Black Hat launches Webinar series

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-10789_3-9978524-57.html

By Robert Vamosi
Defense in Depth
June 26, 2008

Jeff Moss, founder and director of Black Hat, on Thursday moderated the 
first-ever Black Hat Webinar, previewing five presentations to be given 
at the security conference in Las Vegas in August.

Moss said he was pleased that more than 1,000 people attended and 
admitted they were "expecting maybe a few hundred." Black Hat has 
already implemented RSS feeds, Twitter, and even a LinkedIn group.

"The Webinars will be much more than that," Moss said. In the future, he 
hinted, Black Hat will publish an editorial calendar, with a new Webinar 
at least once a month. Moss said that if successful, future Webinars 
might also include online training.

During the one-hour broadcast, speakers gave 10-minute previews of five 
presentations expected during the Black Hat briefings in Las Vegas, 
which will take place August 6-7.

Bruce Potter, founder of the Shmoo Group, talked about "malware 
detection through network flow analysis." He said he will be releasing 
some software at the conference. He argued that network administrators 
can examine data flowing both ways on the network to help identify where 
the attacker is coming from. Software expected in August includes an 
updated version of Psyche that will have an Ajax-based interface.

Fyodor Vaskovich, founding member of the Honeynet project, talked about 
"Nmap--Scanning the Internet." The author of NMAP recently scanned the 
entire Internet--the WorldScan Project--and will present his results. 
This allows him to verify and refute various assumptions about which 
ports to use for scanning. Also, he said, it forces him to improve NMAP.

He gave a few examples of a NMAP scripting engine, fixed-rate packet 
sending, enhanced version detection, and improvements to performance and 
accuracy.

Shawn Moyer, CISO of Agura Digital Security, and Nathan Hamiel, senior 
consultant for Idea Information Security and founder of the Hexagon 
Security Group, previewed their talk "Satan is on My Friends List: 
Attacking Social Networks." They said they're not just talking about 
worm attacks such as Samy back in 2005. They're talking about 
user-generated applications and content--are they creating new attack 
surfaces? They will also have demonstrations and screen captures to 
share in August.

Nathan McFeters and John Heasman talked about "Beyond document.cookie." 
In August they'll be joined by Rob Carter in talking about Web 2.0 
same-origin policy attacks and other Web 2.0 vulnerabilities.

Steve Reavey, Katie Moussouris, and Steve Adegbite, all of Microsoft, 
talked about "Secure the Planet! New Strategic Initiatives from 
Microsoft to Rock Your World" or the shorter title "Has Microsoft lost 
its mind?" Among other things, they said they will talk about how 
Microsoft approaches a security update within Office, from vulnerability 
disclosure to patch. Microsoft will also be hosting a two-day "Defending 
the Flag" training just prior to the public part of Black Hat on August 
2 and 3, and again on August 4 and 5, to show administrators how to 
attack Microsoft products to gain insight to how their networks are 
secured.

After a short question-and-answer period, Moss said the next Webinar 
will be held "in about a month" and offered an e-mail address 
(subscribe-webcasts (at) blackhat.com) to subscribe for updates.


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com