Black Hat/Defcon hackfests next week promise rollicking action

Page 3 of 3

* IBM Internet Security Systems researchers Mark Dowd, John McDonald and Neel Mehta will discuss C++-based security and vulnerabilities that can exist in C++ applications, some which may not have been publicly disclosed before.

* HD Moore, director of security at BreakingPoint Systems and founder of the Metasploit Project, will discuss new techniques for compromising organizations, along with new modules that will available for the Metasploit Framework, an open source exploit-development platform.

* Websense researchers Stephen Chenette and Moti Joseph plan to discuss how to defend against techniques disclosed earlier this year that allow an attacker to manipulate the browser heap layout using specific sequences of JavaScript allocation.

Social issues won’t be overlooked at Black Hat, as Gadi Evron, security evangelist at Beyond Security, takes up the topic of “Estonia: Information Warfare and Strategic Lessons” in a talk on what happened in Estonia during the massive denial-of-service cyberattack there last April.

And Kenneth Geers, author of several books on nations’ and terrorists’ interests in cyberspace, war and security, promises to take up provocative topics, including “Which countries have the worst Orwellian computer networks?”

Some controversy already has swirled around the Black Hat conference as last moth a presentation that promised to undermine chip-based desktop and laptop security was suddenly withdrawn without explanation. The briefing, “TPMkit: Breaking the Legend of [Trusted Computing Group’s Trusted Platform Module] and Vista (BitLocker),” promised to show how computer security based on trusted platform module hardware could be circumvented. No explanation was forthcoming by Black Hat or the researchers.