×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Favorite Thing Out of This Year's Black Hat?

samzenpus posted about 9 months ago | from the best-of-the-best dept.

Security 41

Nerval's Lobster writes "This year's Black Hat conference wasn't just about the NSA director defending his agency's surveillance practices (and getting a bit heckled in the process). Other topics included hacking iOS devices via a modified charging station, eavesdropping on smartphones via compromised femtocells, demonstrating a password-security testing tools that leverage AWS (and 9TB of rainbow tables) to crush weak passwords, and compromising RFID tags with impunity. What was your favorite news out of Black Hat?"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

41 comments

First credible way to detect real 0day on your box (4, Informative)

Sean (422) | about 9 months ago | (#44452665)

http://blockwatch.ioactive.com:8888/ [ioactive.com]

It's pretty alpha, and you will need to use IE to install it. This tool compares software in memory against known signatures, allowing you to confirm what's running on the system is really what you think it is. It works with HyperV and VMWare.

It's free. Thanks IO Active!

Re:First credible way to detect real 0day on your (2, Interesting)

Anonymous Coward | about 9 months ago | (#44452689)

HTTP server on non-standard port with (probably) proprietary freeware that requires IE to work. Sounds genuine to me!

Re:First credible way to detect real 0day on your (2)

Sean (422) | about 9 months ago | (#44452739)

Fair point, but it's not like getting something from port 80 or 443 really assures safety.

Like I said it's really alpha. I would not run it on any important VMs anyway.

Re:First credible way to detect real 0day on your (2)

Sean (422) | about 9 months ago | (#44452701)

Oh, and make sure you have .NET 4.5 installed. The installer choked on me the first time because I didn't have it. You install it on your host system, and it connects to VMs of your choosing to analyze them.

Like tripwire? (2)

ulatekh (775985) | about 9 months ago | (#44453669)

That sounds like tripwire [tripwire.org] to me.

Plus, that link doesn't lead to information about blockwatch, but instead immediately tries to download a file. Not very friendly.

Re:Like tripwire? (1)

Sean (422) | about 9 months ago | (#44459817)

It's like tripwire, except it works on code in memory. It has an online database where hashes of known code are stored in various sizes... so the client will hash 4k and ask the server if this is known. If so, move on we know what it is. If not, split it into 2 blocks of 2k. Can we positively identify that? Anything not identified continues to be split into smaller and smaller pieces.

The software understands how processes are laid out so it's not going to hash your user data as that can't possibly provide a useful result.

The idea is that we need to be able to ask, "Is this really Microsoft Word 2010 patchlevel X running on my system? Has it been modified in anyway, even via hotpatching memory? If so, show me exactly where it has been modified so I can focus my analysis on that"

When you visit the site in Firefox for some reason it just tries to download something. I didn't try with other browsers. That's why I said use IE. Visit in IE and you see a little blurb about it with a couple different options for installing. It uses some Microsoft 1click installer framework... and yeah, this needs some serious release engineering work.

It's alpha code. It seems to work better on HyperV than VMWare too... In VMWare I have to close the target VM (run in background) in order to get it to work. Some kind of locking issue I guess.

Anyway, I think it's a really cool concept. I'm sure there will soon be a proper page put up to describe it, running on a standard port and everything.

Why is it even called "Blackhat"? (1, Interesting)

aNonnyMouseCowered (2693969) | about 9 months ago | (#44452667)

Just curious, why is the conference even called "Blackhat"?

According to Wiki (a very reasonable defintion): "A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network."

So instead of attending shouldn't the NSA be arresting the participants? Not that I actually favor such an act, but that appears to be the "legal" thing to do. Maybe it's better off called "Whitehat" or maybe "Greyhat" since the conference is partly about revealing new threats that concerned computer security experts can study and defend against?

No doubt... (0)

Anonymous Coward | about 9 months ago | (#44452717)

It's called blackhat, because it's the one time a year they get together and brag about the exploits they've found, after having had an entire year to financially benefit through exploiting them.

As far as the NSA arresting them: They're still backlogged due to the FIFO nature of their legal mechanisms and the fact that the blocking cases involve their own misconduct :)

Re:Why is it even called "Blackhat"? (4, Informative)

Antique Geekmeister (740220) | about 9 months ago | (#44452759)

The NSA is not a law enforcement agency. They're an intelligence agency: they have little jurisdiction to charge US citizens for domestic crimes, or authority to arrest foreign nationsals for crimes overseas. That would be the task of the FBI for various federal crimes, the Secret Service for certain types of fiscal crimes including wire fraud, or local police for state or local crimes. And I'm afraid the NSA doesn't like to share responsibility for such arrests, because monitoring US communications is actually against their charter. They do it anyway with various very poor excuses, but they'd hardly pursue arrests on that basis.

Also, a lot of the activity is below any reasonable threshold of when a prosecutor would be bothered to file charges.

Re:Why is it even called "Blackhat"? (2)

icebike (68054) | about 9 months ago | (#44452867)

You go out of your way to make a Distinction without a Difference.
Who puts the cuffs on you hardly matters.

If you believe the nonsense about their charter you deserve the delusions under which you so evidently labor.

Re:Why is it even called "Blackhat"? (2)

Antique Geekmeister (740220) | about 9 months ago | (#44453257)

Then understand that that they do not arrest people for the same rason they do not sign US treaties or sign bills into law. It's not their job to arrest people, even if they cooperate with and provide intelligence for the people who do and are in some ways responsible for such arrests or for what treaties get signed or what laws get passed informing the people who'd do such tasks.

I was careful to answer the question from aNonnyMouseCowered, not to say the NSA is innocent of wrongdoing or of providing leads for the FBI or or the US State department and US Customs to harass attendees at BlackHat or to block the visas of international attendees. It's vital to answer the people that people actually asked.

Re:Why is it even called "Blackhat"? (0)

Anonymous Coward | about 9 months ago | (#44454231)

If you believe the nonsense about their charter you deserve the delusions under which you so evidently labor.

You can blabber all you want, they take that charter very seriously. The reason they're spying on the Americans is because they've been told to and it's been made legal.

Re: Why is it even called "Blackhat"? (1)

Eric Fiterman (3006549) | about 9 months ago | (#44463237)

It matters because it's important to have a basic understanding of our government and how it works. The average person's knowledge about law enforcement and intelligence comes from Hollywood movies and television. Hence, most news and dialogue around topics like NSA surveillance read like tabloid news and prevents having an accurate, rational discussion about what's going on.

Re:Why is it even called "Blackhat"? (0)

Anonymous Coward | about 9 months ago | (#44452907)

Thank you kind citizen for your clarification. The NSA is continually at odds as to why so many people fail see it as a benevolent information gathering agency with well meaning intentions meant for all Americans.

Re:Why is it even called "Blackhat"? (1)

sabbede (2678435) | about 9 months ago | (#44455399)

Not just an intelligence agency, they are military intelligence. Part of the DoD. So, not only are they operating in contravention of their charter, one may even try the argument that they are violating the 3rd Ammendment! And I'd really like it if someone did try that. I don't think the 3rd has ever been used in the courts.

Re:Why is it even called "Blackhat"? (5, Informative)

blahblahwoofwoof (2287010) | about 9 months ago | (#44453049)

At this point, it's just branding. There was a time when Black Hat was correctly titled, but that train has long since left the station.

Re:Why is it even called "Blackhat"? (4, Insightful)

TWiTfan (2887093) | about 9 months ago | (#44455229)

When the head of the NSA--an agency absolutely notorious for lying to the American people, subverting the U.S. Constitution, and generally screwing over every freedom we the people have--can address the conference and not be immediately and universally booed the fuck offstage, you know you're not dealing with the same crowd that used to be there.

Re:Why is it even called "Blackhat"? (2)

blueg3 (192743) | about 9 months ago | (#44453115)

The NSA doesn't (can't) arrest people.

Now as to why the FBI doesn't arrest the attendees, it's because none of them have outstanding arrest warrants. (Well, presumably not. At DEFCON, you don't give them your name or your credit card and it's so crowded, you couldn't find anyone anyway.) Turns out calling yourself a hacker isn't grounds for arrest.

Re:Why is it even called "Blackhat"? (1)

phantomfive (622387) | about 9 months ago | (#44453231)

Just curious, why is the conference even called "Blackhat"?

Because they want to sound edgy, and the name DEFCON was already taken.

So instead of attending shouldn't the NSA be arresting the participants? Not that I actually favor such an act, but that appears to be the "legal" thing to do.

No, you can't arrest someone without evidence. Going to a conference, even one designed for criminals, is not a "legal" thing to do. That's why you can't arrest someone for being in a gang. Freedom of assembly is protected by the constitution.

To be all edgy and shit. (1)

Anonymous Coward | about 9 months ago | (#44454113)

The deeper problem is that very few of anyone in the security industry is actually a "hacker" in the (not quite, the one right after "maker of furniture with an axe") original sense of "being creative with technology", specifically to the point that people will go "I didn't know it could do that!?!".

People needing epithets like "ethical", "black hat", "white hat", "green hat" to their "hacker" are not hackers. The first buffer overflow or SQL injection probably was a hack, but the 9000th, not so much. And that is more or less all these people are producing.

Worse, it's not helping computer security forward in any meaningful way. Even the white hats are nothing more than the consultants spreading FUD and making good money prolonging the problem. Just look at all those press releases and blogs from the likes of Krebs and Kaspersky, and everyone else in the industry, really. Black hats are possibly more honest; they're part of a criminal cottage industry raking in other people's money--and identity, and banking login data, and anything else that sells. I'm sure most people at this conference won't admit to that, so they're really white hats, muddling the waters.

But they're not really helping anyone, much less meaningfully improving security much at all. All they do is confuse people further about what "hacking" should mean -- it's the uninformed big media "anything vaguely dodgy involving computers somehow" taken to bigger extremes. Down to laws now existing criminalising "hacking", except that nobody knows what really got criminalised. Which is bad law by any standard.

So anybody who's a "something hat hacker" or even an "ethical hacker" really is more of a crook fscking it up for progress. And it shows. What really substantial, structural thing has improved at all over the last few years in computer security? All I see is dabbling in the margins. That, then, is what being a "hatted hacker" means.

So in a sense, this is a hipster term, and these people are all their very own brand of hipster.

Re:Why is it even called "Blackhat"? (1)

Suferick (2438038) | about 9 months ago | (#44454401)

I think you will find there is a certain amount of irony in the name.

You know irony - like goldy and bronzy, but made of iron.

Re: Why is it even called "Blackhat"? (0)

Anonymous Coward | about 9 months ago | (#44456093)

Maybe "money hat", or "vendor hat" would be a better fit?

Re:Why is it even called "Blackhat"? (0)

Anonymous Coward | about 9 months ago | (#44457717)

...but then it would attract the "cool" kids.

favorite news (1)

Anonymous Coward | about 9 months ago | (#44452671)

Hearing about the Snowden "hero or villain" vote, and that it was nearly 50/50. That tells you all you need to know about "Black Hat".

Barnaby's Death (1)

Anonymous Coward | about 9 months ago | (#44452797)

A healthy 35 year old inexplicably dies when he's about to reveal a deadly vulnerability in pacemakers. In his words, the vulnerability allowed the knowledgeable to be able to kill anyone having a pacemaker within 20 feet of the attacker. Was it a horrible coincidence? Hopefully it wasn't pure evil, plain and simple; someone finding the solution too expensive to implement or a sinister organisation wanting to retain their secret weapon.

Feds (0)

Anonymous Coward | about 9 months ago | (#44453151)

Thousands of federal employees and federal contractors self-identifying as computer criminals by attending a 'black hat' conference.

9TB for Crushing weak passwords (1)

Delirium Tremens (214596) | about 9 months ago | (#44453245)

I'll take that with a grain of salt. Thank you.

Re:9TB for Crushing weak passwords (1)

MrMickS (568778) | about 9 months ago | (#44454417)

Its it just me or does the idea of using an online cloud based service provided by a third party to test the strength of your password database sound like a bad idea?

Re: 9TB for Crushing weak passwords (1)

chill (34294) | about 9 months ago | (#44455181)

Wrong pronoun. It isn't for testing * your * passwords, it is for testing other people's password.

Re: 9TB for Crushing weak passwords (1)

Paul West Jauregui (3003241) | about 9 months ago | (#44455539)

PWAudit.com plans to have private cloud and on-premise options. And there is a custom context-based wordlist generator built in, not to mention you can upload as many of your own wordlists, so the 9GB isn't a limitation. (Disclosure: I work for Praetorian and helped build it)

Re:9TB for Crushing weak passwords (1)

jon3k (691256) | about 9 months ago | (#44457527)

Why? They have no idea what the password is for. If they already have a rainbow table, they already "know" your password. I don't see the issue?

Ask Slashdot? (1)

Fnord666 (889225) | about 9 months ago | (#44453481)

Yet another editor that doesn't know how to post "Ask Slashdot" questions in the "Ask Slashdot" topic. For $deity's sake, is it really that hard to do? This topic exists for a reason. Use it.

Blackhat Bingo (2)

formfeed (703859) | about 9 months ago | (#44454037)

I love to play Blackhat Bingo.

Will the presenter die, commit suicide, leave the country, or just appear on a no-fly-list?

Ahh, hacking was so much more fun before they were all terrorists..

</sarcasm>

RFID hack is superfluous (2)

MadCow-ard (330423) | about 9 months ago | (#44454447)

There are hundreds of free-for-download Access Control software packages which will read the serial number from a RFID card. You don't need to go through the trouble of building a new package. The hard part is that most good AC systems don't use the serial from a smart card, they use one of the sectors on the chip. This is usually locked with a PKI method of encryption and thus much harder to break. He mentioned HID, which uses their own proprietary PKI (such as Legic does), but there are many standards such as DESFire which are open and manage access to the chip sectors. What the article is really talking about is normal 125MHz prox cards which are not secure and yes, widely used in the USA but not in Europe. The real way to crack even the HID encryption is to get behind the reader and capture the Wigand (text) output from the reader which does the encryption handshake for you. Watch out for tampers, but its not hard in any interior space, just look in the false ceiling for the controller and tap in where the cables enter it. Much easier then all this non-sense.

Rabbi Convention? (0)

Anonymous Coward | about 9 months ago | (#44456745)

So this "Black Hat Convention" is not for Rabbis? ;)

Pixel Perfect Timing Attacks (1)

crowemojo (841007) | about 9 months ago | (#44457191)

Easily one of the best technical talks I have ever seen; how timing attacks can be used to break the same origin policy and read the contents of a frame. This talk included demo's of an attacker site loading up a target site in a frame and reading the contents to grab the CSRF token. It was awesome. http://contextis.co.uk/files/Browser_Timing_Attacks.pdf [contextis.co.uk]
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...