NEWS FROM THE LAB - Saturday, August 6, 2011

Black Hat USA 2011 Posted by Mikko @ 03:48 GMT

It's the week of Black Hat and DEF CON and thousands of computer security experts have gathered to Las Vegas.

Black Hat 2011 DEF CON 2011

Hot topics this year include Siemens PLC security, revamping the SSL model and Mac laptop batteries.

Black Hat 2011 DEF CON 2011

Black Hat 2011 DEF CON 2011

Black Hat 2011 DEF CON 2011
Mikko keynoting in DEF CON 19

One talk which was highly anticipated was Riley Hassell's and Shane Macauley's "Hacking Android". For mysterious reasons both speakers never showed up for their own talk, leading to wild conspiracy theories on why this might have happened.

However, from antivirus point of view, the most interesting talk was Tavis Ormandy's talk titled "Sophail".

In the summer of 2010, Tavis Ormandy found a zero-day vulnerability from Windows Help and Support Center. Five days after informing Microsoft of the vulnerability, and before Microsoft had shipped a patch for it, Tavis publicly released proof-of-concept code. Days later, unknown malware authors integrated this code into drive-by-download exploits, which went on to infect tens of thousands of computers around the world.

Sophos experts vocally criticized Tavis for his action, and even nicknamed the patch that eventually followed to "Patch Tavis".

Fast forward to summer of 2011, and Tavis Ormandy released "A critical analysis of Sophos Anti-virus" in Black Hat.

Black Hat 2011 DEF CON 2011

In his highly unusual talk, Tavis explained that he had reverse engineered the Sophos antivirus engine and released tools to decrypt the protection systems of Sophos detection databases.

Shifting gears, it's good to note that connecting to a wireless network during DEF CON is really not recommended. There are simply too many hackers playing with the networks to make them safe. Even the official program pamphlet wishes you "good luck" in connecting to the party network. This is nicely illustrated by just looking at the list Wi-Fi hotspots that were available in the DEF CON hotel:

def con wifi

Signing off,

Black Hat 2011 DEF CON 2011