Black Hat USA 2010: Complete Coverage

A round-up of articles leading up to and live coverage from Black Hat USA 2010, July 24 to 29, Las Vegas

>> Building Botnets For Fun And Profit
Creating a botnet business can be lucrative -- and isn't as hard as you might think, Black Hat speaker says

>> Ghost In The Machine: Database Weaknesses Expose SAP Deployments
Attacker can create a nearly undetectable user account in SAP once he gains unauthorized access, Black Hat USA researcher says

>> Researcher Reads RFID Tag From Hundreds Of Feet Away
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver's licenses

>> Metasploit To Get More Powerful Web Attack Features
Rapid7 sponsors open-source w3af Web assessment and exploit project

>> Design Flaws Make All Browsers Vulnerable, Black Hat Speaker Says
In series of hacks, researcher demonstrates inherent flaws in currently used browsers

>> Most SSL Sites Poorly Configured
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat

>> Former NSA, CIA Director Says Intelligence-Gathering Isn't Cyberwar
Efforts to crack U.S. cyberdefenses are standard operating procedure, Hayden tells Black Hat audience

>> New Tool Allows Websites To Keep Serving Pages After Infection
"Mod_antimalware" strips out malware instead of blocking infected pages, Black Hat presenter says

>> Adobe Joins Microsoft's Advance-Alert Program For Security Vendors
Microsoft's MAPP program will now include advance information on Adobe product vulnerabilities

>> Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says
Careful study of malware can help experts recognize its source and protect against it

>> ATMs At Risk, Researcher Warns At Black Hat
Barnaby Jack demonstrates remote and local exploits that work on popular bank machines

>> Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
'Big Boss' operation used VPN-tunneling botnet, Zeus Trojan, database-hacking, and money mules to help print and cash phony checks

>> 'App Genome Project' Exposes Potential Smartphone Risks
Researchers from Lookout will present their findings thus far in study of freebie Android, iPhone apps

>> Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut
New survey shows value IT security professionals place on job security, training, quality of life; authors to discuss career issues at Black Hat

>> Researcher Says Home Routers Are Vulnerable
Black Hat presentation will demonstrate hacks that could work on many existing routers

>> Researcher 'Fingerprints' The Bad Guys Behind The Malware
Black Hat USA researcher will demonstrate how to find clues to help ID actual attackers, plans to release free fingerprinting tool

>> 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros
Social networking experiment of phony female military intelligence profile fooled even the most security-savvy on LinkedIn, Facebook, Twitter -- and also led to the leakage of sensitive military information

>> 'BlindElephant' To ID Outdated Or Unknown Web Apps, Plug-Ins
New freebie tool fingerprints out-of-date apps

>> SAP, Other ERP Applications At Risk Of Targeted Attacks
Black Hat Europe researcher demonstrates techniques for inserting 'backdoors' into popular enterprise resource planning apps that aren't properly secured

>> New Hack Pinpoints Cell Phone User's Location, Personal And Business Relationships
Researchers demonstrate a technique that exploits the cell phone infrastructure to compromise cell user's privacy

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading