Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/14/2013
10:22 AM
50%
50%

Black Hat USA 2013 Reveals Turbo Talks On Top Topics

High-speed sessions will focus on content from almost every corner of security space

[NOTE: Black Hat and Dark Reading are both part of UBM Tech. As the key July 27th-August 1st information security event in Las Vegas approaches, we'll be sharing information about the show directly from its creators here on Dark Reading.]

Click here for more of Dark Reading's Black Hat articles.

There will be a lot of new things to see and do at Black Hat this year -- but one of the concepts we’re bringing is a blast from the past: the Turbo Talk. We’re particularly excited about the no-nonsense, no-stories, no-fluff 25-minute format, during which you’ll see content from almost every corner of security space in these high-speed sessions. For a preview of the breadth you’ll see, check out the talks below.

-- Clickjacking attacks are no longer new, and there are claims of adequate protection. However, as you’ll see, there is still a lot more work to be done. In "Clickjacking Revisited: A Perceptual View of UI Security," Devdatta Akhawe will revisit UI security attacks from a perceptual POV and highlight novel new attacks made possible through a thorough understanding of human perception. Some of these are 100% successful, yet still only scratch the surface of what's possible. Defending against such attacks will be nearly as complex as human perception itself.

-- Users demand seamless mobile app experiences, but this comes at the expense of security, with fewer forms of checking and validation built into the APIs that facilitate the magic. Of course, this leaves the APIs wide open to exploitation, as Daniel Peck will show in his Turbo Talk, "Abusing Web APIs Through Scripted Android Applications." He'll use JRuby to run code from targeted APKs in an easily scriptable way, and show how to use the Burp suite to probe APIs for weaknesses, wrapping up with several case studies that demonstrate popular apps being seriously compromised.

-- Big data is not just a buzzword, despite its current overexposure in the media. But how can it be used to improve the security posture of an application? In the Turbo Talk "Big Data for Web Application Security," Mike Arpaia will explore the pros and cons of big data as they pertain to app security. One of the most important steps is separating the problems that can and should be solved by big data from those that are not so applicable. Upon establishing an understanding of the proper problem domain, his talk will finish with several specific examples of how one security team uses big data daily to solve hard, interesting problems and provide a safer user experience.

More information about Black Hat USA 2013, which has a rapidly growing set of Briefings talks, as well as a comprehensive set of two- and four-day trainings, is available now -- and online registration, at a reduced rate from onsite, is open until July 24th.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34202
PUBLISHED: 2021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remot...
CVE-2021-32659
PUBLISHED: 2021-06-16
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombs...
CVE-2020-25755
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
CVE-2020-25754
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an una...
CVE-2020-25753
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.