The Black Hat Briefings '98, July 29-30th Las Vegas
The Black Hat Briefings '98, July 29-30th Las Vegas

Hotel Info

There were 19 speakers and two panel discussions covering two tracks of speaking over two days.

Note: 05/12/2000: New video and audio files added!  The A/V was re-encoded to real media 7 specs, and video of the speeches were added.

Speeches will be more technically oriented and last 1 1/2 hours each.  The goal of the talks are to inform the audience with quality current state system vulnerabilities and fixes as well as future areas of concern.  Because our unique speakers The Black Hat Briefings will offer the audience a deep insight into the real security issues facing your network with no vendor pitches.

Speeches now available through Real Audio / Real Media 7.
We apologize for the speakers whose speech recordings were damaged and unavailable.

Marcus Ranum, President and CEO of Network Flight Recorder, Inc.
How to REALLY secure the Internet.

Is it possible to really secure the Internet? With current technology and methods, the answer would appear to be a resounding "no." We've tried security through stepwise refinement and security through consensus - the best remaining solutions are totalitarian and draconian.  Marcus will present an outline for how the Internet could be secured through some simple, cost effective methods. He'll also explain why it won't happen.

Marcus Ranum is CEO of Network Flight Recorder, Inc., and has been specializing in Internet security since he built the first commercial firewall product in 1989. He has acted as chief architect and implementor of several other notable security systems including the TIS firewall toolkit, TIS Gauntlet firewall,, and the Network Flight Recorder. Marcus frequently lectures on Internet security issues, and is co-author of the "Web Site Security Sourcebook" with Avi Rubin and Dan Geer, published by John Wiley and sons.

Bruce Schneier, President of Counterpane Systems and author of Applied Cryptography.
Mistakes and Blunders: A Hacker Looks at Cryptography.

From encryption to digital signatures to electronic commerce to secure voting cryptography has become the enabling technology that allows us to take existing business and social constructs and move them to computer networks.  But a lot of cryptography is bad, and the problem with bad cryptography is that it looks just like good cryptography; most people cannot tell the difference.  Security is a chain: only as strong as the weakest link.  In this talk I'll examine some of the common mistakes companies make implementing cryptography, and give tips on how to avoid them. 

Bruce Schneier is president of Counterpane Systems, the author of Applied Cryptography, and the inventor the Blowfish algorithm.  He serves on the board of the International Association for Cryptologic Research and the Electronic Privacy Information Center.  He is a contributing editor to Dr. Dobb's Journal, and a frequent writer and lecturer on cryptography.

Theo DeRaadt, Lead developer of OpenBSD.
Secure coding, problems with maintain source trees, and secure design philosophies.

Theo de Raadt heads the OpenBSD project.  This 4.4BSD derived operating system project has increasingly placed it's focus on discovery and repair of security issues.  Due to a 2 year auditing process by a 10 member team, OpenBSD is probably the most secure operating system in common use today.  For more information, see

Ira Winkler, President of the Information Security Advisory Group.
Information Security: Beyond the Hype

If you read the headlines today, you would think that no matter what people are doing to secure themselves, they will never be secure.  The reason that the concept comes across is that the media focuses on the Threats and stories about unstoppable geniuses that can compromise even the Pentagon. The truth is that you can protect yourself from even the most diabolical genius.  This presentation discusses Information Security from a Risk based perspective.  The threats to your systems are discussed, but more important the vulnerabilities that actually allow the threats to compromise your systems are discussed.  Using that information, you can then choose the countermeasures you need to protect yourself and your organization.  This presentation will show you that while there is no such thing as perfect security, you can protect yourself from almost all of the most serious threats.  Probably what is most valuable to attendees is guidance on how to spend limited funding in the most efficient manner.

Ira Winkler, CISSP is considered one of the world's leading experts on Information Security, Information Warfare, investigating information related crimes, and Industrial Espionage.  He is author of the book, Corporate Espionage, and President of the Information Security Advisors Group.  His clients include some of the largest companies and banks in the world.  He is also a columnist for ZDTV with his column titled Spy Files.  He also functions as the networks security expert.  Previously, Mr. Winkler was with the National Security Agency and was the Director of Technology with the National Computer Security Association.  He has also performed studies on Information Warfare for the Joint Chiefs of Staff.

Their Presentation! (PowerPoint 81k)

Dominique Brezinski, Network Security Professional Secure Computing Corporation.
Penetrating NT Networks Through Information Leaks and Policy Weaknesses.

The focus of this presentation will be a demonstration of how Windows NT hosts can be queried for information and how the information can be correlated to provide an attacker with a path of least resistance. Even though many Windows NT networks have few remotely exploitable technical vulnerabilities (buffer over-runs, flawed CGI scripts, address based authentication etc.), most NT networks give away too much information. By analyzing the information it is easy to find policy weaknesses that can be exploited to gain access to the NT hosts. Custom tools will be demonstrated on a small network.

Dominique Brezinski is a Network Security Professional at Secure Computing Corporation and has been concentrating on Windows NT and TCP/IP network security issues for four years. Prior to working for Secure Computing, Mr. Brezinski worked as a Research Engineer at Internet Security Systems where he was responsible for finding new vulnerabilities and security assessment techniques for Windows NT.  In 1996 Mr. Brezinski published a white paper entitled "A Weakness in CIFS Authentication" which revealed a serious flaw in the authentication protocol used in Windows NT (NT LM Security). It was shown for the first time that an attacker could completely subvert the network authentication in Windows NT to gain unauthorized access to Windows NT servers. Mr. Brezinski has continued to demonstrate advanced techniques for assessing the risks present in Windows NT networks. 

Richard Thieme, Thiemeworks, Inc.
Convergence -- Every Man (and Woman) a Spy.

Arbitrary digital interfaces - television, PCs, PDAs - are converging, but that's only part of the story. The roles people play in work and life are converging too. Intelligence agents, knowledge managers for global corporations, competitive business intelligence agents, sysadmins, hackers,  journalists, and CIOs are becoming indistinguishable. Why does that matter? Because the ability to synthesize and integrate information, manage complexity and ambiguity, morph continually into roles appropriate to a shifting work context, and somehow remember who you are - that's what matters most. Our presentations of ourselves are the powerful levers that move mountains in the digital world. Richard Thieme discusses why and how to do it. 

Richard Thieme is a business consultant, writer, and professional speaker focused on the human dimension of technology and the work place. His creative use of the Internet to reach global markets has earned accolades around the world.  "Thieme knows whereof he speaks," wrote the Honolulu Advertiser. He is "a prominent American techno-philosopher" according to LAN Magazine (Australia), "a keen observer of hacker attitudes and behaviors" according to Le Monde (Paris), "one of the most creative minds of the digital generation" according to the editors of Digital Delirium, and "an online pundit of hacker culture" according to the L A Times.

Thieme's articles are published around the world and translated into German, Chinese, Japanese and Indonesian. His weekly column, "Islands in the Clickstream," is published by the Business Times of Singapore, Convergence (Toronto), and South Africa Computer Magazine as well as distributed to subscribers in 52 countries.  Recent clients include:  Arthur Andersen; Strong Capital Management; System Planning Corporation; UOP; Wisconsin Power and Light; Firstar Bank; Northwestern Mutual Life Insurance Co.; W. H. Brady Company; Allstate Insurance; Intelligent Marketing; and the FBI.

Ian Goldberg -ISAAC Research Group, UC Berkeley.
Cell phone security: a history and the state of the art.

Cellular phones are a growing convenience for many people of many walks of life.  Recently, ads for new "digital" cell phones promise privacy and unclonability to their customers.  In this talk, we will examine these claims, looking at systems from the oldest analog phones to the modern digital standards.  Special attention will be paid to the security of the GSM system, the most popular digital cell phone standard in the world.

Ian Goldberg is a Graduate Student Researcher and founding member of the Internet Security, Applications, Authentication and Cryptography (ISAAC) research group at UC Berkeley.  His research areas include cryptography, security, privacy systems, and digital cash.  In April, he, along with colleagues David Wagner and Marc Briceno, announced the discovery of a major security flaw in most of the deployed GSM digital cell phones.

Ray Kaplan - 
Who are the enemies of computer and network security?

Generally, "hackers" are regarded as criminals by the "legitimate community."  Who are these "hackers" that seem to keep whacking on our systems and networks? Are they merely scumbag reprobates that should be purged from the society?  Is there anything to learn from them?  This session is intended to introduce the two sides of the security equation to one another in a forum which fosters open, detailed, honest communication.  Bring your questions.

  What techniques do they employ against us?  Are those that attack our  systems all just a bunch of slime balls that are devoid of morals,  ethics, and common sense?  While in the minority of reported  computer crime statistics, the skilled outsider still represents a  significant threat.

This session explores who they are, their attitudes, their techniques, their successes and their failures from the perspective of what we have to learn from them to better protect your systems and networks.  This classic session allows you to interact directly with members of the computer underground.   Join us for some stimulating conversation with those who computer security professionals consider to be their enemies.

Mr. Kaplan has been actively involved with system and network security as a consultant for over half of his more than 20 years in the industry. There is no question that he hacks.  However, he is not a criminal.  His clients have included the world's largest financial institution, smallest commodities broker and a wide variety of organizations, including multinational and Fortune 100 companies from all segments of the economy, and public institutions all over the world. 

Mr. Kaplan is a very prolific lecturer, instructor and writer.  He consults, lectures and teaches technical system and network related topics all over the world.  His articles are frequently published in major computer journals and magazines.  In over ten years of public speaking and audio/video conference production, he has given over 2,000 technical, tutorial style presentations and lectures in forums such as professional societies, seminars and his consulting.  As a frustrated inventor, he is forever trying to rid the world of inefficiency, frustration and waste by pursuing new paradigms in the delivery of training, education and technical information.

John Bailey - Aventail Corporation.
"SOCKS, PPTP & IPSec: Implementation & Futures"

This interactive presentation will cover the strengths and weaknesses of existing security protocols: SOCKS, PPTP, and IPSec.  We will discuss the architecture of each protocol and how they individually handle encryption, authentication, and access control.  John will also review the major implementation issues and where each of  these standards are heading in the future.

John Bailey has been with Aventail Corporation, a Seattle-based company at the forefront of developing Virtual Private Network (VPN) software solutions, since 1997.  Currently he is developing a comprehensive analysis infrastructure for testing security products designed for TCP/IP.  Prior to joining Aventail, John worked as a developer and TCP/IP network engineer at WRQ and the Washington Department of Transportation.  John is a Certified etware Engineer (CNE) and received his BS in Computer Science from Western Washington University.

Peter Shipley - 
An overview of a TCP/IP internals and its security strengths and weaknesses.

An overview of a TCP/IP, it's strengths and weaknesses.   Attendees will learn many currently popular Internet Network based attacks and how site can protect themselves from such attacks.  Common service attacks will also be discussed including those relating to WWW and various buffer overflow attacks.  Teardrop/Land/IP Spoofing/Smurf Attacks/Route-Redirections and others will be covered.

Mr. Shipley Is an independent consultant in the San Francisco Bay Area with nearly thirteen years experience in the Computer Security field. Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground and hacker community. He has extensive experience in system and network security as well as programming and project design. Past and current clients include TRW, DHL, Claris, USPS, Wells Fargo, and KPMG.  In the past Mr. Shipley has designed Intranet banking applications for Wells Fargo, Firewall design and testing for and, WWW server configuration and design for DHL.  Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training.  Mr. Shipley also performs post intrusion analysis as well as expert witness testimony.   Mr. Shipley is currently concentrating his efforts on completing several research projects. 

Dr. Mudge -L0pht Heavy Industries system administrator.
Real world VPN implementation security issues.

Mudge - As one of the prominent members of the hacker group 'The L0pht', Mudge has been responsible for numerous advisories and tools in use in both the black hat and white hat communities. L0phtcrack, the Windows NT password decryptor - monkey, the S/Key password cracker, Solaris getopt() root vulnerability, sendmail 8.7.5 root vulnerability, Kerberos 4 cracker, and SecurID vulnerabilities are some of the recent offerings that Mudge has contributed to the security community. Mudge recently finished cryptanalysis work with some of the top US cryptographers - papers will be published within the next several months. The BBC, Wired Magazine, Byte Magazine, and the Washington Post have all recently covered Mudge and the L0pht's ongoing projects.

Jennifer Granick - Attorney at Law.
What's different about evidence in computer crime litigation.

Solving and prosecuting computer crimes requires evidence.  But electronic footprints, signatures and trails raise questions of preservation,verification and authenticity that their analog counterparts don't.  This presentation will look at what's different about evidence in computer crime litigation, and how to properly preserve and maintain electronic evidence for law enforcement and prosecutors.

Jennifer Stisa Granick is a criminal defense attorney in San Francisco, California.  She defends people charged with computer related crimes, as well as other offenses.  Jennifer has been published in Wired and the Magazine for the National Association of Criminal Defense Lawyers.

Thomas Ptacek, Network Security Professional at Network Associates, Inc. (Formerly SNI
Defeating Network Intrusion Detection.

Network intrusion detection (ID), a technology that attempts to identify attackers by monitoring network traffic, is fast becoming one of the hottest products in the security market. Beneath the hype, however, lie some serious concerns about the reliability of currently available ID systems, as well as the fundamental techniques they use to collect information. This talk will explain why the most popular ID systems on the market can't be trusted, demonstrate how to avoid detection by them, and, in the process, eliminate some very widespread misunderstandings about the capabilities of sniffers and intrusion detection systems. 

Thomas Ptacek is a developer at Secure Networks, Inc. His work focuses on vulnerability assessment, which involves researching and testing network systems for exploitable design and implementation flaws. In the course of this work, his team has discovered some of the Internet's most serious security problems, including vulnerabilities in Windows NT, Checkpoint Firewall-1, and Solaris, as well as core Internet software such as the BIND, INN, and Apache.

Karan Khanna, at the Microsoft Corporation.
Security as an enabler for new business opportunities -  The Business Value of Security.

Karan Khanna has been with Microsoft for 5 years, initially as a Program Manager in the Desktop Application Division responsible for product design and currently as a lead product manager in the Windows NT Security team. Prior to joining Microsoft he was the Co-founder & CTO of a software company specializing in handwriting replicating software. He has also worked at Digital Equipment Corp as a Software design Engineer for a number of years.  He has a BS and MS in computer science and an MBA from Dartmouth College

Paul Leach, at the Microsoft Corporation.
Security with the NTLM++ protocol

Paul Leach is an architect in the Windows NT Distributed Systems group at Microsoft Corporation, where he has been since 1991.  Prior to Microsoft, he was one of the founders of Apollo Computer, where he was the architect for their Domain distributed system and the NCS and DCE RPC systems.  He also holds an appointment as auxiliary Professor in the department of Computer Science and Engineering at the University of Washington.

Patrick Richard, CIO Xcert Software Inc.
Open Network PKI Design Issues or „Business as Usualš

Co-founder of Xcert Software Inc. and Chairman and Chief Technology Officer, Mr. Richard is chief architect of the Xcert Universal Database API (XUDA) and leads Xcert‚s core development team.  While a co-op student studying Mathematics and Computer Science at the University of Waterloo, Mr. Richard worked on distributed messaging technologies at Northern Telecom and Microsoft.  In 1994 Mr. Richard founded Whistler Networks, the first true „virtual communityš in British Columbia.  This company was successful in wiring the largest ski resort in North America to the Internet, with services that include dial-up access, automated real-time website updates from proprietary systems, secure payment systems, real-time reservation systems and HTTP interfaces to back-end DBMS systems.

Mr. Richard has pioneered the integration of strong cryptography with distributed databases on the Internet.  He established the first web-based certificate authority (CA) on the Internet and created the first public website that used client authentication using digital certificates.  Mr. Richard is an active member of several related IETF working groups, including PKIX, CAT, TLS and ASID, and is the author of several papers on cross-authentication technology.

Bruce K. Marshall, CISSP at Feist Communications.
Statistical analysis of reusable passwords and recommendations.

Bruce will present his study which is focused on analyzing the passwords of 3,163 users of a corporate computer network.  Since he actually has the plain text passwords of the users from a project Feist initiated, he was able to pump them into a database and then mine for information and correlations.  Robert Morris Sr. & Ken Thompson did a similar analysis (although their details aren't nearly as comprehensive) in 1979 and he will use that to show some time / trend progressions.  He doesn't think it will shock any of us who have dealt with security and know reusable passwords are insecure, but it will provide hard figures and new analysis.

Bruce K. Marshall, Information Security Specialist for Feist Communications Inc.  He has studied identification and authentication systems for several years to gain insight into their inherent strengths and flaws.  While the world grows increasingly computer based, he has fought to enforce acceptable means of securing these systems.  As a member of the Biometric Consortium and other security groups, Bruce has been exposed to a wide variety of alternatives to standard authentication methods.

When he's not removing sticky notes on monitors, Bruce Marshall multitasks his attention between business internetworking technologies, network operating systems and the related security for these areas.

Paul McNabb - CTO of Argus Systems Group, Inc.
Trusted Operating System Technology in Web-based Computing.

Increased reliance on mission-critical services delivered over the Internet carries with it the increased risk of an outsider opening a pipeline from the Internet to critical internal data.  In this talk, Mr. McNabb will be discussing the security challenges that face providers of Internet-based applications and the limitations of traditional methods of security in these types of environments.  Mr. McNabb will then describe the means by which trusted operating system technology can overcome these limitations.

Mr. McNabb is the Vice President and Chief Technology Officer of Argus Systems Group.  Mr. McNabb has over 18 years of experience in trusted UNIX development and developed the architecture for the world's first 3rd generation trusted operating system.  Involved in TCSEC and ITSEC evaluations for several years, Mr. McNabb is arguably the world's leading authority on trusted systems technology.

Winn Schwartau, President of Interpac, Inc.
Introducing the Time Based Security model and applying military strategies to network and infrastructural securitues.

As president of The Security Experts, Inc & Interpact, Inc., he provides valuable consultation services to industry and governments on Information Warfare, enterprise information security, policy, hackers, US and International policies and standards, electronic privacy and related issues. His work and clients span three continents. He created and still manages the two most popular www sites on the subject: www.Infowar.Com and www.Info-Sec.Com.

Mr. Schwartau is also the author of "Terminal Compromise" which details a fictionalized account of an information war waged on the United States. This prophetic book predicted a number of cyber-events, including the Clipper Chip, chipping, magnetic weapons' assaults, data and hardware viruses, to name a few. He other popular writings include "CyberChrist Meets Lady Luck" and "CyberChrist Bites the Big Apple," which cover underground hacker events, "Firewalls 101" for DPI Press, Information Warfare, Mehrwert Information (Schaffer/Poeschel, Germany), for "Introduction to Internet Security" for DGI and MecklerMedia, several chapters for Auerbach's Internet and Internetworking Security Handbook and Ethical Conundra of Information Warfare for AFCEA Press. He is currently writing two more books (to appear by the end of 1997) and is working on two major movie projects about Information Warfare and privacy.