2 days ago via HootSuite
3 days ago via HootSuite
The Final Day of Black Hat 2008
- Details
- Category: Blog
- Published on Friday, 08 August 2008 17:08
- Written by Brian Dykstra
- Hits: 657
The final day of Black Hat 2008 was a mixed bag of presentations from vendor fluff to overly technical slide shows that NASA scientists will be studying for years to come. Social engineering and a variety of non-hacking technical tricks were the highlights of the day.
The morning started out well with a very entertaining and informative presentation by Shawn Moyer and Nathan Hamiel, Idea Information Security, on all the mischief that can be accomplished on social networking web sites. The presentation ranged from simple tricks for forcing your way onto peoples MySpace friends list to simple Java Trojans that automatically log an unsuspecting user out of their account as soon as they log in. They even got computer security luminary, Marcus Ranum to help them demonstrate how even security professionals divulged personal information to a fake Linkedin profile posing as him. The presenters had much more material than they were actually able to cover in the time allotted and we will be following up with them to get more information on the implications of fake corporate social networks.
One of the most cutting-edge presentations this year was Visual Forensic Analysis and Reverse Engineering of Binary Data by Greg Conti and Erik Dean, US Military Academy West Point. They effectively demonstrated the advantages and efficiencies possible by viewing data in two dimensions rather than one. Their research also demonstrated the potential advantages of unknown data visualization over traditional identification techniques. This area of computer forensics is in its infancy but shows a great deal of potential.
Internet scams are alive and well as chronicled by Jerimiah Grossman and Arian Evans. The duo presented eleven different hacking and scamming scenarios not related by computer intrusion but through business logic. Some of the schemes presented included establishing 58,000 accounts to collect the few cents used to verify a valid account and collected over $60,000.00 before being caught. Another scam involves exploiting the business logic of online shopping networks to receive products that were initially purchased but then rapidly cancelled before the scammer was actually charged. The disconnect between the ordering systems and shipping systems allowed over $400,000.00 worth of cancelled orders to be shipped. This was defiantly a case of seller beware.
Bruce Dang of Microsoft provided a very informative briefing on how hackers exploit flaws in Microsoft Office products to attack the unwary. The presentation was extremely technical (including Assembly language opcode) but organized in such a way made it easy to understand what went into these exploits so commonly used as the payload in phishing attacks. Bruce also provided some simple protection techniques and offered various free Microsoft software and knowledge resources to the audience.
In the next several weeks we will pull together our notes from all the presentation, conduct some follow-up interviews and bring Law.com readers the best of Black Hat USA 2008.
