Establishing Digital Trust: Don't Sacrifice Security for Convenience
In the mythos of information security, this week is like no other. The Black Hat and DEF CON conferences again descend on Las Vegas, making us all more secure by exposing the insecurity of the world around us.
As the general manager of Black Hat, Trey Ford sits at the summit of the epic event with a vantage point on what's coming. Ford told eSecurity Planet that this year the two-day Black Hat event will pack in 130 presentations.
"You've got about 103 hours of content so there is a wide array of topics," Ford said. "Last year, we had nine rooms running simultaneously, and this year we've expanded that to 11."
'Sexy' Zero-day Disclosures
Highlights include a public appearance by the head of the National Security Agency (NSA), attacks against infrastructure and operating systems and more zero-day vulnerability disclosures than at any other two-day point in the entire year. Black Hat conference uses a detailed process to select speakers, though the availability of tools as well as zero-day exploit disclosures are important drivers.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Zero-day is always interesting and always sexy, so you'll see 35 or more zero-days that will be disclosed during the conference this year," Ford said.
Nearly 100 tools will be released at Black Hat this year. Half of them will be disclosed and released during individual sessions. The other half will be demonstrated and disclosed at the Black Hat Arsenal tools demonstration.
In past years, Arsenal was simply a hallway track that attendees crammed into as people walked by on their way to sessions. This year Arsenal is getting its own separate area to showcase tools.
NSA on the Spot
Among the big highlights this year is Day One speaker Gen. Keith Alexander, director of the NSA. Given the recent disclosures about the NSA's PRISM and surveillance activities, there is a lot of interest in Alexander's presentation.
Alexander spoke at the DEF CON conference in 2012. DEF CON is a conference operated by the original creator of Black Hat, Jeff Moss. Black Hat is currently owned and operated by UBM Tech. Moss has specifically asked U.S. federal agents not to attend DEF CON this year. In contrast, the NSA and U.S. federal agencies are being welcomed with open arms to Black Hat.
"It's important for us to have an opportunity to engage the feds and drive the conversation between the public and private sectors and offense and defense," Ford said. "That's one of the core commitments of the Black Hat brand."
Attendees usually ask questions following Black Hat keynotes. While Alexander is expected to field questions, it will happen in a controlled way. The NSA requested no open mike. So instead, Black Hat polled registered attendees for questions and is submitting them to the NSA.
"My expectation is that the general will address several of those during his keynote," Ford said.
Ford also expects to join the general on the stage after his keynote to present a few of the community's questions.
SIM Cards, Mactans and More
While the NSA is the headline for the event, lots of research will also make waves. Across the 130 presentations, Ford picked a few as ones he expects to excite attendees. One of them is a talk about Mactans, an attack against Apple iOS chargers. There are also talks targeting Smart TVs and SIM card hacking.
Going deeper, Ford said there is a lot of wire and protocol level research being discussed this year.
"The biggest challenge for me is staying rested and hydrated," he said."For most of this community, this is the most talking we do all year."
Black Hat briefings run on Wednesday and Thursday of this week.
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.