Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Black Hat Conference 2009 Findings: What Can the Network Security Industry Expect in 2010?

1,531
views

Published on

A presentation focusing on vulnerability research, the recent Black Hat security conference highlights, and expected future trends in the network security industry.

A presentation focusing on vulnerability research, the recent Black Hat security conference highlights, and expected future trends in the network security industry.

Published in: Business, Technology

1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,531
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Black Hat Conference 2009 Findings: What Can the Network Security Industry Expect in 2010? Chris Rodriguez Research Analyst, Network Security September 15, 2009
  • 2. Focus Points • About Vulnerability Research • Overview of the Black Hat Conference • Major Highlights of the Conference • Expected Trends • Key Conclusions 2
  • 3. About Vulnerability Research • Vulnerability research is the foundation for numerous network security solutions such as IPS devices and endpoint protection software. • Vulnerability research is the frontline of defense from malicious code writers and cyber attackers. 3
  • 4. Overview of the Black Hat Conference • The Black Hat Conference is the largest, and best known security conference series in the world. • This conference is designed to serve the information security community by “delivering timely, actionable security information in a friendly, vendor-neutral environment.” 4
  • 5. Overview of the Black Hat Conference (cont.) • Historic Black Hat Conference events: - Dan Kaminsky’s DNS cache poisoning vulnerability - Cisco IOS flaw that resulted in a lawsuit - Using virtualization to create undetectable malware - Weaknesses in network security technology, i.e. NAC - Vertical-specific exploits, (GSM, ATMs, public transportation) Black Hat NAC Cisco Blue Pill, the Kaminsky’s called “a series bashed sues undetectable DNS attacks of rock throwing incidents” rootkit 2000 2000 2005 2005 2006 2006 2007 2007 2008 2008 2009 2009 5
  • 6. Major Highlights of the 2009 Black Hat Conference • MMS and SMS flaws (mobile phone hijack via text message) • iPhone code execution/denial-of-service MMS attack • Advanced Mac OS X rootkits • Factory-installed BIOS rootkits • Apple keyboard rootkit • SSL encryption protocol flaws • SSL spoofing • Fake ATM/card skimmer • Conficker discussion sanitization 6
  • 7. MMS and SMS Flaws • MMS and SMS data use has grown at a high rate over the years, and is forecasted to continue to grow significantly. • 900 billion SMS messages sent/received in 2008 (an increase of 132% from 2007) 7
  • 8. MMS and SMS Flaws (cont.) • Luis Miras and Zane Lackey, of iSec Partners, presented a vulnerability in the way mobile phones handle SMS messages. • This flaw enables an attacker to hijack smartphones, with varying degrees of control. • An app called There’s an Attack For That (TAFT) is a suite of hacking tools for jailbroken iPhones. • A related presentation demonstrated an attack that uses a corrupt MMS message to kill iPhones. 8
  • 9. Rootkits • A rootkit is software designed to secretly control a computer. • A rootkit uses advanced techniques to take full control of a system, obscure itself, and survive most attempts to remove it. • Rootkits are very dangerous, and are often used by hackers to make malware more effective and nefarious. • Researchers at CoreSecurity announced that they discovered factory installed software that behaved as a rootkit. • Absolute Software’s CompuTrace LoJack for Laptops is designed to protect and help locate stolen laptops. • While not inherently malicious, the researchers claim that it’s not very secure - leaving the possibility for devastating attacks. 9
  • 10. Rootkits (cont.) • Security researcher Dino Dai Zovi demonstrated how to load an advanced rootkit on Mac OS X machines. • This is a severe issue with Mac OS X, which has been struggling for market share against Windows. • An Apple keyboard was also discovered to be susceptible to a rootkit attack through its firmware update system. 10
  • 11. SSL Encryption Issues • SSL is a trusted, secure protocol for encryption and authentication. • Dan Kaminsky presented on problems with X.509 certificates, which are used for SSL encryption and authentication. • X.509 certificates use an outdated and weak cryptographic hash function, MD2. • VeriSign, the leading provider of digital certificates, downplayed this announcement, saying that they no longer use MD2. • Regardless, businesses have invested millions of dollars in X.509, and yet it suffers both from technical and structural issues. 11
  • 12. SSL Encryption Issues (cont.) • In a similar presentation, security researcher Moxie Marlinspike showed how an attacker could spoof SSL certificates. • Marlinspike was able to trick a Web browser into accepting code, which can give an attacker a number of attacks to perpetrate. 12
  • 13. Fake ATM/Card Skimmer • A card skimmer was installed on an ATM near the hotel that the Black Hat Conference attendees were using. • Chris Paget, an security expert for Google, was attending the conference when he discovered the device and reported it to authorities. • This follows the recent report of a complete, working, fake ATM that was placed at the DefCon convention. • Coincidentally, a presentation about this banking technology was pulled in order to give the affected vendors time to resolve the issue. 13
  • 14. Conficker Discussion • Conficker is a computer worm that infected up to 10 million machines. • The botnet had an activation date of April 1, 2009, but nothing happened after all. • The security community is still trying to track down the perpetrators. • Conficker uses numerous advanced malware techniques to avoid detection and deletion. • A presentation about the Conficker worm was censored to avoid tipping off the malware’s authors. 14
  • 15. Expected Trends • What are customer and vendor plans for SSL communications? • What this SSL vulnerability means for browser developers. • Attackers continue to become increasingly nefarious, while their tools grow in sophistication and complexity. • Is criticism of factory installed grayware warranted? • Mobile phones are the next major platform to be targeted for attacks. • How will cell phone manufacturers react to these security threats? • Who’s responsibility is it to secure third-party apps? • The security industry is becoming more responsible and cooperative in its efforts of defeating hackers. 15
  • 16. Major Industry Participants 16
  • 17. Key Conclusions • The demand for original vulnerability research will only grow as the race to defeat hackers intensifies. • Key Internet infrastructure still has high risk vulnerabilities that have not been fixed yet. • As mobile devices become more connected and powerful, these devices will become primary targets of hackers. • Mobile phone developers generally have less experience with QA and security testing, which may leave this attack vector exposed. • With mobile devices, third-party applications are unregulated, which introduces a critical attack vector. • Responsible reporting and cooperation indicates an immense potential for success against cyber threats. 17
  • 18. Next Steps Request a proposal for a Growth Partnership Service to support you and your team to accelerate the growth of your company. (myfrost@frost.com) 1-877-GoFrost (1-877-463-7678) Register for the next Chairman’s Series on Growth: The Growth Excellence Model: Competitive Benchmarking & Growth Investing (October 6th) (http://www.frost.com/growth) Register for Frost & Sullivan’s Growth Opportunity Newsletters and keep abreast of innovative growth opportunities. (www.frost.com/news) 18
  • 19. Your Feedback is Important to Us What would you like to see from Frost & Sullivan? Growth Forecasts? Competitive Structure? Emerging Trends? Strategic Recommendations? Other? Please inform us by taking our survey. 19
  • 20. For Additional Information Jake Wengroff Craig Hays Global Director Sales Manager Corporate Communications Information & Communication (210) 247-3806 Technologies jake.wengroff@frost.com (210) 247-2460 chays@frost.com Robert Ayoub Industry Manager Network Security (210) 247-3808 robert.ayoub@frost.com 20