Black Hat Las Vegas is taking place this week. The event is where professional hackers gather to share what they’ve Black Hatbeen working on over the past few months. The results are often pretty startling for most average computer users.

For instance, Alessandro Acquisti, a researcher at Carnegie Mellon University is going to show how information about an individual’s place and date of birth can be exploited to predict his or her Social Security Number. To cut a long story short, Acquisti says SSNs were designed to be simple identifiers and not for authentication purposes, and so businesses should stop using them as confidential passwords.

We know enterprise networks are big targets for cybercriminals. Here are some Black Hat Vegas briefing sessions by security professionals about new attacks that could be around the corner and how to protect against them. Slides from the presentations are expected to be available at the Black Hat site after the event. Slides from January’s Black Hat DC 2009 briefing sessions are here.

What happened to Conficker’s payload?
Security researcher Mikko Hypponen says the Conficker/Downadup worm infected several million Windows workstations and servers around the world. The worm uses several new techniques that have never been seen before, and can create a unique list of 250 random domain names everyday. The creators of Conficker had the power to seize control of all of the computers the worm had infected. Yet, nothing happened. There were no reported botnets, no spam and no data theft. Hypponen says his Black Hat Vegas talk will reveal the motive of Conficker’s developers and why they never pushed the payload button.

Could a large part of the reason be the industry’s coming together to fight the Conficker worm? As I mentioned in my last blog post, the security industry reacted swiftly by creating the Conficker Working Group, and companies such as Cisco ensured their products protected against the worm and educated customers on how to strengthen their protection against Conficker. And of course, Cisco NetFlow Analyzer and Flow Analytics can catch Conficker.

How fast are you closing security vulnerabilities compared to your competitors?
A group of security researchers have examined six vertical industries, including finance, healthcare and manufacturing, to determine the time-to-patch trends. The result is a “half-life period” — the period it takes each industry sector to patch 50% of the vulnerabilities discovered after the first security advisory. The researchers say organizations can use the findings to measure their time to patch against others in their industry.

What’s the value of your network?

Rob Beckstrom, former director of the National Cyber Security Center in the U.S. Department of Homeland Security will discuss Beckstrom’s Law at Black Hat Vegas. The law attempts to answer the question of “how valuable is a network?” (network could include social networks as well as electronic networks). According to Beckstrom, the value could be extrapolated by “looking from the edge of the network at all of the transactions conducted and the value added to each. It states that one way to contemplate the value the network adds to each transaction is to imagine the network being shut off and what the additional transactions costs or loss would be.”

Your network is compromised, but you can still keep you data safe
Security specialists Aaron LeMasters and Michael Murphy will share details of Codeword, their free tool that provides management and analysis during rapid enteprise triaging (RETRI) of compromised networks. The developers explain: “Rather than focusing on individual network segments or hosts, our approach prioritizes broad network isolation to contain the threat and ensures core business functions remain operable. The result is less strain on your IT staff and no downtime for your users.”

Details of all Black Hat Vegas sessions are here.

Jake Bergeron author pic


Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.


Leave a Reply