Black Hat Conference 2009 Findings What Can the Network Security Industry Expect in 2010

http://bit.do/diuK9 Secret sale: 20$ off for Absolute Lojack.
1. Dark Hat Conference 2009 Findings: What Can the Network Security Industry Expect in 2010? Chris Rodriguez Research Analyst, Network Security September 15, 2009 2. Center Points • About Vulnerability Research • Overview of the Black Hat Conference • Major Highlights of the Conference • Expected Trends • Key Conclusions 2 3. About Vulnerability Research • Vulnerability examination is the establishment for various system security arrangements, for example, IPS gadgets and endpoint insurance programming. • Vulnerability examination is the cutting edge of guard from noxious code essayists and digital aggressors. 3 4. Diagram of the Black Hat Conference • The Black Hat Conference is the biggest, and best known security gathering arrangement on the planet. • This meeting is intended to serve the data security group by "conveying opportune, noteworthy security data in a well disposed, merchant nonpartisan environment." 4 5. Outline of the Black Hat Conference (cont.) • Historic Black Hat Conference occasions: - Dan Kaminsky's DNS reserve harming weakness - Cisco IOS defect that brought about a claim - Using virtualization to make imperceptible malware - Weaknesses in system security innovation, i.e. NAC - Vertical-particular adventures, (GSM, ATMs, open transportation) Black Hat NAC Cisco Blue Pill, the Kaminsky's called "an arrangement bashed sues imperceptible DNS assaults of rock tossing episodes" rootkit 2000 2005 2006 2007 2008 2009 5 6. Significant Highlights of the 2009 Black Hat Conference • MMS and SMS imperfections (cellular telephone commandeer through instant message) • iPhone code execution/dissent of-administration MMS assault • Advanced Mac OS X rootkits • Factory-introduced BIOS rootkits • Apple console rootkit • SSL encryption convention blemishes • SSL ridiculing • Fake ATM/card skimmer • Conficker talk cleansing 6 7. MMS and SMS Flaws • MMS and SMS information utilization has developed at a high rate throughout the years, and is estimated to keep on growwing essentially. • 900 billion SMS messages sent/got in 2008 (an increment of 132% from 2007) 7 8. MMS and SMS Flaws (cont.) • Luis Miras and Zane Lackey, of iSec Partners, introduced a defenselessness in the way cell telephones handle SMS messages. • This defect empowers an aggressor to commandeer cell phones, with fluctuating degrees of control. • An application called There's an Attack For That (TAFT) is a suite of hacking apparatuses for jailbroken iPhones. • A related presentation showed an assault that uses a degenerate MMS message to murder iPhones. 8 9. Rootkits • A rootkit is programming intended to furtively control a PC. • A rootkit uses propelled procedures to take full control of a framework, dark itself, and survive most endeavors to uproot it. • Rootkits are extremely hazardous, and are frequently utilized by programmers to make malware more compelling and detestable. • Researchers at CoreSecurity declared that they found production line introduced programming that acted as a rootkit. • Absolute Software's CompuTrace LoJack for Laptops is intended to secure and help find stolen laptops. • While not intrinsically pernicious, the specialists assert that its not extremely secure - leaving the likelihood for destroying assaults. 9 10. Rootkits (cont.) • Security scientist Dino Dai Zovi exhibited how to load a progressed rootkit on Mac OS X machines. • This is a serious issue with Mac OS X, which has been battling for piece of the pie against Windows. • An Apple console was additionally found to be helpless to a rootkit assault through its firmware overhaul framework. 10 11. SSL Encryption Issues • SSL is a trusted, secure convention for encryption and validation. • Dan Kaminsky exhibited on issues with X.509 endorsements, which are utilized for SSL encryption and verification. • X.509 testaments utilize an obsolete and feeble cryptographic hash capacity, MD2. • VeriSign, the main supplier of computerized authentications, minimized this declaration, saying that they no more utilize MD2. • Regardless, organizations have put a great many dollars in X.509, but it experiences both specialized and structural issues. 11 12. SSL Encryption Issues (cont.) • In a comparable presentation, security analyst Moxie Marlinspike demonstrated how an assailant could parody SSL testaments. • Marlinspike had the capacity trap a Web program into tolerating code, which can give an assailant various assaults to execute. 12