Black Hat draws world hacking gang – and Apple – to Sin City
New faces, and a few old ones
Black Hat 2012 The 2012 Black Hat conference is kicking off in Las Vegas, and this year's session will see Apple presenting for the first time, as well as a reunion of some of the team behind the first briefings 15 years ago.
Black Hat, and the associated DefCon sessions which follows it, is probably the largest collection of hardcore computer security experts on the planet, and features the latest updates on hacking opportunities and serious vulnerabilities. Nearly 10,000 people are expected to attend and share or use the knowledge gleaned to protect – or crack – systems.
While Apple has had security staff among the attendees for many years, the company has never actually made a presentation until this year. The recent spate of attacks on its products, however, appears to have engendered a new awareness that it can't go it alone – and so the delightfully named Dallas De Atley, manager of the platform security team at Apple, will deliver a talk on iOS security.
Microsoft recognized the importance of Black Hat relatively early, and has been sending staff since the late 1990s, although Redmond's problems with security make Apple's recent public failings look like a mere flea bite by comparison. A session on Windows 8 vulnerabilities is scheduled that should prove both enlightening and worrying for Redmond – given we're getting close to the launch of the new OS.
There's also a reunion of some of the first Black Hat attendees. Jeff Moss, who started the conference before selling it, will join a panel with security guru Bruce Schneier, Adam Shostack, Marcus Ranum, and Jennifer Granick. The talk, entitled "Smashing the future for fun and profit", will look at how things have developed in the last decade and a half, as well as considering what the next hot targets will be.
Another regular, Dan Kaminsky, will also be addressing the crowds on the latest naughtiness he's proved possible. Kaminsky, who was instrumental in proving the need for and implementing DNSSEC as well as fixing SSL, is fast becoming one of the regulars at the show after deciding to go totally legitimate because, as he told us in 2010, he "didn't want his mother to have to visit him in prison."
While Black Hat is always informative, it also engenders a certain level of risk. Already someone has sent out a bogus password reset email to some attendees, and cracking the organizers is something many of the more mischievous attendees try – and anyone attending the show, including your Reg reporter, is considered fair game.
This year the organizers have warned attendees to avoid using Wi-Fi or other radio connections in the conference venue, steer clear of ATM machines (after a bogus one was set up near the venue in 2009), shield RFID-equipped cards and passports, and advises that all passwords are changed after the show.
"Wear a tinfoil hat," the advisory email states. "OK, kidding about this one ... although I do see one every show." ®