Black Hat

Surveillance scandal rips through hacker community

LAS VEGAS -- It used to be that the playful Defcon contest of "Spot the Fed" gave hackers and the government agents tracking them a chance interact in a less serious manner.

Hackers who found a government agent among the conference attendees would wear with pride T-shirts that read, "I spotted the Fed." The agent would be given a shirt that read, "I am the Fed." And by flipping the cat-and-mouse dynamic for at least one weekend a year, the two groups more or less came to a greater understanding of each other.

The … Read more

Rocket scientist tells hackers to take big risks

LAS VEGAS -- What's the difference between building a successful computer security company and going to Mars?

If you ask Brian Muirhead, who has been instrumental in building and landing Mars rovers for NASA, there's not much difference at all.

Muirhead shared the lessons he's learned about team building during his second-day keynote speech at the annual Black Hat security conference on Thursday.

It's not rocket science -- when building a company you need to take on uncomfortable and unexpected risks and challenges, the self-described "card carrying rocket scientist" told the crowd.

"Take … Read more

Tortilla tool makes anonymizer Tor more digestible

LAS VEGAS -- The Onion Router's popularity as a Internet traffic anonymizing network that can be used just about anywhere belies some of its limitations. To combat those, one security researcher at Black Hat 2013 here figured out a way to make Tor more palatable.

And to the consternation of people who hate food names and metaphors, it's called Tortilla (download).

"People couldn't easily anonymize their Internet traffic," Jason Geffner, Tortilla's inventor, told CNET after his presentation. "This opens a whole realm of opportunities for them."

Geffner developed the free, open-source, and … Read more

Hackers to NSA chief: Read the Constitution

LAS VEGAS -- Tensions were high as the National Security Agency's Gen. Keith Alexander took the stage here in front of a packed room of security industry professionals and hackers of all stripes.

The general at the forefront of the surveillance scandal currently enveloping the NSA walked up to the podium in the conference center at Caesar's Palace amid audience murmurings that he was going to avoid the issue.

Instead, it was the focus of his keynote speech.

"How do we protect our civil liberties and privacy?" he asked the 3,200 people filling the room … Read more

Symantec: Russian criminals sell Web 'proxy' with backdoors

A black hat Russian operation has served malware to hundreds of thousands of users a year who thought they were signing up for a paid proxy service, Symantec said today.

The security company said in a blog post that it has linked the malware to a cluster of Russian Web sites -- including one called Proxybox.name -- that claim to provide proxy access, VPN services, and antivirus scanning. Proxybox.name requires users to download what it calls "functional, simple, and convenient" proxy software.

Vikram Thakur, principal manager at Symantec Security Response, told CNET this afternoon that:

What … Read more

How the pros thwart computer spies with James Bond tricks

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to Shanghai on a work trip. For a computer, though, he carried only a stripped down Netbook that he modified using a trick even James Bond would have admired. He sawed off the end of one of the laptop case screws and mashed a small bit of a crushed Altoids mint into the hole before putting the screw back in. After leaving it in his hotel room for a few hours, he came back to find that the powder had disappeared. Something had caused … Read more

iOS app hacking alive and well

LAS VEGAS -- While Apple was making its decidedly lackluster Black Hat debut just one floor up, security researcher Jonathan Zdziarski was explaining the dark art of iOS app hacking to a smaller but still crowded room.

A senior forensics scientist at viaForensics, he clearly didn't have much faith in the security of apps running on iOS. "iOS can be infected through a new zero-day, or you can take a phone and run real fast. Apparently, bars are a great way to pick up iPhones," he said as the audience chuckled, clearly remembering the two separate lost iPhone prototype incidents. … Read more

Pen and sword equally mighty for science fiction's Stephenson

LAS VEGAS -- It's been a double-whammy of stardom for the attendees of the 15th annual Black Hat USA conference. Many people here suffered a line more commonly associated with Comic-Con or CES to get into an exclusive performance by electronica and trance legend Paul Oakenfeld at Club PURE last night.

And then this morning, they rubbed the hangover from their eyes and the ringing from their ears to listen to an on-stage conversation with noted science fiction author Neal Stephenson in the Caesar's Palace convention center.

Stephenson spoke for almost an hour with Brian Krebs, the investigative journalist who writes about security. While they ranged from his childhood influences to his books to his non-writing projects, Stephenson's face lit up as they discussed his recent Kickstarter project, "Clang."Read more

Ho-hum first date with Apple at Black Hat

LAS VEGAS -- Apple today gave its first-ever talk at the Black Hat security conference, and it left me feeling like I'd had a really disappointing Match.com date with the hottest guy on the dating site.

The vaunted Apple decided to show up after snubbing the event for 15 years. As manager of the platform security team at Apple, Dallas De Atley seemed to have everything a Black Hat attendee could want -- popularity, experience, discriminating taste, a good sense of style, and a promising future. Playing hard to get only makes us want you more.

But 15 … Read more

Hacking, the card game, debuts at Black Hat

LAS VEGAS -- There's much more to hacking than just the Hollywood portrayal of a speed typing contest, say the computer security professionals who've developed a new hacking-themed card game called Control-Alt-Hack.

Control-Alt-Hack is based on Steve Jackson Games' Ninja Burger, but from the characters to the mission cards to the entropy cards, the demystification of white hat computer security is the name of this game. Game co-designer, security researcher, and University of Washington Computer Security and Privacy Research Lab honorary member Adam Shostack said at the Black Hat 2012 confab here that when it comes to teaching … Read more