Hackers share secrets at Black Hat briefings

Cult figures of the technology underworld have gathered in Las Vegas to discuss past and future exploits at the second annual Black Hat Briefings. Unlike the decidedly more informal and notorious DefCon, Black Hat was designed to attract attendees from the other side of the fence -- IT security managers and/or CIOs interested in 'meeting the enemy,' and learning from them the newest techniques for penetrating corporate networks.

Cult figures of the technology underworld have been gathering in Las Vegas to discuss past and future exploits at the second annual Black Hat Briefings.

Unlike the decidedly more informal and notorious DefCon, Black Hat was designed to attract attendees from the other side of the fence -- IT security managers and/or CIOs interested in "meeting the enemy," and learning from them the newest techniques for penetrating corporate networks.

The conference was taking place at the same time as news of two major security vulnerabilities in Microsoft and Netscape products circulated. And for the first time, the mainstream media took notice of what has been until now a relatively obscure event on the IT conference calendar.

The Black Hat Briefings (http://www.blackhat.com/) are the brainchild of Secure Computing's Jeff Moss, also the founder of the yearly gathering of hackers called DefCon (http://www.defcon.org/).

By creating a more formal atmosphere for the discussion of new security threats, Black Hat accomplishes two things: it legitimises attendance for corporate types who might not otherwise get authorisation to travel to a DefCon-type free-for-all; it also taps corporate expense accounts for conference fees that are a lot steeper than those generated by the original hacker-fest.

However, this conference is worth the money. The accumulation of hacking talent at Black Hat is formidable, and several luminaries from the security field rounded out the schedule of speakers to present a "state of the industry" roundup.

Longtime industry commentator and participant Marcus Ranum of Network Flight Recorder started off the briefings followed by session tracks that read like a who's who of security gurus -- including Paul Leach of Microsoft, Bruce Schneier of Applied Cryptography fame, Ian Goldberg of the Internet Security research group at UC Berkeley, and Dr. Mudge of the hacking group L0pht Heavy Industries.

Other hacking luminaries in attendance included Hobbit, widely regarded as the man who brought Windows NT under the microscope of the hacking community, and DilDog of the up-and-coming Cult of the Dead Cow (cDc) hacker group. These opinionated individuals spearheaded two days of spirited discussion on the most pressing security issues facing IT folk.

Unfortunately, conference attendees couldn't get too close to these renowned hackers. When not making chit-chat with starry-eyed celebrity hounds, many of the more prominent hackers spent time in front of a television camera. CNN spent quite a bit of time shining the light of public interest on some of these self-proclaimed defenders of the electronic frontier, in a somewhat incongruous circumstance for subject matter typically shrouded in mystery and intrigue.

This makes great fodder for the six o'clock news, of course. Interest was fed by the coincidental recent announcement of security vulnerabilities in both Microsoft and Netscape's e-mail clients, Windows NT, and the imminent release of Back Orifice, the newest Windows 9x exploit impeccably timed for release at DefCon by cDc (see http://www.cultdeadcow.com/tools/bo.html/).

Much of the information dispersed at Black Hat was old hat to those who keep current on such topics. For example, Mudge's VPN talk and a discourse on the insecurities of intrusion detection technology by Network Associates engineer Tom Ptacek were both released to the public some time ago.

Ironically, it wasn't one of the hackers that delivered the least stale information on the agenda. Microsoft's Leach served up the technical underpinnings of the new Windows NT LAN Manager (NTLM) authentication protocol, a step toward cleaning up the weaknesses in the current NTLM, which has suffered greatly under a dedicated assault from the likes of Mudge and his comrades at L0pht in the last year.

However, L0pht also announced a new addition to its popular NT password-cracking tool L0phtcrack at the conference. Every new solution deserves a new hack.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]