Black Hat Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Intel ships BIOS fix for Rutkowska's Black Hat flaw: Intel ships BIOS fix for Rutkowska's Black Hat flawDoes it affect Windows98?Does this affect Windows98? I'm running a 3.1 MySQL server in my DMZ on Windows98 and I hope it won't be affected by this. My Gram-mummy uses an SSH tunnel through the TOR Onion router network to get to...; Tags: OPEN SOURCE, Databases, Intel Corp., MySQL, Gram-mummy, Windows98, Black Hat, BIOS; Discussion threads 2008-08-27
Intel ships BIOS fix for Rutkowska's Black Hat flaw: Intel has shipped a BIOS update with a fix for a privilege escalation vulnerability that was used by rootkit researcher Joanna Rutkowska to bluepill the Xen hypervisor. The vulnerability was discussed by Rutkowska at the Black Hat briefings earlier this month but details on the exploit were...; Tags: Black Hat, Hypervisor, Motherboard, BIOS Update, Intel Corp., Flaw, System Management Mode, Level Privilege, BIOS, Virtualization, Hardware, Components, Ryan Naraine; Blog posts 2008-08-27
The ugly truth: Satan, social networks and security: Here's the simplest way to get arbitrary code execution in the browsers of millions of users -- ask for permission. by Jennifer Leggio; Tags: Social Networking, Black Hat, Network, App, MySpace, SocNets, SocNet, Security, Jennifer Leggio; Blog posts 2008-08-25
Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out: Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks outNicely doneI appreciate that you took the time to speak with the researcher who actually discovered the flaws.There are a couple of bloggers on ZDNET who always seem slant their "blogs" with grandiose claims against one platform or technology.I think...; Tags: Microsoft Windows Vista (Longhorn), Blogging, Black Hat, Microsoft Windows Vista, Alexander Sotirov, Microsoft Corp., security; Discussion threads 2008-08-11
Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out: Earlier today I published a lengthy blog post questioning some of the sensationalist conclusions raised in press coverage of a paper presented by Alexander Sotirov and Mark Dowd at last week's Black Hat Conference in Las Vegas. This afternoon, I received an e-mail from Sotirov, who says he was "horrified...; Tags: Technique, Black Hat, Microsoft Windows XP, Vulnerability, Microsoft Windows Vista, Microsoft Corp., Web Browser, Exploitation, Microsoft Windows Vista (Longhorn), Web Browsers, Security, Operating Systems, Microsoft Windows, Software, Internet, Ed Bott; Blog posts 2008-08-11

Windows security rendered useless? Uh, not exactly: Oh dear. The Chicken Little contingent is out in full force. Break out your Kevlar helmets, everyone, because the sky is falling on Windows! At last week's Black Hat conference in Las Vegas, researchers Alexander Sotirov and Mark Dowd presented a paper that outlined some new attack vectors they had...; Tags: Black Hat, Attacker, Windows Security, Vulnerability, Microsoft Windows Vista, Defense, Memory Protection, Vulnerability Disclosure, Microsoft Windows, Microsoft Windows Vista (Longhorn), Security, Operating Systems, Software, Ed Bott; Blog posts 2008-08-11
Black Hat Las Vegas Day 2: Black Hat Las Vegas Day 2Dowd and SotirovYou mention Dowd and Sotirov's talk in passing. I'm intensely curious to read your take on their presentation when you get an opportunity to review their stuff. Is it on your blogging agenda?GreatSounds like lots of fun. Nice update. Don't know how you...; Tags: Blogging, Sotirov, Dowd, Black Hat; Discussion threads 2008-08-09
Black Hat Las Vegas Day 2: Again, sorry for the late updates. Vegas is the kind of place that demands a lot of a person. Too many parties make it difficult to find time to blog on the conference. Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but...; Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters; Blog posts 2008-08-09
Black Hat Las Vegas Day 1: Black Hat Las Vegas Day 1Way to go Nate, Billy, and Rob.Congrats on the Pwnie, I read about it at Dark reading, but haven't actually read your current blog yet.That bit with Kaminsky was...odd. Booing? Really?edit: Now that I've read your blog, I've got to say that I really like...; Tags: Blogging, Black Hat; Discussion threads 2008-08-08
Black Hat Las Vegas Day 1: Well, this is well late, but here's my recap of Black Hat Day 1. Sorry for the delay, but I've been terribly busy finishing up preparations for my Day 2 talk. The first talk I went to see, "Pointers and Handles, A Story of Unchecked Assumptions...; Tags: Black Hat, Billy Rios, Dan, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters; Blog posts 2008-08-08
On GIFARs: Ever since Rob McMillan of IDG published a story giving a preview of our coming Black Hat talk, specifically a preview of the portion of our talk related to GIFARs, media coverage of the research has swirled a bit out of control and there's been some misconceptions. My co-presenter John...; Tags: Black Hat, Vector, Applet, Image, Attack, Heasman, Nathan McFeters; Blog posts 2008-08-02
Black Hat Sneak Preview: Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we've coined...; Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, GIFAR, Java, Programming Languages, Security, Software Development, Software/Web Development, Nathan McFeters; Blog posts 2008-08-01
Black Hat talk on Apple encryption flaw pulled: Black Hat talk on Apple encryption flaw pulledCan something be common and interesting too?[i]I find it interesting that Apple is more than happy to let its own employee, Alex Ionescu, discuss flaws in the Microsoft Windows Kernel, but not willing to allow another researcher to talk about Apple.[/i]Apple double standards...; Tags: Apple Inc., encryption flaw, Black Hat; Discussion threads 2008-07-31
Black Hat talk on Apple encryption flaw pulled: Brian Krebs from the Washington Post "Security Fix" Blog reported that one of the talks slated for next week's Black Hat convention on a previously undiscovered flaw in Apple's FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking. ...; Tags: Black Hat, Researcher, Apple Inc., Flaw, Security, Nathan McFeters; Blog posts 2008-07-31
Vulnerability disclosure gone awry: Understanding the DNS debacle: On July 7, the day before the release of the patch for the now infamous DNS design flaw, hacker Dan Kaminsky with the help of Black Hat conference organizers invited reporters to a press conference to "discuss the massive multivendor patch being released this Tuesday." "A synchronized...; Tags: Black Hat, DNS, Conference, Dan Kaminsky, Thomas Ptacek, Domain Names, Patches, Security, Networking, Internet, Ryan Naraine; Blog posts 2008-07-22
Kaminsky to discuss DNS flaw at Black Hat sponsored webcast: The Black Hat group on Twitter provided a message today alerting people to a webcast to be put on by Dan Kaminsky on the DNS vulnerabilities that I've heavily covered as follows: Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08 ...; Tags: Black Hat, Webcast, DNS, Flaw, Domain Names, Networking, Internet, Nathan McFeters; Blog posts 2008-07-15
Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08: Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08What should users of the DNS checking tool expect to see?Can you document that a bit more?RE: Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details atYour name server, at 10.1.1.1, appears vulnerable to DNS Cache Poisoning.All...; Tags: Domain names, NETWORKING, DNS, multi-vendor patch, Dan Kaminsky, patch, Black Hat; Discussion threads 2008-07-08
Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08: It would seem there's a bigger story to that MS08-037 flaw that came out for Patch Tuesday today. From Dave Lewis over at the Liquid Matrix security blog: Today Dan Kaminsky released a first, as far as I can recall. A coordinated patch was released today...; Tags: Black Hat, DNS, CERT, Flaw, Mogull, Updates, Domain Names, Networking, Security, Internet, Nathan McFeters; Blog posts 2008-07-08
Black Hat '08 preview webcast on its way: Black Hat '08 preview webcast on its wayExcellent line up"Secure the Planet! New Strategic Initiatives from Microsoft to Rock Your World" - Install Linux instead."SQL Injection Worms for Fun and Profit" - Why not to use naive me-too's to write your web-apps."Pointers and Handles, A Story Of Unchecked Assumptions In...; Tags: Microsoft Windows, Black Hat, Webcast; Discussion threads 2008-06-16
Black Hat '08 preview webcast on its way: Ladies and gents, For those who hadn't heard, I will be presenting at Black Hat Vegas '08 this year with Rob Carter, John Heasman, and Billy Rios. Our presentation is called "The Internet is Broken: Beyond document.cookie - Extreme Client Side Attacks", which may sound like a...; Tags: Black Hat, Webcast, Nathan McFeters; Blog posts 2008-06-15