Black Hat D.C. 2008

Black Hat D.C. wraps up

Breaking things--that's what the very bright and super curious do; they look beyond the obvious to see what's truly lurking beneath the surface. On Wednesday and Thursday, attendees at Black Hat D.C. 2008 got a window into the latest research being done on Web applications, wireless, and embedded technologies.

On Wednesday, researchers David Hulton and "Steve" showed how with about $1,000 with of equipment they can decrypt A5/1 cellular GSM traffic in less than a hour. Following that, Adam Laurie reprised his popular RFIDiots talk from last year's Black Hat briefings with … Read more

The hands-free way to steal a credit card

Update on February 22, 2008, at 3:20 p.m PST: This blog has been updated to include a response from American Express.

WASHINGTON D.C.--Adam Laurie, an RFID security expert, used the Black Hat DC 2008 conference here, to demonstrate a new Python script he's working on to read the contents of smart-chip-enabled credit cards.

As part of his presentation Wednesday, Laurie asked for someone from the audience to volunteer a smart card. Without taking the card out of the volunteer's wallet, Laurie both read and displayed its contents on the presentation screen--the person's name, … Read more

The myth of the Ninja Hacker

Washington D.C. -- On Wednesday, in a talk at Black Hat D.C. 2008, two researchers set out to see whether phishing sites were created by the "Einsteinian, ninja hackers that the media makes them out to be."

In a talk titled "Bad Sushi: Beating Phishers at their own game," Nitesh Dhanjani and Billy Rios found not a sophisticated gang of elite coders, but hundreds of bad coders all copying one another, and often stealing from each other.

Dhanjani and Rios expressed disapproval of antiphishing products that use black lists to block known phishing sites. … Read more

The IRS seeks brand protection

Washington D.C. -- Like the Bank of America brand name, the United States Internal Revenue Service is a brand that also needs online protection. On Wednesday, Special Agent Andy Fried with the U.S. Treasury Department gave a second keynote address to start off Black Hat DC 2008. He said as of February 19 this year, there were 1,630 phishing sites using the IRS name or logo, marking a 12 percent to 17 percent increase over last year.

Although the IRS phishing sites may be taken down with an hour or so, that's still long enough for … Read more

Black Hat D.C. 2008 begins

WASHINGTON--On Wednesday, Black Hat D.C. 2008 gets under way, after two days of intense training sessions. The D.C. Black Hat security conference is much smaller than the summer Black Hat USA in Las Vegas. But what D.C. lacks in size, it makes up for in sessions and talks.

On tap for Wednesday is a keynote speech from Jerry Dixon, former director of the National Cyber Security Division, Department of Homeland Security. Following the keynote address will be two parallel tracks of programming--Web app and wireless--including presentations from Chuck Willis of Mandiant on forensic challenges of cross site … Read more