8 Black Hat Breakthroughs

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here.

8 Black Hat Breakthroughs

by Ericka Chickowski

EV SSL Exploits
A vulnerability in the way browsers handle Extended Validation SSL render the costly certs pretty darned useless until browser developers fix it. Researchers will show off a tool that leverages low assurance certificates to spoof

Breaking the security myths of Extended Validation SSL CertificatesAlexander Sotirov, Mike Zusman

Smart Grid Slip-Ups
Smart Grid technology has the potential to help us greatly improve the efficiency of our power infrastructure—but with added connectivity comes added risks. Two different researchers will present exploits of Smart Grid te

Recoverable Advanced Metering InfrastructureMike DavisHacking the Smart GridTony Flick

Dan Kaminsky Update
Dan Kaminsky made waves last year with his highly publicized presentation on DNS cache poisoning. He’s scheduled to present a mystery topic this year—"Something about network security," say Black Hat organizers.

Something about Network SecurityDan Kaminsky

Thunder Clouds
Did you know that it is possible for someone to attack the host on a virtualized server via a vulnerable guest machine? That’s why so many CIOs are so skittish about migrating to the cloud—their neighbors’ problems can easily

Cloudburst: Hacking 3D (and Breaking Out of VMware)Kostya KortchinskyClobbering the Cloud!Haroon Meer, Nick Arvanitis, Marco SlavieroCloud Computing Models and Vulnerabilities: Raining on the Trendy New ParadeAlex Stamos, Andrew Becherer, Nathan Wilcox

Oracle Oops
Metasploit creator Chris Gates will bring order to the world of Oracle exploits in his demonstration of a new framework for leveraging his pentest program to break Oracle in a very methodical way.

Relevant Session

Breaking the "Unbreakable" Oracle with MetasploitChris Gates

SSN Guessing Game
Social Security Numbers just got a whole lot less secure with the discovery of one enterprising researcher, who’s found an algorithmic method for guessing an individual’s SSN based on their place and date of birth.

I Just Found 10 Million SSN’sAlessandro Acquisti

Mac Mania
Apple fanboys are pretty smug in their sense of security superiority, but it’s all unfounded. This year’s Black Hat lineup includes several presentations on how to exploit Mac vulnerabilities (yes, they’re there!)

Relevant

Advanced Mac OS X RootkitsDino Dai ZoviMacsploitation with MetasploitDino Dai Zovi

Darknet Details
Going ‘off-the-grid’ on a private and anonymous darknet may become a whole lot easier with the unveiling of a new proof-of-concept, browser-based darknet technology developed by researchers with HP.

Relevant Session

Veiled: A Browser-based DarknetBilly Hoffman, Matt Wood