July 20, 2005 - Blackmail and Bribery War Stories
by Jeff Moss
Bribery and
blackmail are two great ways to get what you want.
This is probably why the techniques are highly regarded
and often used by governments and crime rings throughout
the world. If you’re had the pleasure of meeting
Bob
Morris, you know the NSA has given him more than
enough stories to tell. Also on today’s Black
Page, Renaud Bidou will take you the front lines of a 48-hour
digital blackmail battle.
Spy Tales
by Robert Morris posted July 20, 2005
For
those who think that breaking codes is simply a practice
of mathematics and computer algorithms, they’ve
never blackmailed anyone before. After countless
years in the NSA, I’ve had the chance to
witness some highly “unorthodox”
way of getting the information that I wanted without
tapping a line or breaking
a code. I’ve also seen some ridiculously
stupid attempts that have failed miserably. All I
know is that if you want to understand how truly paranoid
you should be, I have plenty of stories for you. I
feel like I should start around World War II. But
then there’s always the tales about methods
used to gather intelligence during the cold war. So,
that’s why I’m coming to Vegas again.
Get the smokes and whiskey ready.
The DoS Effect
by Renaud Bidou posted July 20, 2005
From
my point of view DoS have always been useless, stupid
and non-lethal attacks. Of course there had been 7th
and 8th of February 2000, but after all it was kind of limited issue. I had to change my mind when I started to work for new types of customers, mainly telcos and big (huge) Internet companies. I discovered that they don't really care about intrusions, confidentiality, integrity or whatever. Their major concern is DoS. DoS
kill their infrastructure. DoS kill their business.
It was time for me to get updated.
Surprisingly techniques used today are not new. But PIV and broadband access for millions of users have considerably increased their power. They have been turned into mass extortion weapons, and while I was thinking this was just a legend I had to face my first blackmail case. A dirty blackmail DoS story... Now I grew up and I'm not so self-assured.
SQL Injection v. Input Validation - New Theories
While simple SQL injection techniques lead to some of the most costly attacks today, researchers are hard at work rethinking the primary defense against injection: input validation. Input validation is something that every web application must feature, but quite frankly, it’s pretty annoying to implement. Robert Hansen and Merideth Patterson join us today to explain how their academic research might hold the solution to more convenient way to prevent injection attacks. Additionally, Michael Pomraning “crosses the gulf” from academic to practical by teaching us that we must unlearn input validation to fully understand it... read more
Hardware Guys
We’ve seen a new breed of hackers thrive using a soldering iron with their shell code. Companies need to rethink how they build and secure their products because hackers like me like to take new things apart and see how they work. Joe Grand’s dissection of hardware and the industry surrounding it consequences to blind trust. Darrin Barrall and David Dewey prove it by showing us how a USB-stick mod can root your box... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules