Security Posts

Frank Abagnale, world-famous con-man, explains why technology won’t stop breaches

ArsTechnica: Security Content - 1 hour 8 min ago
Enlarge / Frank Abagnale, as played by Leonardo DiCaprio in Catch Me If You Can, once pretended to be a doctor. Now he's teaching the health industry about the threat of identity theft. (credit: Dreamworks) Frank Abagnale is world-famous for pretending to be other people. The former teenage con-man, whose exploits 50 years ago became a Leonardo DiCaprio film called Catch Me If You Can, has built a lifelong career as a security consultant and advisor to the FBI and other law enforcement agencies. So it's perhaps ironic that four and a half years ago, his identity was stolen—along with those of 3.6 million other South Carolina taxpayers. "When that occurred," Abagnale recounted to Ars, "I was at the FBI office in Phoenix. I got a call from [a reporter at] the local TV news station, who knew that my identity was stolen, and they wanted a comment. And I said, 'Before I make a comment, what did the State Tax Revenue Office say?' Well, they said they did nothing wrong. I said that would be absolutely literally impossible. All breaches happen because people make them happen, not because hackers do it. Every breach occurs because someone in that company did something they weren't supposed to do, or somebody in that company failed to do something they were supposed to do." As it turned out (as a Secret Service investigation determined), a government employee had taken home a laptop that shouldn't have left the office and connected it—unprotected—to the Internet. Government breaches of personal information have become all too common, as demonstrated by the impact of the hacking of the Office of Management and Budget's personnel records two years ago. But another sort of organization is now in the crosshairs of criminals seeking identity data to sell to fraudsters: doctors' offices. Abagnale was in Orlando this week to speak to health IT professionals at the 2017 HIMSS Conference about the rising threat of identity theft through hacking medical records—a threat made possible largely because of the sometimes haphazard adoption of electronic medical records systems by health care providers. Read 16 remaining paragraphs | Comments
Categories: Security Posts

Practical collision attack against SHA-1 , (Thu, Feb 23rd)

Google has announced that they have succeeded in developing a technique which makes it practical to crafttwo PDF files with the same SHA-1 digital signature. Of course like all new vulnerabilities/attacks in this decade it needs a web page and a cool logo. Not to disappoint they can be found here. What does this mean to you? The fact is nothing has changed since yesterday. This is still a difficult attack. For most applications SHA-1 will still be an adequate level of protection. This does highlight a significant riskto high-trust applications such as banking, legal contracts and digital signatures. Theoretical attacks against SHA-1 have been hypothesized since 2005 and SHA-1 was deprecated by NIST in 2011, so most high-trust uses of SHA-1 should be long since upgraded to more secure methods. SHA-1 is still commmonly used for file integrity hashes, and is used for that purpose in Git and most vendor signatures, so there wil be some work to do. Google is following their disclosure guidelines so the details of the attack will not be released for 90 days. Leaving time for applications that are still using SHA-1 to move to more secure hashing methods such as SHA-3 or SHA-256. Further reading below: Google - https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html ARSTechnica -https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/ -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Q&A: Securing IoT in the World of Healthcare

Fortinet FortiGuard Blog - 4 hours 9 min ago
According to IBM’s 2016 Cyber Security Intelligence Index report, cyber criminals attacked healthcare more than any other industry last year, with more than 100 million healthcare records being compromised. As the use of IoT devices continues to grow in hospitals, we talked to Roger Bailey about the risks, and how to secure these increasingly distributed healthcare environments. Q&A with Roger Bailey, Sales Engineer at Fortinet How is IoT growing in the world of healthcare? There are two sides to IoT in hospitals – the customer...
Categories: Security Posts

Did you order those iTunes movies? Nope, it’s just phishing for Canadian Apple users

Fortinet FortiGuard Blog - 4 hours 13 min ago
Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Figure 1. Phishing Apple email Similar cases were reported in 2015 by users in the UK and Australia, except in those cases the fake receipt contained songs and books, respectively. Last year, similar emails targeting users in the US were also reported,...
Categories: Security Posts

Putty 0.68 released - http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html, (Thu, Feb 23rd)

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

At death’s door for years, widely used SHA1 function is now dead

ArsTechnica: Security Content - 7 hours 49 min ago
(credit: Bob Embleton) For more than six years, the SHA1 cryptographic hash function underpinning Internet security has been at death's door. Now it's officially dead, thanks to the submission of the first known instance of a fatal exploit known as a "collision." Despite more than a decade of warnings about the lack of security of SHA1, the watershed moment comes as the hash function remains widely used. Git, the world's most widely used system for managing software development among multiple people, relies on it for data integrity. The GnuPG e-mail encryption program still deems SHA1 safe. And hundreds if not thousands of big-name software packages rely on SHA1 signatures to ensure installation and update files distributed over the Internet haven't been maliciously altered. A collision occurs when the two different files or messages produce the same cryptographic hash. The most well-known collision occurred sometime around 2010 against the MD5 hash algorithm, which is even weaker than SHA1. A piece of nation-sponsored espionage malware known as Flame used the attack to hijack the Windows update mechanism Microsoft uses to distribute patches to hundreds of millions of customers. By forging the digital signature used to cryptographically prove the authenticity of Microsoft servers, Flame was able to spread from one infected computer to another inside targeted networks. Read 8 remaining paragraphs | Comments
Categories: Security Posts

Cómo hacer ataques SMBTrap a Windows con MITMf

Un informático en el lado del mal - 15 hours 49 min ago
Hoy vamos a a hablar de SMBTrap, una vulnerabilidad que se descubrió en el año 2015 y que no es más que un bug que afecta al protocolo SMB en Windows desde hace mucho tiempo atrás. En otras palabras, allá por el año 1997 se podía forzar a Windows a que enviara las credenciales a un recurso compartido. Un atacante podía poner un recurso compartido y poner un enlace en una web hacia dicho recurso lo que provocaba que las credenciales fueran enviadas, es decir, los hashes de las credenciales de Windows.

Figura 1: Cómo hacer ataques SMBTrap a Windows con MITMF
Con SMBTrap se dio una vuelta de a este concepto, y esto ocurrió en el año 2015. Existe un artículo de nuestro compañero Sergio de los Santos (@ssantosv) - autor del libro de Máxima Seguridad en Windows - que habla de esta vulnerabilidad y de cómo protegerse.

Figura 2: Paper de SMBTrap publicado por Cylance
Mediante SMBTrap se podrán enviar las credenciales de Windows hasheadas mediante un servidor SMB gracias a las redirecciones HTTP. La gente de Cylance se dio cuenta, y así lo muestra en el paper, que la API de URLMon.dll, la cual es utilizada por muchas aplicaciones hoy en día, también realizaban la operativa de enviar las credenciales gracias a las redirecciones HTTP.

Figura 3: Esquema de redirección HTPP para forzar envío de credenciales
Hoy en día, es muy común utilizar NTLMv2, lo cual no es tan débil como los antecesores, aunque siguen siendo potencialmente atacable mediante fuerza bruta o, más lógicamente, por ataques de diccionario.

Integrado con MITMf

La semana pasada hablamos de uno de los frameworks más potentes y flexibles para auditorías de red como es MITMf. Hoy vamos a ver como MITMf proporciona soporte, a través de un plugin, para poder capturar hashes de Windows a través de redirecciones HTTP. El plugin encapsula todo el proceso, pero lo que se levantará es un servidor HTTP que, ante una petición, redirigirá hacia el servicio SMB montado también por el propio plugin.

Figura 4: Ejecución de plugin smbtrap en mitmf
Como se puede ver, para invocar el plugin –smbtrap solamente hay que indicarlo al ejecutar MITMf sobre nuestro Kali Linux 2. Si leemos lo que es levantado, gracias a la ejecución del plugin, se puede leer un servidor HTTP y un servidor SMB. Si echamos un ojo a los puertos a la escucha en la máquina vemos lo comentado.

Figura 5: Servicios arrancados con el plugin de smbtrap
PoC: Sacanco provecho de todo esto

Un escenario típico para sacar provecho aquí sería utilizar técnicas como ARP Spoofing o DNS Spoofing buscando un envenenamiento de la caché ARP o caché DNS. Las peticiones que la víctima haga desde, por ejemplo, su navegador que utilice la autenticación por HTTP u otras aplicaciones que utilicen URLMon.dll.

Para este ejemplo, se realizará un ARP Spoofing y SMBTrap todo desde el propio MITMf, mostrando la flexibilidad y potencia con una sintaxis muy sencilla. La instrucción a ejecutar es:
 mitmf.py –spoof –arp –smbtrap –target [IP víctima] –gateway [IP router] –i [interfaz de red]En este instante, cuando la víctima utilice su Internet Explorer, en el ejemplo utilizamos un Windows 7, la petición HTTP será redirigida al servidor SMB montado por el atacante. En este instante, el navegador realizará, o lo intentará, autenticarse mediante NTLMv2.

Figura 6: Ejecución de ARP Spoofing y SMBTrap con MITMf a la vez
El resultado es un robo de credenciales hasheadas de Windows. Se puede utilizar herramientas de cracking, como por ejemplo hashcat, para poder extraer la credencial en plano. En conclusión, SMBTrap está al alcance de la mano en herramientas como MITMf, lo cual hace que montar lo necesario sea realmente sencillo.

Figura 7: Hashes de credenciales capturados
Es potente utilizar este tipo de técnicas en los proyectos de Ethical Hacking, ya que la consecución de los hashes puede abrir la puerta a otras máquinas Windows o recursos de red que no estén bien fortificados. Como vemos MITMf proporciona diferentes técnicas, y cada vez más, y ayuda a poder realizar ataques y pruebas que antes costaban montar. Seguiremos viendo ataques y técnicas con este gran framework.

Autor: Pablo González Pérez (@pablogonzalezpe)
Escritor de los libros "Metasploit para Pentesters", "Ethical Hacking", "Got Root" y “Pentesting con Powershell
Sigue Un informático en el lado del mal - Google+ RSS 0xWord
Categories: Security Posts

ISC Stormcast For Thursday, February 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5387, (Thu, Feb 23rd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Keep Your Account Safe by Avoiding Dyzap Malware

Fortinet FortiGuard Blog - 19 hours 52 min ago
Introduction Dyzap belongs to a family of malware designed to steal confidential information from enormous target applications by installing a “man in the browser” attack into common browsers. FortiGuard Researchers recently discovered a new variant of this Trojan virus. Stolen information may include, but is not limited to, system information and application credentials stored on infected systems. In this blog, we will explain how the malware steals user accounts, acts as a keylogger, and communicates with its C&C server. Stealing...
Categories: Security Posts

Update: base64dump.py Version 0.0.6

Didier Stevens - Wed, 2017/02/22 - 02:00
After searching with base64dump for encoded strings in this maldoc sample, I decided to add an option to base64dump to check all encodings automatically. Use option -e with value all to try out all encodings, and report all found strings ordered by increasing length. And with option -u, you can limit the output to unique decoded strings. zipdump.py -s 5 -d output.docx.vir.zip | base64dump.py -e all -u base64dump_V0_0_6.zip (https)
MD5: CDC956FAFD7AC2A86C9CD40EC188C7FC
SHA256: BFBCFA51DDC47793C8CA397B261E036701543610F637CE8813BC5870FC4B2C2F
Categories: Security Posts

Blacksmithing and Youtube HDR

Niels Provos - Sun, 2016/12/18 - 17:37


Blacksmithing usually happens in a dark shop with very hot metal. A dark shop helps the blacksmith see the color of the steel better and thus know when it's ready to work or when it is too cold. Unfortunately, the dynamic range between dark and light makes it difficult to create videos that show both the shop as well as the hot metal. The dynamic range is too high to show up appropriately in videos. Fortunately, this has changed with Youtube's support for HDR. It still requires a new TV to support it though. This video is my first experiment at producing an HDR video. I filmed it on a Sony PXW‑FS7 in 4K raw and then color graded it in DaVinci Resolve on a Sony BVM-X300.

The Mysterybox folks have put together good information on how to produce HDR videos.
Categories: Security Posts

LaCon2k16 Call For Pulpos

48Bits Blog - Fri, 2016/07/15 - 10:54
We are proud to present the call for papers for Lacon 2016!, get your papers in now. We are accepting short talks of 30min and long talks of ~1h. [when] conf will be held from the 23rd to the 25th of Sept 2016 [where] undisclosed location [who] a bunch of crazy bastards [topics] topics include:
  • h/p/v/c/e …
  • satellites, antennas and radioactive crap
  • cryptocurrencies
  • human powered vehicles
  • knitting
  • radare2
  • cats
  • cyborgs
  • 8===========D
[submit] submit your talk proposals to lacon2k16.org@lists.48bits.com [gpgkey] gpg –keyserver pgp.mit.edu –recv-key 0BC0E27E
Categories: Security Posts

SITEL y la falsa sensación de seguridad

Recientemente ha salido en algunos medios una noticia acerca de la clarificación de jurisprudencia sobre en qué circunstancias concretas puede una intervención telefónica autorizada judicialmente ser válida como prueba. Sin ánimo de entrar en los pormenores del caso, lo que en dicha sentencia se establece es que se considerará como grabación legal la realizada desde … Continuar leyendo "SITEL y la falsa sensación de seguridad"
Categories: Security Posts

A Scheme to Encrypt the Entire Web Is Actually Working

Wired: Threat Level - Thu, 2016/04/14 - 13:00
The non-profit certificate authority Let's Encrypt is enabling a sea change toward HTTPS encryption online. The post A Scheme to Encrypt the Entire Web Is Actually Working appeared first on WIRED.









Categories: Security Posts

Matthew Keys Sentenced to Two Years for Aiding Anonymous

Wired: Threat Level - Wed, 2016/04/13 - 23:30
The former Tribune Company employee was convicted of giving Anonymous information that helped hackers access an LA Times server and alter a headline. The post Matthew Keys Sentenced to Two Years for Aiding Anonymous appeared first on WIRED.









Categories: Security Posts

Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers?

Wired: Threat Level - Wed, 2016/04/13 - 23:03
Here's how to distinguish the colors of the hacker rainbow. The post Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers? appeared first on WIRED.









Categories: Security Posts

PowerLocker

PandaLabs - Wed, 2014/03/05 - 10:53
PowerLocker, also called PrisonLocker, is a new family of ransomware which in addition to encrypting files on the victim’s computer (as with other such malware) threatens to block users’ computers until they pay a ransom (like the ‘Police virus’). Although the idea of ​​combining the two techniques may have caused more than a few sleepless nights, in this case the malware is just a prototype. During its development, the malware creator has been posting on blogs and forums describing the progress and explaining the different techniques included in the code. The malware creator’s message in pastebin In this post for example, the creator describes how PowerLocker is a ransomware written in c/c++ which encrypts files on infected computers and locks the screen, asking for a ransom. The malware encrypts the files, which is typical of this type of malware, using Blowfish as an encryption algorithm with a unique key for each encrypted file. It stores each unique key generated with an RSA-2048 public/private key algorithm, so only the holder of the private key can decrypt all the files. Also, according to the creator, PowerLocker uses anti-debugging, anti-sandbox and anti-VM features as well as disabling tools like the task manager, registry editor or the command line window. However, all the publicity surrounding PowerLocker that the creator has been generating across forums and blogs before releasing it, has led to his arrest in Florida, USA. Consequently, today there is no definitive version of this malware and there is no evidence that it is in-the-wild. Nevertheless, we still feel it’s worth analyzing the current version of PowerLocker, as someone else could be in possession of the source code or even a later version.   PowerLocker analysis The first thing PowerLocker does is to check whether two files with RSA keys are already created, and if not, it generates the public and private key in two files on the disk (pubkey.bin and privkey.bin). Unlike other ransomware specimens, which use the Windows CrytoAPI service, PowerLocker uses the openssl library for generating keys and encrypting files. Once it has the keys, PowerLocker runs a recursive search of directories looking for files to encrypt, excluding, not very effectively, files with any of the file names used by the malware: privkey.bin, pubkey.bin, countdown.txt, cryptedcount.txt. It also avoids $recycle.bin, .rans, .exe, .dll, .ini, .vxd or .drv files to prevent causing irreparable damage to the computer. The creator has however forgotten to exclude certain extensions corresponding to files which are delicate enough to affect the functionality of the system, such as .sys files. This means that any computer infected with PowerLocker would be unable to reboot. Moreover, in this version it is possible to use a parameter to control whether the ransomware encrypts or decrypts files using the pubkey.bin and privkey.bin keys generated when it was first run. This version does not include the screen lock feature described by the creator, although it displays a console with debug messages, names of the files to encrypt/decrypt, etc. and asks you to press a key before each encryption or decryption.   Conclusions At present, there is only a half-finished version of PowerLocker which could practically be labelled harmless, and which lacks many of the most important features that the creator has described on the forums and blogs, such as anti-debugging, screen locking, etc. Despite it not being fully functional we would recommend having a system for backing up critical files, not just to offer assurance in the event of hardware problems, but also to mitigate the damage of these types of malware infections. Also bear in mind that if you don’t have a backup system and your system is infected, we certainly do not recommend paying the ransom, as this only serves to encourage the perpetrators of such crimes. PowerLocker analysis performed by Javier Vicente
Categories: Security Posts

vulnerability in… WinCalc (Win7, x64)

KPNC - Fri, 2013/08/16 - 04:47
I will never go out of business in this country. thanks to Microsoft. who would have thought that wincalcis vulnerable? I have not checked all systems yet, so this is my configuration: Windows 7 Ultimate SP1 x86-64, English. 1) run calc.exe;
2) press “Alt-2″ to go to “Scientistic” mode (”Programmer” mode works too);
3) type “1/255″ and press [ENTER] or [=]
4) press the button [F-E]; ops! shit happens! NOTE:
I live in Reston, Virginia and would like to meet local hackers to analyze this crash and talk about possibilities of real exploitation of this bug. please, contact me: poldhiir#gmail^com Problem signature:
Problem Event Name: APPCRASH
Application Name: calc.EXE
Application Version: 6.1.7600.16385
Application Timestamp: 4a5bc9d4
Fault Module Name: ntdll.dll
Fault Module Version: 6.1.7601.17725
Fault Module Timestamp: 4ec4aa8e
Exception Code: c00000fd
Exception Offset: 0000000000053560
OS Version: 6.1.7601.2.1.0.256.1
credits:
the bug was found by: Nuzhny
Categories: Security Posts

El último superviviente (II) - iOS

Lost In Security - Sun, 2013/04/07 - 03:30
En el pasado artículo estuvimos revisando los puntos débiles que tiene un malware a la hora de sobrevivir un reinicio del sistema, y nos centramos en OSX. Ahora toca el turno a iOS, que al ser una especie de spin-off de OSX, vamos a ver que existen muchas similitudes. De hecho, en el caso de iOS, no existen tantos puntos donde una aplicación va a poder registrarse para sobrevivir a un reinicio. Al ser un sistema tan cerrado, y mucho más simple que un sistema clásico de escritorio, estos puntos de arranque son mucho menos. El sitio por excelencia para registrarse una aplicación que quiera ser arrancada en el reinicio es /System/Library/LaunchDaemons, y su funcionamiento es exactamente igual que en la de su hermano OSX. Basta con dejar un archivo con un formato específico (fichero .plist) en ese directorio, que será interpretado por launchd en el arranque y ejecutará lo que esté configurado. Aunque es importante reseñar que no es posible acceder a incluir ningún fichero en ese directorio sino es a través de algún exploit/jailbreak. También existen el directorio /Library/LaunchAgents y /Library/LaunchDaemons, pero no son utilizados por el sistema. Tan sólo después de hacer un jailbreak, sí que se utiliza el segundo, y algunas aplicaciones de Cydia registran ahí sus ficheros .plist (como OpenSSH). Por ejemplo, en el primer malware que apareció para iOS (sólo para dispositivos con jailbreak), llamado iKee (con todas sus variantes iKee.A, iKee.B y iKee.C), utilizaba este sistema para sobrevivir al reinicio, instalando tres archivos en este directorio. Si nos fijamos en el código de iKee, veamos cómo instalaba uno de estos ficheros: rm -rf /System/Library/LaunchDaemons/com.apple.ksyslog.plist
#cp com.apple.ksyslog.plist /private/var/mobile/home/
cp com.apple.ksyslog.plist /System/Library/LaunchDaemons/com.apple.ksyslog.plist
#/bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.ksyslog.plist También en el caso del 'troyano' creado por FinFisher para la monitorización de dispositivos iOS, se utiliza un archivo .plist en el directorio /System/Library/LaunchDaemons llamado com.apple.logind.plist, con el objetivo de sobrevivir un reinicio (y ejecutar el binario logind): <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Disabled</key> <false/> <key>Label</key> <string>home.logind</string> <key>OnDemand</key> <false/> <key>ProgramArgumments</key> <array> <string>/System/Library/CoreServices/logind.app/logind</string> <string></string> <string></string> </array> <key>StandardErrorPath</key> <string>/dev/null</string> </dict> </plist> En teoría, no existe ningún otra forma de registrarse en el sistema para ser ejecutado en un arranque. Aunque no es del todo cierto, puesto que Apple sí que permite ejecutar aplicaciones que no sean del sistema en el arranque, sin tener que utilizar ningún exploit o jailbreak: utilizando el parámetro UIBackgroundModes (a partir de 4.0) en el fichero Info.plist de la app. Según la documentación de Apple, UIBackgroundModes se utiliza para especificar si una app necesita ejecutarse de forma continua en el background, pero Apple sólo permite ciertos tipos de aplicaciones utilizar este parámetro:
  • Audio (audio): para que suenen las canciones
  • Posición (location): si se necesita tener un control fino de la posición (por ejemplo en aplicaciones de deportes)
  • VoIP (voip): siempre conectado para recibir llamadas
  • Revistas (newsstand-content): descargar contenidos de forma inmediata
  • Accesorios externos (external-accesory): estar conectado continuamente
  • Bluetooth (bluetooth-central y bluetooth-peripheral): estar conectado continuamente
Para posibles fines que pueda tener un malware, la que más interesa es la opción de VoIP, puesto que permite controlar las comunicaciones en background, y además será arrancada en el reinicio del dispositivo por parte del sistema. <key>UIBackgroundModes</key> <array> <string>voip</string> </array> Para demostrarlo, el desarrollador Timothy L. Ekl ha desarrollado una pequeña app que utiliza la clave UIBackgroundModes con el valor 'voip', y efectivamente, la aplicación se ejecuta en el reinicio del sistema de forma automática. Según parece, en el proceso de revisión de Apple a la hora de incorporar una nueva app en la AppStore, si una app tiene el parámetro UIBackgroundModes puesto a 'voip', se comprueba que realmente es una aplicación de VoIP, y si no, se rechaza. En nuestro caso de un malware, nos da relativamente igual puesto que en principio ese malware habrá infectado el sistema con otros medios que no sea a través de la AppStore, con lo que podría usar este parámetro sin problemas para sobrevivir al reinicio. A día de hoy no se ha visto ningún malware que utilice esta técnica, pero puede que en el futuro podamos ver alguno. El último superviviente (I) - OSX
El último superviviente (II) - iOS
Categories: Security Posts

Españoles por la BlackHat

Lost In Security - Sat, 2013/04/06 - 23:30
Siguiendo con la estela del artículo publicado 'Españoles por la Phrack', vuelvo a la carga con un artículo parecido, pero en este caso sobre una de las conferencias de seguridad que más conoce la gente: BlackHat. Si os dedicáis a la seguridad informática, alguna vez tenéis que ir a Las Vegas durante el mes de agosto para conocer de primera mano que suceden en estas conferencias, puesto que es casi una peregrinación obligada. Las conferencias BlackHat fueron fundadas en 1997 por Jeff Moss (The Dark Tangent) y aunque al principio eran las conferencias donde todos los investigadores nos guardábamos nuestros descubrimientos para enseñarlos allí, poco a poco se ha ido perdiendo ese espíritu por diversas razones; ahora mismo existen innumerables conferencias de seguridad en casi todos los países, muchas conferencias se han vuelto más comerciales, etc. También influyó cuando en 2005 Jeff Moss vendió las conferencias a la empresa CMP Media, por alrededor de $13.9 millones. Aún así, todavía hoy en día son las más conocidas, y su versión de Las Vegas es posiblemente una de las conferencias de seguridad con más asistentes del mundo. Aunque nos ha costado un poco, también los españoles poco a poco nos hemos ido quitando el miedo y ya es normal ver a algún español dando alguna presentación en cualquiera de las BlackHat que se celebran por el mundo. Hagamos un repaso de las apariciones de españoles en alguna BlackHat: Como bien ha indicado Juan Garrido en los comentarios, también desde el año 2010 dentro de la BlackHat existe una sección para mostrar herramientas novedosas, que se llama BlackHat Arsenal. También a ella han acudido varios españoles para enseñar sus herramientas:
Categories: Security Posts
Syndicate content