Black Hat expels reporters in network snooping

Robert Vamosi of CNET News co-wrote this story.

Updated 10:30 p.m. with comment from Brami.

LAS VEGAS--Three journalists for a French security magazine were kicked out of the Black Hat security conference after they allegedly sniffed the press room computer network on Thursday.

The journalists work for Global Security Mag, which was a media sponsor of the event. Two of the men, Dominique Jouniot and Mauro Israel, could not be reached for comment.

The third, Marc Brami, director of the magazine, told CNET News later that he blamed Israel for the incident, which Brami described as "a … Read more

Microsoft to seek credit for finding vulnerabilities

LAS VEGAS--Microsoft is jumping into the responsible disclosure game.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

"We've seen the threat environment change," said Andrew Cushman, who runs the Microsoft Security Response Center.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

The MSRC already reports vulnerabilities to other … Read more

This Christmas, your company's getting an iPhone in a box

George Ou (yes, that George Ou!) has an interesting preview of David Maynor's (yes, that David Maynor!) presentation tomorrow at DEFCON 16.

The horny one doesn't know if David's ingenious idea was inspired by the dick in a box, but to riff on a theme:

1) Get a box 2) Put a hacked iPhone attached to an external battery and running reconnaissance or penetration (ahem) tools in the box 3) Mail the box to your girl some company 4) Penetrate (the Macalope said "ahem" already!) said company

And that's how you do it!

While … Read more

Wall of Sheep comes to Black Hat

LAS VEGAS--How confident are you when using your laptop at a conference?

For years, a group called Wall of Sheep has been showing attendees of Defcon when their network connections are insecure. The Wall of Sheep board has been a fixture at Defcon, Black Hat's sister conference set to begin tomorrow at the Riviera Hotel and Casino. The board displays the names (with some identifying information obscured) of those connecting to the Internet in insecure ways. The idea is both meant to shame and educate users on best practices.

"If the 'Best of the Best' in security can … Read more

CNET News Daily Podcast: What's on hackers' minds at Black Hat?

Hackers have descended on Vegas in full force for the annual Black Hat security conference. What's on their minds? CNET's Robert Vamosi called in from Sin City and talked with CNET News' Leslie Katz.

Plus, someone claims to have found a mechanism on the new iPhone software that would let Apple remotely remove blacklisted applications from your phone. Is Apple trying to play "big brother" or simply save consumers from malicious apps that slipped through the cracks? Listen now: Download today's podcast

Today's stories:

Black Hat a sure bet to be big, bold in VegasRead more

Is Check Point's security profile the broadest?

Recent Enterprise Strategy Group research points to two evolving trends:

Information security practices are merging into other IT areas, such as regulatory compliance and IT operations.

Enterprise users are leaning toward integrated security suites rather than "best of breed" security products.

With these trends in mind, it is safe to assume that the market advantage goes to security vendors with integrated product portfolios that cover security, compliance, and IT operations. Firms like EMC's RSA Security, McAfee, and Symantec are betting on this happening soon, but these industry heavyweights are not alone.

Case in point: Check Point Software … Read more

Security firm warns of malware attack on Facebook

Sophos, a security software and research firm, has warned that social network Facebook is the battleground for a new malware attack targeting members' comment "walls."

Public wall posts purporting to be from someone on a user's friends list invite the user to click on some kind of video or image, and the URL appears to lead to something hosted on That's a spoof--it really directs to a grinning photo of a court jester sticking out its tongue--and a downloaded Trojan. Sophos has not said what the worm then does.

Facebook representatives were not immediately … Read more

Cybersecurity lessons from the Civil War

LAS VEGAS--The security issues we face today in cyberspace are the same ones the country faced during the American Civil War when Abe Lincoln was relying on telegraph transmissions to help keep the country united, a top U.S. cybersecurity official said in a keynote speech at the Black Hat security conference here Thursday.

Lincoln was obsessed with reading telegrams that delivered updates from the battlefield, using them to learn about the military strategies and to offer feedback, said Rod Beckstrom, director of the National Cyber Security Center in the Department of Homeland Security.

"If he were alive today … Read more

Looking inside the Storm worm botnet

LAS VEGAS--On Wednesday, Joe Stewart, director of malware research for SecureWorks, presented his work on protocols and encryption used by the Storm worm botnet at Black Hat 2008.

He said as far as botnets go, Storm is not particularly sophisticated, nor is it our No. 1 threat. Yet while other botnets come and go, Storm remains amazingly resilient, in part because the Trojan horse it uses to infect systems changes its packing code every 10 minutes, and, once installed, the bot uses fast flux to change the IP addresses for its command and control servers.

None of this surprising, it'… Read more

Kaminsky provides the why of attacking DNS

LAS VEGAS--Speaking before a packed audience, researcher Dan Kaminsky explained the urgency in having everyone patch their systems: virtually everything we do on the Internet involves a Domain Name System request and therefore is vulnerable.

Expectations were running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn't stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always … Read more