Black Hat Europe: 10 intriguing security briefings

What could possibly go wrong having a bunch of hackers hunkering down in Amsterdam this week at Black Hat Europe 2013? We're afraid to speculate, but what should go right is that they're ready to present a lineup of briefings at this annual security event that look topical and compelling.

Presenters will discuss exploits and vulnerabilities in technologies such as Android and Windows 8, and offer attendees advice on how to protect these and other platforms. Here are 12 briefings that jumped out to us:

*Beyond CRIME attacks: TIME attacks: A pair of Imperva tech researchers will introduce Timing Info-leak Made Easy (TIME) attacks, which simplifies the CRIME attacks revealed last year that could be used to abuse SSL/TLS data compression to hijack HTTP sessions. Unlike with CRIME attacks, which exploit HTTP requests, TIME attacks go after HTTP responses. Don't worry, these guys also plan to discuss mitigation steps against TIME attacks.

[ QUIZ: Black Hat's most notorious incidents ]

*Safeguarding medical devices: InGuardians' Jay Radcliffe will tackle the sticky and scary topic of medical device security. He says that the topic is draped in confusion and aims to clarify the situation by divvying up such devices into three types and discussing the FUD and reality around each from a security standpoint. Radcliffe will also address what regulatory bodies and manufacturers should do to help make medical devices more secure.

*Cloud storage services vs. your firewall - no contest: CRSgroup's Jake Williams will shed new light on how storage synchronization services such as Dropbox, often installed in rogue fashion on enterprise networks, create a data loss protection challenge as well as a way for malware to seep into organizations.

*How secure are mobile device protectors?: Researchers from Vulnex share findings on how easy or difficult it is for smartphone/tablet/laptop thieves to defeat security programs such as GPS trackers and remote data wipers.

*One more highway traffic nightmare to consider: Tools such as Google Navigation and Waze can help drivers on the fly figure out how to avoid gridlock, but what if hackers got ahead of these systems and decided to have everyone head in the same direction. Hamburg University of Technology Ph.D. student Tobias Jeske will explain.

*Even appliances aren't safe: Appliances sound so secure: Your hardware and software prepackaged and ready to deliver firewall, email or other services to your network. But NCC Group's Ben Williams, a penetration tester, says he has "discovered and provided over 100 proof-of-concept exploits to various vendors over the past 12 months, and most of these have related to security appliances."

*Smile, you're on candid videoconferencing systems: Security consultant Moritz Jodeit has examined how to crack Polycom HDX high-end videoconferencing systems via vulnerabilities in the H.323 stack - and how to possibly use them as surveillance rootkits.

*A really sweet honeypot: A Nokia researcher will describe the concept of an aggressive honeypot, one that doesn't just lure and trap intruders, but goes on the offense by de-anonymizing them and taking control of them.

*Playing with app sandbox security: Sandboxing is a method of securing endpoints by keeping their apps confined, but Bromium researchers in this briefing will explain how a lack of sandboxing standards might make these supposed security systems not so safe after all.

*What's up dock?: NCC Group's Andy Davis says that with the flexibility of hot-desking comes the vulnerability of laptop docks as an attack target. He'll point out ways to detect compromised devices and mitigate risks they pose.

Bob Brown tracks network research in his Alpha Doggs blog and Facebook page, as well on Twitter and Google +.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags ImpervasecurityWaze hackingRIMhoneypotsTIME attacksBlack Hat Europe 2013

More about AlphaDropboxFacebookGoogleImpervaNokiaPolycomTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bob Brown

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place