Ask Slashdot: Favorite Thing Out of This Year's Black Hat? 41
Nerval's Lobster writes "This year's Black Hat conference wasn't just about the NSA director defending his agency's surveillance practices (and getting a bit heckled in the process). Other topics included hacking iOS devices via a modified charging station, eavesdropping on smartphones via compromised femtocells, demonstrating a password-security testing tools that leverage AWS (and 9TB of rainbow tables) to crush weak passwords, and compromising RFID tags with impunity. What was your favorite news out of Black Hat?"
First credible way to detect real 0day on your box (Score:5, Informative)
http://blockwatch.ioactive.com:8888/ [ioactive.com]
It's pretty alpha, and you will need to use IE to install it. This tool compares software in memory against known signatures, allowing you to confirm what's running on the system is really what you think it is. It works with HyperV and VMWare.
It's free. Thanks IO Active!
Re: (Score:2, Interesting)
HTTP server on non-standard port with (probably) proprietary freeware that requires IE to work. Sounds genuine to me!
Re: (Score:3)
Fair point, but it's not like getting something from port 80 or 443 really assures safety.
Like I said it's really alpha. I would not run it on any important VMs anyway.
Re: (Score:3)
Oh, and make sure you have .NET 4.5 installed. The installer choked on me the first time because I didn't have it. You install it on your host system, and it connects to VMs of your choosing to analyze them.
Like tripwire? (Score:3)
That sounds like tripwire [tripwire.org] to me.
Plus, that link doesn't lead to information about blockwatch, but instead immediately tries to download a file. Not very friendly.
Re: (Score:2)
It's like tripwire, except it works on code in memory. It has an online database where hashes of known code are stored in various sizes... so the client will hash 4k and ask the server if this is known. If so, move on we know what it is. If not, split it into 2 blocks of 2k. Can we positively identify that? Anything not identified continues to be split into smaller and smaller pieces.
The software understands how processes are laid out so it's not going to hash your user data as that can't possibly provide a
Why is it even called "Blackhat"? (Score:2, Interesting)
Just curious, why is the conference even called "Blackhat"?
According to Wiki (a very reasonable defintion): "A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusa
Re:Why is it even called "Blackhat"? (Score:5, Informative)
The NSA is not a law enforcement agency. They're an intelligence agency: they have little jurisdiction to charge US citizens for domestic crimes, or authority to arrest foreign nationsals for crimes overseas. That would be the task of the FBI for various federal crimes, the Secret Service for certain types of fiscal crimes including wire fraud, or local police for state or local crimes. And I'm afraid the NSA doesn't like to share responsibility for such arrests, because monitoring US communications is actually against their charter. They do it anyway with various very poor excuses, but they'd hardly pursue arrests on that basis.
Also, a lot of the activity is below any reasonable threshold of when a prosecutor would be bothered to file charges.
Re: (Score:3)
You go out of your way to make a Distinction without a Difference.
Who puts the cuffs on you hardly matters.
If you believe the nonsense about their charter you deserve the delusions under which you so evidently labor.
Re: (Score:3)
Then understand that that they do not arrest people for the same rason they do not sign US treaties or sign bills into law. It's not their job to arrest people, even if they cooperate with and provide intelligence for the people who do and are in some ways responsible for such arrests or for what treaties get signed or what laws get passed informing the people who'd do such tasks.
I was careful to answer the question from aNonnyMouseCowered, not to say the NSA is innocent of wrongdoing or of providing leads
Re: Why is it even called "Blackhat"? (Score:1)
Re:Why is it even called "Blackhat"? (Score:5, Informative)
At this point, it's just branding. There was a time when Black Hat was correctly titled, but that train has long since left the station.
Re:Why is it even called "Blackhat"? (Score:5, Insightful)
When the head of the NSA--an agency absolutely notorious for lying to the American people, subverting the U.S. Constitution, and generally screwing over every freedom we the people have--can address the conference and not be immediately and universally booed the fuck offstage, you know you're not dealing with the same crowd that used to be there.
Re: (Score:3)
The NSA doesn't (can't) arrest people.
Now as to why the FBI doesn't arrest the attendees, it's because none of them have outstanding arrest warrants. (Well, presumably not. At DEFCON, you don't give them your name or your credit card and it's so crowded, you couldn't find anyone anyway.) Turns out calling yourself a hacker isn't grounds for arrest.
Re: (Score:2)
Just curious, why is the conference even called "Blackhat"?
Because they want to sound edgy, and the name DEFCON was already taken.
So instead of attending shouldn't the NSA be arresting the participants? Not that I actually favor such an act, but that appears to be the "legal" thing to do.
No, you can't arrest someone without evidence. Going to a conference, even one designed for criminals, is not a "legal" thing to do. That's why you can't arrest someone for being in a gang. Freedom of assembly is protected by the constitution.
Re: (Score:3)
[offtopic] [tvtropes.org]
Nice sig. What keywords do you put in your E-Mails to make sure they back them up?
Re: (Score:3)
To be all edgy and shit. (Score:1)
The deeper problem is that very few of anyone in the security industry is actually a "hacker" in the (not quite, the one right after "maker of furniture with an axe") original sense of "being creative with technology", specifically to the point that people will go "I didn't know it could do that!?!".
People needing epithets like "ethical", "black hat", "white hat", "green hat" to their "hacker" are not hackers. The first buffer overflow or SQL injection probably was a hack, but the 9000th, not so much. And t
Re: (Score:2)
I think you will find there is a certain amount of irony in the name.
You know irony - like goldy and bronzy, but made of iron.
favorite news (Score:1)
Hearing about the Snowden "hero or villain" vote, and that it was nearly 50/50. That tells you all you need to know about "Black Hat".
Barnaby's Death (Score:1)
9TB for Crushing weak passwords (Score:2)
Re: (Score:2)
Its it just me or does the idea of using an online cloud based service provided by a third party to test the strength of your password database sound like a bad idea?
Re: 9TB for Crushing weak passwords (Score:2)
Wrong pronoun. It isn't for testing * your * passwords, it is for testing other people's password.
Not a that bad (Score:1)
Oh wait!
Re: 9TB for Crushing weak passwords (Score:1)
Re: (Score:2)
Ask Slashdot? (Score:2)
Blackhat Bingo (Score:2)
I love to play Blackhat Bingo.
Will the presenter die, commit suicide, leave the country, or just appear on a no-fly-list?
Ahh, hacking was so much more fun before they were all terrorists..
</sarcasm>
RFID hack is superfluous (Score:3)
Well I've seen them before but (Score:2)
I liked the pigeons best and the rabbit is still pretty cool.
SSL, gone in 30 seconds (Score:5, Interesting)
Pixel Perfect Timing Attacks (Score:2)