cons

1386 Articles

Black Hat Hackers Face Off In Iron Chef Style Competition

July 7, 2008 by 1 Comment


Which is a better method for finding vulnerabilities, fuzzing or static-code analysis? The question will be put to the test at next month’s Black Hat USA conference, where two experienced hackers security researchers will be given a piece of mystery code and one hour to find all the vulnerabilities they can using one of the two methods. [Charlie Miller] from Independent Security Evaluators will use fuzzing and [Sean Fay] from Fortify Software will use static-code analysis to detect the vulnerabilities in the code. We reported on [Miller]’s fuzzing talk while at Toorcon 9.

The pair will be allowed to use their own equipment, but they won’t see the code until the moment the showdown begins. For an added bit of fun, conference attendees are welcome to join in the contest. The audience member who finds the most exploits within the hour wins a free dinner at a new Las Vegas restaurant. But you don’t have to wait until then to weigh in; go ahead and post your thoughts on fuzzing vs. static-code analysis in the comments, just be ready to back up your claims.

Recon 2008 Recap

July 3, 2008 by No comments

[Tiller Beauchamp] gave a presentation on applied reverse engineering in OS X at this year’s REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.

One of the highlights for him was Neohapsis’s [Chris Smith] discussing virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.

On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]’s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.

25th Chaos Communications Congress

July 2, 2008 by No comments


The 25th annual Chaos Communications Congress is happening December 27-30th in Berlin, Germany. They’ve just published their official call for papers. Last year’s 24C3 was incredible and we’ll take any chance we get to attend an event held by the fine folks in the CCC. We hope to see you there!

[via BoingBoing]

The Last Hope Schedule Finalized, Preregister Now

June 30, 2008 by 3 Comments


The schedule for this year’s The Last Hope conference in New York City has been finalized, and there’s still time to preregister. Today is the last chance for overseas attendants to preregister, and the rest of you have until July 6th. A/V volunteers are still needed, so step up if you have the desire and skills.

The three-day conference will feature three tracks of scheduled talks, plus one track for unscheduled talks by registered attendees. You can view the full schedule interactively, in wiki format, or in conventional format. It takes place between July 18th and July 20th; hurry up and snag your tickets now. We’re interested in all the talks, but [Chris Seidel]’s talk on biohacking, NYC Resistor’s presentation about collaborative hardware hacking, and [Ray]’s demonstration on escaping high security handcuffs have us waiting in rapt anticipation. So who’s going? What are you looking forward to? Let us know in the comments.

Defcon 16 Schedule Finalized

June 28, 2008 by No comments


If you were waiting to finalize you travel plans, now’s the time; Defcon has published the final speaking schedule. The conference starts Friday August 8th in Las Vegas, NV and continues through Sunday with four separate speaking tracks. There’s quite a few talks we’re looking forward to: Silicon guru [Christopher Tarnovsky] from Flylogic will be hosting a breakout session on smartcard security. [Gadi Evron] will talk about the security implications of biological implants in the future. [Thomas Wilhelm] is going to cover building a mobile hacker space and the vehicle related hacks it requires.

Defcon Badge Hacking Contest

June 25, 2008 by 2 Comments


[Joe Grand] is designing the Defcon badges for the third year in a row. Just like the previous years, they’ll be hosting a badge hacking contest. This time around though, they’re going to start leaking clues in advance. Earlier contests were often frustrating because of the specialized equipment needed to talk to the microcontroller. Hopefully this year it will be a lot more accesible. The specs for the badge have not been released yet, but after last year’s 95 LED scrolling marque, we can’t wait to see what this year will bring. [Joe] has posted info on the previous two badge designs and resulting contests.

Hacker Conference Videos

June 25, 2008 by 2 Comments


Almost every security conference we’ve attended in the last year has uploaded videos from their speaker tracks. Explore the archives below, and you’re bound to find an interesting talk.

[thanks, Dan]
[photo: ario_j]