Las Vegas (NV) – It’s that time of the year again and the annual BlackHat and Defcon computer security conventions are returning to Las Vegas.  This year’s sessions and events promise to be just as interesting, eye-opening and downright shocking as in previous conventions.

The BlackHat Briefings convention starts next Wednesday August 1st at the Caesers Palace Hotel and lasts two days.  Defcon follows up the next three days from August 3rd to the 5th and is held at the Riviera Casino and Hotel.

Richard Clarke, author of “Against All Enemies” and former advisor to Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush, will keynote BlackHat with a speech titled “A Story About Digital Security in 2017”.  BlackHat is known for having current and former government officials as keynote speakers.  In previous years, FBI agents and the former CEO of In-Q-Tel (the venture capital arm of the CIA) have spoken.

Dan Kaminsky, a veteran of the computer security speaking circuit, will talk about his latest research into hacking Captcha – the authentication system that displays characters to prevent forum and email spammers.  Sites have recently been adding audio Captcha in which a computerized voice rattled off letters and numbers mixed in with noise.  Kaminsky has found a way to use WinAmp to automatically listen and respond to the messages.

For those who don’t want to deal with audio, Dr. Neal Krawetz will have an interesting talk about digital picture and movie forensics.  According to the session description, attendees will, “be able to distinguish real images from computer generated ones’ and also identify how the images were made.

Security researcher Joanna Rutkowska returns to talk about her latest hacking attempts at an undetectable virtualized kernel rootkit.  But Thomas Ptacek of Symantec has a different take and will have a competing talk about how such rootkits are actually easier to detect than regular ones.  I suppose we shouldn’t be surprised that a Symantec employee would think that way.

The scheduling will be just as rigorous at Defcon which has added a new “Wireless Village” run by the folks at the Church of the Wifi.  Wireless hacking has been a huge part of security conventions and the new village provides a centralized place for people to share ideas.  Members of the “Church” will also have a session and plan on introducing their own wireless hacking distribution.  In previous years, the group released Rainbow Tables – long list of pre-computed password combinations – to ease WPA cracking.

BlackHat and Defcon founder Jeff Moss even gives his own talk about the “CiscoGate” fiasco that happened two years ago.  You may remember how Cisco tried to censor security researcher Michael Lynn from giving a speech about vulnerabilities in the router operating system.  Moss will give his unique perspective on the matter and who knows maybe Michael Lynn himself will make an appearance.

You can expect more coverage about BlackHat and Defcon next week as TG Daily will attend both conventions.

Hacking

Jul 24, 2007 22:16     

Whenever I read about the work being discussed at these conventions I have to try really hard to keep from being outraged. It's difficult to keep in mind these people are HELPING computer security by revealing it's flaws. They just sound, on the surface, to be conventions designed to show people how to break the law. I know that's not the case, but that's the way it looks.
nvalhalla report abuse vote down vote up Votes: +0

hacking

Jul 25, 2007 02:17     

Hackers are bad mmmkay...
r0d3nt report abuse vote down vote up Votes: +0

RE: Hacking

Jul 25, 2007 03:48     

Well... why are there no Cocaine conventions, WMD conventions or Terrorism conventions? Lets all learn how to build bombs, use them and use them in the right place. We can get Osama to be the key-note speaker! The world will be a better place if we all knew how to make crack and bombs. You can not honestly say that people who attend Blackhat & Defcon are there to "prevent hacking". This is typical American psychology, we should all carry guns so that we can stop people from shooting...

Donuts report abuse vote down vote up Votes: +0

this is clearly helpful

Jul 25, 2007 11:54     

and if you dont feel that way, then i hate you because im one-sided.
Nelson report abuse vote down vote up Votes: +0

yes

Jul 30, 2007 09:53     

I've been going to defcon since dc7. Things have evloved over the years and the breakout of attendees now is probably something like: 20-30% LEOs and 3 letter agencies 25-30% Security professionals from the vendor side 25-30% People who deal with security in the private sector a very small percentage of what would otherwise be called black hats. A lot of the attendence these days is spillover from Blackhat (You get free attendence to dc - go visit the zoo and see the animals kind of thing) Appearances may be deceiving to those who simply look at the surface.

dotzero report abuse vote down vote up Votes: +0

So we should turn a blind eye to knowledge?

Jul 30, 2007 11:52     

I disagree with the notion that these conventions are about breaking the law; anyone who has attended one of these and seen tracks such as "meet the fed" understands the role of Defcon to the security ecosystem as a whole. I am a systems admin and do architecture work in regards to how networks and systems connect; attending Defcon last year gave me tons to think about and work on, and have made me a much better geek in and out of the corporate environment. The bomb example is lame, but expected in this time where the current administration is trying to scare the public into giving up their rights. To ignore information at these conferences leaves you open to the latest vulnerabilities; so good luck burying your head in the sand. This Friday I'll be in Vega$ at Defcon 15.

fak3r report abuse vote down vote up Votes: +0

Takes one to know one

Jul 31, 2007 19:03     

As a security professional, I can tell you that there is no way to devise defenses to security holes without understanding how they work and the motivation behind them. So, sticking your head in the sand and letting the blackhatters talk about stuff while you take a blind eye is not really effective. Think of it as intel gathering. Also, Defcon is the best training bang for the buck you can get. $100 cash at the door gets you into all the same speakers as BlackHat. Plus lotsa booze and weirdness. It's a blast.

3H report abuse vote down vote up Votes: +0