Black Hat wrap-up: Less hackers, but plenty of flaws

Black Hat wrapped up on Thursday after several days of vulnerability revelations that proved that the event hasn't lost its edge even as attendance skewed more heavily toward security professionals rather than hackers this year.

Known as one of the premier conferences for researchers to present the latest ways to unravel software and security systems, Black Hat has evolved in recent years. After a change of ownership last year, the conference bolstered its roster of sponsors and attendees at this tenth event.

In fact, organizers seemed to be unprepared for the growth in attendance. The lines for registration this year were significantly longer than last, rooms were packed to standing room capacity and there weren't enough conference materials to go around.

This crush of attendees was dominated by those on the light side of the security struggle. According to a survey conducted by Symantec, 56 percent of attendees either worked as an IT manager, a business executive or a vendor representative.

"There seem to be a lot more legitimate security professionals than I expected," said Larry Pesce of Defensive Intuition, who was attending the event for the first time.

New to this year's programming was a track of briefings run by Microsoft representatives. These presentations offered insights into software security strengths as Microsoft detailed security improvements it has made in its upcoming Windows Vista operating system.

There were still a number of presentations that uncovered new vulnerabilities. Even as Mirosoft touted improvements in Vista on Thursday, researcher Joanna Rutkowska with Singapore-based COSEINC explained how she was able work around the Vista beta's new mechanism designed to prevent the loading of unsigned drivers that can often lead to malware infection. Rutkowska emphasized that the method used wholly documented functionalities to bypass the new security system.

She said Microsoft still has work to do if it wants to close this security hole.

"I think Microsoft did a good job improving security, but that doesn't mean that Vista is totally secure," she said.

She also presented her latest Blue Pill rootkit, a proof-of-concept program that would give an attacker an undetectable backdoor to a system through the use of AMD's new Secure Virtual Machine, Pacifica.

Also among the 25 vulnerabilities revealed at the event this week was a flaw in Cisco's PIX firewall that would allow attackers to bypass the firewall and freely access networks behind the system.

Hendrick Scholz with Freelnet Cityline presented the flaw in the final slide in his presentation on VoIP security on Wednesday. The slide was taken out of the copy of Scholz's presentation given to attendees by Black Hat organizers. Little is known about the vulnerability as he has decided not to discuss the issue any further.

Many Black Hat attendees will stay on in Las Vegas through the weekend to attend more presentations on security techniques and vulnerabilities at this year's DEFCON event.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.