Black hats and hackers

The Black Hat and Def Con events in Las Vegas have wrapped up for another year, and while the Michael Lynns of the world failed to ignite the flames of controversy in quite the same way as last year, delegates found more than enough to keep them occupied.

  • E-Mail
By  Eliot Beer Published  September 3, 2006

|~|hall200.jpg|~||~|Defcon is, by all accounts, an event to be reckoned with. With what the FAQ describes as “possibly the most hostile wireless network in the world”, this haven for hackers, crackers, script-kiddies, security professionals and law enforcement officers alike certainly seems to keep its 3,000-plus delegates busy for a few days each summer. The headline news this year was wireless security. Jon “Johnny Cache” Ellch, and David Maynor of SecureWorks, presented a demonstration on how simple it could potentially be to defeat a wireless access device, by way of badly-coded device drivers. This vulnerability stemmed, they said, from the tendency of developers to rush driver coding. “Speed to market is so important; some things don’t get tested properly,” they said in their presentation. “New hardware and committee-designed protocols are especially susceptible.” The pair pointed out the complexity of the 802.11 standard, leaving a lot of potentially vulnerable areas in the event of poor coding. They also demonstrated how fuzzing (repeated attempts to transmit bad code) could compromise a vulnerable driver – they did point out that the results of fuzzing were hard to determine, as an effect could come from any one of a number of packet chains. The potential for security problems with unreliable drivers for wireless access devices is clear. With so many variants on one single driver, and a tough job ahead for any organisation which seeks to update an entire fleet of employee laptops, for example, driver hacks could run. No documented exploits have been found in the wild. But after a Defcon presentation a large number of malware authors will be working hard to develop a way to exploit device driver flaws. Speaking of alarmist behaviour, Forrester’s take on the Black Hat conference held just before Defcon was to accuse presenters of taking an alarmist approach: “Black Hat demonstrated that there are still, and always likely will be, a subset of researchers so parochial in their view that they will deliver their news like Chicken Little did,” comments Michael Gavin in the Forrester report. “However, Black Hat also revealed a growing breed of mature researchers who put their findings into the perspective of the larger business picture. While a particular attack technique can cause significant damage, predicting the impending demise of the internet is not useful or likely to be remotely accurate.” Highlights of the Black Hat briefings included discussions on exploits for SQL databases, Ajax-based web applications, VoIP, RFID and Windows Vista – although Microsoft, “traditionally a pariah at events like Black Hat” according to Forrester, played a significant part in the event.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code