Top 10 Worst TItles (and other thoughts on BlackHat 2008)

With each passing year I find it difficult to get excited about BlackHat (of course I don't attend) but regardless of the topics there are some real doozies in terms of lame titles (who cares about the content)

• SQL Injection Worms for Fun and Profit / Windows Hibernation File for Fun and Profit - nothing with "fun and profit" should be accepted in 2008
  
• Bad Sushi: Beating Phishers at Their Own Game - sushi is a security cliche, almost as bad as fuzzing
  
• Taking the Hype Out of Hypervisors - nice try
  
• Got Citrix, Hack It! - uh huh, sure.
  
• Black Ops 2008 -- Its The End Of The Cache As We Know It - I'm a big fan of eschatology but channeling REM is not cool
  
• Highway to Hell: Hacking Toll Systems - AC/DC is better than REM but rm the "hacking..." bit
  
• The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation - if I hear the Internet is broken one more time...
  
• Pushing the Camel through the Eye of a Needle / Encoded, Layered, and Trancoded Syntax Attacks: Threading the Needle past Web Application Security Controls - they shouldn't have accepted two prezos with "eye of the needle"
  
• Satan is on My Friends List: Attacking Social Networks - without Dan Farmer it just doesn't work
  
• A Fox in the Hen House (UPnP IGD)

Which titles (if not necessarily the content) do I think work? No explanation is necessary.

• Leveraging the Edge: Abusing SSL VPNs
• REST for the Wicked
• Malware Detection Through Network Flow Analysis
• Braving the Cold: New Methods for Preventing Cold Boot Attacks on Encryption Keys
• Pointers and Handles, A Story Of Unchecked Assumptions In The Windows Kernel

Presentations that actually look interesting and I will probably look at the slides when they are out

• Passive and Active Leakage of Secret Data from Non Networked Computer
• SmartCard APDU Analysis
  
• Predictable RNG in the Vulnerable Debian OpenSSL package, the What and the How
• Side-channel Timing Attacks on MSP430 Microcontroller Firmware - anything that mentions JTAG is cool
  
• The Four Horsemen of the Virtualization Security Apocalypse - gotta check out the Hoff
  
• Circumventing Automated JavaScript Analysis Tools - I probably won't understand a lick of it
  
• Developments in Cisco IOS Forensics - go FX!
  
• Malware Detection Through Network Flow Analysis
• No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler UsingTraffic Profiling - a Black Hat talk that actually proposes solutions!