Product Finderbutton
ie8 fix

billy rios

Black Hat 2008 promises to be big

LAS VEGAS--Black Hat 2008 is bigger, and some might say better. Occupying most of the third and fourth floors of the convention hall at Caesars Palace, the conference started on Saturday with two- and four-day training sessions that continue through Tuesday.

The "public" part of Black Hat runs Wednesday and Thursday and features speakers in 15 separate tracks. One of the tracks will consist of Turbo talks of 20 minutes each. After those, there will an opportunity for the audience to talk with some of the speakers in a another room.

Wednesday starts with a bang with … Read more

Microsoft's Blue Hat talks start Thursday

On Thursday and Friday, Microsoft will once again gather select security researchers in Redmond, Wash., for its seventh annual Blue Hat talks.

The conference, by invitation only, has gained a reputation for providing Microsoft engineers with a first-hand opportunity to hear from and question leading security researchers. There will be an executive event on Thursday, with general sessions on Friday. Microsoft has more on the Blue Hat schedule here, and a blog here.

Among those invited to present is Cesar Cerrudo, of Argeniss, who will update his Hack the Box talk on Token Kidnapping. Cerrudo defines an access token as &… Read more

Gmail cookie stolen via Google Spreadsheets

Security researcher Bill Rios reported Monday that a cross-site scripting (XSS) attack against Google Spreadsheet could have exposed all of Google's services. XSS can occur whenever a legitimate site accepts input from the user but does not filter that input properly and could allow the injection of potentially malicious instructions. In this case, however, once an attacker gained access to any xxxx.google.com site, they would have access to other Google services, such as Gmail, Docs, and Code.

In an e-mail to CNET News.com, a Google representative confirmed that the flaw as described by Rios has been … Read more

Black Hat D.C. wraps up

Breaking things--that's what the very bright and super curious do; they look beyond the obvious to see what's truly lurking beneath the surface. On Wednesday and Thursday, attendees at Black Hat D.C. 2008 got a window into the latest research being done on Web applications, wireless, and embedded technologies.

On Wednesday, researchers David Hulton and "Steve" showed how with about $1,000 with of equipment they can decrypt A5/1 cellular GSM traffic in less than a hour. Following that, Adam Laurie reprised his popular RFIDiots talk from last year's Black Hat briefings with … Read more

The myth of the Ninja Hacker

Washington D.C. -- On Wednesday, in a talk at Black Hat D.C. 2008, two researchers set out to see whether phishing sites were created by the "Einsteinian, ninja hackers that the media makes them out to be."

In a talk titled "Bad Sushi: Beating Phishers at their own game," Nitesh Dhanjani and Billy Rios found not a sophisticated gang of elite coders, but hundreds of bad coders all copying one another, and often stealing from each other.

Dhanjani and Rios expressed disapproval of antiphishing products that use black lists to block known phishing sites. … Read more

Black Hat D.C. 2008 begins

WASHINGTON--On Wednesday, Black Hat D.C. 2008 gets under way, after two days of intense training sessions. The D.C. Black Hat security conference is much smaller than the summer Black Hat USA in Las Vegas. But what D.C. lacks in size, it makes up for in sessions and talks.

On tap for Wednesday is a keynote speech from Jerry Dixon, former director of the National Cyber Security Division, Department of Homeland Security. Following the keynote address will be two parallel tracks of programming--Web app and wireless--including presentations from Chuck Willis of Mandiant on forensic challenges of cross site … Read more