Friday, 16 March 2012

BlackHat EU 2012 - Day two and three summaries

I have been enjoying myself at BlackHat Europe 2012, soaking up some of the leetness, absorbing some of the technologies I am less familiar with, meeting great people, and talking with them about things which really interest me - which is all good.


BlackHat EU 2012 - Day two

My Presentation seemed to go well, with several interested people coming up to ask various questions afterwards, maybe due to the fact that I described and showed around 10 exploits I recently discovered in common security products (all patched now BTW - but some very interesting, some creative, and several rather ironic - for example: "a spam the reconfigures the spam-filter", "a URL that owns the URL-filter").


My favourite presentation of Day two was "Data mining a mountain of Vulnerabilities" with Chris Wysopal.

This was quite a dry subject, but very well presented. Lots of data on vulnerabilities, with statistics on vulnerabilites sorted by application language, platform, horizontal and vertical markets, (among many other things)

Really interesting data, and something I feel that I might consult when doing application testing.


Chris had some really interesting graphs, the one above showing clearly that most web-apps contain at least one of the most serious flaws.

Day three

Some really interesting presentations today on mobile/smartphone security. It's hard to choose the best one really, as the following three were very good, and looked like the conclusions were based on very solid research (and many hours of work).

  • "Secure Password Managers" and "Military-Grade Encryption" on Smartphones: Oh Really? by Andrey Belenko + Dmitry Sklyarov
    • Hmm... so password managers on smartphones are not very well coded - not a surprise really but, a lot of work has been done by these guys to review some of the most popular ones and find some bugs
  • Apple vs. Google Client Platforms by Felix 'FX' Lindner
    • A great talk this, delivered in FX's highly amusing style
  • The Mobile Exploit Intelligence Project by Dan Guido + Mike Arpaia
    • Interesting perspective from acedemia on the stats behind mobile exploits, it seems that the hype might be just hype (at least on the iOS platform, more potential on Android though, but still, not a great deal of real platform-pwnage happening)

Anyway, I am in the airport on the way home, and it has been a very good week...

7 comments:

  1. So much good Article you share with s, i so much appreciate that, i also want to tell you,,

    Think local. There are lots of smaller, local organizations that are doing great work in your community. I like to look for charities that are founded by people from within the community by people who understand its needs best, and who are coming up with creative solutions.
    Online Super Funds

    ReplyDelete
  2. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
    CC with CVV Fullz (USA, UK, CANADA)
    Tutorials & E-Books For Ethical Hacking
    Tools For Everything You Need

    I'm On Telegram = @killhacks & I C Q = 752822040

    Stuff available for
    (Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

    Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
    Availability 24/7
    FASTEST DELIVERY

    Build Your Own Business with proper guide & Legit Tools
    Always glad to serve

    GOOD LUCK
    Here I'm:
    I C Q = 752822040
    Tele-gram = @killhacks

    ReplyDelete
  3. يقدم مصنع زجاجات عصير بلاستيك pet من شركة بلاستك هوم عبوات عصير بلاستيك عالية الجوده بافضل الاسعار حيث تصنع الزجاجات من البلاستيك المقاوم للضوء والحرارة مما يحافظ علي نكهة العصير وصلاحيته لفتره اطول.

    ReplyDelete
  4. اليونيفورمات التي ينتجها مصنع يونيفورم امن صناعى تلتزم بالمعايير الدولية وتخضع لاختبارات صارمة للتحقق من جودتها ومتانتها. يهدف المصنع إلى تقديم منتجات تلبي احتياجات العملاء وتضمن سلامتهم وحمايتهم أثناء أداء مهامهم في بيئات العمل الصناعية. ببساطة، مصنع اليونيفورم الأمن الصناعي يُمثل أهمية حماية حياة وصحة العاملين في هذه البيئات المعقدة والمتطورة.




    ReplyDelete
  5. في المحلات التجارية، تُستخدم طباعة استيكر شفاف على الزجاج لعرض العلامة التجارية أو العروض الترويجية. تسمح هذه الاستيكرات بنقل الرسالة دون أن تحجب الرؤية عبر الزجاج. كذلك الملصقات الترويجية تعتبر وسيلة مثالية لإضافة ملصقات ترويجية على المنتجات دون التأثير على جمالية التغليف.

    ReplyDelete
  6. الأنظمة الهجينة (Hybrid Pool Heating Systems)
    كيف تعمل:
    هذه الأنظمة تجمع بين الطاقة الشمسية ومضخات الحرارة أو سخانات الغاز لتوفير تسخين مستمر على مدار العام. تعمل الطاقة الشمسية عندما تكون الشمس متاحة، وتقوم صيانة سخانات مياه شمسية أو السخانات الأخرى بالعمل في الظروف الجوية غير الملائمة.
    المميزات:
    توفر مرونة في تسخين المسبح، مما يتيح الاستفادة من الطاقة الشمسية مع ضمان تسخين دائم عند الحاجة.
    العيوب:
    تكاليف التركيب الأولية قد تكون عالية، لكن يمكن تعويضها بتوفير في تكاليف التشغيل على المدى الطويل.

    ReplyDelete