"The problems [with RFID] will, in my opinion, continue to be related to the integration of RFID with existing systems, and not somehow inherently within the realm of RFID technology per se," Bardwell said.
The security implications of Asynchronous JavaScript and XML--better known as Ajax, a technology for creating interactive Web applications--will be the focus of a presentation by Billy Hoffman, a security researcher at Atlanta-based vendor SPI Dynamics.
Although feature-rich Web sites like Google Maps wouldn't be possible without Ajax, the technology adds more instability into applications and gives hackers more potential avenues to exploits, according to Hoffman. "Ajax increases the attack surface of applications by having all the services running on a Web server," he said.
Brian Caswell, research engineer at Sourcefire, and H.D. Moore, director of security research at BreakingPoint Systems, will give a presentation demonstrating weaknesses in current intrusion detection and prevention solutions (IDS/IPS). They plan to show how IDS/IPS solutions use a "fast path" for normal traffic and a "slow path" for handling exceptions and how attackers could use the latter to bypass security on these systems.
Greg Hanchin, a principal at DirSec, a Denver-based security solution provider, said that in recent weeks he has begun to see a new type of vulnerability emerge that could allow an attacker to evade IDP/IPS detection. Many new notebooks' wireless cards are misconfigured to automatically attach to anything that is a wireless LAN access point, which could allow a hacker to attach to the laptop and cross through the wireless physical layer and onto the LAN layer, he said.
"It's ironic because you spend all this money on wired network-based IDS and IPS solutions, and someone could come in over a wireless card and into your corporate network," Hanchin said.