WASHINGTON. Black Hat events are often times when new security exploits are reported and discussed. For me this year, at the Black Hat DC event which kicks off tomorrow (for the Briefings, training is on today), I see a lot of reasons to be very optimistic.
Sure there is a talk about how to hack satellites that could gravitate towards the pessimistic side, and there is a talk about new techniques for defeating SSL —
but overall the talks here this year that will in my view yield improvements in security.
Renowned database security research David Litchfield is talking about how to identify a compromised Oracle Database server. Dan Kaminsky (yes that Kaminsky) is back talking about DNS (he did save the Internet after all) and I expect his talk will yield some interesting observations about the current state of DNS security. Flash which is an often attacked but not well understood technology from a security perspective also gets some Black Hat attention in a session where researcher Rajakta Jagdale will highlight the issues and provide mitigation techniques.
From a pro-active perspective, researcher Ryan Barret is going to talk about how to use Web Application Firewalls (WAFs) to help mitigate all types of threats while Peter Silberman is going to turn Snort IDS (Intrusion Detection System) signatures on their ear to detect issues in host memory.
Sure there are always a few items that emerge from any Black Hat event that could be causes for concern, but with new tools and new techniques to mitigate and protect users against risk – the only true risk is ignorance.
I for one am optimistic that I’ll be safer once Black Hat DC is over.
