At times, the features used to help secure browsers and keep communications private are less effective than users think — and may even be a detriment to privacy. Joshua “Jabra” Abraham and Robert “RSnake” Hansen, in their talk “Unmasking You”, used techniques to yield some juicy tidbits about a target’s browsing habits, installed software, and more. “Jabra” took a some time to chat with us about some of the things that were uncovered.
While many talks at BlackHat focus on security from a technical standpoint, James Arlen and Tiffany Rad presented on something a bit different — securing yourself. The talk, entitled “Your Mind – Legal Status, Rights and Securing Yourself”, focused on current and future legal, privacy, and data ownership issues that affect just about all of us. I snagged James in the hall to talk a bit more about his talk, and to find out if us privacy nuts still have a fighting chance.
Jeremiah Grossman and Trey Ford are two of the big brains behind Whitehat Security. Their presentation, Mo’ Money Mo’ Problems: Making a LOT more money on the Web the Black Hat Way, was a graphic example of how bad guys are making money. More importantly, they really pointed out how huge the amounts of money the bad guys are making with minimal technical prowess. The point they made that resonates with me personally is the difference between risk-based security and compliance based security.
Black Hat Microcast 5 – Jeremiah Grossman
It helps in getting an interview with speakers when the speakers are co-workers. Kevin Stadmeyer and Garrett Held gave a talk called “Worst of the Best of the Best”, taking on the various industry awards and the questioning what goes into giving the awards. Since most of the people in are industry are fairly cynical, we probably aren’t going to be that surprised by the results.
Black Hat Microcast 4 – Kevin Stadmeyer and Garrett Held
The Lockpick Village is always one of the more fun places to visit during Defcon. Babak Javadi and Deviant Ollam from Toool took time out of setting up for the Village and came over to talk to me about a new emergency credit card lockpick set that they’ll be selling this weekend and some of the events they’ll have going on over the weekend. The lockpick set looks great, and at only $20, it’s something you can easily afford to keep in your wallet all the time. And both Deviant and Babak say it’s something that they’ve taken through airport security many times. Their big announcement is that the winner of the speed picking contest this year will win a trip to Turkey for the competition next year! They also hint at an interesting reward for the Gringo competition, but they say we’ll have to wait until the closing ceremonies to find out what that is.
Black Hat Microcast 3 – Babak Javadi and Deviant Ollam from Toool
Rich, Zach and Martin gather to review the talks we’ve seen today, the people who we’ve talked to and some of the interesting things we’ve seen so far at Black Hat. It’s not even the end of the first day yet and we’re all exhausted, yet there’s still the first night of parties to go explore. We’re planning on doing the wrap-ups every day through Sunday.
This week Symantec announced a new offering the Cyber Threat Analyst Program. CTAP embeds an analyst in your company and uses the analyst’s experience with Symantec’s global inforamation services and applies it your unique environment. This is not an offering for the SMB market, but something that enterprises and government entities will be using. Tim explains this offering and gives a little of his own opinions on what he’s seen at Black Hat so far.
Black Hat Microcast 1 – Tim Gallo, Symantec on CTAP
I’m jealous. Rich is already in Vegas, our guest host Zach Lanier should be there soon, while I’m still in California and have to get up at 4am tomorrow morning to catch my flight. On the other hand, nothing’s really happening until I get there in any case, but I’d rather be there sooner than later. There’s already been a little drama with the Matasano site being hacked over the weekend and Dan Kaminsky’s site getting hacked today. Rich says Dan got his site back pretty fast, but it’s still annoying. And then there’s the out of cycle Microsoft patch that was released today, which is bound to get a little attention. Oh yeah, Rich also released a little paper on patching that was sponsored by Microsoft.
No real show notes tonight, I have to go pack. Starting tomorrow, we’ll be coming at you fast and furious with a series of near live ‘microcasts’, the 5-20 minute interviews we do as often as we can corner people in the hallways. Should be interesting.
Network Security podcast, Episode 160, July 28, 2009
Time: 23:27
Tonight’s Music: Let’s go to Vegas by Fabulous Hats
Did we mention Black Hat? That’s right, this is our last episode before Martin and I are on site in Vegas for the big event. We cover a few of this week’s news items before moving to Martin’s interview with Jibran Ilyas of the Trustwave SpiderLabs team, who will be presenting the Malware Freakshow at Defcon on Saturday.
Network Security Podcast, Episode 159
Time: 39:22
Show Notes:
- Medical data breach reports streaming out of California
- Election results found on a voting machine in Honduras, but the election hasn’t happened yet (It’s possible this is a political stunt, considering the recent coup).
- Are those Pwnies in the air?
- Don’t forget to RSVP for the Securosis/Threatpost recovery breakfast.
- Tonight’s Music: Don’t let it go to your head by Art Linton
The bulk of this episode is an interview Martin did with Steve Ocepek, one of his Trustwave coworkers who is presenting at Black Hat this year. But before we get to the interview, we do spend a little time talking about some of this week’s security headlines. And if you are attending Black Hat, don’t forget to look us up.
Network Security Podcast, Episode 158
Time: 45:35
Show Notes:
- Wardriving passports
- Microsoft and Firefox vulnerabilities (some unpatched) being exploited in the wild.
- What a shock, the DDoS attacks probably weren’t from North Korea. I think their entire Internet connectivity is a phone line with an acoustic modem.
- Tonight’s Music: Impact at 1000mph by LtMeat