- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Ready to power on next week, the annual Black Hat Conference in Las Vegas promises to be the high-voltage event it has been in the past where security experts tear apart any naïve hope that there's really anything secure at all that was ever made by the high-tech industry.
Black Hat 2011 will showcase more than 50 presentations by security researchers in which the most intense will detail vulnerabilities in everything from USB devices, to printers and scanners, to iPhones to Android devices, to hacking Chrome OS and notebooks, to industrial SCADA systems.
Details on some of this are already spilling out, such as in the case of Charlie Miller, who in a Fortune article said he has found a way to hack the chips that control the batteries in Apple's MacBook, MacBook Pro and MacBook Air, letting him ruin them or install persistent malware.
There could be a few horror-inducing sessions, too, such as the presentation from iSec Partners researchers Don Bailey and Matthew Solnik, who will provide a few tips on "war texting" to find cars -- yes, automobiles -- and exploit mobile-networking vulnerabilities in them in order to unlock someone else's car and turn the engine on via a laptop.
And if you're interested in printers, there's a session on how embedded Web servers in printers and scanners can be easily found on the Internet and documents they recently processed gathered up without even breaking into them. That one is being done by Zscaler Labs researcher Michael Sutton.
Here are a few picks from the Black Hat schedule that promise some electrifying chills and thrills (unless the presenters chicken out, as has happened before, because they're afraid that some vendor might sue them). Also, the excitement can also be a little muted once the researcher tells you that of course he already told the vendor about the problem and it's been fixed. Nonetheless, here are some promising acts from the surreal circus that is Black Hat:
- "Exploiting the iOS Kernel," by Stefan Esser, who promises to "introduce the audience to kernel-level exploitation of iPhones."
- "Hacking Androids for Profit," by Riley Hassell and Shane Macaulay, who swear they will "reveal new threats to Android apps, and discuss known and unknown weaknesses in the Android OS and Android market."
- "Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption," by Dino Dai Zovi, will focus on what the enterprise should be concerned about in "several key security mechanisms" in terms of their strengths and weaknesses.
- "Hacking Google Chrome OS," by Matt Johansen and Kyle Osborn, who say they have "discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by exposing all user email, contacts, and saved documents," plus much more, including "taking over their Google account by stealing session cookies" and other ways.
- "Chip & PIN is definitely broken," by foursome Adam Laurie, Zac Franken, Andrea Barisani and Daniele Bianco, with their take on "credit-card skimming and PIN harvesting in an EMV world," which will bite down on chip-based payment cards.