Greetings from Blackhat Las Vegas 2010

I have to admit that I am not a huge fan of Las Vegas, but, when the reason to visit is as good as attending Blackhat and Defcon I instantly forget the heat, endless rows of slot machines, big crowds, kitschy hotels, bars and everything that makes Vegas, Vegas. I have missed the last two Blackats but I am glad that I am back and that not many things changed. Despite the huge number of delegates, Blackhat briefings were organised like a well oiled machine so every kudos goes to the crew. I am glad that Blackhat, despite the name, became a conference which equally addresses and promotes the offensive and the defensive side of the computer security.

Though some sessions I attended were a bit of a hit and miss, mostly because of the less than ideal presentation skills of the presenters, not the technical content of the sessions I can say that I thoroughly enjoyed seeing the enthusiasm which exuded from every single presenter who gave their best to show their work.

The highlight of the day one was the presentation by Barnaby Jack which successfully showed that ATMs are just computers, like any other and that by learning about their functionality it is possible to remotely compromise their operation. This can become quite a serious problem, especially if the attackers find an easy way to modify software running on the system. Big crowds attending the session had every right to be impressed by the show. Several good videos of Barnaby Jackpotting ATMs on the stage have been posted on Youtube.

I was particularly interested to attend sessions concerning malware analysis and reverse engineering techniques, and see if we can get new ideas and tools to use in Sophoslabs. Some interesting tools, such as Berkley University BitBlaze are already available and some others such as excellent VMM based debugger Virt-ICE are in relatively early stages of development showing good potential for future usage for malware analysis.

For me, another interesting area was the increased attention to smartphone platforms, primarily Android based devices and iPhones. We often discuss the protection techniques for smartphones and question the need to develop an anti-malware software for them and conclude that there are relatively few threats to warrant fully functional anti-malware protection, especially in a corporate, managed environment.

Kevin Mahaffey and John Hering from Lookout security have conducted an interesting research into functionality of all free applications available through Android Market and Apple App Store and found out a significant number of applications, developed by few developers which are developed with a clear intention to steal data available on the device and send the data to a central server managed by the developers. Malware? Maybe. Spyware? Certainly. Unfortunately, both Google and Apple are currently in the stage of threat denial and do not provide documented programming interfaces which would allow security vendors to create reliable protection for the platforms. Let us hope they are right and that they will be able to make sure that all applications published through their respective Application stores will always be free from malicious intent. I am a bit of skeptic on that front, but that may just be me.

On the corporate front, it is obvious that Microsoft is making a better job of handling vulnerabilities discovered in Windows, despite the recently discovered feature/bug in Windows handling of shorcuts to control panel extensions couple of weeks ago. Great news is that Adobe has decided to jump on the bandwagon and coordinate the incident response with Microsoft. Members of MAPP, including SophosLabs should be pleased to learn that technical information about issues in Adobe software will be distributed to all members through the channel already used to distribute information related to vulnerabilities in Microsoft’s products.

I am off now to the positive madness of Defcon and will make sure to let you know about the sessions I particularly enjoyed.