Story Lines Abound On Eve Of Black Hat 2006

Typical of the drama that often unfolds at this security conference, Microsoft is making its first appearance at the event and will tout the stronger security measures in Vista. On the same day as the Microsoft presentation, Joanna Rutkowska, a security researcher, will give a talk titled "Subverting Vista Kernel For Fun And Profit."
Joe Bardwell, president and chief scientist at Connect802, a San Ramon, Calif.-based solution provider, said it's helpful that researchers are discovering potential flaws with the integration of RFID at this early stage of deployment.

"The problems [with RFID] will, in my opinion, continue to be related to the integration of RFID with existing systems, and not somehow inherently within the realm of RFID technology per se," Bardwell said.

The security implications of Asynchronous JavaScript and XML--better known as Ajax, a technology for creating interactive Web applications--will be the focus of a presentation by Billy Hoffman, a security researcher at Atlanta-based vendor SPI Dynamics.

Although feature-rich Web sites like Google Maps wouldn't be possible without Ajax, the technology adds more instability into applications and gives hackers more potential avenues to exploits, according to Hoffman. "Ajax increases the attack surface of applications by having all the services running on a Web server," he said.

Brian Caswell, research engineer at Sourcefire, and H.D. Moore, director of security research at BreakingPoint Systems, will give a presentation demonstrating weaknesses in current intrusion detection and prevention solutions (IDS/IPS). They plan to show how IDS/IPS solutions use a "fast path" for normal traffic and a "slow path" for handling exceptions and how attackers could use the latter to bypass security on these systems.

Greg Hanchin, a principal at DirSec, a Denver-based security solution provider, said that in recent weeks he has begun to see a new type of vulnerability emerge that could allow an attacker to evade IDP/IPS detection. Many new notebooks' wireless cards are misconfigured to automatically attach to anything that is a wireless LAN access point, which could allow a hacker to attach to the laptop and cross through the wireless physical layer and onto the LAN layer, he said.

"It's ironic because you spend all this money on wired network-based IDS and IPS solutions, and someone could come in over a wireless card and into your corporate network," Hanchin said.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing