black hat federal

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Vista's ASLR not so random, but does it matter?

Symantec is using the spotlight of the Black Hat DC 2007 conference to pick apart the security technologies built into Windows Vista.On the heels of its exposé of weaknesses in the UAC user account control mechanism, Symantec rolled out a Vista security portal with three new research papers discussing legacy...

Tags: Pen testing, Black Hat Federal, Data theft, Black Hat, Viruses and Worms, Spyware and Adware, Exploit code, Spam and Phishing, Responsible disclosure, Rootkits, Vulnerability research, Microsoft, Windows Vista, Hackers

Blog posts 2007-02-28

HID denies RFID demo threat, hackers worry

Black Hat Diary: IOActive's decision to cancel its RFID hacking demo is the main topic of conversation here as white hat hackers ponder the ramifications of a vendor using patent infringement claims to thwart legitimate security research.The company at the center of the storm, HID Global, issued a statement acknowledging...

Tags: Black Hat Federal, Digital rights management, Pen testing, Open source, Exploit code, Black Hat, Responsible disclosure, Punditocracy, Vulnerability research, Cisco, Hackers

Blog posts 2007-02-28

Additional Resources

News to know: Amazon-Zappos; eBay earnings; Windows server; AMD; Plastic Logic Reader; Apple-AT&T

Here are today's notable headlines. You can get News To Know via email alert and RSS daily. For continuous updates see BNET's around-the-Web tech coverage. Larry Dignan: A good fit: Amazon gobbles up Zappos Tom Steinert-Threlkeld: Don't Forget to Turn Out the Lights,...

Tags: Google Inc., Larry Dignan, Plastic Logic, Microsoft Windows Server, Server, Matthew Miller, Earnings, Adrian Kingsley-Hughes, Advanced Micro Devices Inc., eBay Inc., Microsoft Windows 7, Microsoft Windows, Corporate Communications, Team Management, E-books, Operating Systems, Software, Marketing, Management, Personal Technology, Sam Diaz

Blog posts 2009-07-23

Romanian authorities arrest cybercrime suspects

Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once. Just a day after reading...

Tags: Arrest, eBay Inc., Romania, Romanian, Phishing, Identity Theft, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-07-17

Security Researcher to release Cisco rootkit at EUSecWest

According to good friend Robert McMillan of IDG News, Sebastian Muniz, a researcher with Core Security Technologies, has developed malicious rootkit software for Cisco's routers, which he will release on May 22 at the EuSecWest conference in London.  This will mark the first time at least publicly that someone has released a...

Tags: Black Hat, Cisco IOS, Router, Cisco Systems Inc., Robert McMillan, Rootkits, Security, Spyware, Adware & Malware, Nathan McFeters

Blog posts 2008-05-14

ToorCon Seattle 2008: Nuke plants, non-existent sub domain attacks, muffin diving, and Guitar Hero

*** Updated: ToorCon images uploaded.  Click here!  Alright, that title probably sounds pretty random... well, welcome to ToorCon!  ToorCon has long been one of my favorite conferences for the easy atmosphere, laid-back presentations, and parties.  This year's Seattle-based ToorCon was the best I've been to. ...

Tags: Attack, Conference, Domain, Microsoft Corp., Nathan McFeters, Researcher, Security, ToorCon Seattle 2008, XSS

Blog posts 2008-04-21

Black Hat Europe, Day 4 (Finally): Early wake-up calls always lead to long days

For those of you who had been reading my Day 1, Day 2/Day 3, and Day 2 revisited stories about Black Hat Europe here on ZDNet, I'm sure you were wondering what happened to Day 4, the second day of conferences.  Well, after a long delay, here it is!  Basically, I got caught up...

Tags: Black Hat, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Nathan McFeters

Blog posts 2008-04-07

Blackhat Europe, Day 1: The Waag, the Bulldog, and web application hacking

Considering my previous posts on my experiences at Black Hat Federal received pretty good reviews, I thought it would make sense to again highlight a Black Hat trip. This time it was all the way out to Amsterdam, where Rob Carter and I will be speaking about URI Use...

Tags: Black Hat, Web Application, SQL, Training, SQL Injection, Tool, Nate, Productivity, Hacking, Workforce Management, Security, Human Resources, Nathan McFeters

Blog posts 2008-03-25

Are Routers the Next Big Target for Hackers?

I've recently seen a great Black Hat presentation by Felix FX Lindner (see pic 2) and a blog posting by Petko D. Petkov PDP (see pic 1) on the subject of hacking routers.  What seems to be clear is that they are becoming a bigger target.  PDP, of the gnucitizen group, recently...

Tags: Nathan McFeters

Blog posts 2008-03-04

Patch service shuts after Microsoft request

Patch service shuts after Microsoft requestAll your computers belong to us ...Microsoft wants to continue having DIRECT access to your computers, no more, no less. They want each and every computer in the world to interface to their servers directly, so that they have unfettered two-way communications without the possibility...

Tags: PRODUCTIVITY, Patches, SECURITY, Microsoft Corp., AutoPatcher, computer

Discussion threads 2007-08-30

Legal woes mount for TorrentSpy

Legal woes mount for TorrentSpyTally another loss of liberties - this is getting oldI understand that they want to protect copyrighted information. That's the law, and it's not possible for someone to actually claim that copyrighted material should be free to anyone - that goes against the purpose of...

Tags: Servers, Now IT, e-mail, Legal Woe, TorrentSpy, media, server

Discussion threads 2007-08-29

Is the outlook bright for upcoming IT talent?

Is the outlook bright for upcoming IT talent?Doesn't look so bright to me!The way I see it, the US IT industry will implode. Companies want more knowledge and responsibilitiues form their IT workers, in ever increasingly complex environments, but don't reward that with salary incentive. In fact, salaries...

Tags: Strategy, Recruitment & Selection, Outsourcing, homeland security, Microsoft Outlook, information technology, upcoming IT talent, IT talent, H-1B, job

Discussion threads 2007-03-02

Black Hat RFID hacking demo threatened

Another Black Hat conference, another vulnerability disclosure debate.IOActive's Chris Paget's plan to explain why RFID technology is "insecure and untrustworthy" has run into a legal stumbling block after secure card maker HID Corp. raised objections in a letter that claims possible patent infringement.InfoWorld's Paul Roberts is reporting that HID sent...

Tags: Wi-Fi security, Pen testing, Black Hat, Exploit code, Responsible disclosure, Punditocracy, Cisco, Vulnerability research, Oracle, Hackers, Zero-day attacks, Uncategorized

Blog posts 2007-02-27

Symantec: Vista's UAC prompts can't always be trusted

Microsofts implementation of the UAC user account control mechanism in Windows Vista continues to take a beating from security researchers. Less than a week after Polish hacker Joanna Rutkowska raised an alert for design -- and implementation -- bugs in the default no-admin component, a member of Symantecs Advanced...

Tags: Black Hat, Data theft, Exploit code, Hackers, Microsoft, Pen testing, Punditocracy, Responsible disclosure, Uncategorized, Vulnerability research, Windows Vista

Blog posts 2007-02-20

Facing biometrics' limits

Facing biometrics' limitsHopefully they NEVER get this right!I'm too glad anytime I hear how control freak scum can't get their useless Big Brother devices in order.Biometrics, like the national ID card and no-fly lists, will be just one more thing which does this world in.While the soccer mom twits of...

Tags: Authentication/Encryption, Government, Social Security, SECURITY, biometrics, fingerprint

Discussion threads 2006-06-22

Who are you? Your government wants to know...

Back in the late 90's Utah proposed putting the driver's license on a smart card. I thought this would be a great place to store state-issued digital keys tied to the identity on the driver's license. The idea was met with considerable resistance by what some have called...

Tags: Skype Technologies S.A.

Blog posts 2006-02-22

Oracle from unbreakable to unpatchable

When people complain about patching two or three vulnerabilities every month on their Windows machine, I can't help but chuckle when I think about the dire situation Oracle users are in. Oracle, which has always bragged about being "unbreakable" and "never breaks" just released its quarterly critical patch update...

Tags: Oracle Corp.

Blog posts 2006-01-27

Hackers step up search for unpatched servers

Hackers step up search for unpatched serversSANS takes 4 days to alert ITThis is one reason to dump MS server products and go Novell, Linux or BSD.WINS on internet?Who in their right mind has a WINS server that is accesible from the Internet? Do people really do that?Responsibility all around.Even...

Tags: Hacking, Servers, Patches, SECURITY, server, Microsoft Corp., hacker

Discussion threads 2005-01-05

Oracle, Justice Dept. seek June trial

Oracle, Justice Dept. seek June trialMicrosoft needs Oracle's customer list for market entry. Bush DOJ helps."While the court meeting will center on the mundane issue of scheduling, a few sparks may fly when the Justice Department argues that it should get access to the bulk of Oracle's customer discount...

Tags: Government, U.S. Department of Justice, Oracle Corp.

Discussion threads 2004-03-10