Black Hat Announcements

Black Hat Briefings USA 2008 Speaker Selection Underway

Wed, 07 May 2008 16:34:16 -0700

We're currently in the process of selecting the briefings speakers for BH USA 2008, so please feel free to take a look at how the show is shaping up here. The changes will be coming fast and furious as the show gets ironed out, so please keep an eye on this space. Remember, if you are a paid delegate, you can help us rate and review the talks and make your voice heard. The details are available here

We look forward to hearing from you.

Black Hat USA 2008 Early Bird Registration Closes May 1

Tue, 22 Apr 2008 13:21:54 -0700

If you want to take advantage of the Early Bird registration rates for Black Hat USA 2008, be sure to get registered before May 1. You can register online at https://commerce.blackhat.com/bh_usa_2008

Black Hat USA CFP Closes May 1

Tue, 22 Apr 2008 13:24:19 -0700

The Black Hat USA Call For Papers closes May 1, so be sure to get your submissions in on time. We are looking forward to a great roster of presentations, and we'll begin posting the accepted presentations as the submitters are notified. Please submit online at https://cfp.blackhat.com.

For a tentative track listing to help guide submissions please visit https://blackhat.com/html/bh-usa-08/bh-usa-08-tracklisting.html

The Pwnie awards return to Black Hat USA

Fri, 11 Apr 2008 15:48:39 -0700

The Pwnie Awards ceremony will return to the Black Hat reception with an all new roster of "winners." The awards exist to celebrate/humiliate the creators of the most infamous pwnage events of the previous 12 months. Categories have included Best Server-side Bug, Mass 0wnage, Lamest Vendor Response and Most Overhyped Bug. The awards are independent of Black Hat, but we're pleased to provide a venue for them where so much of the security community is gathered. Last year's inaugural event was a lot of fun, and we hope it will grow in 2008. We hope to see you thereat what Linux.com is already calling "Black Hat's Oscars."

Links:

http://pwnie-awards.org/
http://www.linux.com/feature/118378
www.blackhat.com

Black Hat Speakers In the News: Matthew Lewis - "Biologger - A Biometric Keylogger"

Fri, 04 Apr 2008 17:52:22 -0700

Black Hat Europe 2008 Speaker Matthew Lewis is getting a lot of media attention for his BH presentation entitled "Biologger - A Biometric Keylogger." The presentation included a demo showing how state-of-the-art biometric security systems can be compromised. To read his whitepaper, download his tool or see his presentation.

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html#Lewis

Presenations From Black Hat Europe 2008 Now Online

Sat, 29 Mar 2008 03:48:35 -0700

This year's Europe event has come to a successful close and we've put the presentations online for everyone who missed a briefing presentation or two, and everyone who couldn't make it to Amsterdam for the show. Watch this space for video and audio presentations when they go live.

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-archives.html

New BlackPage Entry: CrowdSourcing the Black Hat CFP

Thu, 13 Mar 2008 21:26:20 -0700

Beginning with Black Hat USA 2008, paid delegates will be able to view and rate CFP submissions. Register and help us create the Black Hat of your dreams. Learn more about how it will work in this BlackPage entry from Black Hat Director Jeff Moss.

https://www.blackhat.com/html/blackpages/blackpages.html

Black Hat Europe 08 Keynote Speaker Selected

Fri, 07 Mar 2008 17:12:26 -0800

The Black Hat Europe 08 has been finalized and we're proud to announce our Keynote Speaker, Ian Angell. Ian is Professor of Information Systems at the London School of Economics and he will present a talk entitled "The Complexity in Computer Security."

This presentation will be a theoretical talk on the complexity of computer security. He will discuss how a lack of understanding of the limitations of, and distinctions made by, computerization leads to systemic risk.

To read the abstract and bio for Ian's keynote, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-speakers.html#Angell

To see our full schedule of Briefings Speakers, click here:

https://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

Black Hat Speakers in the News: Johhny Long on Forbes.com

Fri, 29 Feb 2008 15:50:49 -0800

Past Black Hat speaker Johnny Long has been profiled on Forbes.com on the subject of No-Tech Hacking. The article is an interesting read and even contains some quotes from BH Director Jeff Moss.

The article is here:

http://www.forbes.com/2008/02/28/long-hacker-csc-tech-security-cx_ag_0229hacker.html
To learn more about Johnny Long, you can check out his site at

http://johnny.ihackstuff.com/

Black Hat Speakers in the News: David Hulton, Steve and "Cracking GSM"

Thu, 28 Feb 2008 20:04:14 -0800

This year's Black Hat DC was full of newsworthy talks, but one that has gotten a lot of media attention was "Cracking GSM" by David Hulton and Steve.

They demonstrated that they could capture and decrypt GSM traffic (the most popular type of cellphone traffic) with astonishing speed. Their presentation is eye-opening and very worthy of your attention.

To see their slides, click here:

http://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Presentation/bh-dc-08-steve-dhulton.pdf
To see their whitepaper, click here:

http://www.blackhat.com/presentations/bh-dc-08/Steve-DHulton/Whitepaper/bh-dc-08-steve-dhulton-WP.pdf
To see the actual talk, click here.

http://www.blackhat.com/html/featured_media/bh08-002-Stream-1.mov

Presentations from Black Hat DC 2008 Online

Thu, 28 Feb 2008 12:53:52 -0800

We're freshly back from the success of the Black Hat DC event, and we've begun the process of putting the presentations and white papers online. Check the link to get yourself up to date on the stellar lineup of presentations or to catch up on a talk you missed in DC. Keep your eyes on this space for audio and video very soon.

https://www.blackhat.com/html/bh-dc-08/bh-dc-08-archives.html

Black Hat USA 2008 CFP Now Open!

Wed, 06 Feb 2008 19:12:21 -0800

Papers and presentations are now being accepted for the Black Hat USA 2008 Briefings.

This year's conference will be focused on deep technical information rather than policy and we're looking for groundbreaking work in a wide variety of topics. We've made the list of presentation tracks available online at https://www.blackhat.com/html/bh-usa-08/bh-usa-08-cfp.html - please take a look and consider submitting your work.
Submit proposals by completing the submissions form on the CFP server at
https://cfp.blackhat.com/.

Black Hat DC 08 Keynote Announced!

Tue, 05 Feb 2008 14:35:08 -0800

Black Hat DC 2008 is pleased to announce the selection of a keynote speaker. Please join us at the Westin DC City Center to hear Jerry Dixon, Infragard's National Member Alliance's Vice President for
Government Relations, Director of Analysis for Team Cymru, and former
Executive Director of the National Cyber Security Division (NCSD) & US-CERT,
of the Department of Homeland Security.

Jerry's Keynote is entitled "Quest for the Holy Grail" and the abstract follows:

"Online fraud has become pervasive and increasing at an alarming rate
affecting all organizations, private and public. This talk will provide
an overview of current trends affecting both government and private
sector companies, what enables online fraud, what are some of the
barriers, and suggestions for what organizations should be doing to
combat the problem.

Black Hat DC Speaker List Finalized.

Tue, 05 Feb 2008 14:26:22 -0800

We have finished selecting speakers and our schedule is now full

Please check out our speakers page for a complete list of speakers and for updates.
http://www.blackhat.com/html/bh-dc-08/bh-dc-08-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.

We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you didn't get selected for this show don't be discouraged, please consider submitting again. Our USA CFP opens February 5. Submit here: https://cfp.blackhat.com/

Black Hat DC 2008 Group rate extended.

Mon, 28 Jan 2008 18:53:40 -0800

Group room rates are now valid until February 1, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

Black Hat Europe 08, Moevenpick group rate ends soon.

Thu, 24 Jan 2008 19:51:31 -0800

Reserve your room now at the Moevenpick Hotel Amsterdam City Centre, group
rates will end February 19. The new Moevenpick Hotel Amsterdam City Centre
is located on the waters edge yet within walking distance from the old
center of Amsterdam and the Central Station.

All guestrooms, conference facilities and public areas are non-smoking,
including the Restaurant and Bar. Kindly note that there are no designated
smoking areas on site.

Excellent rooms: larger than average, with top of the bill facilities
(wired/free wireless LAN highspeed internet, breathtaking view over the
harbour or city) and other five star facilities.

The excellent location makes the hotel an exciting place to be. The
combination between the adjacent Passenger Terminal Amsterdam and
Muziekgebouw is unique and unsurpassed by anyone in Amsterdam. The area is
upcoming, trendy and holds a high cultural and creative allure.

To learn more about the venue please visit our venue page:
https://www.blackhat.com/html/bh-europe-08/bh-eu-08-venue.html

Moevenpick Hotel Amsterdam City Centre
Address: Piet Heinkade 11; 1019 BR Amsterdam; Netherlands
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239
email: hotel.amsterdam@moevenpick.com

Group Reservations:
Telephone: +31 20 519 1200
Facsimile: +31 20 519 1239

Rates (Vaild for bookings made by February 19, 2008):

Business single/double:
EUR 155 per night (inclusive of 6% VAT and service charge and exclusive of
5% city tax). DOES NOT include the breakfast. Free Wireless is available
throughout the hotel. Rates are good for stays from 23-29 March 2008.

Black Hat DC Group Registration Rate Closing SOON!

Fri, 25 Jan 2008 20:17:52 -0800

Group room rates are valid until January 25, 2008, 5PM EST. So act now to
reserve your room at this special price. The simplest and most convenient
way to reserve your room is to register online. You may also call the hotel
directly: +202-429-1700 or 1-800-westin1 and use the Group Code: BLACK HAT

Registration website:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

Rooms & Rates:
Single/Double: $219 per night single and double occupancy

Westin Washington DC City Center:
Address: 1400 M Street NW, Washington DC, 20005
Telephone: +202-429-1700 or 1-800-westin1

Black Hat Europe 08,First round of speakers selected!

Thu, 24 Jan 2008 01:03:33 -0800

We have made our first round of talk selections for our Black Hat Europe
2008 conference.

Our initial schedule is online now at:
http://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

Here is just a short list of some of the great presentations we have
scheduled:

Cracking GSM - David Hulton, Steve Hulton
Developments in Cisco IOS Forensics - Felix "FX" Lindner
CrackStation - Nick Breese
The Fundamentals of Physical Security- Deviant Ollam
Exposing Vulnerabilities in Media Software - David Thiel
Biologger - A Biometric Keylogger - Matthew Lewis
Malware on the Net - Behind the Scenes- Iftach Ian Amit
LDAP Injection & Blind LDAP Injection - Chema Alonso, Jose Parada Gimeno
Mobile phone spying tools - Jarno Niemela
TBD - David Litchfield
Hacking Second Life - Michael Thumann

Many more to come! Please check out our speakers page for a complete
list of speakers and for updates. There you will find abstracts for the
upcoming presentations and get some background information on the speakers.
http://www.blackhat.com/html/bh-europe-08/bh-eu-08-schedule.html

If you don't get selected for this show don't be discouraged, please
consider submitting again. Our Black Hat USA CFP will open February 1,
Submit now as we may close the cfp early if we receive enough quality talks.
Submit here: https://cfp.blackhat.com/

Black Hat DC - Group Rate Ending Soon!

Wed, 09 Jan 2008 14:27:27 -0800

The Black Hat DC 2008 Group Rate at the Westin DC City Center will
close on Friday, January 25. The group rate is $219 and the hotel is
smoke-free.

To reserve your room, you may register online at:
http://www.starwoodmeeting.com/StarGroupsWeb/booking/reservation?id=0710170314&key=324DE

You may also call the hotel directly: +202-429-1700 or 1-800-westin1
and use the Group Code: BLACK HAT

Black Hat Attendee LinkedIn group

Sat, 05 Jan 2008 16:52:43 -0800

Black Hat has created a LinkedIn group for past attendees. For those of you unfamiliar with LinkedIn, it's a business-oriented social networking site located at www.linkedin.com. They're best known as a good way to get your resume into the right hands, but their functionality seems well-suited to finding the right person for a tough question or just keeping in touch as well.

If you're interested in trying out this group please use the following link. Please note that if you are not already a member of LinkedIN it will ask you to join the site.

We are always looking for ways to encourage the building of communities around Black Hat - it's our hope that our events can be the starting point for all kinds of new collaborations and conversations that last all through the year. If you have a favorite way of keeping connected that you think we should explore, please let us know.

Black Hat USA 2007 Audio Podcast now live

Thu, 27 Dec 2007 20:56:44 -0800

Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer audio of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.

Registration info is available at www.blackhat.com.

Black Hat USA 2007 Video Podcast now live

Thu, 27 Dec 2007 20:55:40 -0800

Black Hat USA 2007 was a great success, and the presentations were wider-ranging than ever. As part of our ongoing effort to spread useful security knowledge everywhere, we offer video of the entire Briefings roster free online. If by chance you didn't make it to the event in Las Vegas, or if you attended and missed some talks you wanted to see, subscribe to the podcast feed linked here and get your fill. If what you see here piques your interest, consider attending our upcoming conferences - in DC in February, Amsterdam in March and returning to Vegas in August.

Registration info is available at www.blackhat.com.

'Electronic Jihad' Nothing hit our Radar.

feedback@blackhat.com (Black Hat Announcements) — Fri, 30 Nov 2007 13:33:02 -0800

From the article at Security Focus:
Link: http://www.securityfocus.com/brief/625

"A Web site's call for a massive religious-fueled denial-of-service attack -- an "Electronic Jihad" -- failed to create even a blip of activity on Sunday.

Two weeks ago, a group sympathetic to the goals of militant Muslims reportedly called for support in attacking financial Web sites and services on Sunday, November 11, but the day came and went with no noticeable traffic spikes, security experts stated. Antivirus firm F-Secure and the Internet Storm Center, a network monitoring group, both reported that their analysis failed to detect any attack.

"Well, so far we haven't seen any activity," said Mikko Hyppönen, director of research for F-Secure, said on the company's blog. "And we're not holding our breath either."

This recent attention to Cyber warfare brings to mind a presentation delivered by Gadi Evron at our recent Black Hat Las Vegas talk."Estonia: Information Warfare and Strategic Lessons" The talk was focused on discussing "The first Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. The talk is compelling and provides useful insight into the impacts of a cyber war as well as preventative measures. It seems increasingly relevant information to know when our ever expanding online lives are threatend with a 'Electronic Jihad'.

View his Abstract and Bio Here: http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Evron

Stay tuned to watch and listen to his presentation!
Article Link: http://www.securityfocus.com/brief/625

Black Hat Speakers: What are they up to now....

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:40:07 -0800

A few of our Black Hat speakers have their own blogs we enjoy reading from time to time. We thought you might like hearing what they are up to all year round as well!

David Maynor a Veteran Black Hat speaker has his blog over at ERRATA SECURITY.
Lots of cool stuff in there, recent news updates, commentary and even polls on favorite hacker movies.
Check it out: http://erratasec.blogspot.com/

Jeremiah Grossman has an interesting blog and has according to him generated quite a following, putting it number one on Google search results for him! That's quite an accomplishment considering that the press is just as equally excited to interview him as we are to have him speak for us. There are a lot of cool articles in his blog, he's been busy.
Check it out: http://jeremiahgrossman.blogspot.com/

Also, Mikko Hypponen and the rest of the team at F-SECURE have their blog full of interesting commentary, updates and DEMOS!
Check it out: http://www.f-secure.com/weblog/

David Litchfield : Nearly half a million Database Servers unprotected!

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:39:27 -0800

NGSSoftware has been busy this year between receiving multiple enterprise and tech awards, speaking at Black Hat, writing "The Web Application Hacker’s Handbook" and now announcing 492,000 database servers are online without firewall protection! We sometimes wonder between all the research and security advisories where do they fit in time to sleep?

>From the article by Ryan Naraine at ZDNet:
Link: http://blogs.zdnet.com/security/?p=663

"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.

Litchfield also spoke recently on Database Forensics at Black Hat USA 2007.
>From the Abstract:

"By delving into the guts of an Oracle database's data files and redo logs, this talk will examine where the evidence can be found in the event of a database compromise and show how to extract this information to show who did what, when. The presentation will begin with a demonstration of a complete compromise via a SQL injection attack in an Oracle web application server and then performing an autopsy. The talk will finish by introducing an open source tool called the Forensic Examiner's Database Scalpel (F.E.D.S.)."

Read the Full Bio and Abstract here:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Litchfield

Audio and Video coming soon:
http://www.blackhat.com/html/bh-multimedia-archives-index.html
Download his materials here:
https://www.blackhat.com/presentations/bh-usa-07/Litchfield/Presentation/bh-usa-07-litchfield.pdf

The Web Application Hacker’s Handbook: http://www.ngssoftware.com/press-releases/the-web-application-hackers-handbook-published/

Black Hat Europe 2008, CFP and Registration OPEN!

feedback@blackhat.com (Black Hat Announcements) — Mon, 19 Nov 2007 09:34:59 -0800

Black Hat Europe 2008 Online Registration is now open. Follow the link to take advantage of the early bird rate and register on the web. You must complete the on-line registration form regardless of your payment method. Europe 2008 Briefings and Training will be held March 25-28, at the Möevenpick Hotel Amsterdam City Centre, the Netherlands. Online Registration early rates will close on January 1.

Register here: https://www.blackhat.com/html/bh-registration/bh-registration.html#EU
More Info Here: https://www.blackhat.com/html/bh-europe-08/bh-eu-08-main.html

Submit your presentations to us at https://cfp.blackhat.com/ Call for Papers for both DC and Europe 2008 are now open. Call for Papers for Europe 2008 will close February 1.

Also don't forget our next USA event is DC 2008 Briefings and Training. DC 2008 will be held February 18-21, at the Westin Washington DC City Center. Online Registration early rates will close January 1, Call for will close January 4.
More Info: https://www.blackhat.com/html/bh-dc-08/bh-dc-08-main.html

More Common Sense from Bruce Schneier

feedback@blackhat.com (Black Hat Announcements) — Fri, 9 Nov 2007 14:52:35 -0800

Frequent Black Hat speaker and security guru Bruce Schneier spoke Monday, November to the CIPS (Canadian Information Processing Society)

>From a speech that seems to have contained a fair amount of pessimism about the state of information security comes this concise and cogent analysis of the way forward in credit card and ATM security

Summarized in the Edmonton Journal entitled "Criminal hackers gaining advantage":
Some of the biggest improvements have come from government regulations forcing companies to make more disclosures to their customers, and make their data safer, Schneier said.

Credit card and ATM security improved in the U.S. when the onus was put on the companies to be responsible for money lost through fraud. In the U.K, the courts ruled customers had to prove they were not at fault, and so security did not improve. The U.K. has since reversed that stand.

"This is going to be a much bigger trend in future years as governments get more involved."

To learn more about Bruce Schneier, you can look here to read his bio and his talk abstract from this Black Hat USA 2007:

http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Schneier

To read Bruce's informative and entertaining blog, follow this link:

http://www.schneier.com/blog/

Black Hat DC 2008 Registration Now Open!

feedback@blackhat.com (Black Hat Announcements) — Mon, 22 Oct 2007 14:58:39 -0700

Online registration for Black Hat DC 2008 is now open. Follow the link to take advantage of the early bird rate and register on the web.

The Briefings and Trainings will be held February 18-21 at the Westin Washington DC City Center. More about the venue is available here:
http://blackhat.com/html/bh-dc-08/bh-dc-08-venue.html

You must complete the on-line registration form regardless of your payment method.
Forms submitted via fax, email, telephone or snail mail will not be accepted. Early Bird Rate closes January 1, 2008.

Black Hat 2007 Japan Keynote, Suguru Yamaguchi !

feedback@blackhat.com (Black Hat Announcements) — Wed, 3 Oct 2007 16:35:55 -0700

We are very pleased to announce that our Keynote for Japan 2007 will be Mr. Suguru Yamaguchi, of Nara Institute of Science and Technology. Mr. Yamaguchi will be speaking on "Emerging New Technologies for Information Security Management"

>From the Abstract:
Information systems are now taking the important role to support core competence components of businesses in various industries so that they requires more dependability and sustainability. New technologies for improvement to make information systems more dependable are emerging from R&D field to the actual operational environment, however still more development are expected. In this keynote session, the speaker presents new risk on information security coming up with information systems, then express his views and directions on technical solutions and technologies required.

Suguru Yamaguchi, Bio:
Suguru Yamaguchi was born in Shizuoka, Japan in 1964. He received the M.E. and D.E. degrees in computer science from Osaka University, Osaka, Japan, in 1988 and 1991, respectively. From 1990 to 1992 he was an Assistant Professor in Education Center for Information Processing, Osaka University. In 1992, he was moved to Information Technology Center, Nara Institute of Science and Technology, Nara, Japan, and served as an Associate Professor till 1993. From 1993 to 2000, he was with Graduate School of Information Science, Nara Institute of Sc ience and Technology, Nara, Japan, as an Associate Professor. In 2000, he was promoted to a Professor with the Graduate School of Information Science, Nara Institute of Science and Technology, Nara, Japan. During his work in Nara Institute of Science and Technology, he has been working very aggressively on research, education and management. Especially from 2002 to 2004, he served as Director of University Library, and devoted himself to i mprove and enhance the digital library system, which was the nation's first digital library system available for national universities, initially funded in 1995.His research interests include technologies for information sharing, multimedia communication over high-speed communication channels, large-scale distributed computing systems, network security and network management for the Internet. Since mid 1980's, he has been working very hard on development the Internet in Japan and Asia and Pacific region. He has been also a member of WIDE project, which is one of pioneer projects for the Internet development, since its creation in 1988. In the project, he has been conducting research on network security system, especially PKI infrastructure for wide area distributed computing environment.

In 2004, he was appointed to Advisor on Information Security, Cabinet Secretariat, Government of Japan. He has been deeply involved to design and implementation of basis of national policy on information security and establishment of National Information Security Center (NISC) in Cabinet Secretariat in 2005. Even though he is still working for his university, he didn't spare himself for this important task in the government. Because of tight relationship with government's information security policy, he was also appointed to Advisor for Government Program Management Office (GPMO) at secretariat office of IT Strategic Headquarter, Government of Japan.

With his contribution for Internet development and network security, he is involved and working with several organizations. Since 1992, he was working for JPCERT/CC, which is a first national CSIRT in Japan, and now serving as a member of its board of trustee. Since 2002, he has been a member of board of trustee of Japan Network Information Center (JPNIC), which is national Internet registry managing IP address and AS number allocations and registrations. For the Internet development in Asia and Pacific region, he is working so long for Asian Internet Interconnection Initiatives (AI3) since its creation in 1996.

link:http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html#Yamaguchi

Black Hat 2007 Japan Final Line-up!

feedback@blackhat.com (Black Hat Announcements) — Wed, 3 Oct 2007 16:22:31 -0700

The final roster of speakers for Black Hat Japan 2007 is now available online.We're proud of the variety and depth represented by this lineup and look forward to seeing many of you in Tokyo later this month. Please keep in mind that Japan Registration closes on October 15th, and make your arrangements accordingly.

The final roster of speakers for Black Hat Japan 2007 is now available online. View the detailed abstracts and bios here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-speakers.html

Presentations Black Hat Japan 2007:

Brandon, Baker, Kick Ass Hypervisor
Billy Hoffman, The Little Hybrid Web Worm that Could
Halvar Flake, Automated Unpacking and Malware Classification
Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless Device Drivers in an Emulated Enviroment
Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework
Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)
David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP
Kanatoko, DNS Pinning and Socket API
Nguyen Anh Quynh, HiJacking Virtual Machine Execution
Jacob West, Secure Programming with Static Analysis
Nate McFeters, Billy K Rios, and Rob Carter, URI Use and Abuse

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo
To see the schedule for this year's briefings, check our website here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-schedule.html

Link: https://www.blackhat.com/html/bh-link/briefings.html

Black Hat Japan Registration Closing soon!

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:48:03 -0700

The Black Hat Japan Registration is closing soon!

Japan Registration will close on October 15th. Register now to avoid waiting in the onsite registration line!

https://commerce.blackhat.com/japan-reg-07
The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.

De-Anonymizing Tor

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:25:50 -0700

De-Anonymizing Tor TOR has been all over the news lately - from embassy private data being pulled from an exit node, to an arrest of a node hoster. This blog post from the ha.ckers.org blog offers code that its creators say can be used to de-anonymize TOR users. The possibilities implied by this code were mentioned at Jeremiah Grossman and Robert Hansen's presentation at this year's Black Hat USA in Las Vegas.

To see their presentation on JavaScript malware from this year's Black Hat USA:
http://www.blackhat.com/presentation/bh-usa-07/Grossman/Presentation/bh-usa-07-grossman.pdf
To read their whitepaper:
http://www.blackhat.com/presentation/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman.pdf

Black Hat Speaker HD Moore Weighs In on the iPhone

feedback@blackhat.com (Black Hat Announcements) — Fri, 28 Sep 2007 18:15:07 -0700

Black Hat Speaker HD Moore Weighs In on the iPhone

On the Metasploit blog, HD Moore breaks down the security researcher potential of the iPhone and gives a very insightful pro-and-con review of the phone's possibilities as " a root shell in my pocket."
Read his blog here: http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybe-yours.html

>From the article:
"Compare the iPhone (400Mhz*) with the Nokia n770 (233mhz) or the Nokia n800 (320Mhz) and the choice of a handheld hacking device is a no-brainer. The (mostly) working toolchain, large amounts of storage (8Gb), and ease of use make this a great candidate for almost any security researcher "on-the-go".

To see the presentation HD Moore made at this year's Black Hat USA:
http://www.balckhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Whitepaper/bh-usa-07-moore_and_valsmith.pdf

To see the whitepaper from HD Moore's presentation at this year's Black Hat USA:
http://www.blackhat.com/presentation/bh-usa-07/Moore_and_Valsmith/Presentation/bh-usa-07-moore_and_valsmith-WP.pdf

David Maynor Publishes Details of Apple Wi-Fi Attack

feedback@blackhat.com (Black Hat Announcements) — Wed, 19 Sep 2007 18:42:48 -0700

At Black Hat USA 2006, David Maynor and Jon Ellch spoke on "Device Drivers"
and some may remember it caused a lot of speculation and conspiracy
theories. Now David Maynor has published details of the controversial Apple
Wi-Fi hack he disclosed last year.

>From Computerworld:
"By going public with the information, Maynor hopes to help other Apple
researchers with new documentation on things like Wi-Fi debugging and the
Mac OS X kernel core dumping facility. "There's a lot of interesting
information in the paper that, if you're doing vulnerability research on
Apple, you'd find useful."

Maynor will soon publish a second paper on Uniformed.org explaining how to
write software that will run on a compromised system, he said.

As for his detractors, who will say that this disclosure comes too late,
Maynor says he just doesn't care what they think. "Let them tear me apart
all they want but at the end of the day the technical merit of the paper
will stand on its own."

Read the full article here:
http://www.computerworld.com.au/index.php/id;1809081490;fp;4;fpid;16

Read the original Abstract here:
https://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Ellch

Read the Details published by David Maynor here:
http://uninformed.org/?v=8&a=4

Video Presentation here:
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp4

Audio Presentation here:
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V19-Cache_and_Maynor-Device_Drivers.mp3

Black Hat USA 2007 speaker Pedram Amini intereviewed about the Sulley Fuzzing framework

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:49:41 -0700

SearchSecurity interviews Pedram Amini about the next-level fuzzing framework he unveiled at Black Hat USA 2007. To read the presentation from Black Hat and the whitepaper, follow the included links. Video available soon.

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/Amini-Portnoy-BHUS07.pdf

https://www.blackhat.com/presentations/bh-usa-07/Amini_and_Portnoy/Presentation/

October 23-26, at Keio Plaza Hotel, Tokyo

Black Hat Speaker Thomas Ptacek profiled on Dark Reading

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:39:25 -0700

Interesting article about Thomas that references the controversy between Thomas and fellow Black Hat USA 2007 Speaker Joanna Rutkowska. To read his Black Hat presentation, go to:

http://www.blackhat.com/html/presentations/bh-usa-07/Ptacek_Goldsmith_and_Lawson/Presentation/bh-usa-07-ptacek_goldsmith_and_lawson.pdf

In the interest of equal time, you can find Joanna's presentation at :

htpp://www.blackhat.com/html/presentations/bh-usa-07/Rutkowska/Presentation/bh-usa-07-rutkowska.pdf

Black Hat 2007 Japan Speakers have been selected

feedback@blackhat.com (Black Hat Announcements) — Fri, 7 Sep 2007 16:57:07 -0700

We are proud to announce our speakers for Black Hat Japan!

Brandon, Baker, Kick Ass Hypervisor

Billy Hoffman, The Little Hybrid Web Worm that Could

Halvar Flake, Automated Unpacking and Malware Classification

Clemens Kolbitsch and Sylvester Keil, Stateful Fuzzing of wireless
Device Drivers in an Emulated Enviroment

Paul Sebastian Ziegler, Multiplatform Malware within the .NET-Framework

Pedram Amini and Aaron Portnoy, Fuzzing Sucks! ( or Fuzz it like you mean it!)

David LaPorte and Eric Kollmann, Passive OS Fingerprionting Using DHCP

Kanatoko, DNS Pinning and Socket API

Kenneth Geers, Greetz from room 101

Nguyen Anh Quynh, HiJacking Virtual Machine Execution

Jacob West, Secure Programming with Static Analysis

Greg Hartrell, Security Lessons from Xbox Live

Black Hat Japan will be held October 23-26, at Keio Plaza Hotel, Tokyo

Black Hat USA 2007 Media Updates

feedback@blackhat.com (Black Hat Announcements) — Mon, 27 Aug 2007 15:07:38 -0700

Presentation Files and White Papers from Black Hat Briefings 2007 are live now on the Black Hat website. Please take a look. Stay tuned to the BH USA 2007 Archives page for the audio and video from the Briefings, available in the coming months.

New Trainings Added for Black Hat Japan

feedback@blackhat.com (Black Hat Announcements) — Fri, 24 Aug 2007 13:31:23 -0700

The training lineup for Black Hat Japan has been updated to include four additional classes. The classes are:

Reverse Engineering with IDA Pro, taught by Chris Eagle
Analyzing Software for Security for Security Vulnerabilities, taught by Halvar Flake
Hacking by Numbers: Bootcamp, taught by Sensepost
Exploits 101, taught by Allen Harper

Also, the class entitled "Web Application (In)Security" by NGS Software has been removed from the lineup.
Detailed information on all classes can be found at our website.

Imitation is the sincerest form of flattery!

feedback@blackhat.com (Black Hat Announcements) — Wed, 15 Aug 2007 19:12:39 -0700

A fellow Info Sec colleague, Nat Mokry, sent us these photos recently and we got such a kick out of it we decided to pass it on. If you are ever in Beijing check this place out.

The "B'05" Bar in Beijing.
Picture1:
http://www.blackhat.com/images/bh-usa-07/BlackHatBar.jpg
Picture 2:
http://www.blackhat.com/images/bh-usa-07/BlackHatBar2.jpg

If you have some more info on this Black Hat Bar please pass it on, I for one am interested. If Jeff and I are ever in town we will surely be patrons!

Charlie Miller, attacking OS X and the iPhone.

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:01:54 -0700

From an article in Guardian Unlimited about a vulnerability announced by Charlie Miller of Independent Security Evaluators:

"...just weeks after Apple's iPhone was unleashed on American shoppers, researchers say they have discovered how to hack into it and steal personal information.

Experts at Independent Security Evaluators, a computer protection consultancy, claim to have found a way to gain complete access to the phone..."

Charlie Miller will be presenting his findings in a Black Hat Turbo Talk titled "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X. " Charlie's talk will be on August 2nd at 4:45 pm.

To learn more about Charlie Miller, you can look here to read his bio and his talk abstract:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Miller
To learn more about the controversy that's generated so much media attention, see Charlie's presentation live at Black Hat or later on Blackhat.com in our media archives.

Black Hat Japan 2007 Registration OPEN!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:09:47 -0700

Japan 2007 Briefings and Training Registration is now OPEN!

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

Online Registration is currently open!
You must complete the on-line registration form regardless of your payment method. Forms submitted via fax, email, telephone or snail mail WILL NOT BE ACCEPTED.Early Bird Rate closes September 21.
Call for Papers will close August 15, submit your papers now speaking slots are limited!
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-cfp.html

Black Hat Japan 2007:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

Black Hat Japan 2007 Training courses!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 16:16:31 -0700

Japan 2007 Briefings and Training Registration is now OPEN!Register now to assure a seat in the class of your choice!
http://www.blackhat.com/html/bh-registration/bh-registration.html#JP

Here is a list of current training classes available:

Infrastructure Attacktecs and Defentecs: Hacking Cisco Networks
Steve Dugan

Live Digital Investigation : Investigating the EnterpriseWetStone Technologies
You will need this course before you can take the IEM course. Earn NSA Certification.

NSA InfoSec Assessment Methodology Course (IAM) - Level 1
Security Horizon

Reverse Engineering on Windows: Application in Malicious Code Analysis
Pedram Amini and Ero Carrera

Reverse Engineering with IDA Pro
Chris Eagle

New for 2007
If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
Web Application (In)security
NGS Software

The Breifings and Trainings will be held, October 23-26, Keio Plaza Hotel, Tokyo.
More about the venue is available here:
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-en-venue.html

Black Hat Japan 2007 Call for Papers!

feedback@blackhat.com (Black Hat Announcements) — Wed, 25 Jul 2007 18:54:34 -0700

Papers and presentations are now being accepted for the Black Hat Japan 2007 Briefings. Papers and requests to speak will be received and reviewed from now until August 15, 2007.

Submit proposals by completing the submissions form on the CFP server at
https://cfp.blackhat.com/.

We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

C++: A Cautionary Tale, or, 1 Hour Of Your Black Hat Trip is Spoken For by Thomas Ptacek, Matasano

feedback@blackhat.com (Black Hat Announcements) — Tue, 17 Jul 2007 13:16:49 -0700

A piece on Security Focus by Thomas talking about what talks at Black Hat you need to see:

>From the article:
http://www.securityfocus.com/blogs/238

C++ gives you a resizeable string, so you won‚Äôt write splitvt. But in 2007, code vulnerabilities don‚Äôt look like splitvt anymore, ever. We‚Äôve moved on, through off-by-one errors into integer overflows and now uninitialized variables. On balance, the bug classes C++ introduces are way scarier than the ones it takes off the table.

So, to kick off our series of posts about which Black Hat talks you should be going to this year, I‚Äôm going to recommend this one. Mark Dowd and John McDonald, on stage, talking about the ways C++ screws software security that you hadn't thought of before. "Recommend" is an understatement. If you get paid to find vulnerabilities in code, this is the most valuable talk at the conference this year.

Black Page Update: Reverse Engineering

feedback@blackhat.com (Black Hat Announcements) — Fri, 6 Jul 2007 17:16:33 -0700

From the Black Hat Black Page

Reverse engineering has become a staple of security research. Only a few years ago an arcane specialty, many factors such as the increase in malware and common dependence on closed-source software has increased the value and need for reverse engineering. If a newbie came to me for advice about preparing for future work in the security field, I would tell them to concentrate on reversing as a core skill.

For a couple years we have been focusing on reverse engineering content and trying to bring information for the newly initiated and expert. For a good dive into the realm of unpacking, Mark Vincent Yason brings "The Art of Unpacking." Mark's presentation will bring you up to date with the state of packers and their defenses and arm you with techniques and tools to strip away the defenses. For a deeper look at some techniques and tools to defeat many packers and other armoring techniques, we have Danny Quist and Valsmith presenting "Covert Debugging: Circumventing Software Armoring Techniques" and Cody Pierce releasing and discussing "PyEmu: A multi-purpose scriptable x86 emulator." This should be some cool and useful content for anyone interested in reversing.

Link with: "Covert Debugging: Circumventing Software Armoring Techniques" by Danny Quist and Valsmith

"The Art of Unpacking" by Mark Vincent Yason

"PyEmu: A multi-purpose scriptable x86 emulator" by Cody Pierce.html

http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html

Las Vegas concerts for Black Hat and DEFCON time frame

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 17:18:36 -0700

From IrishMASMS on the DEF CON forums comes this helpful post:

Las Vegas concerts for Black Hat & DEFCON time frame
Some out of town folks hit me up asking about concerts around town during this year's Black Hat andDEFCON. I took a quick look on http://pollstar.com/ and http://www.jambase.com/ for what might be interesting. YMMV, though I thought sharing is caring.

Fri 07/27/07 Violent Femmes Hard Rock Hotel and Casino
Fri 07/27/07 Jonny Lang House Of Blues
Sat 07/28/07 Tesla House Of Blues
Sat 07/28/07 Rush MGM Grand Garden Arena
Wed 08/01/07 John Lee Hooker Jr. Santa Fe Station Hotel & Casino
Thu 08/02/07 John Lee Hooker Jr. Boulder Station Hotel & Casino
Fri 08/03/07 Godsmack The Pearl Concert Theater At Palms
Sat 08/04/07 Buckcherry, Hinder, Papa Roach The Pearl Concert Theater At Palms
Sun 08/05/07 Against All Authority, Reel Big Fish / Less Than Jake, Streetlight Manifesto House Of Blues
Mon 08/06/07 "Sounds Of The Underground": Amon Amarth, Chimaira, Every Time I Die, GWAR, Heavy Heavy Low Low, Job For A Cowboy, Necro, Shadows Fall , The Devil Wears Prada, The Number Twelve Looks Like You - House Of Blues
Sat 08/11/07 The Fixx The Club @ Cannery Casino

As for venues, the Hard rock sucks. House of Blues is one of the best in town. MGM Grand is ok, but the sound quality in the arena can be shitty in spots. The Pearl is the brand new venue in town, good luck getting tickets. The Station casinos are not bad venues, and I think those are free shows. The Cannery Casino I have never been to, so I can not say - and there is no review posted on www.yelp.com yet for me to reference.

HTH!

Black Hat USA pricing reminder

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:32:52 -0700

Just a reminder to everyone of the upcoming late pricing changes:

Registration:
- Only credit card payments are accepted after July 1, 2007.
- Online registration closes on July 20, 2007.
- Onsite Registration rates apply after July 20, 2007.

https://commerce.blackhat.com/usa-reg-07

Black Page update: TPMKit redux

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:30:29 -0700

From the Black Page:

Until early this week, security experts Nitin and Vipin Kumar of NV Labs were scheduled to present a briefing entitled "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)" This talk was removed from the schedule at the request of the presenters. The topic generated quite a great deal of interest and its removal from the schedule without comment has generated some confusion and controversy.

Full article at
http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06292007.html

Hacking by Numbers Combat Training adds a weekend session.

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:27:58 -0700

If you can't make it to Sensepost's Hacking by Numbers: Combat class on the week day of Black Hat USA you now have the option of attending a newly announced weekend class!

http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-sp-c-training.html

Joe Grand's Hardware Hacking class now expanded

feedback@blackhat.com (Black Hat Announcements) — Thu, 5 Jul 2007 15:25:50 -0700

Joe Grand's Hardware Hacking course has additional seats available! Previously sold out, Joe purchased more equipment to expand his training offerings. Swoop in now whaile there is more room.

http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jg-h.html

On The BlackPage: C++

feedback@blackhat.com (Black Hat Announcements) — Fri, 15 Jun 2007 14:25:16 -0700

See the link below for more details, descriptions and commentary.

On The BlackPage: C++ by Dominique Brezinski

A lot of work has been done in the areas of reverse-engineering, exploitation and code review of applications written in C. However, a majority of application development is done in C++ and has been for many years. Over the past five years a few researchers have looked at C++ specific issues, like Halvar Flake, but there has not been a lot of focus on security-related aspects of C++ in the public arena.

This year is different. Several presentations bring C++ issues and techniques to the foreground: "Breaking C++ Applications" by Mark Dowd, John McDonald and Neel Mehta and "Reversing C++" by Paul Vincent Sabanal. I like it when an unintentional plan comes together.

Link: http://www.blackhat.com/html/bh-blackpage/bh-blackpage-06152007.html

OWASP and WASC Cocktail Party

feedback@blackhat.com (Black Hat Announcements) — Wed, 13 Jun 2007 14:42:03 -0700

OWASP and WASC have joined hands to have a combined meetup at Blackhat USA 2007 in Las Vegas which was earlier planned as a WASC meetup. Breach Security has generously agreed to sponsor the event, so cocktails and appetizers will be served to all attendees. Since both the top webappsec organization hosting this event together, we are expecting a huge turnout of webappsec industry's followers. You are invited to join us for a drink and meet other like minded people from the industry.

What: OWASP and WASC Cocktail Party

When: Wednesday, August 1, 8:00 PM - 9:30 PM

Where: Shadow Bar, Caesar's Palace, Las Vegas

RSVP: Heather Cason, hcason@breach.com
760-268-1924 x732

The place is quickly filling up so please send in your RSVP ASAP.

Link: http://www.owasp.org
Invite: http://www.owasp.org/images/e/e9/OWASPWASCInviteBlackHat.pdf

On The BlackPage: Timing

feedback@blackhat.com (Black Hat Announcements) — Wed, 13 Jun 2007 14:18:41 -0700

.
See the link below for more details, descriptions and commentary. On The BlackPage: Timing by Dominique Brezinski

It is that time again: Black Hat in the hot LV summer. It always comes sooner than I expect. We have been working like mad to get the schedule together, which is basically done. One of the underlying themes this year is timing. I don't pick these things; it is really a reflection of the direction of research in our community. Another theme is nuance.

Timing attacks are not new. They have been part of the cryptanalyst's side-channel tool set for some time. In the last few years something caused researchers to start applying it beyond cryptographic operations. Maybe it was Boneh's remote timing attack against OpenSSL in 2003. I don't know. Whatever the reason, a number of researchers have started delivering results using timing as an attack vector. My prediction is that we are going to see a lot of things fall over based on timing attacks.

The research community's understanding of program control flow and its data dependencies is ever increasing. We are at a point where any user-supplied data in the address space should be suspect, because researchers are finding very subtle ways to direct program flow to user-supplied data. In many cases the vulnerabilities are based on unforeseen synchronicity and what were once minor programming mistakes.

A few of the presentations in the Zero Day Attack track highlight the themes of timing and nuance: "Understanding the Heap by Breaking It" by Justin Ferguson, "Timing Attacks for Recovering Private Entries From Database Engines" by Ariel Waissbein and Damian Saura and "Dangling Pointer" by Jonathan Afek. Also, Haroon Meer and Marco Slaviero will be presenting the aptly named "It's All About The Timing." I am excited to see what these guys pull out of the hat.

Link: https://www.blackhat.com/html/bh-blackpage/bh-blackpage-06132007.html

Black Hat USA '07 Final Speakers Selected!

feedback@blackhat.com (Black Hat Announcements) — Tue, 5 Jun 2007 13:54:10 -0700

We have finished selecting speakers and our schedule is now full!!

Please check out our speakers page for a complete list of speakers and for updates.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html
There you will find abstracts for the upcoming presentations and get some background information on the speakers.

We are done reviewing papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you didn't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

Black Hat USA 2007 Regular Registration is now over

feedback@blackhat.com (Black Hat Announcements) — Fri, 1 Jun 2007 17:32:56 -0700

Regular registration rate closed May 31, 2007. Late registration rate is now in effect and Online registration closes on July 20, 2007.

For training be sure register now to save your seat before it is too late! Check out the Training pages for more info!
Black Hat Training:
http://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

We have started our speaker selection for Black Hat Briefings, Check out or speaker page and schedule for updates! We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Black Hat Briefings:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register: http://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted after June 30.
Registration Class Change Requests are not accepted after June 30.

Black Hat USA 2007 2nd Round of Speakers Selected!

feedback@blackhat.com (Black Hat Announcements) — Fri, 1 Jun 2007 16:46:20 -0700

We have made our second round of speaker selection. We only have a small handful of slots remaining and the competition is fierce.

Here is a short list of new talks:
Static Detection of Application Back doors by Chris Wysopal
Covert Debugging: Circumventing Software Armoring Techniques by Danny Quist and Valsmith
Breaking C++ Applications by Mark Dowd, John Mcdonald, and Neel Mehta
The Art of Unpacking by Mark Vincent Yason
Alexander Sotirov, Heap Feng Shui in JavaScript
Timing attacks for recovering private entries from database engines by Ariel Waissbein
Transparent weaknesses in VoIP by Peter Thermos
Dangling Pointer by Jonathan Afek
Also, Womans Executive Forum is back for a 2nd year!
A sample of a few more SPEAKERS have been selected, in no order:

Rohit Dhamankar and Rob King,
Alfredo Ortego
Yoriy Bolygin
Andrew Lindell
Jonathan Afek
Satyam Tyagi
Jim Hoalgand
Ezequiel Gutesman
Jerry Schneider
Jeff Morin
David Byrne
Stephan Chenetter and Moti Joseph
Paul Vincent Sabanal
Window Snyder

Please check out our speakers page for a complete list of speakers and for updates.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html

There you will find abstracts for the upcoming presentations and get some background information on the speakers.

Keep in mind we are still reviewing a small handful of papers, if you have not received status of your submission, please email nikita (at) blackhat(dot) com.

If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan Papers and requests to speak will be received and reviewed from May 1 until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel
Training: 23-24 October 2007
Briefings: 25-26 October 2007
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

Black Hat USA 2007 First round of speakers selected!

feedback@blackhat.com (Black Hat Announcements) — Wed, 23 May 2007 16:03:29 -0700

We have made our first round of talk selections for our USA 2007, Las Vegas conference!

Our initial schedule is online now at:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-schedule.html

This years tracks include;0-Day Attack and Defense,Application Security,Deep Knowledge,Forensics and Anti-Forensics,Hardware and Biometric Security,Policy,Management and the Law,Privacy and Anonymity,Turbo Talks,The Network,Detection and Evasion!

Here is just a short list of some of the great presentations we have scheduled:

Joel Eriksson and panel: Kernel Wars
Thomas H. Ptacek: Don't Tell Joanna, The Virtualized Rootkit Is Dead!
Dror-John Roecher: NACATTACK
John Heasman: Hacking the extensible Firmware Interface
David Maynor: Simple Solutions to Complex Problems from the Lazy Hacker‚Äôs Handbook: What Your Security Vendor Doesn't Want You to Know .

Also selected to speak will be:

Jennifer Granick
Greg Hoglund
Bruce Schneier
Phil Zimmermann
David Litchfield
Jon Callas
Tony Sager
Richard Clarke
Roger Dingledine
Jim Christie

With Many more to come! Please check out our speakers page for a complete list of speakers and for updates.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html There you will find abstracts for the upcoming presentations and get some background information on the speakers.

Keep in mind we are still reviewing papers and making our decisions, if you have not received status of your submission by June 1, please email nikita (at) blackhat (dot) com.

If you don't get selected for this show don't be discouraged, please consider submitting again. Our Japan CFP is still open until August 20, Submit now as we may close the cfp early if we receive enough quality talks. Submit here: https://cfp.blackhat.com/

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel

Training: 23-24 October 2007
Briefings: 25-26 October 2007
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

USA '07 Regular Registration Rate Ends SOON!

feedback@blackhat.com (Black Hat Announcements) — Tue, 22 May 2007 13:47:15 -0700

Regular registration rate closes May 31, 2007. Register now to save your seat and save some dough! There are still plenty of class seats available, plus a few new training courses! Check out the Training pages for more info!
Black Hat Training:
http://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

We have started our speaker selection for Black Hat Briefings, Check out or speaker page and schedule for updates! We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Black Hat Briefings:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html
July 28-August 2, 2007 in Caesars Palace Las Vegas.
To register: http://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Important dates:
Only credit card payments are accepted after July 1, 2007.
Online registration closes on July 20, 2007.
Onsite Registration rates apply after July 20, 2007.
Registration Cancellations and requests for refunds are not accepted after June 30.
Registration Class Change Requests are not accepted after June 30.

Black Hat USA: Two New Training classes Announced!

feedback@blackhat.com (Black Hat Announcements) — Tue, 22 May 2007 13:44:16 -0700

Regular registration rate closes May 31, 2007. Register now to save your seat and save some dough!

Black Hat Registration:
http://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Side Channel Analysis and Countermeasures with Riscure
Url: http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jdh.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.

Overview: Side channel analysis is a technique to discover secrets such as cryptographic keys and PINs from hardware and embedded software. This is achieved by listening to and understanding the information that (hardware) channels emit when processing information. This course provides an understanding of the possibilities and impact of side channel analysis and explains how you can protect against it through a hands-on approach. Besides the necessary side channel theory, students will perform exercises themselves in which they will, for instance, break a DES key through power analysis. Further, in another exercise, each student is challenged to devise their own countermeasures and the effect of these is analyzed via a live data acquisition and analysis on the code using side channel analysis equipment.

For a long time, Side Channel Analysis (SCA) terms such as Differential Power Analysis (DPA), Timing attacks and Electro Magnetic Analysis (EMA) have had the air of mythical powers to break any crypto system and reveal every secret in a system. This course provides a practical introduction into the world of side channel analysis. It shows the basics and allows students to understand and experience what it means to break a system with these types of attacks. At the same time this course explores the countermeasures that are available to developers. Using these, the side channel attack resistance of software on smart cards and embedded systems will significantly improve. We examine source code implementations on weaknesses and provide hands-on exercises to improve these implementations. This will allow the student to develop a feel for the possibilities and limitations for software-based countermeasures against such attacks.

Building and Testing Secure Web Applications with Aspect Security.
Url: http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html
Course offered: July 28-29 (Weekend) & July 30-31 (Weekday)
Course Length: Two days.

Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of 'what to do' and 'what not to do.' The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application. This specially designed environment includes deliberate flaws the students have to find and diagnose. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.

Black Hat USA 2007 Keynote Speakers

feedback@blackhat.com (Black Hat Announcements) — Fri, 18 May 2007 18:38:52 -0700

We have three very excellent and experienced Keynote speakers for this years Black Hat Las Vegas. Tony Sager and Richard A. Clarke will be speaking simultaneously on day one and day two promises to be an stimulating address by Bruce Schneier.

Check out our Black Hat USA 07 page for updates!
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Day 1 Keynote: Tony Sager
The NSA Information Assurance Directorate and the National Security Community.

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Department of Defense (DoD) and our other federal customers.

This presentation will highlight some of the ways that the VAO Group is translating vulnerability knowledge in cooperation with many partners, into countermeasures and solutions that scale across the entire community. This includes the development and release of security guidance through the NSA public website (www.nsa.gov) and sponsorship of a number of community events like the Cyber Defense Initiative and the Red Blue Symposium.

It also includes support for, or development of, open standards for vulnerability information (like CVE, the standard naming scheme for vulnerabilities); the creation of the extensible Configuration Checklist Description Format (XCCDF) to automate the implementation and measurement of security guidance; and joint sponsorship, with the National Institute of Standards and Technology (NIST) and the Defense Information Systems Agency (DISA), of the Information Security Automation Program (ISAP), to help security professionals automate security compliance and manage vulnerabilities.

The presentation will also discuss the cultural shift we have been making to treat network security as a community problem, one that requires large -scale openness and cooperation with security stake holders at all points in the security supply chain - operators, suppliers, buyers, authorities and practitioners.

Tony Sager, Chief, Vulnerability Analysis and Operations Group, Information Assurance Directorate, National Security Agency Tony Sager is the Chief of the Vulnerability Analysis and Operations (VAO) Group, part of the Information Assurance Directorate at the National Security Agency. The mission of the VAO organization is to identify, characterize, and put into operational context vulnerabilities found in the technology, information, and operations of the DoD and the national security community and to help the community identify countermeasures and solutions. This group is known for its work developing and releasing security configuration guides to provide customers with the best options for securing widely used products.

The VAO Group also helps to shape the development of security standards for vulnerability naming and identification, such as the Open Vulnerability and Assessment Language (OVAL), partnering with National Institute for Standards and technology (NIST) on the Information Security Automation Program (ISAP), developing the eXtensible configuration checklist description format (XCCDF), and for hosting the annual Cyber Defense Exercise and the Red Blue Symposium. Mr. Sager is active in the public network security community, as a member of the CVE (Common Vulnerabilities and Exposures) Senior Advisory Council and the Strategic Advisory Council for The Center for Internet Security. He is in his 29th year with the National Security Agency, all of which he has spent in the computer and network security field.

ADDITIONAL Day 1 Keynote: Richard A. Clarke
A Story About Digital Security in 2017.

Richard A. Clarke is a former U.S. government official who specialized in intelligence, cyber security and counter-terrorism. Until his retirement in January 2003, Mr. Clarke was a member of the Senior Executive Service. He served as an advisor to four U.S. presidents from 1973 to 2003: Ronald Reagan, George H.W. Bush, Bill Clinton and George W. Bush. Most notably, Clarke was the chief counter-terrorism adviser on the U.S. National Security Council for both the latter part of the Clinton Administration and early part of the George W. Bush Administration through the time of the 9/11 terrorist attacks.

Clarke came to widespread public attention for his role as counter-terrorism czar in the Clinton and Bush Administrations when in March of 2004 he appeared on the 60 Minutes television news magazine, his memoir about his service in government, Against All Enemies was released, and he testified before the 9/11 Commission. In all three instances, Clarke was sharply critical of the Bush Administration's attitude toward counter-terrorism before the 9/11 terrorist attacks and the decision to go to war with Iraq.

Richard Clarke is currently Chairman of Good Harbor Consulting, a strategic planning and corporate risk management firm, an on-air consultant for ABC News, and a contributor to GoodHarborReport.com, an online community discussing homeland security, defense, and politics. He also recently published his first novel, The Scorpion's Gate, in 2005; and a second, Breakpoint, in 2007.

Day 2 Keynote: Bruce Schneier
The Psychology of Security.

Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why so many smart security solutions go unimplemented. Two different fields -- behavioral economics and the psychology of decision making -- shed light on how we perceive security, risk, and cost. Learn how perception of risk matters and, perhaps more importantly, learn how to design security systems that will actually get used.

Bruce Schneier is an internationally renowned security technologist and CTO of BT Counterpane, referred to by The Economist as a "security guru." He is the author of eight books -- including the best sellers "Beyond Fear: Thinking Sensibly about Security in an Uncertain World," "Secrets and Lies," and "Applied Cryptography" -- and hundreds of articles and academic papers. His influential newsletter, Crypto-Gram, and blog "Schneier on Security," are read by over 250,000 people. He is a prolific writer and lecturer, a frequent guest on television and radio, has testified before Congress, and is regularly quoted in the press on issues surrounding security and privacy.

Black Hat USA 2007 Call for Papers is now Closed!

feedback@blackhat.com (Black Hat Announcements) — Mon, 14 May 2007 20:38:07 -0700

The Black Hat USA 2007 Call for Papers is now closed!

If you have submitted a presentation, please be patient, the reviewers are working away as fast as they can. We expect to notify everyone in the next two weeks of their acceptance or rejection as a speaker this year. Best of luck, and thank you all for your incredible support!
Black Hat USA 2007:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Register online at:
http://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Hotel Reservations now open.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html

Audio from Black Hat USA'02 now on-line!

feedback@blackhat.com (Black Hat Announcements) — Tue, 8 May 2007 19:27:28 -0700

Black Hat USA 2002 was held July 31-August 1 in Las Vegas at Caesars Palace. Two days with eight tracks of speaking. The Keynote was Richard Clarke speaking on "National Strategy for Securing Cyberspace"

A post convention wrap up can be found here:http://www.blackhat.com/html/bh-usa-02/bh-usa-02-index.html

If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2002.html#USA-2002 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!

Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo

Audio from Black Hat Europe '07 now on-line!

feedback@blackhat.com (Black Hat Announcements) — Tue, 8 May 2007 17:53:28 -0700

The Black Hat Europe briefings was held March 27-30 at the Moevenpick Amsterdam Centre Hotel over two days, four different tracks.

Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure), spoke on "How can the Security Researcher Community Work Better for the Common Good."
A post convention wrap up can be found here: http://www.blackhat.com/html/bh-europe-07/bh-eu-07-index.html

If you want to get a better idea of the presentation materials go to http://www.blackhat.com/html/bh-media-archives/bh-archives-2007.html#eu_07 and download them. Put up the .pdfs in one window while listening the talks in the other. Almost as good as being there!

Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washington D.C., Amsterdam, and Tokyo

Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away"

feedback@blackhat.com (Black Hat Announcements) — Fri, 4 May 2007 12:52:27 -0700

Chris Paget's "RFID for Beginners" and the ACLU presents "Rights Chipped Away"

Most of you may have heard from various web posts about Chris Paget's RFID talk at Black Hat D.C. this past February. After receiving a letter from HID and several hours of intense negotiation Paget's talk was on and off. Ultimately, Paget modified his original talk and in addition included a special presentation from Nicole A. Ozer, Technology & Civil Liberties Policy Director at ACLU of Northern California. Her presentation was titled: Rights "Chipped" Away: RFID and Identification Documents. Both presentations are included in the media as well as a Q&A session with Paget that follows.

Audio is here:
http://media.blackhat.com/bh-dc-07/audio/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp3
Video is here:
http://media.blackhat.com/bh-dc-07/video/2007_BlackHat_DC-V1-Paget_and_ACLU-RFID.mp4

More Black Hat DC Audio will be coming soon!

Chris wrote us a short blog entry on his presentation prior to HID's Objection.

"It's fairly well-known that RFID is an insecure technology. Most people know that RFID tags can be cloned, but without knowing how - at best, most people use expensive dedicated equipment, having been scared off by the voodoo involved with anything Radio Frequency. After demonstrating an RFID-based smart bomb on Seattle-based KOMO news I decided to take things a step further, and see just how small an RFID cloner needed to be; I surprised even myself. Two small chips and a handful of passive components later (about 5 dollars of parts in all) I had a working cloner for HID RFID access badges, and had completely busted the myth that Radio Frequency IDentification is hard to work with. This presentation will allow you to do the same thing - in one short talk I'll teach you everything you need to know in order to build and understand an RFID cloner; covering everything from Magnetic Fields to Manchester Encoding, with plenty of theory and background info along the way. If you're considering implementing, hacking, or even using an RFID system, this presentation will give you everything you need to understand exactly how vulnerable these systems are, how to mess with them yourself, and how to have some electronic fun along the way." - Chris Paget

Paget's modified slide deck can be found here:
https://www.blackhat.com/presentations/bh-dc-07/Paget/Presentation/bh-dc-07-paget.pdf

Ozer's Presentation is here:
https://www.blackhat.com/presentations/bh-dc-07/ACLU/Presentation/bh-dc-ozer-ACLU.pdf

To read more news on Paget's Black Hat Talk:
http://www.google.com/search?hl=en&q=Paget%2BBlack+Hat

HID's Letter to IOActive, Courtesy of wired:
http://blog.wired.com/27bstroke6/files/hid_ltr_to_ioactive_0221071.pdf

Japan Spring Training, Early Registration rate Closing!

feedback@blackhat.com (Black Hat Announcements) — Fri, 27 Apr 2007 14:47:11 -0700

Japan Spring Training, Early Registration rate is closing May 1,2007.

Register now to assure a seat in the class of your choice. There are currently two ways to register: Online registrations for inside Japan and Paper registrations for outside of Japan. Early registration rate close May 1, 2007. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered for each class.

Black Hat Japan Spring Training 2007
Keio Plaza Hotel Tokyo * 28-29 May 2007:

All Training sessions are taught in English. Simultaneous translation from English to Japanese will be available for all courses.

*Live Digital Investigation- Investigating the Enterprise by WetStone Technologies."Live" enterprise investigation training.

*NSA InfoSec Assessment Methodology Course (IAM) - Level 1by Security Horizon. You will need this course before you can take the IEM course. Earn NSA Certification.

*Reverse Engineering on Windows: Application in Malicious Code Analysis by Pedram Amini & Ero Carrera. Learn to reverse engineer real-world virus samples to better combat them.

Dates to Remember!
* Regular registration rate closes May 24, 2007.
* Only cash payments are accepted after May 24, 2007.
* Onsite Registration rates apply after May 24, 2007.

* Registration Cancellations, requests for refunds, and Registration Class Change Requests are not accepted after May 2.

Black Hat USA 2007 Call for Papers EXTENSION!

feedback@blackhat.com (Black Hat Announcements) — Fri, 27 Apr 2007 14:08:06 -0700

The Black Hat USA 2007 Call for Papers is now being extended until May 14,2007.

After several Requests we have decided to extend the deadline by two weeks. We believe this will be a fair opportunity to review all the submissions and see what you have to offer. So If you were worried about meeting the deadline this should give you a little more time to get together your best stuff.

We have expanded from 9 tracks to 11 this year and are looking forward to the added content. Please check out the description page to learn more about these tracks and to ensure you submit to the appropriate track.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp-tracks.html

For more information on this years call for papers:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-cfp.html

How to Submit:
Submit proposals by completing the submissions form on the CFP server at https://cfp.blackhat.com/ Submissions are due no later than May 14, 2007.

This is a new submissions process this year so we have a helpful how to guide available at: http://www.blackhat.com/html/bh-cfp/bh-cfp-howto.html. There you will find a step by step walk through to help you with registering and using the CFP application system. You will use this system to submit presentation proposals for future Black Hat events. You must create an account to use the system. Once you have signed up and confirmed your email address, you will be able to submit proposals, upload supporting files and modify aspects of your submissions at any time.

Past Black Hat Speaker hijacks MacBook Pro for $10,000 bounty!

feedback@blackhat.com (Black Hat Announcements) — Thu, 26 Apr 2007 17:45:50 -0700

Read an Interview with Dino Dai Zovi here: http://blogs.zdnet.com/security/?p=176

>From the Article:
"Hackers Dino Dai Zovi and Shane Macaulay teamed up to hijack a MacBook Pro laptop at the CanSecWest security conference here, effectively pouring cold water on the Mac faithful's belief that the machines aDino Dai Zovire impenetrable."

Dai Zovi is a previous Black Hat Speaker. He spoke with us at the 2006 USA conference on Hardware Virtualization-Based Rootkits: "Hardware Virtualization-Based Rootkits"

Hardware-supported CPU virtualization extensions such as Intel's VT-x allow multiple operating systems to be run at full speed and without modification simultaneously on the same processor. These extensions are already supported in shipping processors such as the IntelR Core Solo and Duo processors found in laptops released in early 2006 with availability in desktop and server processors following later in the year. While these extensions are very useful for multiple-OS computing, they also present useful capabilities to rootkit authors. On VT-capable hardware, an attacker may install a rootkit "hypervisor" that transparently runs the original operating system in a VM. The rootkit would be loaded in physical memory pages that are inaccessible to the running OS and can mediate device access to hide blocks on disk. This presentation will describe how VT-x can be used by rootkit authors, demonstrate a rootkit based on these techniques, and begin to explore how such rootkits may be detected.

See his Presentation Slides here:
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Zovi.pdf

WATCH HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp4

LISTEN TO HIS PRESENTATION!
http://media.blackhat.com/bh-usa-06/audio/2006_BlackHat_Vegas-V46-Dai_Zovi-Hardware_Virtualization.mp3

Call For Papers for Japan 2007 will open May 1st!

feedback@blackhat.com (Black Hat Announcements) — Fri, 20 Apr 2007 14:29:11 -0700

The Call For Papers will open for Black Hat Japan 2007 Briefings on May 1,2007.

Submit proposals by completing the submissions form on the CFP server at:
https://cfp.blackhat.com/

Papers and requests to speak will be received and reviewed from May 1until August 20, 2007. We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

Black Hat Japan 2007 Briefings and Training Tokyo Shinjuku Keio Plaza Hotel

Training: 23-24 October 2007
Briefings: 25-26 October 2007
http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html

Black Hat USA 2007 New Training Classes Added

feedback@blackhat.com (Black Hat Announcements) — Fri, 20 Apr 2007 14:22:24 -0700

In the build up for the big Black Hat Briefings and Training this summer we have added some new training classes.

Check out the three new classes we just added to the roster for US 2007, Register now to reserve your seat!.

Incident Response: Black Hat Edition by Mandiant

As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.
http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-md-ir.html

Understanding Stealth Malware by Joanna Rutkowska and Alexander Tereshkin

The course will provide attendees with an in-depth understanding of how advanced stealth malware works, how it interacts with the operating system, underlying hardware and network. Attendees will have a chance to run, analyze and experiment with several previously unpublished samples of proof-of-concept rootkits, similar to Deepdoor, FireWalk, Blue Pill and others. The malware samples will be created from scratch (and in a slightly different way) exclusively for the use during the training, as the original implementations can not be used due to NDA restrictions.

Simpler stealth malware will also be briefly covered as well as approaches to its detection, so that participants get a clear understanding what advantages the more sophisticated malware offers to attackers.
http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-jrk.html

Building and Testing Secure Web Applications by Aspect Security

Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of 'what to do' and 'what not to do.' The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.
http://www.blackhat.com/html/bh-usa-07/train-bh-us-07-as_btswa.html

Black Hat Europe 2007 online registration closing Soon!

feedback@blackhat.com (Black Hat Announcements) — Wed, 14 Mar 2007 17:08:58 -0700

Online registration will close Sunday March 18, 2007.
Act now, save some money and avoid the lines at on site registration.

http://www.blackhat.com/html/bh-registration/bh-registration.html#Europe

All press must pre-register:
https://commerce.blackhat.com/stores/europe-reg-07/press_info

Black Hat Europe 2007 Briefings and Training will be March 27 to March 30, held at the Hotel Movenpick in Amsterdam. There will be 4 different tracks, over 2 days comprised of over 20+ internationally renown security professionals speaking.

This years Keynote will be Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure). Black Hat Europe 2007 Briefings Speakers, topic titles, presentation abstracts and speaker biographies may be found here.
http://www.blackhat.com/html/bh-europe-07/bh-eu-07-schedule.html

See our current training courses offered visit us at:
http://www.blackhat.com/html/bh-europe-07/train-bh-eu-07-index.html

A Few Dates to remember:
# Regular Registration rate closed on February 25, 2007.
# Only credit card payments will be accepted after February 25, 2007.
# Online registration closes March 18, 2007.
# Onsite registration rates begin March 19, 2007.

To view the registration terms and conditions please visit:
http://www.blackhat.com/html/bh-europe-07/bh-eu-07-reg-terms.html

Black Hat USA 2007 Training Classes now open!

feedback@blackhat.com (Black Hat Announcements) — Wed, 7 Mar 2007 14:57:15 -0800

Black Hat USA 2007 Training Classes now open!

Please see the following link for a complete list of classes being offered this year.
http://www.blackhat.com/html/bh-usa-07/train-bh-usa-07-index.html

Highlights include over 35 training classes including two new four day sessions. Below is a sample of what to expect:
- The nuts and bolts of the Metasploit Framework: Metasploit 3.0 Internals by Matt Miller, aka skape.
- Web Application (In)security by NGS Software. If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.
- TCP/IP Weapons School: Black Hat Edition by Richard Bejtlich, TaoSecurity. Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.
- Ultimate Hacking: Wireless Edition by Foundstone. Knowledge is power and you do not want the hackers to know more about your wireless networks than you do.
- Hands-On Hardware Hacking and Reverse Engineering Techniques: Black Hat Edition by Joe Grand. This course is the first of its kind and focuses entirely on hardware hacking.
- ROOTKIT: Advanced 2nd Generation Digital Weaponry by Greg Hoglund and Jamie Butler. Advanced class developed and taught by the creators of rootkit.com
- Advanced Malware Deobfuscation by Jason Geffner & Scott Lambert. No Source? No Symbols? No Problem.
- Hacking by Numbers: Combat Grading by SensePost. Advanced level. The world‚Äôs first objective technical grading system for hackers and penetration testers.

Black Hat Briefings and Trainings USA 2007:
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html

Registration online at:
http://www.blackhat.com/html/bh-registration/bh-registration.html#USA

Hotel Reservations now open.
http://www.blackhat.com/html/bh-usa-07/bh-usa-07-venue.html

Black Hat Europe 2007 Hotel rate extended.

feedback@blackhat.com (Black Hat Announcements) — Wed, 7 Mar 2007 14:45:39 -0800

We have extended the Group Rate at the Movenpick until the end of this week (March 9).

If you plan to stay at the hotel, now is the last minute for you reserve at the Black Hat conference rate, currently EUR 145,00 per night plus taxes.

Online registration for Black Hat DC 2007 has closed

feedback@blackhat.com (Black Hat Announcements) — Tue, 20 Feb 2007 16:27:12 -0800

Online registration for Black Hat DC 2007 has now closed.

On site registration for training will take place Monday, February 26, 08:00 - 12:00.

On site registration for the Briefings will begin Tuesday, February 27, 16:00 - 18:00 until Thursday, March 1, 08:00 - 12:00.

To view the full schedule please visit:
http://www.blackhat.com/html/bh-dc-07/bh-dc-07-schedule.html

To view the registration terms and conditions please visit:
http://www.blackhat.com/html/bh-dc-07/bh-dc-07-reg-terms.html