Black Hat and Defcon Security Events 2010 – The Highlights

Written By Sam on 4 August 2010

The two security events held at Las Vegas, Black Hat and Defcon, brought to fore several security issues plaguing the websites and devices. Following is a round-up of the important issues raised during the event.

Live Video Stream of Black Hat Hacked – The live stream of the Black hat conference, available at $395 was accessible for free, according to a web security expert at Mozilla, Michael Coates. The third party company was quick to fix the issue.

Mobile Base Stations can be spoofed – A Demo at Defcon by Chris Paget proved that a cell phone tower can intercept even encrypted outgoing calls.

Google facing Malware Risks – A Mid-Year Security Report by security vendor Barracuda Networks showed that Google links to double the malicious web sites as Yahoo!, Twitter and Bing combined. This is consistent with another report comparing malware detection rates of IE with Chrome and Firefox. The former uses Microsoft’s database of malwares and the other two use Google’s database. The same has been echoed by a Symantec report as well. Symantec has designed, Norton Safe Web Lite, a free tool for detecting potentially dangerous search results. Also, different ways in which iGoogle and Gmail can be put to risk using third-party add-ons, was also discussed.

Android OS In-securities – Android mobile operating system beset with security issues was also a focal point. At DefCon, couple of security experts released a rootkit, which exposes the vulnerability of users, who have already rooted the phone. At BlackHat, Lookout security firm revealed that it had access to several wallpaper apps in the Android Marketplace that transmitted SIM card info, users’ phone numbers, and probably even passwords of voice mail to the developer. This raises serious questions about Android’s security disclosures, although the developer had denied any malicious intent.

Other In-securities – Not just Google, others are as vulnerable. At Black Hat, experts presented on how one can learn about SSL encrypted traffic open in other tabs. Other researchers found a DNS-rebinding technique that allows black hats to take over wireless routers by tricking users into visiting malicious websites. At Defcon, it was revealed that using cross-site request forgery, Linksys and Netgear routers could be taken over.

The Oracle databases and web hosting management tool cPanel, were also shown to be as vulnerable. However, the social networking site Twitter was found to be relatively more secure

Threat to National security – There were revelations of critical infrastructure in US being vulnerable to a cyber attack and Malware tools being openly sold in China. Also, wiki leaks video exposed the vulnerability of secret military reports and files.

Hacking ATM – It was also revealed that ATM was also vulnerable to hacking.

The conclusion is that even the highly security aware organizations will have issues and faults.

via ReadWriteWeb

One Response to “Black Hat and Defcon Security Events 2010 – The Highlights”

  1. wireless routers are very necessary nowadays because we do not want so many wires running around the home -:”

Leave your response!