Welcome to the inaugural intel update for Black Hat USA 2013! The world's premier security conference is headed back to Caesars Palace in Vegas, from July 27 to August 1. Early registration is in full swing, so sign up before May 31 to save some serious money.
This year’s lineup of Black Hat Briefings, Trainings and Workshops is so good, you’ll forget you’re in Vegas at the height of summer. The call for papers closed last Monday, and to whet your appetite, we're excited to announce a few of our initial acceptances.
First, the National Institute of Standard and Technologies (NIST) 2011 publication of 800-155 one-upped the Trusted Platform Module (TPM) PC client specification by better detailing BIOS content that should be measured to provide an adequate Static Root of Trust for Measurement (SRTM). In BIOS Security, John Butterworth, Corey Kallenberg, and Xeno Kovah of MITRE Corp. will show how a laptop (pre-NIST 800-155) SRTM can be manipulated, even with signed updates enabled. The trio will also demonstrate a 51-byte SRTM patch that can trick the TPM into believing the BIOS is pristine. Reflashing the BIOS may not restore the SRTM's integrity; an esoteric technique involving a timing side-channel may be needed for the BIOS to indicate its integrity.
Next up, crypto-infosec researcher Karsten Nohl will present Rooting SIM Cards. There are over 7 billion SIMs in active circulation, yet shockingly little is known about their security traits. It is generally believed they're unbreakable, but this is only because there’s a general belief that they've never been known to be exploited. In his briefing, Nohl will shatter this pretense with confirmation that SIM cards, like any other computing system, are plagued by implementation and configuration bugs.
And so we're off: two in the bank and these are just a taste of the presentations and topics to come. We’re continually adding new content and you can stay up to date on all the new selections, as well as our Trainings and special announcements by following us via the social media channel(s) of your choice.Twitter