If you have plans to travel to Las Vegas this week, you may want to cancel them. Why? Because the city will be crawling with hackers attending a “Black Hat” conference on electronic security. The sponsors of the events describe them as “highly technical information security conferences that bring together thought leaders from all facets of the infosec world–from the corporate and government sectors to academic and even underground researchers.”
That doesn’t mean that there isn’t some scary stuff being discussed there. For instance, there’s a session called “How to Hack Millions of Routers.” At the briefing, the presenter promises to release a tool that completely automates an attack on a consumer wireless router that allows an infiltrator to browse the Web-based interface of the browser just as if he or she were on the victim’s network.
In another session titled “You Will Be Billed $90,000 for This Call,” the host will discuss the nuts and bolts of smartphone trojans that place calls or send text messages to expensive, premium rate numbers.
Then there’s the session on “Jackpotting Automated Teller Machines.” “I’ve always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine,” the presenter of the briefing, “Barnaby Jack,” explains in his description of the session. “I think I’ve got that kid beat.”
Not even good old handcuffs are safe from these people. Dig this description by “Deviant Ollam” of his Black Hat session: “Although there is a ‘standard’ size and shape for basic handcuff keys, every manufacturer has variations, special features, and sizing issues that make creating a single, universal key quite difficult. The Open Organisation Of Lockpickers, however, has created exactly this type of ‘ultimate’ key that opens all major brands of handcuff, both in the United States and elsewhere around the world.”
The conferences aren’t aimed only at shadowy figures or hobbyists, however; security professionals attend to discuss current issues. The spring event in Spain covered Web threats and software vulnerabilities of concern to developers.
In addition to numerous briefings, this edition of the conference will be hosting the Pwnie Awards for recognition of extreme excellence and incompetence in the field of information security. Pwn means to dominate an opponent or to compromise or control a system. Among the award categories this year are Best-Server-Side Bug, Best Client-Side Bug, Most Overhyped Bug and Lamest Vendor Response.
Should you be unable to avoid Las Vegas next week, the StoneBlog offers these tips for self-preservation.
Avoid using your laptop or smartphone in open areas.
Keep your fingers covered as much as possible when typing on any keyboards
Turn off wireless and Bluetooth access whenever possible.