32), NAC (289), P2P management (33), Patch management (316), PGP (15), Port control (12), Single sign-on (70), Smart cards (82), Software metering (4), SOX (93), Systems integrators (8), TCG (20), Tokens (72), User privacy (1559), Vulnerability Management (420), WPA (17)
|
| Security services |
Agency application (2), Application quality assurance (30), Application scanning (148), AVDL (1), COBIT (8), Consultants (234), FISMA (20), HIPAA (109), ISO 17799 (8), Managed services (305), PCI (212), Penetration testing (208), PKI (49), Policy management (477), SIM/SEM (211), Source-code auditing (83), SOX (93), Systems integrators (8)
|
| Storage Security |
AES (12), Backup security (67), COBIT (8), Database encryption (56), DES (3), Digital vaults (8), Disk encryption (61), Encryption (132), File/folder encryption (39), FIPS-140-2 (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), Identity management (115), ISO 17799 (8), Key management (70), Law enforcement (1061), Legislation (338), Offsite backup (26), PCI (212), PKI (49), SOX (93), Stored data losses (332), Systems integrators (8), Triple DES (3), User privacy (1559)
|
| Wireless Security |
802.11x (46), AES (12), Auditing (27), COBIT (8), Credential service provider (12), DES (3), Digital certificates (72), Digital signatures (50), DOS (204), EAP/LEAP (1), FISMA (20), Hashing algorithms (17), HIPAA (109), Host/server encryption (9), IEEE (4), IETF (10), ISO 17799 (8), Key management (70), NAC (289), Network IDS (34), PCI (212), Penetration testing (208), PKI (49), Port control (12), Tokens (72), Triple DES (3), VPNs (257), Vulnerability assessment (806), WLANs (348), WPA (17)
|
| |
