Black Hat Europe 2014: One of Everything
Most of our preshow intel posts focus on a specific theme, showing off a few upcoming Briefings that cover different aspects of a single area. But not today's, which is a potpourri grab bag of excellent Briefings that didn't quite fit into our previous dispatches. Let's kick it off with some quantum encryption.
Quantum computing will change security forever, with multi-qubit systems using quantum algorithms to slice through even 4,096-bit PK encryption in seconds. Join Konstantinos Karagiannis for Quantum Key Distribution and the Future of Encryption, a look at recent real-world experiments in quantum key distribution that show us the future of encryption. Remember the panic when Heartbleed required a few passwords to be changed? Imagine a day when only new systems that exploit the weirdness of quantum mechanics can ensure privacy.
Back in the present, Android greatly shrinks its kernel attack surface by making apps pass through a single system, Binder, to interact with anything. Of course, that makes Binder an immensely tempting target. Nitay Artenstein and Idan Revivo noted a lack of research here, and in Man in the Binder: He Who Controls IPC, Controls the Droid, they will present their findings as a proof-of-concept rootkit that could enable keyloggers, VNC-alikes, and many other catastrophic breaches. Come for the attacks. Stay for the nitty-gritty, low-level insights on how exactly Binder does its thing.
Another big gear shift: Big data is changing the way things are done, but many organizations' security sensibilities haven't caught up to their wanton usage of Hadoop. Are they taking on too much risk too quickly? Big data's supposed to generate better, more intelligent predictions, but why should we trust our least secure systems? Based on Davi Ottenheimer's new book Realities of Big Data Security, Hadoop Security: Seven Ways to Kill an Elephant will present seven simple ways to deal with serious risks and elephantine security challenges today.
Finally, for all the talk of ICS, SCADA, and such nowadays, few people have the opportunity to get their hands dirty and understand how it works. The workshop Industrial Control Systems: Pentesting PLCs 101 aims to bring at least a few new folks into the fold, granting the knowledge to start attacking SCADA networks and PLCs and giving hands-on experience with real devices. Come see the final, unhacked moments of a Siemens S7-1200 PLC and a Schneider m340.
Prices for Black Hat Europe increase on Oct. 9. Head on over to Black Hat Europe 2014's registration page to register.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024