Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Black Hat Wrap Up: What Caused the Most Buzz?

Black Hat 2011 Las Vegas

As usual, Black Hat USA brought with it a new round of exploits, innovative hacks and offensive and defensive tools.

Black Hat 2011 Las Vegas

As usual, Black Hat USA brought with it a new round of exploits, innovative hacks and offensive and defensive tools.

So what were the talks and news items in 2011 that caused the most buzz? There were many, but here are a few highlights from the conference in the eyes of SecurityWeek, in no particular order:

Hacking Insulin Pumps: Security researcher and diabetic Jay Radcliffe uncovered a way to remotely hijack his insulin pump and send commands to it. A motivated attacker could use the vulnerability to potentially pump too much – or too little – insulin into the body of diabetic.

Your Own Personal Spy Plane: For a reported cost of $6,000, security researchers Mike Tassey and Richard Perkins turned a surplus FMQ-117B U.S. Army target drone into a makeshift remote-controlled spy plane armed with Wi-Fi and hacking tools.

Hacking Google Chrome OS: Matt Johansen and Kyle Osborn of WhiteHat Security demonstrated how to compromise Google’s Chrome OS via Web extensions vulnerable to cross-site scripting bugs that can be used to inject JavaScript into user machines by leveraging the permissions the extensions use.

Facing Facebook: Alessandro Acquisti of Carnegie Mellon University showed how, using off-the-shelf tools, it is possible to assemble a database of Facebook photos and positively identify people by matching their Facebook pictures with other photos. Among those identified included users of an online dating site that had registered using pseudonyms.

Are you a Mac or a PC?: A security smack down between Microsoft Windows 7 and the latest version of Apple Mac OS X briefly took center stage at the conference as security researchers from iSEC Partners ranked the operating systems according to how they fare against advanced persistent threats (APT). The verdict – Mac and Windows are even in some respects, but network privilege escalation poses a serious challenge in Mac environments when it comes to APT.

Uncle Sam Steps In: Ex-CIA official Cofer Black spoke at the conference about the threat of cyber-warfare, while famed security expert Peiter “Mudge” Zatko talked up the Defense Advanced Research Projects Agency’s (DARPA) Cyber Fast Track Program, which is meant to reach out to the security community by funding experimental technologies that could be used by the military.

Advertisement. Scroll to continue reading.

Hack Your Way into a Car: Don Bailey and Mathew Solnik of iSEC Partners were able to remotely send commands that unlocked the doors of a Subaru Outback and started the engine. They called the technique “war texting.”

Though Black Hat has now come to a close, many attendees are expected to stick around for DEF CON 19, Black Hat’s sister conference, where some of the sessions will be repeated.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023

Funding/M&A

Forty-one cybersecurity-related M&A deals were announced in March 2023.

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.

Funding/M&A

Thirty-eight cybersecurity merger and acquisition (M&A) deals were announced in April 2023.

Funding/M&A

Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging.

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.