Ask Slashdot: Favorite Thing Out of This Year's Black Hat? 41
Nerval's Lobster writes "This year's Black Hat conference wasn't just about the NSA director defending his agency's surveillance practices (and getting a bit heckled in the process). Other topics included hacking iOS devices via a modified charging station, eavesdropping on smartphones via compromised femtocells, demonstrating a password-security testing tools that leverage AWS (and 9TB of rainbow tables) to crush weak passwords, and compromising RFID tags with impunity. What was your favorite news out of Black Hat?"
First credible way to detect real 0day on your box (Score:5, Informative)
http://blockwatch.ioactive.com:8888/ [ioactive.com]
It's pretty alpha, and you will need to use IE to install it. This tool compares software in memory against known signatures, allowing you to confirm what's running on the system is really what you think it is. It works with HyperV and VMWare.
It's free. Thanks IO Active!
Re:Why is it even called "Blackhat"? (Score:5, Informative)
The NSA is not a law enforcement agency. They're an intelligence agency: they have little jurisdiction to charge US citizens for domestic crimes, or authority to arrest foreign nationsals for crimes overseas. That would be the task of the FBI for various federal crimes, the Secret Service for certain types of fiscal crimes including wire fraud, or local police for state or local crimes. And I'm afraid the NSA doesn't like to share responsibility for such arrests, because monitoring US communications is actually against their charter. They do it anyway with various very poor excuses, but they'd hardly pursue arrests on that basis.
Also, a lot of the activity is below any reasonable threshold of when a prosecutor would be bothered to file charges.
Re:Why is it even called "Blackhat"? (Score:5, Informative)
At this point, it's just branding. There was a time when Black Hat was correctly titled, but that train has long since left the station.