Posted by Virus Bulletin on Aug 12, 2005
Andrew Lee shares his highlights of the Black Hat Briefings USA
In the midsummer heat of the Nevada desert, close to two thousand people donned their sunscreen and their coolest 'geek wear' and congregated for the annual Black Hat Briefings.
It was my first time at one of these events, and so, like a newbie at an unfamiliar restaurant, I wanted to sample a little of a lot of different things.
Setting the tone of controversy for the conference was Gillman Louie, the man who introduced Tetris to the USA, but who is now involved in advising on US National Security. Louie's speech focused on the current situation in security, a state where we no longer own the systems we run, as they are besieged by layers of diverse security software. He focused on information efficiency, pointing out that security must be frictionless. Each operation costs businesses money, and the overheads of security are expensive.
As security professionals, we can spend a lot of time thinking about the technical implementation and dealing with the threat, but we should never lose site of the end goal, enabling the customer to work efficiently - allowing the customer to reclaim their systems for the purpose they bought them.
Most people will by now have heard of the controversy generated when a presentation of a remote exploit in a widespread CISCO system was pulled by the company (at considerable cost) and the presenter who went ahead with the presentation which had been withdrawn, effectively resigning his post as he did so. Unfortunately, my sampling of little things didn't stretch to this presentation, but this has been sufficiently well reported elsewhere.
Probably the most interesting presentation (at least from the point of view of the AV world) was Neel Mehta and Alex Wheeler's presentation 'Owning anti-virus: weaknesses in a critical security component'. This was clearly meant to be a controversial topic, and indeed they did demonstrate that some remote exploits were possible in a range of products. However, it seems more than likely that these holes have been patched, and they did not fail to notice that on the whole anti-virus software is written well, and has fewer such flaws than other systems. On the whole this was an interesting presentation, but I felt it could have been broader in scope, focussing on more than just anti-virus, especially as flaws in other security systems (notably firewalls) have been exploited by replicative malware (W32/Witty for instance), whereas, to date, no Anti-Virus software I am aware of has been.
Some presentations which looked promising, for instance 'Phishing with super bait' contained little new material, and were dogged with under-rehearsed demos, which repeatedly failed to show the intended results, if there's one recommendation I'd make to any presenter, it is to rehearse your demos. And then rehearse them again.
To me, some of the 'Turbo Talks' - 20-minute blasts through very focused topics, were some of the best presentations of the week, particularly, Mike Pomraning's talk about injection flaws and input validation, and Kevin Cardwell's 'Toolkits: all-in-one approach to security' - a whizz through some of the best tools for auditing and scanning systems.
A highlight, and the last session of the conference, was the panel debate on a National ID scheme. Nothing is more likely to get a room full of security wonks hotter under the collar than putting all their private data into a single big, government-owned, database, and so it proved. The most unfortunate thing with such topics is that it is nearly impossible to have a reasoned debate, because the emotions are so high. However, it's always fun to end an event with a good fireworks show.
On the whole, the Black Hat Briefings maintained a high quality (there are bound to be some patches in a conference large enough to run five full tracks) and was generally of a good technical level. As the security industry converges from separate point solutions towards unified solutions, I recommend it to the AV world, which I felt was generally under-represented. See you there next year!
Posted on 12 August 2005 by Virus Bulletin
