Black Hat 2010 – are we headed for cybervictory?

Filed Under: Malware, Privacy, Spam

Las Vegas in general, and the Black Hat conference in particular, really do seem larger-than-life, as you can see in the video I made at the outset of the event.

Even the bookstand offers a bewilderingly eclectic range of publications, with something for just about anyone who's interested in any aspect of computer security.

Same sort of thing for the conference papers themselves, with eleven parallel streams. I've stuck almost entirely to the Exploitation and Reverse Engineering streams, with occasional forays into Malware Fingerprinting and Bug Collecting.

One of the most obvious things to come out of the Exploitation stream is how much time the exploit-finding guys have compared to malware analysts. Tools to deal with malware automatically need to be really quick – we typically have minutes, or very occasionally, hours, to deal with new items of malware.

In contrast, exploit finders enjoy the luxury of tools which run for hours, and sometimes days, to automate some parts of the exploit-finding process. Indeed, this is a luxury they require, since finding new exploits is, fortunately, pretty hard.

I've learned a lot in two days, notably about a range of interesting open-source tools for security operations and research, such as BitBlaze (for crash analysis), Virt-ICE (a debugger-enabled virtual machine system) and Nmap (the network scanning tool).

By the way, Fyodor, the creator of Nmap, is now the proud owner of a DECODEME T-shirt.

So, is there a larger-than-life lesson to be learned from Black Hat? Yes, and here it is: we really can aim for cybervictory. The number, and quality, of people worldwide who are not only interested in but committed to computer security is impressively large.

Cybercriminals, watch out!

, , , , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog