Thoughts from Black Hat

Good info on bad deeds from the Black Hat conference

Talk to anyone who attends Black Hat USA conferences and you'll hear about how boring the talks are, how nobody learned anything new, how the hacks were known last year -- not to mention the ridiculous posers. Ask those same attendees if they plan to attend next year, and they say "yeah" as fast as a poker player pushing all in with pocket aces.

I learned that pushing all in with pocket 5s in Las Vegas apparently isn't nearly as smart, but that's another topic.

While many of this year's Black Hat sessions were ultra boring -- I walked out of more talks than I stayed in -- I learned all sorts of interesting factoids. And although there wasn't, as in the past, any raw meat flying into the audience, some of the speakers were super knowledgeable and entertaining. Here are the ones that seemed to impress the audiences in the sessions I attended:

Hacking Macs is easy: And my Microsoft, Windows-loving self didn't say this. It was self-proclaimed Mac enthusiast and security researcher, Charles Miller, Ph.D., principal security analyst with Independent Security Evaluators. He talked about how easy it was to hack Leopard and iPhones, which share a common root OS.

Essentially, Dr. Miller said that Apple was falling down on the job and making its OS way too easy to hack. He said he found more than 50 OS X programs that run in the SUID (Set User ID) context, most of which had been made non-SUID by most Unix and Linux distros years ago. He said that OS X doesn't randomize memory, the stack, heap, or kernel instruction pointers, which are simple antibuffer overflow mechanisms deployed in Windows, Linux, BSD, and many other OSes.

He continued by listing dozens of old programs and libraries patched in other OSes that Apple is still installing by default, or just getting around to patching. Dr. Miller showed the crowd two recent JavaScript exploits (one on OS X and the other for the iPhone) and shared all the great reasons why the Mac OS X is an easy platform to exploit. He also shared his techniques for hacking iPhones and discussed several other tools that made finding Apple exploits easier. He was absolutely giddy about some of the new changes Apple is making that will simplify the life of a hacker, er, researcher in the coming months.

Ultimately, Dr. Miller lamented Apple's growing market share as matched against its current state of security design. A member of audience put it this way: "Apple is like this little ole, family-town sheriff who's moved to inner-city D.C. and is attempting to spread the love. It won't be pretty."

Hacking RFID: For my money, Chris Paget, director of R&D for IOActive, provided great entertainment from his RFID hacking demos and gun-shooting videos. Paget and his company developed a low-cost, handheld device for cloning RFID cards. Paget held up several RFID cards, waved them close to his cloning device, and in seconds created a usable copy of the original RFID card. He even placed one of the RFID cards into a protective sleeve that is advertised to keep the RFID card safe from cloning. Within 3 seconds, his device successfully read the information stored on the RFID card. In conclusion, Paget said, "If you use 125KHz proximity cards, your doors are highly insecure!"

At the back of the audience, another vendor, Identity Stronghold, was handing out free "secure sleeves" to help protect security cards from malicious cloning. I asked if the card sleeve would prevent the cloning that Paget was demoing. "No," was the reply, "not 125KHz cards." Maybe it's time to investigate your company's RFID frequencies.

Phil Zimmerman showed off his new Zfone VOIP security software. It adds solid encryption protection to any software-based VOIP security software simply by installing the free software and pointing your VOIP software to a new host port. It doesn't use persistent keys or PKI. Mr. Zimmerman spent lots of time answering the audience's questions about the Zfone and encryption software in general. But he had me at "Today, what I really care about is making sure democracy continues to thrive." You have to admire a guy with a 30-year burning desire for the betterment of the commons.

Bruce Schneier gave a great second-day keynote on the psychology of security. If you've been following any of Bruce's writings over the last year, you're already intimately familiar with the topic. I think I've read more than half a dozen of his essays on the subject, but he still managed to bring fresh information to the table and was a good speaker. I believe everyone, involved with security or not, should read Bruce's provocative information.

Brandon Baker of Microsoft spoke on Windows Server 2008's new virtualization model used in the Windows Virtualization Server (WSV) server role. Although I'm unsure if the new security changes apply to just WSV or virtualization in general, here's the gist of the newer security implementation: In older-style VMs, Guest OSes ran their kernel in the processor's Ring 1 (instead of Ring 0) and their applications in Ring 3. This necessitated that VM software fake the Guest OSes' kernel into thinking it was running in Ring 0, as it expected. This requires virtualization tricks and special VM drivers.

The newer VM security model uses Intel and AMD hypervisor processor extensions to separate memory, CPU, and other resources into one or more partitions. The software portion of the hypervisor and the VM software run in the root partition. All Guest OSes run in separate partitions with separate resources, but with access to Ring 0 and above. This means no special VM drivers are needed. However, Guest OSes are prevented from directly accessing hardware by the extensions built into the CPUs.

Baker went on to summarize the threat-modeling scenarios and assumptions used to secure the next-generation virtualization software. He even covered threats they didn't address (for example, utilization DoS attacks, covert channels, and so on) inside of each partition and where the biggest risks were. This was nothing new for those who follow virtualization, but it offered a nice, short presentation of the implemented changes.

Former chief counterterrorism advisor Richard Clarke gave the first day's keynote. I've seen him speak twice this year, and both times he thoroughly entertained the audience. I was upset that he took both opportunities to shamelessly hawk his latest book -- the guy's being paid to speak about security issues near and dear to our hearts, not to plug his writing. I have to say that my opinion of him has dropped considerably. I'm shocked. (In an unrelated story, my seventh book on computer security, " Windows Vista Security: Securing Vista Against Malicious Attacks," written with Dr. Jesper Johansson, is finally out and sold well at Black Hat. I'm shocked, I tell you.)

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Roger A. Grimes

Roger A. Grimes

Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?