Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The best of Black Hat: The consequential, the controversial, the canceled

Taylor Armerding | July 19, 2017
Over the past two decades, the annual Black Hat conference has had its share of controversy. CSO looks back at the most significant talks and demonstrations.

Walking that line, he said, means that CloudFlare amounts to, “kind of a Switzerland of the Internet” – a neutral party that is frequently disliked, but respected. That role, he said, means providing services to “some strange bedfellows” – polar opposites – using their services, such as Hamas and the Israeli Defense Forc, pro-Ukraine and pro-Russian force, Occupy Wall Street and Goldman Sachs.

“If you sign up to be the neutral party, you’re going to piss everyone off,” he said. “But I don’t know a better way to do it. It’s easy to say you should kick all the bad sites off your network, but it’s hard to say exactly what is bad.”

Prince said his company does follow the laws of different countries. “We follow China rules in China,” he said, “but that doesn’t mean China dictates what’s on theinternet as a whole. We follow what US courts say.

The biggest danger to free speech on the Internet, he said, is that a very small number of companies like his – he mentioned Amazon, Akamai, Facebook and Google – amount to “choke points” for what is allowed. That, he said, is good for his business. “But as a citizen of the Internet, it scares the living sh-- out of me,” he said. “It’s too much power in a small set of hands.”


“Bad USB - on Accessories that Turn Evil” - Karsten Nohl, Jakob Lell, 2014

It has been widely known, at least since 2010 after the Stuxnet attack on Iranian nuclear facilities at Natanz, that USB drives could be used to launch cyber attacks.

White-hat hackers Karsten Nohl and Jakob Lell, of Security Research Labs, in a hack they called BadUSB, took it a lot further.

In the promo for their talk, they noted that while USB sticks “undergo the occasional virus scan, we consider USB to be otherwise perfectly safe – until now.” The two demonstrated that by injecting malware that operates from controller chips inside USB devices, they could reprogram them to spoof other device types to, “take control of a computer, exfiltrate data or spy on the user.

Best (or worst) of all, the self-replicating virus was, “not detectable with current defenses.” In other words, you can’t trust but verify, since antivirus scans wouldn’t find it. “The sky’s the limit as to what a remote attacker can do,” Nohl said. What to do? “Lock your firmware down,” Nohl said. “Make sure it’s not going to be reprogrammed. Burn it once and never go back.”


Canceled talks

"The Chinese Cyber Army: An Archaeological Study from 2001 to 2010" – Armoize, 2010

A researcher from Armorize, a Taiwanese security vendor, was scheduled to speak on China’s government-backed hacking initiatives and its ability to launch cyber attacks.


Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.