Monday, July 21, 2008

Defcon 2

Every year at about this time, we hear about the amazing new exploits and tools that will be shown off at Black Hat. To a lesser extent, there’s discussion of what will be shown at Defcon, though, typically, that show tends to be 15 presentations on how to use Wireshark mixed with political talks about copyright and legal hacking. In years past, we’ve seen Joanna Rutkowska’s introduction of the red pill and blue pill (vitrualization as trojan platform), Greg Hoglund show off his World of Warcraft attacks, and H.D. Moore discussing Metasploit’s many uses.

Despite the illustrious past of Black Hat and Defcon, this year’s show is shaping up to be one of the most dangerous ever. Between Rutkowska’s updated pills, Dan Kaminsky’s much ballyhooed DNS attacks, and the recent revelation that Kris Kaspersky will be unveiling processor-based attacks sometime in October, this should be one of the most eventful falls in computer security since the Legion of Doom first banged on virtual doors back in the 1980s.

Add to all of this the fact that Firefox 3 just arrived, making it a juicy target for hackers, and that almost every DNS server in the world has been patched within the last month, and you’ve got a recipe for the perfect storm. This fall, there really won’t be anyplace to hide. With the proper application of patches and security policies, it’s entirely possible to avoid all this strife, but the toughest part of staying up to date is keeping on top of the ever changing scene of exploitation. And with this August looking to be rife with new exploits, we’re all in for one hell of a ride.

-- Alex Handy

No comments: