You are here: Home / Cloud Computing / Black Hat: Security Threats Aplenty
Powered by Verisign:
Cloud-based solution to improve Your DDoS Attack Readiness.
Click here to learn more.
Black Hat Expo Reveals IT Security Threats Aplenty
Black Hat Expo Reveals IT Security Threats Aplenty
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

This year's Black Hat information security conference in Las Vegas set an attendance record -- and brought attention to a host of severe security threats. Presentations ranged from how any USB device could be hacked and creating fake Web sites, to the discoveries that Russian hackers had amassed 1.2 billion logins and that 2 billion smartphones were vulnerable to hijacking.

Dan Geer, the chief information security officer for In-Q-Tel, an Arlington, Virginia-based non-profit venture capital firm, focused on public policy recommendations for information security in his keynote address.

Geer said a mandatory reporting system for significant security vulnerabilities should be created, similar to the system the federal Centers for Disease Control and Prevention has for pandemic outbreaks. He also said software developers should legally liable for their source code, and the government should compensate people who discover security flaws.

Geer supported a recent European Union court finding that individuals have the "right to be forgotten." "There is something important about being able to reinvent ourselves," he said at a press conference following his keynote.

New Year, New Threats

Attendance at Black Hat grew from 7,500 last year to a record 8,000 this year, forcing the conference to relocate from Caesar's Palace to the more spacious Mandalay Bay Convention Center, with attendees from 91 countries. The conference, which wrapped up Thursday, was the 17th such meeting since its launch in 1997.

Researchers presented their latest findings on the newest threats and vulnerabilities to information security. This year's conference touched not only on security for Web sites and personal computers, but also on the increasing number of devices and infrastructure being connected through the Internet. Researchers from Qualys, for example, demonstrated that airport scanners used by the U.S. Transportation Security Administration could be attacked through backdoor accounts embedded in the agency's firmware.

Berlin-based security firm Security Research Labs demonstrated that the firmware that controls USB functions could be used by hackers to take control of computers. The finding could represent an entirely new class of attack for which there are no current defenses. The flaw allows hackers to reprogram a USB device's firmware with malicious code, allowing them to gain access to PCs connected to the infected device, and issue their own commands. Unauthorized users could use the flaw to install malware, access files, or issue commands.

Another major vulnerability revealed at Black Hat affects the HTTPS protocol, which uses encryption to help users browse the Web securely. The so-called Cookie Cutter attack detailed at the conference allows hackers to steal users' cookies and impersonate Web sites hosted by Akamai, including popular sites such as CNN, LinkedIn and the National Security Agency (NSA). (continued...)

1  2  Next Page >

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
DDoS PROTECTION POWERED BY VERISIGN: The increasing frequency, size and sophistication of DDoS attacks are rapidly changing the face of network security. DDoS Protection Services powered by Verisign provides a comprehensive cloud-based solution from the operator of some of the Internet's largest and most reliable infrastructure. Click here to take a closer look Verisign's DDoS solution.
Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.