Sunday, August 03, 2008

Top 10 Worst TItles (and other thoughts on BlackHat 2008)

With each passing year I find it difficult to get excited about BlackHat (of course I don't attend) but regardless of the topics there are some real doozies in terms of lame titles (who cares about the content)
  • SQL Injection Worms for Fun and Profit / Windows Hibernation File for Fun and Profit - nothing with "fun and profit" should be accepted in 2008
  • Bad Sushi: Beating Phishers at Their Own Game - sushi is a security cliche, almost as bad as fuzzing
  • Taking the Hype Out of Hypervisors - nice try
  • Got Citrix, Hack It! - uh huh, sure.
  • Black Ops 2008 -- Its The End Of The Cache As We Know It - I'm a big fan of eschatology but channeling REM is not cool
  • Highway to Hell: Hacking Toll Systems - AC/DC is better than REM but rm the "hacking..." bit
  • The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation - if I hear the Internet is broken one more time...
  • Pushing the Camel through the Eye of a Needle / Encoded, Layered, and Trancoded Syntax Attacks: Threading the Needle past Web Application Security Controls - they shouldn't have accepted two prezos with "eye of the needle"
  • Satan is on My Friends List: Attacking Social Networks - without Dan Farmer it just doesn't work
  • A Fox in the Hen House (UPnP IGD)
Which titles (if not necessarily the content) do I think work? No explanation is necessary.
  • Leveraging the Edge: Abusing SSL VPNs
  • REST for the Wicked
  • Malware Detection Through Network Flow Analysis
  • Braving the Cold: New Methods for Preventing Cold Boot Attacks on Encryption Keys
  • Pointers and Handles, A Story Of Unchecked Assumptions In The Windows Kernel
Presentations that actually look interesting and I will probably look at the slides when they are out
  • Passive and Active Leakage of Secret Data from Non Networked Computer
  • SmartCard APDU Analysis
  • Predictable RNG in the Vulnerable Debian OpenSSL package, the What and the How
  • Side-channel Timing Attacks on MSP430 Microcontroller Firmware - anything that mentions JTAG is cool
  • The Four Horsemen of the Virtualization Security Apocalypse - gotta check out the Hoff
  • Circumventing Automated JavaScript Analysis Tools - I probably won't understand a lick of it
  • Developments in Cisco IOS Forensics - go FX!
  • Malware Detection Through Network Flow Analysis
  • No More Signatures: Defending Web Applications from 0-Day Attacks with ModProfiler UsingTraffic Profiling - a Black Hat talk that actually proposes solutions!

No comments: