Feeds

Black Hat draws world hacking gang – and Apple – to Sin City

New faces, and a few old ones

The Essential Guide to IT Transformation

Black Hat 2012 The 2012 Black Hat conference is kicking off in Las Vegas, and this year's session will see Apple presenting for the first time, as well as a reunion of some of the team behind the first briefings 15 years ago.

Black Hat, and the associated DefCon sessions which follows it, is probably the largest collection of hardcore computer security experts on the planet, and features the latest updates on hacking opportunities and serious vulnerabilities. Nearly 10,000 people are expected to attend and share or use the knowledge gleaned to protect – or crack – systems.

While Apple has had security staff among the attendees for many years, the company has never actually made a presentation until this year. The recent spate of attacks on its products, however, appears to have engendered a new awareness that it can't go it alone – and so the delightfully named Dallas De Atley, manager of the platform security team at Apple, will deliver a talk on iOS security.

Microsoft recognized the importance of Black Hat relatively early, and has been sending staff since the late 1990s, although Redmond's problems with security make Apple's recent public failings look like a mere flea bite by comparison. A session on Windows 8 vulnerabilities is scheduled that should prove both enlightening and worrying for Redmond – given we're getting close to the launch of the new OS.

There's also a reunion of some of the first Black Hat attendees. Jeff Moss, who started the conference before selling it, will join a panel with security guru Bruce Schneier, Adam Shostack, Marcus Ranum, and Jennifer Granick. The talk, entitled "Smashing the future for fun and profit", will look at how things have developed in the last decade and a half, as well as considering what the next hot targets will be.

Another regular, Dan Kaminsky, will also be addressing the crowds on the latest naughtiness he's proved possible. Kaminsky, who was instrumental in proving the need for and implementing DNSSEC as well as fixing SSL, is fast becoming one of the regulars at the show after deciding to go totally legitimate because, as he told us in 2010, he "didn't want his mother to have to visit him in prison."

While Black Hat is always informative, it also engenders a certain level of risk. Already someone has sent out a bogus password reset email to some attendees, and cracking the organizers is something many of the more mischievous attendees try – and anyone attending the show, including your Reg reporter, is considered fair game.

This year the organizers have warned attendees to avoid using Wi-Fi or other radio connections in the conference venue, steer clear of ATM machines (after a bogus one was set up near the venue in 2009), shield RFID-equipped cards and passports, and advises that all passwords are changed after the show.

"Wear a tinfoil hat," the advisory email states. "OK, kidding about this one ... although I do see one every show." ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.