Black Hat Announcements

Black Hat Speakers in the News: Alexander Sotirov on Creating Rogue CA Certs

Tue, 30 Dec 2008 10:06:25 -0800

Today, Alexander Sotirov and Jacob Applebaum presented a proof of concept showing an attacker can subvert browser certificate validation and read or alter data sent to secure websites. Read more about their MD5 collision presentation here on Sotirov's blog.

Black Hat Webcast #6 Audio Now Online

Tue, 23 Dec 2008 13:49:25 -0800

You can now listen David Litchfield's webcast presentation about his new Oracle database forensics tool orablock online here:

Bookmarkable audio version:
https://media.blackhat.com/webinars/black-hat-6-december-2008-litchfield.m4b

Web Sync Version

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981

A Few Early DC Speaker Announcements

Tue, 23 Dec 2008 12:21:17 -0800

We usually wait until the CFP is closed before we start posting speakers, but we've accepted some speakers for our DC event early. We're pretty excited about how things are shaping up, so we're publishing the speakers page a little early. There will be a lot of changes to this page in the next few weeks, so keep checking back with us.

http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html

Black Hat Facebook Fan Page

Mon, 22 Dec 2008 18:42:53 -0800

Looking for another way to connect with Black Hat? We're experimenting with a Facebook Fan Page. We'd love to see your check it out, and maybe share something - photos, ideas, links to interesting information. Hope to see you there.

http://www.facebook.com/pages/Black-Hat-Briefings/107691635153

Black Hat DC rate reminder

Tue, 16 Dec 2008 13:21:19 -0800

Black Hat DC's earlybird registration rate will end January 1, 2009. so consider registering soon for the best rate. You can register online here:

https://www.blackhat.com/html/bh-registration/bh-registration-dc-09.html

or learn more about the event here:

http://www.blackhat.com/html/bh-dc-09/bh-dc-09-main.html

Reminder - Black Hat Free Webcast #6: Database Forensics with David Litchfield

Tue, 16 Dec 2008 13:06:29 -0800

Don't forget to sign up for your webcast with David Litchfield and his brand new Oracle database forensic tool, orablock. To register for free, follow this link:

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981

It promises to be a very interesting presentation, and we're looking forward to your questions. We hope you'll join us.

Black Hat Japan 2008 Audio Now Online

Tue, 09 Dec 2008 21:10:02 -0800

Bookmarkable audio for all talks is now available in the Japan 08 archive. Lots of good stuff there - please enjoy. The archive link is

https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-archives.html

The Keynote is enclosed with this entry, but there are lots of great presentations to check out.

New Blackpage Entry from Jeff Moss: General Black Hat Update

Tue, 09 Dec 2008 21:04:42 -0800

Black Hat Japan was a big success. We had a strong field of presenters and the audience response was excellent. If you'd like to hear any of the talks you might have missed, the audio is available online now (in bookmarkable m4b format) here.

Now we're gearing up for Black Hat DC, February 16-19 at the Hyatt Regency Crystal City in Arlington Virginia. The event is divided into two sections, with two days of intense, hands-on Training Sessions followed by a two-day, four-track Briefings portion with a wide variety of exciting speakers and presentations. Black Hat DC is a unique information security event that places a special emphasis on the needs of security professionals who work in government service and infrastructure. We think this one will be our best DC event yet. We've got a large number of brand new trainings and even though the Black Hat DC Call for Papers doesn't close until January 1, but we've already confirmed some exciting Briefings presentations.

Crowd favorite Adam Laurie will return with a satellite-hacking presentation entitled "Satellite Hacking for Fun and Profit."
Database guru David Litchfield will present a powerful new database forensics tool in a presentation he's calling "The Forensic Investigation of a Compromised Oracle Database Server."
Andrew Lindell's contribution is entitled "Making Privacy-Preserving data Mining Practical with Smartcards."
In the hardware hacking area we have a very interesting presentation from Travis Goodspeed on reverse engineering and exploiting wireless sensors.
Our lineup of brand new training sessions includes a physical security training by Zac Franken and Adam Laurie entitled "RFID, Access Control and Biometric Systems", a Metasploit course called "Tactical Exploitation" by Metasploit creator HD Moore and a course on "Understanding and Deploying DNNSEC" by Paul Wouters and Patrick Nauber.

Another reminder is that Black Hat is still considering Briefings speaker applications for both Black Hat DC and Black Hat Europe, so if you have a strong, compelling and technical presentation to share, please let us know! To be considered for Black Hat DC, you'll need to have your work in our system by January 1. The deadline is February 1 for the Black Hat Europe CFP, the details for potential presenters are available online at https://cfp.blackhat.com.

As always, it's best to register early for the training of your choice to make sure there's a place for you - seats are limited. To learn more about all of our training courses, the training index is now live at https://www.blackhat.com/html/bh-dc-09/train-bh-dc-09-index.html

NEW FREE WEBCAST - Oracle Database Forensics
We're always looking for new ways to share with the community of Black Hat attendees. One result of these efforts is the Black Hat Webcast series. We started in July with a preview of the Black Hat USA event, but we've since had five of these monthly free web events and we're very pleased with the results. From Dan Kamisnky's DNS vuln to Jeremiah Grossman on clickjacking, we've brought researchers and experts together for valuable discussions and in-depth understanding of some of today's most interesting security issues.

Black Hat's webcast series continues with another powerful presentation from a popular Black Hat speaker. This month's presenter is David Litchfield of NGS software, speaking on Oracle database forensics, and he will be releasing a new tool called orablock which he describes this way:

"Orablock allows a forensic investigator to dump data from a "cold" Oracle data file - i.e. there's no need to load up the data file in the database which would cause the data file to be modified, so using orablock preserves the evidence. Orablock can also be used to locate "stale" data - i.e. data that has been deleted or updated. It can also be used to dump SCNs for data blocks which can be useful during the examination of a compromised Oracle box."

Please join us to learn about Oracle DB forensics from one of the innovators of the field, as well as learn about his new tool and to get your questions answered. The webcast will be held on December 18 at 1pm PST. Registration is free and online at this link:

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981
For more information about Black Hat's webcast series, including an archive of our previous webcasts in audio format you can vist our webcast index page.

https://www.blackat.com/html/webinars/webianr-index.html
You can also sign up to the webcast mailing list by sending an email to webcasts-subscribe@blackhat.com.

Thank you for supporting all of our 2008 events. It's been a great year for Black Hat and we're expecting even bigger things in 2009. Please keep sending in your comments and suggestions to us - it's great to have such an interested and vital community around our events and we truly value your feedback. Happy Holidays to all of you and we hope to see you in DC just few short months from now.

Jeff Moss

Black Hat Webcast #6: Database Forensics with David Litchfield

Wed, 26 Nov 2008 12:52:25 -0800

Database Security expert David Litchfield will join us to discuss his new paper "Oracle Forensics Part 7: Using the Oracle System Change Number in Forensic Examinations" and his new database forensics tool, orablock.

You can learn more here:

https://www.blackhat.com/html/webinars/orablock.html

And you can register by following this link:

http://w.on24.com/r.htm?e=122240&s=1&k=57F93C9128D5D1BBC64B8AE7177FB981

Black Hat Webcast #5 Now Online

Wed, 26 Nov 2008 12:17:43 -0800

in case you missed Black Hat Webcast #5 : Clickjacking and Browser Security with Jeremiah Grossman, the archived version is now online in two formats.
You can listen to the audio here:

https://media.blackhat.com/webinars/black-hat-webcast-5-november-08-clickjacking.m4b
Or follow the slides in the live websync by following this link:

http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2

Black Hat Speakers in the News: IETF Ponders DNS Threat

Mon, 24 Nov 2008 12:39:26 -0800

Techworld.com has an interesting article about the IETF and their deliberations over the DNS vuln that dan Kaminsky presented at Black Hat USA 2008.

http://www.techworld.com/security/news/index.cfm?RSS&NewsID=107430

Choice Quote:"The DNS is a really old protocol and it is fundamental to the Internet. We're not talking about patching software. We're talking about patching a protocol. We want to make sure that whatever we do doesn't break the Internet."

You can see Dan's presentation here:

http://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v

Black Hat Speakers in the News: Wysopal on Clickjacking

Sun, 23 Nov 2008 18:40:00 -0800

Black Hat speaker Chris Wysopal has some interesting comments on SecurityFocus about clickjacking - the subject of our most recent webcast. You can read his posting at this link:

http://www.securityfocus.com/columnists/483

Choice quote: “Clickjacking isn’t going to go away any time soon. Every browser or plug-in that can display a flexible user interface will need to be made more restrictive.”

Last chance to sign up for Black Hat Free Webcast #5: Clickjacking and Browser Security

Wed, 19 Nov 2008 12:26:51 -0800

Don't miss your chance to get registered for the Black Hat Webcast #5: Clickjacking and Browser Security. The webcast will be tomorrow, November 20 at 1pm PST/4pm EST and will feature Jeremiah Grossman, co-discoverer of Clickjacking and CTO/Founder of WhiteHat Security and MIcrosoft's Eric Lawrence, Security Program Manager on the Internet Explorer 8.

You can register for the webcast at

http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2

We hope to see you there.

CFPs open for Black Hat DC and Black Hat Europe

Wed, 12 Nov 2008 14:03:02 -0800

If you're interested in submitting for Black Hat DC, please go to:

https://www.blackhat.com/html/bh-dc-09/bh-dc-09-cfp.html

To learn the rules and get your paper into our system. If you're interested in Black Hat Europe, the link is

https://www.blackhat.com/html/bh-europe-09/bh-eu-09-cfp.html

Black Hat Webcast #5 Scheduled

Fri, 31 Oct 2008 11:42:44 -0700

Black Hat Webcast #5 will be on the subject of Clickjacking with co-discoverer of the issue Jeremiah Grossman. The free event will take place on Thursday, November 20 at 1pm PT/ 4pm ET. You can register here:

http://w.on24.com/r.htm?e=122494&s=1&k=05ED21C1734D531D2D84CA56F4ADB0F2

Black Hat Webcast 4 Available Online Now

Tue, 21 Oct 2008 11:27:38 -0700

If you missed this webcast, now is your chance to listen to this very informative, technical event. The event featured great audience questions and a stellar main presentation by Tony Kapela. If you want to view the web sync version, the link is here:

http://w.on24.com/r.htm?e=115053&s=1&k=526FB59D2232E5EE4DF1A158DEA07277

To listen to this webcast in mp3 format, the link is here:

https://media.blackhat.com/webinars/blackhat-webcast-4-october-08-kapela.mp3

Black Hat Japan Presentations and Whitepapers Online

Fri, 10 Oct 2008 17:02:14 -0700

You can view them here

https://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-onsite-archive.html

Black Hat Free Webcast #4 Thursday, Oct. 16 1pm PST: Trust Doesn't Scale: Practical Hijacking on the World's Largest Network

Thu, 09 Oct 2008 15:19:13 -0700

In this webcast, we take the amazing Kapela/Pilosov BGP hijacking presentation at DEFCON 16 as a starting point and look into the issues that relate to securing a world-wide trust-based network. If you missed it, they did a lot more than just present a talk - they actually intercepted and rerouted all the traffic from the notorioulsy hostile DEFCON network as a proof of the concept. Not only did it work, but it was almost completely invisible to congoers. Anton Kapela presents, with Jeff Moss and a couple of special guests. To learn more, click here:

https://www.blackhat.com/html/webinars/practicalhijacking.html

We hope to see you there.

Black Hat Japan 08 Online Registration Closes September 30

Mon, 29 Sep 2008 14:27:40 -0700

BH Japan 2008 Online Regsitration closes September 30th. If you wish to regsiter after that time you will need the Onsite Registration Form which can be found at this link:

http://www.blackhat.com/html/bh-japan-08/bh-jp-08-reg-forms/OnsiteRegForm_BR.pdf

.
The Onsite Reg Form can be presented in person at the Venue, emailed to Black Hat Registration

bh-reg@blackhat.com

Black Hat Registration
or faxed to Black Hat at +1 206 219 4143

Black Hat Free Webcast #3 - "How to Impress Girls with Browser Memory Protection Bypasses"

Wed, 10 Sep 2008 14:53:17 -0700

Black Hat Webcast #3 is scheduled for 1pm PT on Thursday, September 18 and we're trying something new this time. We're bringing back one of our most popular talks for a live reprise. We'll have Alexander Sotirov and Mark Dowd to give their Vista security presentation and answer audience questions. Whether you missed it because you were in another talk, or because you weren't in Vegas at all, this is a great time to get up close and personal with our speakers and get some cutting-edge info about Vista.

If you're interested in registering for this free webcast event, follow this link:

http://w.on24.com/r.htm?e=117307&s=1&k=77CB8EE0B5BC4EC5AB070B8AB487B085

Black Hat Japan Briefings Schedule and Speakers Online

Tue, 09 Sep 2008 20:16:44 -0700

You can view the current speakers and schedule for BH Japan 08 by following these links:

Speakers:
http://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-speakers.html

Schedule:
http://www.blackhat.com/html/bh-japan-08/brief-bh-jp-08-index.html#brisch01

Please continue checking the Black Hat Japan USA speakers and schedule pages for ongoing updates as the conference lineup is finalized.

Beyond Document.Cookie - Another Presentation From BHUSA08 Now Online

Tue, 23 Dec 2008 13:53:24 -0800

Nathan McFeters, Jon Heasman and Rob Carter gave a very popular and heavily covered presentation this year that introduced the world to the term "gifar." It's fascinating information, and well presented. We hope that those of you who couldn't make it to the Vegas event will get a taste of the kind of presentations attendees get to see and attendees who weren't able to make it to the Beyond Document.Cookie will get their chance to see the presentation in full.

Standard Video
Full Video
mp3 Audio

AV Tokyo Following Black Hat Japan

Wed, 03 Sep 2008 20:13:52 -0700

AV Tokyo, which used to be the "drinking party that follows Black Hat Japan" has grown into a one-day conference of its own. It's close, inexpensive and should be good fun. If you're interested in learning more, go to

http://en.avtokyo.org/

We hope to see you there.

Dan Kaminsky's Black Hat Presentation Video and Audio Now Online

Sun, 24 Aug 2008 23:38:27 -0700

Dan Kaminsky's talk about the DNS flaw he discovered was probably enormously popular at BH USA 08 - we now make it available online for the benefit of the wider security community.

To download the audio, follow the link below.

https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2_slides.m4v

To download the audio with slides, follow the link below.

https://www.blackhat.com/presentations/bh-usa-08/Kaminsky/08_bhb_od2.mp3
Watch this space for more conference video and audio as it becomes available.

Black Hat USA 2008 Presentations Now Online

Wed, 20 Aug 2008 23:09:50 -0700

We've put the majority of the Black Hat USA 2008 slide presentations and White Papers online at

https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html

Keep your eye on this page for the rest of the presentations and video and audio.

Black Hat USA 2008 Flickr Feed

Thu, 07 Aug 2008 12:08:56 -0700

You can take a look at our official Flickr feed for USA 2008 here:

http://flickr.com/photos/adunne/sets/72157606583937690/

EFF Launches Coders' Rights Project at Black Hat Conference

Wed, 06 Aug 2008 09:48:45 -0700

The Electronic Frontier Foundation (EFF) today
launches its Coders' Rights Project -- a new initiative to
protect programmers and developers from legal threats
hampering their cutting-edge research.

In conjunction with the project's launch, EFF is staffing
an "EFF Is In" booth at Black Hat USA 2008 in Las Vegas on
August 6 and 7. At the booth, EFF attorneys will provide
legal information on reverse engineering, vulnerability
reporting, and copyright law, as well as patent, trade
secret, and free speech issues.

The rest of the release is here:

http://www.eff.org/press/archives/2008/08/05-0

Sign up to Black Hat USA 2008's Twitter Feed for Breaking News

Mon, 04 Aug 2008 07:55:59 -0700

If you're planning on attending Black Hat USA 2008, please consider signing up for the Twitter Feed. We'll use it (sparingly, of course) to bring you updates and breaking information as the show goes on. It can also be useful to meet other attendees and to twitter about whatever you're doing when the talks are done for the night. To sign up, go to

https://twitter.com/BlackHatUSA2008

Black Hat Speakers in the News: Nate McFeters, John Heasman and Rob Carter in InfoWorld

Fri, 01 Aug 2008 19:27:32 -0700

Here's a link to a story in InfoWorld that deals with the subject of McFeters, Heasman and Carter's BH USA 2008 presentation, entitled The Internet is Broken. The researchers will demo software they've created that makes it possible to create files that look to a server like a standard graphic file but to a browser appear to be a Java Applet. This could enable attackers to run malicious Java code in the victim's browser. If you're in Vegas for Black Hat, they are speaking on August 7 at 3:15pm in the Florentine Ballroom. You can also hear their preview of this talk on
Black Hat Webcast #1 here:

http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=4CI

Black Hat Webcast #2 with Dan Kaminsky is Now Online

Fri, 25 Jul 2008 20:45:03 -0700

Our second webcast was very well attended and full of great information from Kaminsky about the DNS Vulnerability that's all over the news these days. If you weren't able to make it to the live event, you can catch up now online.

To view a synced online replay, follow this link

https://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=114268

To download the mp3, follow this link

https://www.blackhat.com/webinars/html/blackhat-webcast-2-july-08.mp3

EFF Is IN at Black Hat 2008!

Tue, 22 Jul 2008 19:29:43 -0700

The EFF Is IN Booth is a public service provided at Black Hat USA 2008 in Las Vegas, Nevada from August 6 to August 8. At the EFF Is IN Booth, attorneys from the Electronic Frontier Foundation will be available to provide legal information on reverse engineering, vulnerability reporting, copyright law, patent, trade secret, free speech and other issues related to security research and reporting. We'll also be available to consult with individuals or companies who want more information about how the law might affect their current research and upcoming presentations.

The EFF Is IN Booth is a service of EFF's Coders' Rights Project. To make an appointment for a consultation, please email Alyssa Ralston, Development Assistant, at alyssa@eff.org, or drop by the table at the conference.

To learn more about the Electronic Frontier Foundation: http://www.eff.org

Pwnie Award Nominations Are Out

Mon, 21 Jul 2008 19:33:10 -0700

After 134 submissions and what we assume were heavy and spirited deliberations, the list of Pwnie nominees is up. Take a look here

http://pwnie-awards.org/2008/awards.html

Registration Now Open for BH Webcast number 2 With Dan Kaminsky

Tue, 15 Jul 2008 14:10:57 -0700

It's all over the news: Dan Kaminsky found a major, fundamental flaw in DNS that renders practically any name server vulnerable. He'll be speaking in depth on this discovery in August at BH USA, but he's agreed to discuss it a few weeks early. Get your best questions ready - the webcast will be live Thursday, July 24 at 1pm PT/4pm ET.

Join Dan Kaminsky, director of penetration testing for IOactive; Jerry Dixon, former director of the National Cyber Security Division at DHS; and other experts to discuss the largest synchronized security update in the history of the Internet. Dan will tell the story behind the discovery, and the process of creating and deploying the fix.

Reserve your place by registering now at http://w.on24.com/r.htm?e=114268&s=1&k=638307695FF31ED953EF9EC0DF969C02

Black Hat Speakers in the News: Dan Kaminsky Announces Massive, Multi-vendor DNS Issue

Tue, 08 Jul 2008 16:33:40 -0700

Dan Kaminsky announced today a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. Kaminsky also announced that he had been working for months with a large number of major vendors to create and coordinate today's release of a patch to deal with the vulnerability.

Dan will be elaborating much further on the discovery and the solution at Black Hat USA 2008 and in our second Black Hat webcast on June 24, 2008 at 1pm PT. To get on the subscription list for free registration information for Black Hat webcasts please send a mail to

subscribe-webcasts@blackhat.com
To find out if you are vulnerable to this issue, you can use the DNS checker link on the top of Kaminsky's webpage at :

http://www.doxpara.com

To read the executive summary to the CERT advisory, you can go to

http://www.securosis.com/publications/DNS-Executive-Overview.pdf

To hear the audio of today's press conference in full, go to

https://media.blackhat.com/webinars/blackhat-kaminsky-dns-press-conference.mp3

To get webcast and other breaking information from Black Hat on twitter, go to

http://www.twitter.com/BlackHatUSA 2008

Pwnie Awards Nominations Close July 14!

Tue, 08 Jul 2008 11:20:57 -0700

The Pwnie Awards ceremony will return to the BlackHat USA 2008 conference in Las Vegas. Last year's inagural event was a lot of fun, and we hope it will only get better. What should you expect from this year's ceremony? Exciting new categories, an inspirational acceptance speech by the winner of the Lamest Vendor Award and a special sing-along led by HD Moore!

The Pwnie Awards is an annual awards ceremony celebrating the achivements and failures of security researchers and the wider security community. We're currently accepting nominations in nine award categories, including two new ones for this year:

* Best Server-Side Bug
* Best Client-Side Bug
* Mass 0wnage
* Most Innovative Research
* Lamest Vendor Response
* Most Overhyped Bug
* Best Song
* Most Epic FAIL (new for 2008)
* Lifetime Achievement award for hackers over 30 (new for 2008)

The deadline for nominations is Monday, July 14. To submit a nomination,
visit the Pwnie Awards site at http://pwnie-awards.org/

Black Hat Japan 2008 Call for Papers Now Open

Mon, 07 Jul 2008 16:14:59 -0700

The Black Hat Japan 2008 Call for Papers is now open.

https://cfp.blackhat.com/

Early submissions allow more time for review. Please note that the Black Hat Japan 2008 Call for Papers will close on September 1.

Listen to Black Hat Webinar No. 1 Now

Wed, 02 Jul 2008 19:47:26 -0700

Our first webcast is now online. If you couldn't be there live, this is your opportunity to preview some of the presentations going on at Black Hat USA 2008.

The webcast audio is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3

The powerpoint presentation is located at https://media.blackhat.com/webinars/blackhat-webcast-1-june-08.mp3t

If you'd like to be alerted about our next webcast, please sign up to our notification list at

subscribe-webcasts@blackhat.com

Black Hat Webcast Mailing List

Mon, 30 Jun 2008 21:55:41 -0700

Our first webcast went very well - over 500 of you joined us. We're going to try to do these at least monthly from now on, so if you want to know when the next Black Hat webcast is happening, you can subscribe to our Webcast Mailing List by sending an email to subscribe-webcasts@blackhat.com.

Another way to keep in touch with us is to join the Black hat Twitter feed - we'll announce all upcoming events and activities there. To subscribe, head on over to

http://www.twitter.com/blackhatusa2008

Black Hat Speakers in the News: Mark Dowd 'Obliterates" Vista Security

Wed, 25 Jun 2008 13:57:22 -0700

The headline is pretty sensationalistic, but we're always happy to see the tech press recognizing the importance of upcoming Black Hat talks. In an online article for ZDNet.com.au, Mark's talk is referenced and although Mark doesn't say anything nearly as inflammatory as the title, we encourage you to check out his talk at BH USA 2008, since obliteration of a major OS is bound to make some news.

http://www.zdnet.com.au/news/security/soa/Vista-security-to-be-obliterated-at-Black-Hat/0,130061744,339290040,00.htm

Regular Registration Rates Close July 1

Tue, 24 Jun 2008 17:13:51 -0700

All prospective Black Hat attendees should keep in mind that the regular rates in place now will be ending on July 1. To take advantage of current prices, consider registering soon.

Last Chance to Register for Black Hat's First Webcast

Tue, 24 Jun 2008 17:06:14 -0700

Black Hat presents its first webcast on June 26 at 1pm pacific/ 4pm eastern. The subject is "The Forbidden Sneak Peek - Black Hat USA 2008" and we'll have some great speakers on hand to give you a look into some of the subjects they'll be presenting in August. We're planning to turn this into a regular event, so your participation and feedback are encouraged. It's free of charge - you can sign up at

http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1

if you'd like to subscribe to a mailing list that will alert you to upcoming Black Hat Webcast events, send an email to
subscribe-webcasts@blackhat.com

More Pwnie Awards News

Thu, 19 Jun 2008 19:40:08 -0700

The fine folks who bring you the Pwnie awards are currently accepting nominations in 9 award categories, including the ever-popular Pwnie for Most Overhyped Bug and Pwnie for Mass Ownage. Two of the categories for this year are new: Pwnie for Most Epic FAIL and a Lifetime Achievement Award for hackers over 30.
The nominations will be open until July 14 and the list of nominees will be published shortly thereafter

The Pwnie awards will be held at BH USA 08 - to learn more about their plans or to nominate someone yourself, head over to

http://pwnie-awards.org/

Black Hat Webcast No. 1 Makes the O'Reilly Radar Blog

Fri, 13 Jun 2008 18:24:24 -0700

Jim Stodgill of the O'Reilly Radar Blog

http://radar.oreilly.com/archives/2008/06/satan-is-on-my-friends-list.html

has checked in with an exceptionally funny piece on the difference the Black Hat style and the style of other tech conferences. We're sure you'll get a chuckle of recognition out of the piece. A choice quote:

"Maybe I'm reading too much into this, but for what its worth, I've attended both Black Hat and O'Reilly conferences and can't recall Satan making a single appearance in an O'Reilly conference program."

At Black Hat HQ we loved the piece and we look forward to seeing him at the webcast.

Wall of Sheep Coming to Black Hat

Thu, 12 Jun 2008 18:34:47 -0700

Every year at DEFCON, Riverside runs the Wall of Sheep - exposing the shame of attendees who log into the conference network as root. But in addition to embarrassment, Riverside's crew offers enlightenment - they're available in person to show you the setup that's sniffing out your mistakes and to educate you on the fine points of hardening your box for the rigors of public computing.

This year, Black Hat attendees will have the same learning/shaming opportunities as the Wall makes its way to Black Hat for the first time. Compute accordingly.

Here's a link to an old article in MAKE that lays it out for you.

http://blog.makezine.com/archive/2005/07/_defcon_the_wall_of_sheep.html

Black Hat's First Webcast - Free Sneak Peek at BH USA 2008

Thu, 05 Jun 2008 17:48:50 -0700

Black Hat is presenting its very first webcast on June 26, 2008 at 1pm PST/4PM EST. It's scheduled for one hour followed by a Q and A period. The webcast will be presented free of charge and it will focus on previewing the BH USA 2008 event.

The event will be introduced and facilitated by BH Founder and Director Jeff Moss and will feature "teaser talks" - shortened versions of the full presentations lined up for Vegas - by several confirmed speakers who will each provide a brief preview of the topics they will be presenting at the Black Hat Briefings & Trainings in August. Here's a small glimpse into the future:
Topic:Malware Detection through Network Flow Analysis
Presenter: Bruce Potter, Founder, Shmoo Group.
Mr. Potter has co-authored several books including "802.11 Security" and
"Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X
Security" by New Riders.

Topic:Nmap - Scanning the Internet
Presenter: Fyodor Vaskovich, founding member of the Honeynet projectand
co-author of the books "Know Your Enemy: Honeynets" and "Stealing the
Network: How to Own a Continent"

Topic: Satan is on My Friends List: Attacking Social Networks
Presenters: Shawn Moyer, CISO of Agura Digital Security and Nathan Hamiel,
Senior Consultant for Idea Information Security and founder of the Hexagon
Security Group.

To learn more, please visit

https://www.blackhat.com/html/webinars/usa2008preview.html

To register directly, please visit

http://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1001004&K=1AA1A1

We plan for this Webcast to be the first in a year-round series of online presentations that allow our speakers to present breaking research between shows and provide the Black Hat community with another stream of fresh, relevant, and usable security knowledge. We hope you'll join us for our first foray into webcasting and let us know what you think.

Black Hat USA Speaker Selection is Now Complete

Thu, 29 May 2008 18:51:00 -0700

The BH USA 2208 speaker selection is finally complete. We're very pleased with the depth and variety of presentations we'll be able to bring to attendees this year and we hope you'll take a moment to check it out. This is the first event where we've had delegate input in the selection process and we think it's been a huge success. You can see the schedule for yourself at

https://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html

Certified Ethical Hacker (C|EH) Version 6 and ECSA/LPT Certification Preparation Open for Registration

Tue, 27 May 2008 18:22:08 -0700

The EC Council will be offering two classes at this year's Black Hat USA Training and both are available for online registration now. The classes are:

ECSA/LPT Certification Preparation - The ECSA course equips one with the knowledge and know-hows to become an EC-Council Licensed Penetration Tester.

and

Certified Ethical Hacker (C|EH) Version 6 -This course deals with Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

If certification in either of these areas interests you, please click on the course name to read further.

Black Hat Twitter Feed

Thu, 22 May 2008 14:11:47 -0700

We've set up a Twitter feed for Black Hat USA 2008 and we hope you'll take the time to follow us. As the show draws closer, we think it will be a great way to learn about new developments in the event, to schedule off-site meetups with other delegates and to stay connected with BH headquarters. Clicking the link in this post or on the main page at blackhat.com will get you to the signup page. It takes only a minute, and will keep you in the loop as we round the corner to Black Hat.

Black Hat Briefings USA 2008 Schedule Filling Up!

Wed, 14 May 2008 18:22:01 -0700

We've been working hard to get the schedule for this year's talks finalized and online, and several tracks are now filled. We're excited about the lineup - this is the first year that delegates have helped to shape the roster and we think the results are impressive. To take a look for yourself, go to:

http://www.blackhat.com/html/bh-usa-08/bh-usa-08-schedule.html

Black Hat Speakers in the News: Sherri Sparks and Shawn Shawn Embleton

Mon, 12 May 2008 16:18:16 -0700

Black Hat USA 2008 is still months away, but some of the presentation topics are already beginning to make news. Sherri Sparks and Shawn Embleton are scheduled to demonstrate a new type of rootkit that hides itself in System Management Mode, currently out of reach of the AV products.

The presentation is already sparking interest in places like
Slashdot and
PC World.

To read their abstract go to the Black Hat USA 2008 Speakers Page.

Black Hat USA 2008 Early Bird Registration Closes May 1

Tue, 22 Apr 2008 13:21:54 -0700

If you want to take advantage of the Early Bird registration rates for Black Hat USA 2008, be sure to get registered before May 1. You can register online at https://commerce.blackhat.com/bh_usa_2008

Black Hat USA CFP Closes May 1

Tue, 22 Apr 2008 13:24:19 -0700

The Black Hat USA Call For Papers closes May 1, so be sure to get your submissions in on time. We are looking forward to a great roster of presentations, and we'll begin posting the accepted presentations as the submitters are notified. Please submit online at https://cfp.blackhat.com.

For a tentative track listing to help guide submissions please visit https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html

The Pwnie awards return to Black Hat USA

Fri, 11 Apr 2008 15:48:39 -0700

The Pwnie Awards ceremony will return to the Black Hat reception with an all new roster of "winners." The awards exist to celebrate/humiliate the creators of the most infamous pwnage events of the previous 12 months. Categories have included Best Server-side Bug, Mass 0wnage, Lamest Vendor Response and Most Overhyped Bug. The awards are independent of Black Hat, but we're pleased to provide a venue for them where so much of the security community is gathered. Last year's inaugural event was a lot of fun, and we hope it will grow in 2008. We hope to see you thereat what Linux.com is already calling "Black Hat's Oscars."

Links:

http://pwnie-awards.org/
http://www.linux.com/feature/118378
www.blackhat.com

Black Hat Speakers In the News: Matthew Lewis - "Biologger - A Biometric Keylogger"

Fri, 04 Apr 2008 17:52:22 -0700

Black Hat Europe 2008 Speaker Matthew Lewis is getting a lot of media attention for his BH presentation entitled "Biologger - A Biometric Keylogger." The presentation included a demo showing how state-of-the-art biometric security systems can be compromised. To read his whitepaper, download his tool or see his presentation.

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis

Presenations From Black Hat Europe 2008 Now Online

Sat, 29 Mar 2008 03:48:35 -0700

This year's Europe event has come to a successful close and we've put the presentations online for everyone who missed a briefing presentation or two, and everyone who couldn't make it to Amsterdam for the show. Watch this space for video and audio presentations when they go live.

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html

New BlackPage Entry: CrowdSourcing the Black Hat CFP

Thu, 13 Mar 2008 21:26:20 -0700

Beginning with Black Hat USA 2008, paid delegates will be able to view and rate CFP submissions. Register and help us create the Black Hat of your dreams. Learn more about how it will work in this BlackPage entry from Black Hat Director Jeff Moss.

https://www.blackhat.com/html/blackpages/blackpages.html

Black Hat Europe 08 Keynote Speaker Selected

Fri, 07 Mar 2008 17:12:26 -0800

The Black Hat Europe 08 has been finalized and we're proud to announce our Keynote Speaker, Ian Angell. Ian is Professor of Information Systems at the London School of Economics and he will present a talk entitled "The Complexity in Computer Security."

This presentation will be a theoretical talk on the complexity of computer security. He will discuss how a lack of understanding of the limitations of, and distinctions made by, computerization leads to systemic risk.

To read the abstract and bio for Ian's keynote, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Angell

To see our full schedule of Briefings Speakers, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

Black Hat Speakers in the News: Johhny Long on Forbes.com

Fri, 29 Feb 2008 15:50:49 -0800

Past Black Hat speaker Johnny Long has been profiled on Forbes.com on the subject of No-Tech Hacking. The article is an interesting read and even contains some quotes from BH Director Jeff Moss.

The article is here:

http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html
To learn more about Johnny Long, you can check out his site at

http://johnny.ihackstuff.com/

Black Hat Speakers in the News: David Hulton, Steve and "Cracking GSM"

Thu, 28 Feb 2008 20:04:14 -0800

This year's Black Hat DC was full of newsworthy talks, but one that has gotten a lot of media attention was "Cracking GSM" by David Hulton and Steve.

They demonstrated that they could capture and decrypt GSM traffic (the most popular type of cellphone traffic) with astonishing speed. Their presentation is eye-opening and very worthy of your attention.

To see their slides, click here:

http://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
To see their whitepaper, click here:

http://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Whitepaper/bh-dc-08-steve-dhulton-WP.pdf
To see the actual talk, click here.

http://www.blackhat.com/html/featured_media/bh08-002-Stream-1.mov

Presentations from Black Hat DC 2008 Online

Thu, 28 Feb 2008 12:53:52 -0800

We're freshly back from the success of the Black Hat DC event, and we've begun the process of putting the presentations and white papers online. Check the link to get yourself up to date on the stellar lineup of presentations or to catch up on a talk you missed in DC. Keep your eyes on this space for audio and video very soon.

https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html

Black Hat USA 2008 CFP Now Open!

Wed, 06 Feb 2008 19:12:21 -0800

Papers and presentations are now being accepted for the Black Hat USA 2008 Briefings.

This year's conference will be focused on deep technical information rather than policy and we're looking for groundbreaking work in a wide variety of topics. We've made the list of presentation tracks available online at https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html - please take a look and consider submitting your work.
Submit proposals by completing the submissions form on the CFP server at
https://cfp.blackhat.com/.

Black Hat DC 08 Keynote Announced!

Tue, 05 Feb 2008 14:35:08 -0800

Black Hat DC 2008 is pleased to announce the selection of a keynote speaker. Please join us at the Westin DC City Center to hear Jerry Dixon, Infragard's National Member Alliance's Vice President for
Government Relations, Director of Analysis for Team Cymru, and former
Executive Director of the National Cyber Security Division (NCSD) & US-CERT,
of the Department of Homeland Security.

Jerry's Keynote is entitled "Quest for the Holy Grail" and the abstract follows:

"Online fraud has become pervasive and increasing at an alarming rate
affecting all organizations, private and public. This talk will provide
an overview of current trends affecting both government and private
sector companies, what enables online fraud, what are some of the
barriers, and suggestions for what organizations should be doing to
combat the problem.

Black Hat DC Speaker List Finalized.

Tue, 05 Feb 2008 14:26:22 -0800

We have finished selecting speakers and our schedule is now full

Please check out our speakers page for a complete list of speakers and for updates.
http://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.

We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you didn't get selected for this show don't be discouraged, please consider submitting again. Our USA CFP opens February 5. Submit here: https://cfp.blackhat.com/

Black Hat DC 2008 Group rate extended.

Mon, 28 Jan 2008 18:53:40 -0800

Group room rates are now valid until February 1, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

Black Hat Europe 08, Moevenpick group rate ends soon.

Thu, 24 Jan 2008 19:51:31 -0800

Reserve your room now at the Moevenpick Hotel Amsterdam City Centre, group
rates will end February 19. The new Moevenpick Hotel Amsterdam City Centre
is located on the waters edge yet within walking distance from the old
center of Amsterdam and the Central Station.

All guestrooms, conference facilities and public areas are non-smoking,
including the Restaurant and Bar. Kindly note that there are no designated
smoking areas on site.

Excellent rooms: larger than average, with top of the bill facilities
(wired/free wireless LAN highspeed internet, breathtaking view over the
harbour or city) and other five star facilities.

The excellent location makes the hotel an exciting place to be. The
combination between the adjacent Passenger Terminal Amsterdam and
Muziekgebouw is unique and unsurpassed by anyone in Amsterdam. The area is
upcoming, trendy and holds a high cultural and creative allure.

To learn more about the venue please visit our venue page:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-venue.html

Moevenpick Hotel Amsterdam City Centre
Address: Piet Heinkade 11; 1019 BR Amsterdam; Netherlands
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239
email: hotel.amsterdam@moevenpick.com

Group Reservations:
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239

Rates (Vaild for bookings made by February 19, 2008):

Business single/double:
EUR 155 per night (inclusive of 6% VAT and service charge and exclusive of
5% city tax). DOES NOT include the breakfast. Free Wireless is available
throughout the hotel. Rates are good for stays from 23-29 March 2008.

Black Hat DC Group Registration Rate Closing SOON!

Fri, 25 Jan 2008 20:17:52 -0800

Group room rates are valid until January 25, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

Black Hat Europe 08,First round of speakers selected!

Thu, 24 Jan 2008 01:03:33 -0800

We have made our first round of talk selections for our Black Hat Europe
2008 conference.

Our initial schedule is online now at:
http://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

Here is just a short list of some of the great presentations we have
scheduled:

Cracking GSM - David Hulton, Steve Hulton
Developments in Cisco IOS Forensics - Felix "FX" Lindner
CrackStation - Nick Breese
The Fundamentals of Physical Security- Deviant Ollam
Exposing Vulnerabilities in Media Software - David Thiel
Biologger - A Biometric Keylogger - Matthew Lewis
Malware on the Net - Behind the Scenes- Iftach Ian Amit
LDAP Injection & Blind LDAP Injection - Chema Alonso, Jose Parada Gimeno
Mobile phone spying tools - Jarno Niemela
TBD - David Litchfield
Hacking Second Life - Michael Thumann

Many more to come! Please check out our speakers page for a complete
list of speakers and for updates. There you will find abstracts for the
upcoming presentations and get some background information on the speakers.
http://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

If you don't get selected for this show don't be discouraged, please
consider submitting again. Our Black Hat USA CFP will open February 1,
Submit now as we may close the cfp early if we receive enough quality talks.
Submit here: https://cfp.blackhat.com/

Black Hat DC - Group Rate Ending Soon!

Wed, 09 Jan 2008 14:27:27 -0800

The Black Hat DC 2008 Group Rate at the Westin DC City Center will
close on Friday, January 25. The group rate is $219 and the hotel is
smoke-free.

To reserve your room, you may register online at:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

You may also call the hotel directly: +202-429-1700 or 1-800-westin1
and use the Group Code: BLACK HAT

Black Hat Attendee LinkedIn group

Sat, 05 Jan 2008 16:52:43 -0800

Black Hat has created a LinkedIn group for past attendees. For those of you unfamiliar with LinkedIn, it's a business-oriented social networking site located at www.linkedin.com. They're best known as a good way to get your resume into the right hands, but their functionality seems well-suited to finding the right person for a tough question or just keeping in touch as well.

If you're interested in trying out this group please use the following link. Please note that if you are not already a member of LinkedIN it will ask you to join the site.

We are always looking for ways to encourage the building of communities around Black Hat - it's our hope that our events can be the starting point for all kinds of new collaborations and conversations that last all through the year. If you have a favorite way of keeping connected that you think we should explore, please let us know.

Black Hat USA 2007 Audio Podcast now live

Thu, 27 Dec 2007 20:56:44 -0800

Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer audio of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.

Registration info is available at www.blackhat.com.

Black Hat USA 2007 Video Podcast now live

Thu, 27 Dec 2007 20:55:40 -0800

Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer video of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.

Registration info is available at www.blackhat.com.

'Electronic Jihad' Nothing hit our Radar.

feedback@blackhat.com (Black Hat Announcements) — Fri, 30 Nov 2007 13:33:02 -0800

From the article at Security Focus:
Link: http://www.securityfocus.com/brief/625

"A Web site's call for a massive religious-fueled denial-of-service attack -- an "Electronic Jihad" -- failed to create even a blip of activity on Sunday.

Two weeks ago, a group sympathetic to the goals of militant Muslims reportedly called for support in attacking financial Web sites and services on Sunday, November 11, but the day came and went with no noticeable traffic spikes, security experts stated. Antivirus firm F-Secure and the Internet Storm Center, a network monitoring group, both reported that their analysis failed to detect any attack.

"Well, so far we haven't seen any activity," said Mikko Hyppönen, director of research for F-Secure, said on the company's blog. "And we're not holding our breath either."

This recent attention to Cyber warfare brings to mind a presentation delivered by Gadi Evron at our recent Black Hat Las Vegas talk."Estonia: Information Warfare and Strategic Lessons" The talk was focused on discussing "The first Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. The talk is compelling and provides useful insight into the impacts of a cyber war as well as preventative measures. It seems increasingly relevant information to know when our ever expanding online lives are threatend with a 'Electronic Jihad'.

View his Abstract and Bio Here: http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Evron

Stay tuned to watch and listen to his presentation!
Article Link: http://www.securityfocus.com/brief/625

Black Hat Speakers: What are they up to now....

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:40:07 -0800

A few of our Black Hat speakers have their own blogs we enjoy reading from time to time. We thought you might like hearing what they are up to all year round as well!

David Maynor a Veteran Black Hat speaker has his blog over at ERRATA SECURITY.
Lots of cool stuff in there, recent news updates, commentary and even polls on favorite hacker movies.
Check it out: http://erratasec.blogspot.com/

Jeremiah Grossman has an interesting blog and has according to him generated quite a following, putting it number one on Google search results for him! That's quite an accomplishment considering that the press is just as equally excited to interview him as we are to have him speak for us. There are a lot of cool articles in his blog, he's been busy.
Check it out: http://jeremiahgrossman.blogspot.com/

Also, Mikko Hypponen and the rest of the team at F-SECURE have their blog full of interesting commentary, updates and DEMOS!
Check it out: http://www.f-secure.com/weblog/

David Litchfield : Nearly half a million Database Servers unprotected!

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:39:27 -0800

NGSSoftware has been busy this year between receiving multiple enterprise and tech awards, speaking at Black Hat, writing "The Web Application Hacker’s Handbook" and now announcing 492,000 database servers are online without firewall protection! We sometimes wonder between all the research and security advisories where do they fit in time to sleep?

>From the article by Ryan Naraine at ZDNet:
Link: http://blogs.zdnet.com/security/?p=663

"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.

Litchfield also spoke recently on Database Forensics at Black Hat USA 2007.
>From the Abstract:

"By delving into the guts of an Oracle database's data files and redo logs, this talk will examine where the evidence can be found in the event of a database compromise and show how to extract this information to show who did what, when. The presentation will begin with a demonstration of a complete compromise via a SQL injection attack in an Oracle web application server and then performing an autopsy. The talk will finish by introducing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.)."

Read the Full Bio and Abstract here:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Litchfield

Audio and Video coming soon:
http://www.blackhat.com/html/bh-multimedia-archives-index.html
Download his materials here:
https://www.blackhat.com/presentations/bh-usa-07/Litchfield/Presentation/bh-usa-07-litchfield.pdf

The Web Application Hacker’s Handbook: http://www.ngssoftware.com/press-releases/the-web-application-hackers-handbook-published/

Black Hat Europe 2008, CFP and Registration OPEN!

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:34:59 -0800

Black Hat Europe 2008 Online Registration is now open. Follow the link to take advantage of the early bird rate and register on the web. You must complete the on-line registration form regardless of your payment method. Europe 2008 Briefings and Training will be held March 25-28, at the Möevenpick Hotel Amsterdam City Centre, the Netherlands. Online Registration early rates will close on January 1.

Register here: https://www.blackhat.com/html/bh-registration/bh-registration.html#EU
More Info Here: https://www.blackhat.com/html/bh-europe-08/bh-eu-08-main.html

Submit your presentations to us at https://cfp.blackhat.com/ Call for Papers for both DC and Europe 2008 are now open. Call for Papers for Europe 2008 will close February 1.

Also don't forget our next USA event is DC 2008 Briefings and Training. DC 2008 will be held February 18-21, at the Westin Washington DC City Center. Online Registration early rates will close January 1, Call for will close January 4.
More Info: https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html

More Common Sense from Bruce Schneier

feedback@blackhat.com (Black Hat Announcements) — Fri, 9 Nov 2007 14:52:35 -0800

Frequent Black Hat speaker and security guru Bruce Schneier spoke Monday, November to the CIPS (Canadian Information Processing Society)

>From a speech that seems to have contained a fair amount of pessimism about the state of information security comes this concise and cogent analysis of the way forward in credit card and ATM security

Summarized in the Edmonton Journal entitled "Criminal hackers gaining advantage":
Some of the biggest improvements have come from government regulations forcing companies to make more disclosures to their customers, and make their data safer, Schneier said.

Credit card and ATM security improved in the U.S. when the onus was put on the companies to be responsible for money lost through fraud. In the U.K, the courts ruled customers had to prove they were not at fault, and so security did not improve. The U.K. has since reversed that stand.

"This is going to be a much bigger trend in future years as governments get more involved."

To learn more about Bruce Schneier, you can look here to read his bio and his talk abstract from this Black Hat USA 2007:

http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Schneier

To read Bruce's informative and entertaining blog, follow this link:

http://www.schneier.com/blog/

Black Hat DC 2008 Registration Now Open!

feedback@blackhat.com (Black Hat Announcements) — Mon, 22 Oct 2007 14:58:39 -0700

Online registration for Black Hat DC 2008 is now open. Follow the link to take advantage of the early bird rate and register on the web.

The Briefings and Trainings will be held February 18-21 at the Westin Washington DC City Center. More about the venue is available here:
http://blackhat.com/html/bh-dc-08/bh-dc-08-venue.html

You must complete the on-line registration form regardless of your payment method.
Forms submitted via fax, email, telephone or snail mail will not be accepted. Early Bird Rate closes January 1, 2008.

Black Hat 2007 Japan Keynote, Suguru Yamaguchi !

feedback@blackhat.com (Black Hat Announcements) — Wed, 3 Oct 2007 16:35:55 -0700

We are very pleased to announce that our Keynote for Japan 2007 will be Mr. Suguru Yamaguchi, of Nara Institute of Science and Technology. Mr. Yamaguchi will be speaking on "Emerging New Technologies for Information Security Management"

>From the Abstract:
Information systems are now taking the important role to support core competence components of businesses in various industries so that they requires more dependability and sustainability. New technologies for improvement to make information systems more dependable are emerging from R&D field to the actual operational environment, however still more development are expected. In this keynote session, the speaker presents new risk on information security coming up with information systems, then express his views and directions on technical solutions and technologies required.

Suguru Yamaguchi, Bio:
Suguru Yamaguchi was born in Shizuoka, Japan in 1964. He received the M.E. and D.E. degrees in computer science from Osaka University, Osaka, Japan, in 1988 and 1991, respectively. From 1990 to 1992 he was an Assistant Professor in Education Center for Information Processing, Osaka University. In 1992, he was moved to Information Technology Center, Nara Institute of Science and Technology, Nara, Japan, and served as an Associate Professor till 1993. From 1993 to 2000, he was with Graduate School of Information Science, Nara Institute of Sc ience and Technology, Nara, Japan, as an Associate Professor. In 2000, he was promoted to a Professor with the Graduate School of Information Science, Nara Institute of Science and Technology, Nara, Japan. During his work in Nara Institute of Science and Technology, he has been working very aggressively on research, education and management. Especially from 2002 to 2004, he served as Director of University Library, and devoted himself to i mprove and enhance the digital library system, which was the nation's first digital library system available for national universities, initially funded in 1995.His research interests include technologies for information sharing, multimedia communication over high-speed communication channels, large-scale distributed computing systems, network security and network management for the Internet. Since mid 1980's, he has been working very hard on development the Internet in Japan and Asia and Pacific region. He has been also a member of WIDE project, which is one of pioneer projects for the Internet development, since its creation in 1988. In the project, he has been conducting research on network security system, especially PKI infrastructure for wide area distributed computing environment.

In 2004, he was appointed to Advisor on Information Security, Cabinet Secretariat, Government of Japan. He has been deeply involved to design and implementation of basis of national policy on information security and establishment of National Information Security Center (NISC) in Cabinet Secretariat in 2005. Even though he is still working for his university, he didn't spare himself for this important task in the government. Because of tight relationship with government's information security policy, he was also appointed to Advisor for Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan.

With his contribution for Internet development and network security, he is involved and working with several organizations. Since 1992, he was working for JPCERT/CC, which is a first national CSIRT in Japan, and now serving as a member of its board of trustee. Since 2002, he has been a member of board of trustee of Japan Network Information Center (JPNIC), which is national Internet registry managing IP address and AS number allocations and registrations. For the Internet development in Asia and Pacific region, he is working so long for Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

link:http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi

Black Hat 2007 Japan Final Line-up!

feedback@blackhat.com (Black Hat Announcements) — Wed, 3 Oct 2007 16:22:31 -0700

The final roster of speakers for Black Hat Japan 2007 is now available online.We're proud of the variety and depth represented by this lineup and look forward to seeing many of you in Tokyo later this month. Please keep in mind that Japan Registration closes on October 15th, and make your arrangements accordingly.

The final roster of speakers for Black Hat Japan 2007 is now available online. View the detailed abstracts and bios here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html

Presentations Black Hat Japan 2007:

Brandon, Baker, Kick Ass Hypervisor
Billy Hoffman, The Little Hybrid Web Worm that Could
Halvar Flake, Automated Unpacking and Malware Classification
Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless Device Drivers in an Emulated Enviroment
Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework
Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)
David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP
Kanatoko, DNS Pinning and Socket API
Nguyen Anh Quynh, HiJacking Virtual Machine Execution
Jacob West, Secure Programming with Static Analysis
Nate McFeters, Billy K Rios, and Rob Carter, URI Use and Abuse

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo
To see the schedule for this year's briefings, check our website here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html

Link: https://www.blackhat.com/html/bh-link/briefings.html

Black Hat Japan Registration Closing soon!

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:48:03 -0700

The Black Hat Japan Registration is closing soon!

Japan Registration will close on October 15th. Register now to avoid waiting in the onsite registration line!

https://commerce.blackhat.com/japan-reg-07
The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.

De-Anonymizing Tor

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:25:50 -0700

De-Anonymizing Tor TOR has been all over the news lately - from embassy private data being pulled from an exit node, to an arrest of a node hoster. This blog post from the ha.ckers.org blog offers code that its creators say can be used to de-anonymize TOR users. The possibilities implied by this code were mentioned at Jeremiah Grossman and Robert Hansen's presentation at this year's Black Hat USA in Las Vegas.

To see their presentation on JavaScript malware from this year's Black Hat USA:
http://www.blackhat.com/presentation/bh-usa-07/Grossman/Presentation/bh-usa-07-grossman.pdf
To read their whitepaper:
http://www.blackhat.com/presentation/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman.pdf

Black Hat Speaker HD Moore Weighs In on the iPhone

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:15:07 -0700

Black Hat Speaker HD Moore Weighs In on the iPhone

On the Metasploit blog, HD Moore breaks down the security researcher potential of the iPhone and gives a very insightful pro-and-con review of the phone's possibilities as " a root shell in my pocket."
Read his blog here: http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html

>From the article:
"Compare the iPhone (400Mhz*) with the Nokia n770 (233mhz) or the Nokia n800 (320Mhz) and the choice of a handheld hacking device is a no-brainer. The (mostly) working toolchain, large amounts of storage (8Gb), and ease of use make this a great candidate for almost any security researcher "on-the-go".

To see the presentation HD Moore made at this year's Black Hat USA:
http://www.balckhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Whitepaper/bh-usa-07-moore_and_valsmith.pdf

To see the whitepaper from HD Moore's presentation at this year's Black Hat USA:
http://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Presentation/bh-usa-07-moore_and_valsmith-WP.pdf

David Maynor Publishes Details of Apple Wi-Fi Attack

feedback@blackhat.com (Black Hat Announcements) — Wed, 19 Sep 2007 18:42:48 -0700

At Black Hat USA 2006, David Maynor and Jon Ellch spoke on "Device Drivers"
and some may remember it caused a lot of speculation and conspiracy
theories. Now David Maynor has published details of the controversial Apple
Wi-Fi hack he disclosed last year.

>From Computerworld:
"By going public with the information, Maynor hopes to help other Apple
researchers with new documentation on things like Wi-Fi debugging and the
Mac OS X kernel core dumping facility. "There's a lot of interesting
information in the paper that, if you're doing vulnerability research on
Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how to
write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late,
Maynor says he just doesn't care what they think. "Let them tear me apart
all they want but at the end of the day the technical merit of the paper
will stand on its own."

Read the full article here:
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16

Read the original Abstract here:
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch

Read the Details published by David Maynor here:
http://uninformed.org/?v=8&a=4

Video Presentation here:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp4

Audio Presentation here:
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp3

Black Hat USA 2007 speaker Pedram Amini intereviewed about the Sulley Fuzzing framework

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:49:41 -0700

SearchSecurity interviews Pedram Amini about the next-level fuzzing framework he unveiled at Black Hat USA 2007. To read the presentation from Black Hat and the whitepaper, follow the included links. Video available soon.

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/Amini-Portnoy-BHUS07.pdf

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/

October 23-26, at Keio Plaza Hotel, Tokyo

Black Hat Speaker Thomas Ptacek profiled on Dark Reading

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:39:25 -0700

Interesting article about Thomas that references the controversy between Thomas and fellow Black Hat USA 2007 Speaker Joanna Rutkowska. To read his Black Hat presentation, go to:

http://www.blackhat.com/html/presentations/bh-usa-07/Ptacek_Goldsmith_and_Lawson/Presentation/bh-usa-07-ptacek_goldsmith_and_lawson.pdf

In the interest of equal time, you can find Joanna's presentation at :

htpp://www.blackhat.com/html/presentations/bh-usa-07/Rutkowska/Presentation/bh-usa-07-rutkowska.pdf

Black Hat 2007 Japan Speakers have been selected

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:57:07 -0700

We are proud to announce our speakers for Black Hat Japan!

Brandon, Baker, Kick Ass Hypervisor

Billy Hoffman, The Little Hybrid Web Worm that Could

Halvar Flake, Automated Unpacking and Malware Classification

Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless
Device Drivers in an Emulated Enviroment

Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework

Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)

David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP

Kanatoko, DNS Pinning and Socket API

Kenneth Geers, Greetz from room 101

Nguyen Anh Quynh, HiJacking Virtual Machine Execution

Jacob West, Secure Programming with Static Analysis

Greg Hartrell, Security Lessons from Xbox Live

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo

Black Hat USA 2007 Media Updates

feedback@blackhat.com (Black Hat Announcements) — Mon, 27 Aug 2007 15:07:38 -0700

Presentation Files and White Papers from Black Hat Briefings 2007 are live now on the Black Hat website. Please take a look. Stay tuned to the BH USA 2007 Archives page for the audio and video from the Briefings, available in the coming months.

New Trainings Added for Black Hat Japan

feedback@blackhat.com (Black Hat Announcements) — Fri, 24 Aug 2007 13:31:23 -0700

The training lineup for Black Hat Japan has been updated to include four additional classes. The classes are:

Reverse Engineering with IDA Pro, taught by Chris Eagle
Analyzing Software for Security for Security Vulnerabilities, taught by Halvar Flake
Hacking by Numbers: Bootcamp, taught by Sensepost
Exploits 101, taught by Allen Harper

Also, the class entitled "Web Application (In)Security" by NGS Software has been removed from the lineup.
Detailed information on all classes can be found at our website.

Imitation is the sincerest form of flattery!

feedback@blackhat.com (Black Hat Announcements) — Wed, 15 Aug 2007 19:12:39 -0700

A fellow Info Sec colleague, Nat Mokry, sent us these photos recently and we got such a kick out of it we decided to pass it on. If you are ever in Beijing check this place out.

The "B'05" Bar in Beijing.
Picture1:
http://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg
Picture 2:
http://www.blackhat.com/images/bh-usa-07/BlackHatBar2.jpg

If you have some more info on this Black Hat Bar please pass it on, I for one am interested. If Jeff and I are ever in town we will surely be patrons!

Charlie Miller, attacking OS X and the iPhone.

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:01:54 -0700

From an article in Guardian Unlimited about a vulnerability announced by Charlie Miller of Independent Security Evaluators:

"...just weeks after Apple's iPhone was unleashed on American shoppers, researchers say they have discovered how to hack into it and steal personal information.

Experts at Independent Security Evaluators, a computer protection consultancy, claim to have found a way to gain complete access to the phone..."

Charlie Miller will be presenting his findings in a Black Hat Turbo Talk titled "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X. " Charlie's talk will be on August 2nd at 4:45 pm.

To learn more about Charlie Miller, you can look here to read his bio and his talk abstract:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Miller
To learn more about the controversy that's generated so much media attention, see Charlie's presentation live at Black Hat or later on Blackhat.com in our media archives.

Black Hat Japan 2007 Registration OPEN!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:09:47 -0700

Japan 2007 Briefings and Training Registration is now OPEN!

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

Online Registration is currently open!
You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.
Call for Papers will close August 15, submit your papers now speaking slots are limited!
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html

Black Hat Japan 2007:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

Black Hat Japan 2007 Training courses!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:16:31 -0700

Japan 2007 Briefings and Training Registration is now OPEN!Register now to assure a seat in the class of your choice!
http://www.blackhat.com/html/bh-registration/bh-registration.html#JP

Here is a list of current training classes available:

Infrastructure Attacktecs and Defentecs: Hacking Cisco Networks
Steve Dugan

Live Digital Investigation : Investigating the EnterpriseWetStone Technologies
You will need this course before you can take the IEM course. Earn NSA Certification.

NSA InfoSec Assessment Methodology Course (IAM) - Level 1
Security Horizon

Reverse Engineering on Windows: Application in Malicious Code Analysis
Pedram Amini and Ero Carrera

Reverse Engineering with IDA Pro
Chris Eagle

New for 2007
If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
Web Application (In)security
NGS Software

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

Black Hat Japan 2007 Call for Papers!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 18:54:34 -0700

Papers and presentations are now being accepted for the Black Hat Japan 2007 Briefings. Papers and requests to speak will be received and reviewed from now until August 15, 2007.

Submit proposals by completing the submissions form on the CFP server at
https://cfp.blackhat.com/.

We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For by Thomas Ptacek, Matasano

feedback@blackhat.com (Black Hat Announcements) — Tue, 17 Jul 2007 13:16:49 -0700

A piece on Security Focus by Thomas talking about what talks at Black Hat you need to see:

>From the article:
http://www.securityfocus.com/blogs/238

C++ gives you a resizeable string, so you won‚Äôt write splitvt. But in 2007, code vulnerabilities don‚Äôt look like splitvt anymore, ever. We‚Äôve moved on, through off-by-one errors into integer overflows and now uninitialized variables. On balance, the bug classes C++ introduces are way scarier than the ones it takes off the table.

So, to kick off our series of posts about which Black Hat talks you should be going to this year, I‚Äôm going to recommend this one. Mark Dowd and John McDonald, on stage, talking about the ways C++ screws software security that you hadn't thought of before. "Recommend" is an understatement. If you get paid to find vulnerabilities in code, this is the most valuable talk at the conference this year.

Black Page Update: Reverse Engineering

feedback@blackhat.com (Black Hat Announcements) — Fri, 6 Jul 2007 17:16:33 -0700

From the Black Hat Black Page

Reverse engineering has become a staple of security research. Only a few years ago an arcane specialty, many factors such as the increase in malware and common dependence on closed-source software has increased the value and need for reverse engineering. If a newbie came to me for advice about preparing for future work in the security field, I would tell them to concentrate on reversing as a core skill.

For a couple years we have been focusing on reverse engineering content and trying to bring information for the newly initiated and expert. For a good dive into the realm of unpacking, Mark Vincent Yason brings "The Art of Unpacking." Mark's presentation will bring you up to date with the state of packers and their defenses and arm you with techniques and tools to strip away the defenses. For a deeper look at some techniques and tools to defeat many packers and other armoring techniques, we have Danny Quist and Valsmith presenting "Covert Debugging: Circumventing Software Armoring Techniques" and Cody Pierce releasing and discussing "PyEmu: A multi-purpose scriptable x86 emulator." This should be some cool and useful content for anyone interested in reversing.

Link with: "Covert Debugging: Circumventing Software Armoring Techniques" by Danny Quist and Valsmith

"The Art of Unpacking" by Mark Vincent Yason

"PyEmu: A multi-purpose scriptable x86 emulator" by Cody Pierce.html

http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html

Las Vegas concerts for Black Hat and DEFCON time frame

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 17:18:36 -0700

From IrishMASMS on the DEF CON forums comes this helpful post:

Las Vegas concerts for Black Hat & DEFCON time frame
Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring.

Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino
Fri 07/27/07 Jonny Lang House Of Blues
Sat 07/28/07 Tesla House Of Blues
Sat 07/28/07 Rush MGM Grand Garden Arena
Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino
Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino
Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms
Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms
Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues
Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues
Sat 08/11/07 The Fixx The Club @ Cannery Casino

As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be shitty in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference.

HTH!

Black Hat USA pricing reminder

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:32:52 -0700

Just a reminder to everyone of the upcoming late pricing changes:

Registration:
- Only credit card payments are accepted after July 1, 2007.
- Online registration closes on July 20, 2007.
- Onsite Registration rates apply after July 20, 2007.

https://commerce.blackhat.com/usa-reg-07

Black Page update: TPMKit redux

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:30:29 -0700

From the Black Page:

Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" This talk was removed from the schedule at the request of the presenters. The topic generated quite a great deal of interest and its removal from the schedule without comment has generated some confusion and controversy.

Full article at
http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html

Hacking by Numbers Combat Training adds a weekend session.

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:27:58 -0700

If you can't make it to Sensepost's Hacking by Numbers: Combat class on the week day of Black Hat USA you now have the option of attending a newly announced weekend class!

http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html

Joe Grand's Hardware Hacking class now expanded

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:25:50 -0700

Joe Grand's Hardware Hacking course has additional seats available! Previously sold out, Joe purchased more equipment to expand his training offerings. Swoop in now whaile there is more room.

http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html

On The BlackPage: C++

feedback@blackhat.com (Black Hat Announcements) — Fri, 15 Jun 2007 14:25:16 -0700

See the link below for more details, descriptions and commentary.

On The BlackPage: C++ by Dominique Brezinski

A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena.

This year is different. Several presentations bring C++ issues and techniques to the foreground: "Breaking C++ Applications" by Mark Dowd, John McDonald and Neel Mehta and "Reversing C++" by Paul Vincent Sabanal. I like it when an unintentional plan comes together.

Link: http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html