Allez Fuzzing!
Sadly, Black Hat 2007 is now over. My first Black Hat. I learned lots. It inspired me to become even more of a nerd than I currently am. I <3 U, technology. Here's the short version ('cuz I wanna go play with my defcon badge. more on that later):
Black Hat low points:
- The annoying "Hackistan" guy. Seriously. Obnoxious.
- Too much red meat. Three out of four lunches this week were beef. What, did the organizers think all those nerds needed to beef up a bit? Sheesh.
Black Hat high points:
- Iron Chef: Black Hat. It was by far my favorite session. It was the static exploitation tool guys versus the runtime guys. The static guys found way more vulnerabilities, but weren't able to get an exploit tool running in the allotted 45 minutes, so the runtime guys won. Awesome. I hope they bring Iron Chef back next year!
- No-Tech Hacking with Johnny Long.
- Web 2.0 is fundamentally flawed. Amazing that most fancy new sites (gmail, hotmail, and whatever else uses Ajax and authenticates up front then pushes you into an insecure session) are vulnerable--just sniff the URLs visited, pull out one with a sessionid, paste it into your browser, and you're in their account! Doesn't matter if they change their password--you're in anyway! Gmail users--turn on SSL. For other sites... well, let's just hope that talk inspired people to secure their authentication systems!
- Satellite navigation injection attacks. I'd read about this on The Register several months ago, but it was entertaining to see their demos. I love the fact that you can broadcast a message like "bullfight in progress" and have it display in the middle of a freeway or something. Oh, I mean, what a terrible vulnerability. Shocking.
Enough for now. I'll probably think of more later.
No comments:
Post a Comment