Black Hat and Defcon 2007--

>> A Multi-Perspective View of the Information Security Landscape
In early August, Las Vegas was home to two world-renowned IT
security conferences, Black Hat USA 2007 and Defcon. These
back-to-back conferences bring together the many diverse groups
that comprise the information security industry, including IT
security professionals, vulnerability researchers, so-called
"feds," and computer hackers. This unique blend of participants
offers a comprehensive, unparalleled look at the information
security landscape.


Black Hat, considered by many to be the more mainstream of the
two gatherings, was founded in 1997 by Jeff Moss to provide
advanced education for security professionals in both the
commercial and federal spaces. Today, the conference features
new, cutting-edge research from the foremost technologists in the
world. A few days of security training is followed by a week of
briefings covering all the latest threats, threat vectors,
security solutions, and more. In addition to the Las Vegas
conference, Black Hat hosts annual events in Singapore, Tokyo,
and Amsterdam. Working with corporations and governments around
the world allows Black Hat's security experts to stay abreast of
global security trends. The recent Black Hat conference held in
Las Vegas has grown considerably since its inception. This year,
it reports an estimated 4000 attendees--a 10 percent gain over
2006 numbers.

Defcon, which immediately follows Black Hat in Las Vegas, has
been around since 1992. Also founded by Jeff Moss, Defcon is
considered to be one of the largest underground hacking events in
the world. While many Black Hat attendees also attend Defcon,
the conference is geared more toward the hacker community.
Defcon is well-known for its casual atmosphere--no ties
required--and it costs a mere $100 to attend. This year, Defcon
generated some media buzz when a Dateline NBC reporter was
exposed and forced to leave the conference for allegedly filming
attendees of a session by noted hacker H.D. Moore. Not
surprisingly, the hacker community frowns on cameras.

Black Hat and Defcon cover a vast array of information security
topics. Following are just five of the hot topics discussed at
this year's conferences.

>> Wi-Fi Traffic Sniffers
Users should think twice before sitting down at the local Wi-Fi
hotspot to access the Internet. According to a paper presented
at Black Hat by Robert Graham, CEO, Errata Security, Web
applications that exchange account information with users pose
serious security risks when accessed via Wi-Fi. Typically, Web
sites use encryption to protect passwords. However, it is common
for other account information exchanged between a browser and a
Web site to not be encrypted.

Using a packet sniffer, a tool used to intercept or log wireless
traffic exchanged between a wireless router and a computer,
cookies can be collected while a user is accessing a Web site via
Wi-Fi. Cookies consist of data sent to a browser by a Web site
that remember certain information about users, such as when they
last logged in. Cookies also include session identifiers--another
type of unique information generated when users log into their
accounts. With the cookie information, the attacker is able to
import the information into another Web browser and use it to
access the user's account. This enables a hacker to read email,
create blog postings, and the like. To combat the risks
associated with Wi-Fi, researchers at Black Hat recommended users
refrain from accessing their accounts unless a virtual private
network (VPN) or secure socket layer (SSL) is used.

>> Web 2.0--AJAX Vulnerability
At Black Hat 2007, a presentation addressing the AJAX application
design flaw--which included live demonstrations of the potential
exploits--generated a great deal of interest among conference
attendees. While Web 2.0 is an exciting and revolutionary
development in online computing, it exposes consumers and
businesses to a broad spectrum of Web threats. Web 2.0
technologies, such as asynchronous Javascript and XML (AJAX),
expand both the attack surface and the security gaps available to
cyber criminals, while the communal interaction premise of Web
2.0 renders users more susceptible to social engineering
techniques. These developments challenge security solutions to
expand protection beyond the traditional client-server endpoints
of online computing. With many more threats unfolding "in the
cloud" of the Web, which in the Web 2.0 paradigm is coming to
function as a dynamic and exploitable operating system,
next-generation security solutions must pay increasing attention
to defense mechanisms that secure Web sites.

The potential consequences of neglecting Web 2.0 protection are
significant. Given the rush to architect Web 2.0 applications to
meet demand, coupled with the underlying security weaknesses of
AJAX, the Web 2.0 ecosystem remains disturbingly vulnerable to
attack. Web developers are not sufficiently ameliorating the
security problem. Interest in AJAX is sky-high and only continues
to grow. Unfortunately, far too many developers rush into AJAX
development without giving proper consideration to security
issues.

>> Botnets
True to form, Botnets emerged as a hot topic at the recent Black
Hat conference in Las Vegas. The use of botnets-networks of
compromised machines infected with malicious programs-remains a
common tool for nefarious Web activity. A bot--sometimes
referred to as a bot worm--is an automated software program that
operates as an agent for a user or another program. While bots
can be used to perform mundane tasks online (e.g., check stock
quotes, compare prices, or collect and index documents), they are
increasingly used for malicious purposes. Malicious bots are
created covertly using a computer virus or worm to install a
backdoor program--such as a Trojan horse (a malicious program
disguised as, or embedded within, legitimate software) or a
drive-by downloader (which exploits Web browsers, e-mail clients,
or operating system bugs to download malware without requiring
any user intervention)--that leaves a PC Internet port open.

Controllers, or botmasters, search for PCs with open ports and
use those ports to install their bot programs. Security experts
call these bot-loaded PCs zombies, because the botmaster can wake
them on command. When bots are installed on multiple PCs, the
network of compromised machines (the botnet) is commanded to
perform an extensive range of malicious activities, including
spam distribution, phishing schemes, keystroke logging, and
distributed denial of service (DDoS) attacks.

>> Voice over IP (VoIP) Exploits Enable Data Theft
VoIP vulnerabilities received considerable attention at Black Hat
this year. While not new to the IT security threat arena, VoIP
exploits are becoming increasingly alarming. For a time, VoIP
vulnerabilities were a nuisance that primarily threatened
service. Today, cyber criminals can use VoIP attacks as a
vector for accessing data and stealing information. During a
VoIP session at Black Hat, researchers from security firm Sipera
demonstrated a technique that could allow a hacker to gain remote
control of a PC running VoIP and the session initiation protocol
(SIP)--an application-layer signaling protocol used for IP-based
communications. By leveraging the flaws in VoIP and SIP, the
demonstration showed how attackers are able to access data stored
on a compromised computer.

According to researchers, a hacker is able to insert a small
script, or code, into a SIP message. When the phone receives the
message, the code executes. This opens up a connection on the
computer that enables access to the data stored on the machine.
Given the evolution of VoIP threats, enterprises, service
providers, and consumers need to become more aware of security
threats to their fixed and mobile VoIP infrastructure.
Protection mechanisms including increasing robustness of phone
protocol implementations, employing VoIP security best practices,
and securing critical network nodes are key to combating VoIP
threats. Additionally, consumers should take proactive steps to
protect data at rest on computers running VoIP applications.

>> Advanced Gaming Consoles
Today's next-generation gaming consoles that offer Internet
connectivity coupled with large hard disk storage and advanced
operating systems, are likely targets for cyber criminals looking
to create botnets, pirate games, and steal personal information.
Today, a virtual world in which console gamers can play with each
other adds another dimension to games. Recently, the big three
in the video gaming industry (Nintendo, Sony, and Microsoft)
released the latest powerful new gaming console technology: Wii,
PlayStation 3, and Xbox 360 respectively. Each is capable of
Internet connectivity, data storage, and use of a third-party
operating system. The processing power and various capabilities
of these new consoles pave the way for more realistic,
interactive, and fun gaming. They also create an appealing
threat vector for malicious attacks.

At present, these game consoles can be used for more than just
gaming, and all three consoles can connect to the Internet via
broadband. This means that content can be downloaded from the
Internet and stored on the on-board hard drive, enabling zombie
game console botnets-especially since many consoles now support
third-party operating systems.

Another consideration is information theft. Massively
multiplayer online games (MMOGs) and user accounts in Xbox Live
and PlayStation Network are prime targets for future spyware.
Keyloggers can be downloaded to console hard drives and
surreptitiously operate in the background. Spyware may not be as
significant a threat to console gaming as it is to other
computers, however. In most normal situations, trade secrets and
sensitive information are rarely stored on game consoles.

For information on how to combat today's complex threats, visit
www.trendmicro.com
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSW
. And stay tuned to the next issue of the FLOD
Newsletter for an in-depth look at these and other topics
emerging from Black Hat and Defcon 2007.



References
Black Hat USA 2007 (http://www.blackhat.com)
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSY

Kirk, Jeremy. (2007, August 01) Researchers: Webb Apps Over Wi-Fi
Puts Data at Risk, InfoWorld,
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSA

http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSA

Hickey, Andrew. (2007, August 07) VoIP Vulnerability Threatens
Data, SearchVoIP.com, http://searchvoip.techtarget.com
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSB

White Hats Expose VoIP Security Threat, ZDNET.co.uk, (2007,
August 07)
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSC

http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSC


************
Quick Links
************

>> View the Latest Threats
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VT

>> Get Product Updates
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VW

>> View this issue online
http://newsletters.trendmicro.com/servlet/website/ResponseForm?mgLEVTTA_TBUA_.40ev.2eEmhLrHgnPLIlpmLFRHohhDJhDpK

>> Read the Malware Blog
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VC

>> Forward to a Friend
http://newsletters.trendmicro.com/servlet/ff/c?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VgVTYDYSW


************
Free Security Tools
************

>> Scan Your PC for Viruses and Spyware
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VD

>> Surf Securely with TrendProtect(TM)
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSR


************
Security Resources
************

>> Common Threats to Your PC
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VST

>> Threats in the Enterprise
http://newsletters.trendmicro.com/servlet/cc5?lgLQTWRRQDVlhLsHgnOLIkplLxPHohhQJhQpKV2VSU


************
Quotables
************
>> Using a packet sniffer, a tool used to intercept or log
wireless traffic exchanged between a wireless router and a
computer, it is possible to collect cookie information while a
user is accessing a Web site via Wi-Fi.
>> Given the rush to architect Web 2.0 applications to meet
demand, coupled with the underlying security weaknesses of AJAX,
the Web 2.0 ecosystem remains disturbingly vulnerable to attack.
>> Today, cyber criminals can use VoIP attacks as a vector for
accessing data and stealing information.
>> Content can be downloaded from the Internet and stored on the
on-board console hard drive, enabling zombie game console
botnets-especially since many consoles now support third-party
operating systems.

Source : http://trendmicro.com